Analysis Overview
Threat Level: Known bad
The file https://microsoft.com was found to be: Known bad.
Malicious Activity Summary
Windows security bypass
Disables RegEdit via registry modification
Windows security modification
Executes dropped EXE
UPX packed file
Loads dropped DLL
Checks computer location settings
Maps connected drives based on registry
Adds Run key to start application
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
Writes to the Master Boot Record (MBR)
Enumerates connected drives
Suspicious use of SetThreadContext
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
Views/modifies file attributes
Suspicious use of SendNotifyMessage
Checks SCSI registry key(s)
Enumerates system info in registry
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
System policy modification
NTFS ADS
Checks processor information in registry
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Uses Task Scheduler COM API
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Modifies Internet Explorer settings
Modifies Internet Explorer start page
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-11 15:26
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-11 15:26
Reported
2024-06-11 15:40
Platform
win10v2004-20240426-en
Max time kernel
841s
Max time network
806s
Command Line
Signatures
Windows security bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1" | \??\c:\windows\antivirus-platinum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\FirewallDisableNotify = "1" | \??\c:\windows\antivirus-platinum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1" | \??\c:\windows\antivirus-platinum.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | \??\c:\windows\antivirus-platinum.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation | C:\WINDOWS\302746537.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\RegistrySmart\RegistrySmart.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\RegistrySmart\Launcher.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | \??\globalroot\systemroot\system32\usеrinit.exe | N/A |
| N/A | N/A | \??\globalroot\systemroot\system32\usеrinit.exe | N/A |
| N/A | N/A | C:\WINDOWS\302746537.exe | N/A |
| N/A | N/A | \??\c:\windows\antivirus-platinum.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO8F4380B1\[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-5F4TA.tmp\is-PBFS8.tmp | N/A |
| N/A | N/A | C:\Program Files (x86)\RegistrySmart\RegistrySmart.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\RegistrySmart\Launcher.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\RegistrySmart\RegistrySmart.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | \??\c:\windows\antivirus-platinum.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Windows security modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\FirewallDisableNotify = "1" | \??\c:\windows\antivirus-platinum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1" | \??\c:\windows\antivirus-platinum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1" | \??\c:\windows\antivirus-platinum.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AntiVirus Pro 2017 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Temp1_Antivirus Pro 2017.zip\\[email protected]" | C:\Users\Admin\AppData\Local\Temp\Temp1_Antivirus Pro 2017.zip\[email protected] | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\RegistrySmart = "\"C:\\Program Files\\RegistrySmart\\RegistrySmart.exe\" -boot" | C:\Users\Admin\AppData\Local\Temp\is-5F4TA.tmp\is-PBFS8.tmp | N/A |
Checks installed software on the system
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Maps connected drives based on registry
| Description | Indicator | Process | Target |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum | C:\Program Files (x86)\RegistrySmart\RegistrySmart.exe | N/A |
| Key security queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum | C:\Program Files (x86)\RegistrySmart\RegistrySmart.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum | C:\Program Files (x86)\RegistrySmart\RegistrySmart.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum | C:\Program Files (x86)\RegistrySmart\RegistrySmart.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum | C:\Program Files (x86)\RegistrySmart\RegistrySmart.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\Temp1_Antivirus Pro 2017.zip\[email protected] | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2636 set thread context of 1520 | N/A | C:\Users\Admin\AppData\Local\Temp\Temp1_Antivirus 2010.zip\[email protected] | C:\Windows\SysWOW64\cmd.exe |
| PID 3064 set thread context of 3564 | N/A | C:\Users\Admin\Downloads\Antivirus 2010\[email protected] | C:\Windows\SysWOW64\cmd.exe |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\RegistrySmart\unins000.dat | C:\Users\Admin\AppData\Local\Temp\is-5F4TA.tmp\is-PBFS8.tmp | N/A |
| File created | C:\Program Files (x86)\RegistrySmart\unins000.dat | C:\Users\Admin\AppData\Local\Temp\is-5F4TA.tmp\is-PBFS8.tmp | N/A |
| File created | C:\Program Files (x86)\RegistrySmart\is-PGRUJ.tmp | C:\Users\Admin\AppData\Local\Temp\is-5F4TA.tmp\is-PBFS8.tmp | N/A |
| File created | C:\Program Files (x86)\RegistrySmart\is-M7ELJ.tmp | C:\Users\Admin\AppData\Local\Temp\is-5F4TA.tmp\is-PBFS8.tmp | N/A |
| File created | C:\Program Files (x86)\RegistrySmart\is-CPK3U.tmp | C:\Users\Admin\AppData\Local\Temp\is-5F4TA.tmp\is-PBFS8.tmp | N/A |
| File created | C:\Program Files (x86)\RegistrySmart\is-NTUJT.tmp | C:\Users\Admin\AppData\Local\Temp\is-5F4TA.tmp\is-PBFS8.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\RegistrySmart\RegistrySmart.url | C:\Users\Admin\AppData\Local\Temp\is-5F4TA.tmp\is-PBFS8.tmp | N/A |
Drops file in Windows directory
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Main | \??\c:\windows\antivirus-platinum.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Software\Microsoft\Internet Explorer\Main | \??\c:\windows\antivirus-platinum.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window Title = "YOUR PC MAY BE INFECTED WITH SPYWARE OR OTHER MALICIOUS ITEMS" | \??\c:\windows\antivirus-platinum.exe | N/A |
Modifies Internet Explorer start page
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\Start Page = "http://secureservices2010.webs.com/scan" | \??\c:\windows\antivirus-platinum.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page = "http://secureservices2010.webs.com/scan" | \??\c:\windows\antivirus-platinum.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C74190B5-8589-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDD1F055-858B-11D1-B16A-00C0F0283628}\ = "IListSubItem" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4D83600-895E-11D0-B0A6-000000000000}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E6E17E82-DF38-11CF-8E74-00A0C90F26F8}\TypeLib | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\InprocServer32\ = "c:\\windows\\mscomctl.ocx" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{66833FEB-8583-11D1-B16A-00C0F0283628}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{35053A21-8589-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\Implemented Categories | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C787A50-E01C-11CF-8E74-00A0C90F26F8}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{66833FE7-8583-11D1-B16A-00C0F0283628}\ = "IButtons" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C74190B4-8589-11D1-B16A-00C0F0283628} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\ToolboxBitmap32\ = "c:\\windows\\comctl32.ocx, 10" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6B7E6393-850A-101B-AFC0-4210102A8DA7}\ = "StatusBar General Property Page Object" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{58DA8D8C-9D6A-101B-AFC0-4210102A8DA7} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0713E8B1-850A-101B-AFC0-4210102A8DA7}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C27CCE35-8596-11D1-B16A-00C0F0283628}\InprocServer32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\ToolboxBitmap32\ = "c:\\windows\\comctl32.ocx, 3" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F4D83601-895E-11D0-B0A6-000000000000}\TypeLib | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\VersionIndependentProgID | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDD1F050-858B-11D1-B16A-00C0F0283628} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C27CCE34-8596-11D1-B16A-00C0F0283628}\InprocServer32\ = "c:\\windows\\mscomctl.ocx" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C74190B4-8589-11D1-B16A-00C0F0283628}\ = "ITreeView" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\.shtml\PersistentHandler | C:\Program Files (x86)\RegistrySmart\RegistrySmart.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\Implemented Categories | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0713E8D8-850A-101B-AFC0-4210102A8DA7}\InprocServer32\ = "c:\\windows\\comctl32.ocx" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E6E17E8A-DF38-11CF-8E74-00A0C90F26F8} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.Slider.2\CLSID\ = "{F08DF954-8592-11D1-B16A-00C0F0283628}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6E1B5150-DB62-11D0-A0D8-0080C7E7B78D} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0713E8A7-850A-101B-AFC0-4210102A8DA7}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.SBarCtrl.2\CLSID\ = "{8E3867A3-8586-11D1-B16A-00C0F0283628}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BDD1F04E-858B-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\.eml\PersistentHandler | C:\Program Files (x86)\RegistrySmart\RegistrySmart.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{58DA8D91-9D6A-101B-AFC0-4210102A8DA7}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{58DA8D94-9D6A-101B-AFC0-4210102A8DA7}\TypeLib | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\Version\ = "2.0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDD1F04A-858B-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\COMCTL.Slider.1 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}\TypeLib\Version = "1.3" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0713E8AE-850A-101B-AFC0-4210102A8DA7}\TypeLib | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E6E17E8E-DF38-11CF-8E74-00A0C90F26F8}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6E1B5150-DB62-11D0-A0D8-0080C7E7B78D}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7791BA60-E020-11CF-8E74-00A0C90F26F8} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C27CCE34-8596-11D1-B16A-00C0F0283628}\ = "Tab Property Page Object" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\ProgID | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\VersionIndependentProgID | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\MiscStatus\ = "0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\InprocServer32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\TypeLib | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\MiscStatus\ = "0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E6E17E88-DF38-11CF-8E74-00A0C90F26F8} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD9DA664-8594-11D1-B16A-00C0F0283628} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{612A8626-0FB3-11CE-8747-524153480004}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{58DA8D90-9D6A-101B-AFC0-4210102A8DA7}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDD1F051-858B-11D1-B16A-00C0F0283628}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD9DA660-8594-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BF877890-E026-11CF-8E74-00A0C90F26F8}\TypeLib\Version = "1.3" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E6E17E86-DF38-11CF-8E74-00A0C90F26F8} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDD1F049-858B-11D1-B16A-00C0F0283628}\ = "IListView" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F08DF952-8592-11D1-B16A-00C0F0283628}\ = "ISlider" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\Antivirus Platinum.zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\RegistrySmart.zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Temp\7zO8F4380B1\[email protected]:Zone.Identifier | C:\Program Files\7-Zip\7zFM.exe | N/A |
| File created | C:\Users\Admin\Downloads\Antivirus Pro 2017.zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\Antivirus 2010.zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Temp1_Antivirus Pro 2017.zip\[email protected] | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\RegistrySmart\RegistrySmart.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer | \??\c:\windows\antivirus-platinum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives = "67108863" | \??\c:\windows\antivirus-platinum.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | \??\c:\windows\antivirus-platinum.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr = "1" | \??\c:\windows\antivirus-platinum.exe | N/A |
Uses Task Scheduler COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://microsoft.com"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://microsoft.com
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2728.0.384260813\1697646964" -parentBuildID 20230214051806 -prefsHandle 1772 -prefMapHandle 1764 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {580dbc1f-c2fd-4d20-89a6-53212c83c074} 2728 "\\.\pipe\gecko-crash-server-pipe.2728" 1864 22db0d27e58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2728.1.1935945637\56986728" -parentBuildID 20230214051806 -prefsHandle 2432 -prefMapHandle 2428 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7489465-db27-4c88-af80-6044eedb43c2} 2728 "\\.\pipe\gecko-crash-server-pipe.2728" 2444 22d9ca88a58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2728.2.756438430\2104874410" -childID 1 -isForBrowser -prefsHandle 2996 -prefMapHandle 2992 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {480eac80-8335-4416-bdaa-6d2804a5ec9f} 2728 "\\.\pipe\gecko-crash-server-pipe.2728" 3008 22db3b4ca58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2728.3.1586455892\1877055616" -childID 2 -isForBrowser -prefsHandle 3676 -prefMapHandle 3672 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {24d11cc0-279b-4d98-b213-2da5f7943f4f} 2728 "\\.\pipe\gecko-crash-server-pipe.2728" 3680 22db57b6858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2728.4.820044386\1682448166" -childID 3 -isForBrowser -prefsHandle 4888 -prefMapHandle 5088 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b906bb8-c1b6-40c8-91a2-47d8896fac5e} 2728 "\\.\pipe\gecko-crash-server-pipe.2728" 4980 22db70ede58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2728.5.315663095\1731846812" -childID 4 -isForBrowser -prefsHandle 5236 -prefMapHandle 5240 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ced08471-7edb-477e-95ce-6c1cfd041913} 2728 "\\.\pipe\gecko-crash-server-pipe.2728" 5228 22db70eea58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2728.6.700827231\1525789719" -childID 5 -isForBrowser -prefsHandle 5508 -prefMapHandle 5436 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {413fa4a8-5021-4a6a-81c1-b4780e53a353} 2728 "\\.\pipe\gecko-crash-server-pipe.2728" 5516 22db70f0558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2728.7.242511128\1976934753" -childID 6 -isForBrowser -prefsHandle 5316 -prefMapHandle 5388 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e93810ef-a9fb-48d0-b9a3-53fb6c18a937} 2728 "\\.\pipe\gecko-crash-server-pipe.2728" 5396 22db9807558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2728.8.688482006\1645430092" -childID 7 -isForBrowser -prefsHandle 5356 -prefMapHandle 5344 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89bcce45-9248-43ef-a506-69201f21b76c} 2728 "\\.\pipe\gecko-crash-server-pipe.2728" 5352 22db77a1658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2728.9.1680620613\687619758" -childID 8 -isForBrowser -prefsHandle 10032 -prefMapHandle 10024 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c44cfcd-c032-4fda-8501-5bfefb304891} 2728 "\\.\pipe\gecko-crash-server-pipe.2728" 10012 22db6c7a758 tab
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\AppData\Local\Temp\Temp1_Antivirus Pro 2017.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_Antivirus Pro 2017.zip\[email protected]"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\d3fe1c5ad4204b2b818b0bada2794cac /t 3500 /p 2240
C:\Users\Admin\AppData\Local\Temp\Temp1_Antivirus 2010.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_Antivirus 2010.zip\[email protected]"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe"
\??\globalroot\systemroot\system32\usеrinit.exe
/install
C:\Users\Admin\Downloads\Antivirus 2010\[email protected]
"C:\Users\Admin\Downloads\Antivirus 2010\[email protected]"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe"
\??\globalroot\systemroot\system32\usеrinit.exe
/install
C:\Users\Admin\AppData\Local\Temp\Temp1_Antivirus Platinum.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_Antivirus Platinum.zip\[email protected]"
C:\WINDOWS\302746537.exe
"C:\WINDOWS\302746537.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\7216.tmp\302746537.bat" "
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s c:\windows\comctl32.ocx
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s c:\windows\mscomctl.ocx
\??\c:\windows\antivirus-platinum.exe
c:\windows\antivirus-platinum.exe
C:\Windows\SysWOW64\attrib.exe
attrib +h c:\windows\antivirus-platinum.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://secureservices2010.webs.com/update/update.txt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff845c846f8,0x7ff845c84708,0x7ff845c84718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,5377251951912933907,4383938754221448271,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1876,5377251951912933907,4383938754221448271,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1876,5377251951912933907,4383938754221448271,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,5377251951912933907,4383938754221448271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,5377251951912933907,4383938754221448271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,5377251951912933907,4383938754221448271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,5377251951912933907,4383938754221448271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1876,5377251951912933907,4383938754221448271,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1876,5377251951912933907,4383938754221448271,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,5377251951912933907,4383938754221448271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\RegistrySmart.zip"
C:\Users\Admin\AppData\Local\Temp\7zO8F4380B1\[email protected]
"C:\Users\Admin\AppData\Local\Temp\7zO8F4380B1\[email protected]"
C:\Users\Admin\AppData\Local\Temp\is-5F4TA.tmp\is-PBFS8.tmp
"C:\Users\Admin\AppData\Local\Temp\is-5F4TA.tmp\is-PBFS8.tmp" /SL4 $20800 "C:\Users\Admin\AppData\Local\Temp\7zO8F4380B1\[email protected]" 779923 55808
C:\Program Files (x86)\RegistrySmart\RegistrySmart.exe
"C:\Program Files (x86)\RegistrySmart\RegistrySmart.exe"
C:\Program Files (x86)\RegistrySmart\Launcher.exe
"C:\Program Files (x86)\RegistrySmart\Launcher.exe" 0:
C:\Program Files (x86)\RegistrySmart\RegistrySmart.exe
"C:\Program Files (x86)\RegistrySmart\RegistrySmart.exe" launch
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.registrysmart.com/register.php
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ff845c846f8,0x7ff845c84708,0x7ff845c84718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,14687589859639111328,4417396499146735274,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,14687589859639111328,4417396499146735274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,14687589859639111328,4417396499146735274,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,14687589859639111328,4417396499146735274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,14687589859639111328,4417396499146735274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,14687589859639111328,4417396499146735274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,14687589859639111328,4417396499146735274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,14687589859639111328,4417396499146735274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4332 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,14687589859639111328,4417396499146735274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4332 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| N/A | 127.0.0.1:60093 | tcp | |
| US | 8.8.8.8:53 | microsoft.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 20.112.250.133:443 | microsoft.com | tcp |
| US | 8.8.8.8:53 | microsoft.com | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 52.42.69.239:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | microsoft.com | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.14.97.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.250.112.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.69.42.52.in-addr.arpa | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| SE | 23.34.233.128:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | e13678.dscb.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e13678.dscb.akamaiedge.net | udp |
| US | 8.8.8.8:53 | 128.233.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | cdn-dynmedia-1.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | mem.gfx.ms | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| SE | 23.34.233.128:443 | c.s-microsoft.com | tcp |
| SE | 23.34.233.128:443 | c.s-microsoft.com | tcp |
| SE | 23.34.233.128:443 | c.s-microsoft.com | tcp |
| SE | 23.34.233.128:443 | c.s-microsoft.com | tcp |
| US | 8.8.8.8:53 | e13678.dscg.akamaiedge.net | udp |
| SE | 23.34.233.128:443 | e13678.dscg.akamaiedge.net | tcp |
| US | 8.8.8.8:53 | a1449.dscg2.akamai.net | udp |
| BE | 88.221.83.235:443 | cdn-dynmedia-1.microsoft.com | tcp |
| BE | 88.221.83.235:443 | cdn-dynmedia-1.microsoft.com | tcp |
| BE | 88.221.83.235:443 | cdn-dynmedia-1.microsoft.com | tcp |
| BE | 88.221.83.235:443 | cdn-dynmedia-1.microsoft.com | tcp |
| BE | 88.221.83.235:443 | cdn-dynmedia-1.microsoft.com | tcp |
| BE | 88.221.83.235:443 | cdn-dynmedia-1.microsoft.com | tcp |
| US | 8.8.8.8:53 | e81481.dsca.akamaiedge.net | udp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.253.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | e13678.dscg.akamaiedge.net | udp |
| US | 8.8.8.8:53 | a1449.dscg2.akamai.net | udp |
| US | 8.8.8.8:53 | e81481.dsca.akamaiedge.net | udp |
| US | 8.8.8.8:53 | s-part-0036.t-0009.t-msedge.net | udp |
| US | 8.8.8.8:53 | s-part-0036.t-0009.fb-t-msedge.net | udp |
| US | 8.8.8.8:53 | s-part-0036.t-0009.t-msedge.net | udp |
| US | 8.8.8.8:53 | s-part-0036.t-0009.fb-t-msedge.net | udp |
| N/A | 127.0.0.1:60100 | tcp | |
| US | 8.8.8.8:53 | fpt.microsoft.com | udp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.15.97.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.253.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 13.107.246.64:443 | s-part-0036.t-0009.t-msedge.net | tcp |
| US | 13.107.253.67:443 | js.monitor.azure.com | tcp |
| US | 8.8.8.8:53 | s-part-0039.t-0009.fb-t-msedge.net | udp |
| US | 52.167.30.171:443 | fpt.microsoft.com | tcp |
| US | 8.8.8.8:53 | greenid-prod-pme.eastus2.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | s-part-0039.t-0009.fb-t-msedge.net | udp |
| US | 8.8.8.8:53 | greenid-prod-pme.eastus2.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | fpt2.microsoft.com | udp |
| US | 8.8.8.8:53 | www.tm.v4.a.prd.aadg.trafficmanager.net | udp |
| US | 52.167.30.171:443 | fpt2.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.tm.v4.a.prd.aadg.trafficmanager.net | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 20.189.173.10:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | onedscolprdwus09.westus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | onedscolprdwus09.westus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | target.microsoft.com | udp |
| US | 8.8.8.8:53 | 67.253.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.30.167.52.in-addr.arpa | udp |
| US | 20.189.173.10:443 | onedscolprdwus09.westus.cloudapp.azure.com | tcp |
| IE | 66.235.152.221:443 | target.microsoft.com | tcp |
| US | 8.8.8.8:53 | adobetarget.data.adobedc.net | udp |
| US | 8.8.8.8:53 | adobetarget.data.adobedc.net | udp |
| US | 8.8.8.8:53 | logincdn.msftauth.net | udp |
| US | 152.199.21.175:443 | logincdn.msftauth.net | tcp |
| US | 8.8.8.8:53 | sni1gl.wpc.alphacdn.net | udp |
| US | 8.8.8.8:53 | sni1gl.wpc.alphacdn.net | udp |
| US | 8.8.8.8:53 | 10.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.152.235.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 8.8.8.8:53 | onedscolprduks01.uksouth.cloudapp.azure.com | udp |
| GB | 20.26.156.215:80 | github.com | tcp |
| GB | 20.26.156.215:80 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | onedscolprduks01.uksouth.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | 22.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | twinkcam.net | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| NL | 2.18.121.197:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.180.14:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.180.14:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1---sn-aigl6ney.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | 166.183.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 53.121.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | securerem.com | udp |
| IT | 217.64.195.239:80 | securerem.com | tcp |
| US | 8.8.8.8:53 | www.securerem.com | udp |
| IT | 217.64.195.239:80 | www.securerem.com | tcp |
| US | 8.8.8.8:53 | 239.195.64.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | 227.162.46.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | 21.112.82.140.in-addr.arpa | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 168.156.42.60:80 | tcp | |
| US | 168.156.42.60:80 | tcp | |
| US | 168.156.42.60:80 | tcp | |
| US | 168.156.42.60:80 | tcp | |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | secureservices2010.webs.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | secureservices2010.webs.com | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.244.181.201:443 | prod.balrog.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 140.82.113.21:443 | glb-db52c2cf8be544.github.com | tcp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | 21.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
Files
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nzxw1g49.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 2b6a874b1c7f46ae1888cde77e42f145 |
| SHA1 | 41833512cd0e5a2dc00f52877aa2e8fbb6148001 |
| SHA256 | 264a3867c8293c02bce23cb07b0afd39d12fb9f621967e09b71de1c0089d127c |
| SHA512 | 25ec73bd2cad2da37b54c5df00d87df21953642dd4cf0d7e459b3513f8c4c83fa07b2bdf427f83031cb132070f277359040cccec97f07489004f96b21ddb0bb8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\prefs-1.js
| MD5 | b135d5de08f768a43438bc7db45696bc |
| SHA1 | 093271f2b4c18de36c072636a51b3bbe7887d26c |
| SHA256 | 84ec5d5e441a72eeaec45e90765a495e3850d9dbfec8f1b8e4d1e8d7a3899900 |
| SHA512 | 3001f286ace110e8baadfd89d22f8c9fdccb76f390b7567afffadca77b5a75770bec8e25a06b21065967aa53c798c1a56dffed87983b98dae3b00465b61e8d37 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 638d427587c0c4587a7f9fb66021ff88 |
| SHA1 | 4991b62226e845f5f52288d52099bd5ea4a78e78 |
| SHA256 | 01aca85cc5b3c242c443cabe722c8bc377c914446b5ab74ce67209bda27b287f |
| SHA512 | 32e3b0bc510cc573773fd9558c7f8cdb010d352eeb498aea9491e0e61b1919eea29e5114d1c33383003c78753e3ca0effe9ba777e3089c771b264d74a636af25 |
C:\Users\Admin\Downloads\Antivirus Pro 2017.beKkrImX.zip.part
| MD5 | 772b00045d725c7365d6a8884db56f3f |
| SHA1 | 64fe4b2edd277fbe40e9db58eff671ff0370ae36 |
| SHA256 | 43ae1262f82fe7a0e2169361bfa4fc5a6567c95d3257ad958fb61096452ffbeb |
| SHA512 | ae5a506b162033ab2d8d396321d810289a311a56125ed5c419f7388ac0c1119f8ce82fb57bc7395f97d452b54af7feb6f4df59762613ac5ab95af04281dd9caf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 01f54b9d5832ca4f920129a3ed3a6ae6 |
| SHA1 | 4568d416478b9e4d6a67ea1a9fbbd681768fc89c |
| SHA256 | e6ce73ce9ac42b29caa5e9d68188ab165c50b0b169aceca0f02b170c3964fc33 |
| SHA512 | f34ec9f82efdb75dc6f40c2e4f3cf9be0e8b6c75e266d32b94d66c6b71d43b99e5c8c06016604f7e35c60efab324c3f76ee1e5005bb3fb91fe50c560715ab945 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\prefs-1.js
| MD5 | 73791d2b8c3094f7cf782fdef08b468c |
| SHA1 | 0e4f64d247c6f3e9b27c5f36ca446f0a8aa55720 |
| SHA256 | b138e33cd2de1f800b8820b777f0aa70849273263d10661b0aa7a9e35d2700d3 |
| SHA512 | 409a6c0496312ea46da14d16e29a97aab298e0c665bc0f7d56b5a9375e3924b34b7e8f174019f10b0ef514a9441cd1cb35c44ceba94f162b34fac1b35dd99f84 |
memory/2240-440-0x000000000043C000-0x000000000043E000-memory.dmp
memory/2240-442-0x0000000000400000-0x0000000000A06000-memory.dmp
memory/2240-441-0x0000000000400000-0x0000000000A06000-memory.dmp
memory/2240-444-0x0000000000400000-0x0000000000A06000-memory.dmp
memory/2240-445-0x0000000000400000-0x0000000000A06000-memory.dmp
memory/2240-446-0x0000000000400000-0x0000000000A06000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 7dbc6b5a893901b430473bd0ea4223ac |
| SHA1 | 9b58639a3f868d1c8a1de999c1dfaae785c5d0b0 |
| SHA256 | a05a6ec766bf80743e0797b38917ccee53a885a2ab8899a7e37a0eb2a9993f7d |
| SHA512 | 21703fc917ef30d12399979ec67135088fd9ab85e48a96734d8a42a75e4c7bfc5545c1a0fc6ce8230b832be9fe82ce41a264d2d37d3b725f6b0bd1a358cfdad8 |
memory/2240-456-0x0000000000400000-0x0000000000A06000-memory.dmp
memory/1612-459-0x000001A4AB800000-0x000001A4AB801000-memory.dmp
memory/1612-458-0x000001A4AB800000-0x000001A4AB801000-memory.dmp
memory/1612-457-0x000001A4AB800000-0x000001A4AB801000-memory.dmp
memory/1612-469-0x000001A4AB800000-0x000001A4AB801000-memory.dmp
memory/1612-468-0x000001A4AB800000-0x000001A4AB801000-memory.dmp
memory/1612-467-0x000001A4AB800000-0x000001A4AB801000-memory.dmp
memory/1612-466-0x000001A4AB800000-0x000001A4AB801000-memory.dmp
memory/1612-465-0x000001A4AB800000-0x000001A4AB801000-memory.dmp
memory/1612-464-0x000001A4AB800000-0x000001A4AB801000-memory.dmp
memory/1612-463-0x000001A4AB800000-0x000001A4AB801000-memory.dmp
memory/2240-470-0x000000000043C000-0x000000000043E000-memory.dmp
memory/2240-471-0x0000000000400000-0x0000000000A06000-memory.dmp
memory/2240-472-0x0000000000400000-0x0000000000A06000-memory.dmp
memory/2240-473-0x0000000000400000-0x0000000000A06000-memory.dmp
memory/2240-474-0x0000000000400000-0x0000000000A06000-memory.dmp
memory/2240-480-0x0000000000400000-0x0000000000A06000-memory.dmp
memory/2240-492-0x0000000000400000-0x0000000000A06000-memory.dmp
memory/2240-493-0x0000000000400000-0x0000000000A06000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 430cfbbe951e3025bbae1c3606f8e4df |
| SHA1 | 2c9cd0e04e982c6eeb24a61fe74b17e1aa988845 |
| SHA256 | e4cad76f9dbce2b7adb3ef329a8efbb21d530ecb67466d4be2eda443b5148644 |
| SHA512 | 04217ed68facd5d23b20b2232d826824aa84574368073dada52abde47023c43372881b95f56cd26620080643a4470cadbccb9c5940ecc10ea9324864167e92dd |
memory/2240-502-0x0000000000400000-0x0000000000A06000-memory.dmp
memory/2240-505-0x0000000000400000-0x0000000000A06000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nzxw1g49.default-release\cache2\entries\383A97A57B113BD106DE6984E6DBA5F537327263
| MD5 | e48c8e3cc531a2944069d489ba842c67 |
| SHA1 | 41624fe9653c4257bf4d03cc9d6d3f8a2dfcd57e |
| SHA256 | 365842c46d7e671ccd995e5ff01ca39885aad0aeec9ba0d38bd15bc0fc642d0e |
| SHA512 | e0042bfe3e44a231ec533484f636f20c81c2439b9da09acda6841903ee85b2b5738243ce084dc8b8052a5688d263202d4cab58dd7b2f61489e4b29321664acdc |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\prefs-1.js
| MD5 | 84597523b232a0d6e1167aad2fabbb90 |
| SHA1 | e15114d915a7385d38107f464e111ca7a0036e77 |
| SHA256 | bd533a7f4e91445de8d568a2d4b9b76aae66eb5bb83e8824d3026754941ad42d |
| SHA512 | c9ef4d5955e1d51ab4fefa9339b4f24e4a8095d0ecbddc73048cdc025b9cfcd47f4d4e3a7a9afa86ff502940cb081851a7810818ab8f075a41d717a1c83b87b0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nzxw1g49.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308
| MD5 | 4aa98a2acd52d8150066ecdba40def6a |
| SHA1 | 4ba559c824fc0524883653f5261607f23aaa38c4 |
| SHA256 | 9acb06ae3189baf7d06b30dda71345f509611b96043fe80e8d46f83db6967271 |
| SHA512 | f9c71b43f5b0749367260b92bde49e407cc3c0cfa70c11e833b668a53bf9f67a74b777a43abeb96a1e408a136e3229c3ed609e176380dbe77852d4215cd55df9 |
memory/2240-741-0x0000000000400000-0x0000000000A06000-memory.dmp
memory/2240-1979-0x0000000000400000-0x0000000000A06000-memory.dmp
memory/2240-2489-0x0000000000400000-0x0000000000A06000-memory.dmp
memory/2240-2493-0x0000000000400000-0x0000000000A06000-memory.dmp
memory/2240-2496-0x0000000000400000-0x0000000000A06000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | d5016126caaecbfc6f8e1ce2cb013615 |
| SHA1 | 41145f3bc65a9091e0948d543c1b4e8cc4103c77 |
| SHA256 | 88517ee5ee7002dff4953e5eee9b16570b3f30b0a8a087ddbcfac9197c706e15 |
| SHA512 | 06f57d5907e237449533c3c8406405e5523ea4a94b26a8ef5a01a1fbad65177fdfad3f9118c76c1a08947215eca937d61cd70eac584c79f5ec71da3a1c513902 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nzxw1g49.default-release\cache2\doomed\30525
| MD5 | 2aae511abd0c78bbb5a2f10cecee476c |
| SHA1 | f949af6e6dd5b9f038b82a53518fb55cd6038eb5 |
| SHA256 | 748f0874f3a62fe4fb486d4d4b2a5161259d3c4941239becfcc236ab250d2e61 |
| SHA512 | b92e5dd4588455aa5d86a21e434970761e217b87e4c6b2d848d6b72dc40846e9805f1cfef553afbfc3394c47a0e0806a32b123dab5e34528c0d3b2fb64b05313 |
C:\Users\Admin\Downloads\Antivirus 2010.djeWxPNZ.zip.part
| MD5 | 1d8e68dae0d6876b229b12dc00cfb34b |
| SHA1 | 23fc52561c471501cd31de53aa878dd6b8f6fbe1 |
| SHA256 | af25c4a4b32805f7a8dac1c57290096ccf58082719b38f1570013b355d24ebaa |
| SHA512 | 813a564730aeb9d3ea95dacbc786ef869f860a72ad144be10a58a3fdab2c1346e0183fc1878b7e06db0df8f84d7283ede48077a4f5973882c0094b53779933bb |
C:\Users\Admin\Downloads\Antivirus 2010.djeWxPNZ.zip.part
| MD5 | 1876b2d886ec392d71f37423dfef0c11 |
| SHA1 | af78db6206cada4f780f030d45fcaa881f892a99 |
| SHA256 | 61ff034c476d4060fbea6debc5f84494cf02f337a9a897ddb6b3eb3a28c16406 |
| SHA512 | 9070d1c35ddc045c7d5aa7938d231d139437c0b363c72a71d1edf3b77ea40484869c92e3dc9b021c2897d224d3f2b6bcf64b4dcf44149da9d6cc15d4dfa9951e |
memory/2636-2614-0x0000000000400000-0x00000000004C4400-memory.dmp
\??\globalroot\systemroot\system32\usеrinit.exe
| MD5 | 4acd14244d2cd76d06939163127cfb10 |
| SHA1 | 75f3e3c764f7d20c9950f5410f753f3210bcc2e7 |
| SHA256 | 29b5b65a1cdf119ac7c6c9df76c6843b25a81bd00aa5a5e995ec675e34bf1acb |
| SHA512 | 001504da15c1825102479ba379b0be7ec15e779626d450d9d763552d7e1ac71f5bb86110f9361363bd401aabc53cdfd2d554480aec8bef85ed8c7b03cebf4031 |
\systemroot\system32\mseeeeee.dll
| MD5 | 8736c2a37ff0adf6f03d94bb34d1f784 |
| SHA1 | e4867b136e100c9d45f6adea593c9a636134f308 |
| SHA256 | dbe318e7c72f9558f836c920510a5245ae5af29996b62f661399ce3724458ec3 |
| SHA512 | 2bbb22540e6ae0ebdd7c5303f67fb3911025a9f8f68c1c192edf5247a66bff885e292dded093d4522488b9a98f5bb00f24b00374e8eeb219184faacc95818848 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | fe388fb8d6578d90b43eb61e3feaca2b |
| SHA1 | bf48e643161e09d25a073a27867f059fe4304e17 |
| SHA256 | 72c39bf07becc2627197d2641e4f7eda8fab894d2a742e62b2aca0428de90f1d |
| SHA512 | 5410e49a41dd0dfef2713d74d60dfd0ef25dd0890e3ecda1ca8bf511173091e8b5a143074279c49af68e5c4398a0d7c7366c6cb2484353ef6ae3e0bfd2e20ffd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 7d3d11283370585b060d50a12715851a |
| SHA1 | 3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3 |
| SHA256 | 86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9 |
| SHA512 | a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 1829d6ba5529e4d9e0b3e2ca0d3dc609 |
| SHA1 | 5e9199292a30b4153fbbfc96e0fcee9200284172 |
| SHA256 | 251fc019f78e089d1b3a91a56a1be1fb70145789ccb9a77d9538f1e80a1555ce |
| SHA512 | 87f0fa8f47e83e1ecd14de8bf2313514bfc0d4d601196dba8690696f308e6f8dd9abf672c823371c345384b77bd3c7c46598726a1e1645d28c301ece4bd85c55 |
\systemroot\system32\exefile.exe
| MD5 | 72178bb0f9674f0ce0b6b188d1219266 |
| SHA1 | ae3c43c7846c0ef977fa90991e1c366e34ab671c |
| SHA256 | 09cd3c864182b703a1384a15e60424c0ee8c82c3fd19f197c391a0e3ec5bd16e |
| SHA512 | d9004c1b8402375c92690525f06ae83198bb929bb18dfc46fda9036a4054ed9c38637438b13ecc2566f98f2a8ac297ec7f0151b63a59c4f7bbc2ab8f7b6d779e |
C:\Users\Admin\Downloads\Antivirus Platinum.39_vs2x-.zip.part
| MD5 | 674e0c6a043592ec387055d9b338887e |
| SHA1 | e9ba87cdb49a7a4285d003b31ce9fccbd7eec279 |
| SHA256 | faa9a82958f380ef30b3b0b9f9b4f796e9467e16b50c1041bfe6287cabdbf239 |
| SHA512 | 950175621961c1e585a5ce52ed51fc52e8ba3f91dc5c8f879a69513259ec22cfc9daed0ca50aa956eb2173b0127b3e33b31c03c8971a8ac087433eb6e5179d35 |
C:\Windows\302746537.exe
| MD5 | 8703ff2e53c6fd3bc91294ef9204baca |
| SHA1 | 3dbb8f7f5dfe6b235486ab867a2844b1c2143733 |
| SHA256 | 3028a2b0e95143a4caa9bcd6ae794958e7469a20c6e673da067958cbf4310035 |
| SHA512 | d5eb8a07457a78f9acd0f81d2f58bbf64b52183318b87c353a590cd2a3ac3a6ec9c1452bd52306c7cf99f19b6a897b16ceb8289a7d008c5ce3b07eda9b871204 |
memory/3300-2715-0x0000000000400000-0x0000000000410000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7216.tmp\302746537.bat
| MD5 | 7d8beb22dfcfacbbc2609f88a41c1458 |
| SHA1 | 52ec2b10489736b963d39a9f84b66bafbf15685f |
| SHA256 | 4aa9ed4b38514f117e6e4f326cb0a1be7f7b96199e21305e2bd6dce289d7baa2 |
| SHA512 | a26cf9168cf7450435a9fe8942445511f6fda1087db52bd73e335d6f5b544fc892999019d9291d9dcc60c3656de49688f6d63282c97706e2db286f988e44fd94 |
\??\c:\windows\comctl32.ocx
| MD5 | 821511549e2aaf29889c7b812674d59b |
| SHA1 | 3b2fd80f634a3d62277e0508bedca9aae0c5a0d6 |
| SHA256 | f59cdf89f0f522ce3662e09fa847bca9b277b006c415dcc0029b416c347db9c4 |
| SHA512 | 8b2e805b916e5fbfcccb0f4189372aea006789b3847b51018075187135e9b5db9098f704c1932623f356db0ee327e1539a9bf3729947e92844a26db46555e8cd |
\??\c:\windows\mscomctl.ocx
| MD5 | 714cf24fc19a20ae0dc701b48ded2cf6 |
| SHA1 | d904d2fa7639c38ffb6e69f1ef779ca1001b8c18 |
| SHA256 | 09f126e65d90026c3f659ff41b1287671b8cc1aa16240fc75dae91079a6b9712 |
| SHA512 | d375fd9b509e58c43355263753634368fa711f02a2235f31f7fa420d1ff77504d9a29bb70ae31c87671d50bd75d6b459379a1550907fbe5c37c60da835c60bc1 |
C:\Windows\antivirus-platinum.exe
| MD5 | cd1800322ccfc425014a8394b01a4b3d |
| SHA1 | 171073975effde1c712dfd86309457fd457aed33 |
| SHA256 | 8115de4ad0b7e589852f521eb4260c127f8afeaa3b0021bfc98e4928a4929ac0 |
| SHA512 | 92c22c025fd3a61979fa718bf2e89a86e51bf7e69c421a9534fbf9c2d5b23b7a9224d0e9f3e0501992038837015214d1ef73b532a68b7d19de559c9ab9c6e5f6 |
memory/2028-2727-0x0000000000400000-0x000000000040D000-memory.dmp
memory/3300-2731-0x0000000000400000-0x0000000000410000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | fb0f301b1f89164d4954b743ef9f14ed |
| SHA1 | b03c097d7c570463252dd02f8da4181951fbb2e3 |
| SHA256 | 517eff82ce39ec0f481ce74fc1e71788cd7c0f0676b298d37bd788bf417ab83f |
| SHA512 | e91edb7de89ed9763d42d237819d41b4876c17d03172496c158f4fbd5d587e04a249b237233c55d48c3f961173944719bf503a46a7a2f84f27d209a190df7b74 |
memory/2028-2742-0x0000000000400000-0x000000000040D000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | def009d41ff7ad962c212cc902a5d287 |
| SHA1 | 7f95e60acca09d1541564a02e9392b973dc5d134 |
| SHA256 | 7303e5b4920f0714dd3923ec0047fe7adb312bf19e2f62349c80ce7d4687f6dc |
| SHA512 | c83f4147e2a7df296e7048fa7b86aef323606c1a93666867d426660077408c62c2b5b59c144e4649cf9b8414594c7a586af3afb0090d0df466e040488d5f2ef2 |
memory/2028-2751-0x0000000000400000-0x000000000040D000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ea98e583ad99df195d29aa066204ab56 |
| SHA1 | f89398664af0179641aa0138b337097b617cb2db |
| SHA256 | a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6 |
| SHA512 | e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f |
\??\pipe\LOCAL\crashpad_720_LCPDGRSGSEBVUWEB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4f7152bc5a1a715ef481e37d1c791959 |
| SHA1 | c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7 |
| SHA256 | 704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc |
| SHA512 | 2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ee829b5242827c1e5c4c8c6438a41712 |
| SHA1 | cdb41e7dfacdf65f1a1dbe3caaff8405fc4121ef |
| SHA256 | 97656b2448544cb7c97ee961a370afb87c582cabea6b7d3de4a9ab40a71b7b82 |
| SHA512 | 22795da640c011fdd9cd96a2969ed7780a8ca1e92d3e16c20bc6c7fb09253bca2e7048e02648ae6fd588d8820650561940a135ffd4dd090c83c076e4eace32cd |
C:\Users\Admin\Desktop\AntiVirus Platinum.lnk
| MD5 | 90a969c42dc56a40d93a5b0e25f306cc |
| SHA1 | 9dfafa2bef58776dc1d0520c54cf0236a65de375 |
| SHA256 | ac51fd56025c90a7e6e6371c553a0cecfa2c0dded5d5b6277eee734961f43834 |
| SHA512 | 79640a85d1ed43ac48f6af83dbfc8d01d97e8897a39a2a6c8eafcdc3b3e0c822c74ccee86cb3ce0aa00477054507bfb2fa5652f1eb1fd14458ec5557df329c19 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\c14fedab-3f21-4b21-b95b-808925ad9458.tmp
| MD5 | c1c114de9f2234fb285dd242436992f6 |
| SHA1 | 2395a45d617dfe35539d23371a698ff7682fbce8 |
| SHA256 | c1f15fcd56b194eabb5e90a914383b20937f11be7f579f0c28b5a6cb84bf009d |
| SHA512 | d39020141795d1c38d9b3be86f5de116e44ce01ad68def323423c5856d071a64c3cee05254b5853fb9353536ae366df1061ee0aab34efd895f49f1885a9a52ac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 10b4ca504b64f3fe937d89997d0f859c |
| SHA1 | 697fbffd7c8ea7153f4b465b3fb27fc744cb75d2 |
| SHA256 | 70b05f84f15698a0d5fe4971d7b8c49311dc4dab4112758d54e273c4c5f84c96 |
| SHA512 | b449c6ed68c7421ad077a6be533efcabe077d433d98e2c001655fd787863419b010e33ac4ec3dcc9561798696809ea73783a87911e5ec766a42c5ee57efde318 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nzxw1g49.default-release\jumpListCache\uCSVJX35gwub+JcbfnlOfg==.ico
| MD5 | 6b120367fa9e50d6f91f30601ee58bb3 |
| SHA1 | 9a32726e2496f78ef54f91954836b31b9a0faa50 |
| SHA256 | 92c62d192e956e966fd01a0c1f721d241b9b6f256b308a2be06187a7b925f9e0 |
| SHA512 | c8d55a2c10a2ef484dedded911b8f3c2f5ecb996be6f6f425c5bd4b4f53eb620a2baccd48bac1915a81da9a792971d95ff36c3f216075d93e5fd7a462ecd784f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 1c3c58f7838dde7f753614d170f110fc |
| SHA1 | c17e5a486cecaddd6ced7217d298306850a87f48 |
| SHA256 | 81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d |
| SHA512 | 9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\datareporting\glean\db\data.safe.bin
| MD5 | c58234a092f9d899f0a623e28a4ab9db |
| SHA1 | 7398261b70453661c8b84df12e2bde7cbc07474b |
| SHA256 | eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c |
| SHA512 | ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd |
memory/2028-2937-0x0000000000400000-0x000000000040D000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nzxw1g49.default-release\cache2\doomed\20505
| MD5 | b3246525b4988174aecc93f492dd3811 |
| SHA1 | 1c9ef737de2ec305e4bcd9dbd70be2642461334f |
| SHA256 | 9c4574d238b3eb86c79c9755c4ec25cb5a9f0636442eb680886346540f520823 |
| SHA512 | 78cfc0fd4e1b09690ed35a82d1962bb9e13c63aa1270e2ca75ce434ff7ef83d537a21431a0a0920733ed51b2032e42cbe07afacaf3c2743717146421de4fc4b2 |
C:\Users\Admin\Downloads\RegistrySmart.mJAJaMwk.zip.part
| MD5 | 7958e5251e5e6f9c3b7752ff1543e28a |
| SHA1 | 86f6a8439ce6a6b30e6347c5bde7e091e5fad0ac |
| SHA256 | b31c3f9d08337314050552a7dfdceaf42bb6d22baee287cde6238a6d965d87cd |
| SHA512 | aec50b136792aebbd5aa8e5d316c39b728ff28e411dd54db99a18d5c7b9447f25629c4220800ee8dd8cd2b24a98a11d46f32b45a62bda5135c2ff0a731e032ee |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | b5f025911826b14fa06fc6619344d5b1 |
| SHA1 | b5767e5d22f798966100144d66fa979b84aae611 |
| SHA256 | 9368d6445894ae710cb346da250fdf15a33b866350d5337ce342131ff695512e |
| SHA512 | aea0a826ffe05832963bb4ac08eabb9d183c32c436bf2c5e4f08c84b97e89b3738c351ac7e3098cca1a317a6b4bfd6b03cee377a2c659e5896af27ea12ff3616 |
C:\Users\Admin\AppData\Local\Temp\7zO8F4380B1\[email protected]
| MD5 | 0002dddba512e20c3f82aaab8bad8b4d |
| SHA1 | 493286b108822ba636cc0e53b8259e4f06ecf900 |
| SHA256 | 2d68fe191ba9e97f57f07f7bd116e53800b983d267da99bf0a6e6624dd7e5cf7 |
| SHA512 | 497954400ab463eb254abe895648c208a1cc951ecb231202362dadbe3ffb49d8d853b487589ce935c1dc8171f56d0df95093ffc655c684faa944c13bcfd87b8b |
C:\Users\Admin\AppData\Local\Temp\is-5F4TA.tmp\is-PBFS8.tmp
| MD5 | 19672882daf21174647509b74a406a8c |
| SHA1 | e3313b8741bd9bbe212fe53fcc55b342af5ae849 |
| SHA256 | 34e6fea583cf1f995cf24e841da2060e0777405ac228094722f17f2e337ccea8 |
| SHA512 | eceddd4f1bbaf84dde72642f022b86033ba5a8b5105c573adcc49946d172e26e2512edce6f99e78dd3a2b0f8a23fa6138cca995a824e5f53a6ba925de434fa8f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | a43c8de30d74dfdb0aa5e015b4cf5b51 |
| SHA1 | ae951a764b7340c45199e30c2369e790a3e0ef0f |
| SHA256 | be8bd9546f41dc3b74061ca514da3717214d6ef33595f4b59087b92a71e8ed6d |
| SHA512 | 4768377a52e35d0063ac9090e7576f3f06a76a861d3111297da4858e8308598a240961e4c55cc4c330a458c6f28f7340f61c26351c45c1be481990e8989f3e13 |
C:\Program Files (x86)\RegistrySmart\RegistrySmart.exe
| MD5 | b13f9d8e3d5c88f0ddad896d7fe33a88 |
| SHA1 | e6d7dd65a85a4f97baa56ae8eb810918ff4d84fd |
| SHA256 | 6d6bd6a03387c3f3900b4b5fc1264c73b362698bf42b668b99d0e9b65f1d7663 |
| SHA512 | 3319c68b7eebe4fe5d4e385cd91226c827668d87751c5b94a2f1aac24b588e83390a349185fc9d430d1eea2e356fbcaa6543b4a5f8e25d875da7deec30c56164 |
C:\Program Files (x86)\RegistrySmart\Launcher.exe
| MD5 | 412a943768c74c06db9955d8cba40ed4 |
| SHA1 | e75a8b91bc28187edfb847c46a3d763bdb89b2cf |
| SHA256 | 8537ad8b3b76f4852c3402592e7b5b7b6d39f3477e9bc5fbe7d8af3c94d3865c |
| SHA512 | c924dff545961ddcbd4e5ca56af1a6862e5e9f596c1f830edc2c022947cecc5c59ce72f60b7a38c3f3d32503ae349565419daa5164bd2e96d13f19736b17c4b4 |
C:\Users\Admin\AppData\Roaming\RegistrySmart\Log\log_2024_06_11_15_38_48.log
| MD5 | 9d6c4929675523e8aaa55c93779e2333 |
| SHA1 | 8a7c765c653379c773ab8db835a597902f2c6d6c |
| SHA256 | c193a3e852abdfadfaf745a204d1975a636301c0681478b954d351d56e8aeb9c |
| SHA512 | 2ad7e1721557a1d42bc64ed4d5a767cc6356b094d03aceefb0f1d63c71179eb1c506e4ecd9f275167ec381b688e04f3382e004219a2c8bf20e41ac26d23050ed |
C:\Windows\Tasks\RegistrySmart Scheduled Scan.job
| MD5 | 6783cd663caac190617a42e8fa74edbb |
| SHA1 | 1bb362f57149bc5fa36a88ef4ede5a75ce39d1b8 |
| SHA256 | 378cffb3c4aa568c4e008dd3931385fd7cb880ef8e20218938db5a421701d8a9 |
| SHA512 | 54c86818846d9095d457641b88b03375e1f3d825bab57435b9cbbf84e52ad58d817d8be27cd8f0b34149f34105a8ac99ea3bc2c29d403ae84d34e7c2a2affac5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 7fba44cb533472c1e260d1f28892d86b |
| SHA1 | 727dce051fc511e000053952d568f77b538107bb |
| SHA256 | 14fb5cda1708000576f35c39c15f80a0c653afaf42ed137a3d31678f94b6e8bf |
| SHA512 | 1330b0f39614a3af2a6f5e1ea558b3f5451a7af20b6f7a704784b139a0ec17a20c8d7b903424cb8020a003319a3d75794e9fe8bc0aeb39e81721b9b2fdb9e031 |
C:\Users\Admin\Desktop\RegistrySmart.lnk
| MD5 | cb4547c3ac00f1e8092f4625a1e6f153 |
| SHA1 | be417b016fd3e8f8e7b214736bcf80e01a7eaf78 |
| SHA256 | 8437af0ef1261979e9689760696767fe24bef3ba307598030f91e973926df064 |
| SHA512 | 7a2cd6e8eb4ada3731587bbc8614d0c14d58dd33d9a12a5d865e9056fbc9bc2b1b333be948248380b97f4d3d788967c64eeb7f46f4c6d7e1055c2ad5ae104750 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 838a7b32aefb618130392bc7d006aa2e |
| SHA1 | 5159e0f18c9e68f0e75e2239875aa994847b8290 |
| SHA256 | ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa |
| SHA512 | 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
| MD5 | e0b0839768861696c054d129d6be3fbe |
| SHA1 | ad8b4687d365057c2eef2db03f497081cd5bcc4a |
| SHA256 | 285e9be687cfa76943acdeabd5af136090a6e7a028cdac348599fe43143cbe08 |
| SHA512 | e022d878995e652997f8068df8f1224a439d6b5d4933670e00f1e65427572db5289ec5570a1b3c70a0e91866a1979d53ba0393173b9aa736966521374cc1eb9d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13362593682174354
| MD5 | 0743e569ac471896236d1936562bb205 |
| SHA1 | af5eb28e943287bae65c2d51c3a5b12947db5465 |
| SHA256 | 64397a737bb6f8be1463cc93f3cb15ea404946a9e9a76701aaf2f68c11df14be |
| SHA512 | eae73bf7c905bd9220d861827874001186e801afc3106ea6b7682a5101420f55f2199cfb0cdaedbb665536af59e9612e806d45f47d56a648844dcdedb33704a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
| MD5 | a9851aa4c3c8af2d1bd8834201b2ba51 |
| SHA1 | fa95986f7ebfac4aab3b261d3ed0a21b142e91fc |
| SHA256 | e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191 |
| SHA512 | 41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
| MD5 | ca54a244e1b79cddb025761feb45fb62 |
| SHA1 | 9c12673824faadfb378368df65b348c4ed6f9092 |
| SHA256 | fb710716ce036dd41439cacfece25a0d21661ad8481467bbefa8adcd3ddb5bc7 |
| SHA512 | e614afb3de0b760fcb5e359e21456e8f7bafcd2d57adc35c34447a361e1ed31427defae9aed47d412d8cca692f22abaf89422128ced39efd24b68ef841ddcc49 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a110c551b09a6093d0700e4faad46fcf |
| SHA1 | c6c8bb93945dee02b8cbb57cd69b430cfb41289b |
| SHA256 | 9e6713ce7eb9fd0dd8abf440e7b8a3c1ace63fc74630faa32554520391a89aa9 |
| SHA512 | 0b7a75399edaaf9d34a313a82d5c1bbbdc66b6849a9a3ea276803e9beaa0c4a375096d9336db516eaa77af370c61c95753ba04ed3ed8e280cce5eeae9ecd7559 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
| MD5 | 057edfeea949b819687171f3d87f4671 |
| SHA1 | 806b5d29574bffa70c76fbfc72bc659cc4cb7b38 |
| SHA256 | 96c2a6ccc2be9767fafe292666218c8e038ce4aa560ffb6b67a37cf5cef5af42 |
| SHA512 | 87b9a1bb80bb622d2ed55c0a3be43720356aca9034e7dbdb2ba8eb51504ed8732a55429a6ecf3468f6b256556abe070f2ffd1b76c2dfbd2edc25aefb8ddc955f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
| MD5 | c25be602e94358c7f38f693358a3ee46 |
| SHA1 | 5f229e38a9077f3630184e2b751e9e4cb85ece05 |
| SHA256 | 27c4d0d7e18daf55e503e024f58885ec7050b27defa9f4197edbea39ae631969 |
| SHA512 | b080b5ffe4dd560aa599a0e1c84bff6ce2f87f6a5403152d9b5f88bdb76bf5297a7d1c7ced7fd30b5ad376350b2b813b5bfbd0cf7f317caea7422f7a41a9b172 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3b20f2846f26ea97c050251a2ef2f22d |
| SHA1 | c5497f7b8dcf832e5a6cdcd51016b7a57723508b |
| SHA256 | 9efeedc8bb66c657d5bd2abbf145a5d78884257afd2f42ac0d835f9d2e6a39bc |
| SHA512 | 9a6ccceb22525391851228258448d06ea3d67c57c42677f5f4fa52aac93dbb3353bb95a27ee3bfdd1b32b62f47bbb359b50aa903deb58a35f6eafbda52237d3a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | fc502f22fc3a22b3f20cf5e842eb162c |
| SHA1 | 1586d3f30cb82dfb017f157a93acdad7924fb389 |
| SHA256 | 0fa562c7419fc0d981aef39241af2653135d5fce342143288dfb684d0054333a |
| SHA512 | 022800dfe60d281fe42a1063ab3438ec63f85327c1724e6b390b225933da06d79c3f6aae3c970e347b52550092d2912128e604ac830450ba2d03e3f1b0ff875a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | 9e21cc57b48668924ed30c9e18646d7b |
| SHA1 | e03b30a5ad05b5b6b216ebcf109fcc518ec818f4 |
| SHA256 | ea9441d5e3a43799087236422691ac403767e1452cc084e520aaa2524e3b8530 |
| SHA512 | d5ecccb20e9cabcf3ade6b5dcae0a378d53c0b31e64c13809cad80772bd064dd12865afd01ea4dbde9d05fe41f1baa8fbfeb32a53f3f7849ce9937e2e801cbdc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
| MD5 | 68a93a988be3e59474c056dc330630ca |
| SHA1 | 662b26d796fd80635ffe562ce506bf5744a0e09b |
| SHA256 | 1fc1f9aa36852ba3e274184aa731531c7322e5059fb61ea11174c0d3214f4f52 |
| SHA512 | 343e794347b68ebfd4bbeadfdce165609347c1532f874c413fb1cb15e450ebbd00fa2b6382df21387ed6814488c959c8deb195f3816a964982d6f9a108428ee2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | ec00fe2e0a6f3721be99c0cfe55989cc |
| SHA1 | 43fe3b022658c74083ecbe7bbc114d6659084fff |
| SHA256 | cc3f81baf47c8a2f78515b37837bfdfa5e28380d8b96271ef850ce1e23637e3a |
| SHA512 | 107073b10d377a2d816d2ee64131244c4d1aaa3ecd6d14b8cd0b8044e35ca235666cdb1bbf20a932e482c858ff5aba1bc45a56d85499c20650275a218463a3cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | 45d090deb4f625e9e9ead5e31e0c80c6 |
| SHA1 | 0a816422da2df56abfe112d94d41d39f3682f0c6 |
| SHA256 | e74c44b7cf913c06d8feef6ee865d1385ac585954b4b4f07111249890ff30141 |
| SHA512 | 4cb431c7c6d191780ddb4fe4fe7b8d79eb33d7375f5157effa9ff6a28896fa920e71f0e3df9745921c5b876ed2620a4af124f9161aea42c0be1dbabac5eaed49 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 4af8ce4c8878131f1656c607daa1319d |
| SHA1 | c7493985fa5ed8ba9b9ed24c0a167d7815c76edd |
| SHA256 | 12aeb379fe63bc228a2dc9a77a71e7321d1f91af15f06005c58785c6f1a06a33 |
| SHA512 | 0df9ae33db20050c61d173051f61ab3db23fe7d6325e45d75aa5e28a4e00a0bc6fc3c5e2234e336b68f1a9c8632a0e45e5d6a31f8a5625343cb31f9e4c5c3f11 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9503b7271103218128042c81d1ce315a |
| SHA1 | 03d9294cc05df982c588308ed5b6708c785bfc49 |
| SHA256 | 3d484f172d2e3ffeff9e1cf4a0c5c39e334b53a04e729947e59a2209105c7d52 |
| SHA512 | 5f93b89f972eaa8d75c0c7c03870da40cc80d460fde23da937cbba45d75adddad83dfc5d3f42fd741e3c883a14523177f7fb618b2b1f124a226556660f1ef352 |