Malware Analysis Report

2024-10-10 12:05

Sample ID 240613-rbrz6a1hrc
Target Git-2.45.2-64-bit.exe
SHA256 ce022a6a19e58bbbd4823f51cf798b006b4a683b93b0616a7bb5beeee901da98
Tags
discovery
score
4/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
4/10

SHA256

ce022a6a19e58bbbd4823f51cf798b006b4a683b93b0616a7bb5beeee901da98

Threat Level: Likely benign

The file Git-2.45.2-64-bit.exe was found to be: Likely benign.

Malicious Activity Summary

discovery

Checks installed software on the system

Executes dropped EXE

Loads dropped DLL

Drops file in Program Files directory

Enumerates physical storage devices

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Modifies registry class

Runs net.exe

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 14:01

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 14:01

Reported

2024-06-13 14:03

Platform

win10v2004-20240611-en

Max time kernel

79s

Max time network

80s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Git-2.45.2-64-bit.exe"

Signatures

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\is-OTM1R.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\usr\share\vim\vim91\lang\is-VVQN5.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\usr\share\gnupg\is-97NV4.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\usr\share\vim\vim91\tutor\is-O1AR2.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\usr\share\vim\vim91\compiler\is-DQPUR.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\usr\share\vim\vim91\ftplugin\is-OEM8N.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\usr\share\vim\vim91\ftplugin\is-2579V.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\mingw64\share\doc\git-doc\is-5VCMO.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\usr\lib\perl5\core_perl\Encode\MIME\is-35QF7.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\In\is-8OC8M.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\usr\share\perl5\core_perl\Test\Tester\is-49HSP.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\mingw64\share\perl5\FromCPAN\Mail\is-JGO6Q.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\usr\lib\perl5\core_perl\List\Util\is-DTB0O.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\is-LK354.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\etc\gitconfig.lock C:\Program Files\Git\mingw64\bin\git.exe N/A
File created C:\Program Files\Git\mingw64\lib\tcl8.6\tzdata\Australia\is-030GD.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\is-BAC4D.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\usr\share\perl5\core_perl\Test2\EventFacet\Info\is-8AH7N.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\usr\share\vim\vim91\tools\is-IS4MQ.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\mingw64\lib\tcl8.6\msgs\is-B3NQT.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\mingw64\lib\tcl8.6\msgs\is-71PB3.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\usr\share\mintty\lang\is-FVESK.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Perl\is-Q5JI6.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\usr\share\perl5\vendor_perl\URI\is-P34G3.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\mingw64\share\doc\xz\api\is-4L77C.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\mingw64\share\git-gui\lib\is-6K2GL.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InPC\is-JAD19.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\usr\share\vim\vim91\syntax\is-KSC3T.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\is-1B46O.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\usr\share\vim\vim91\syntax\is-B74V1.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\usr\bin\is-3RBT3.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\usr\bin\is-INFVS.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\usr\share\vim\vim91\compiler\is-EPCKQ.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\usr\share\vim\vim91\syntax\is-MIOEL.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\usr\share\vim\vim91\syntax\is-940TQ.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\mingw64\lib\tcl8.6\msgs\is-5GHH7.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\mingw64\lib\tcl8.6\tzdata\Australia\is-JDHVG.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\mingw64\lib\tcl8.6\tzdata\America\is-3GPRV.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\usr\bin\is-NJGIQ.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\usr\share\vim\vim91\doc\is-N5L1U.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File opened for modification C:\Program Files\Git\mingw64\bin\Avalonia.dll C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\mingw64\lib\tcl8.6\tzdata\Pacific\is-C4GCV.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Perl\is-HB3EU.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\usr\share\perl5\core_perl\Term\is-UE1VO.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\mingw64\bin\is-IQEV9.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\usr\share\vim\vim91\syntax\is-3G793.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\is-7AS8R.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\usr\share\vim\vim91\lang\is-TJEF3.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\usr\lib\perl5\core_perl\Unicode\Collate\is-G1P4C.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\mingw64\lib\tk8.6\demos\is-DPMVN.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\usr\share\vim\vim91\lang\is-E4DA6.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\mingw64\lib\tcl8.6\encoding\is-MLQ4V.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\usr\share\licenses\libssh2\is-TU9GG.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\mingw64\lib\tcl8.6\msgs\is-LB9C8.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\usr\share\perl5\core_perl\Digest\is-05INB.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\usr\share\vim\vim91\doc\is-G2NPC.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\usr\share\vim\vim91\lang\is-1BB65.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\usr\share\vim\vim91\syntax\is-I67N4.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Ea\is-FB3SL.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\usr\bin\is-I847J.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\usr\lib\terminfo\78\is-4Q01P.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\usr\share\vim\vim91\doc\is-AS1D3.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\usr\share\vim\vim91\keymap\is-EST32.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
File created C:\Program Files\Git\mingw64\share\doc\git-doc\is-2NQV8.tmp C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\cmd\scalar.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\scalar.exe N/A
N/A N/A C:\Program Files\Git\usr\bin\bash.exe N/A
N/A N/A C:\Program Files\Git\usr\bin\bash.exe N/A
N/A N/A C:\Program Files\Git\usr\bin\bash.exe N/A
N/A N/A C:\Program Files\Git\usr\bin\ln.exe N/A
N/A N/A C:\Program Files\Git\usr\bin\bash.exe N/A
N/A N/A C:\Program Files\Git\usr\bin\cygpath.exe N/A
N/A N/A C:\Program Files\Git\usr\bin\bash.exe N/A
N/A N/A C:\Program Files\Git\usr\bin\expr.exe N/A
N/A N/A C:\Program Files\Git\usr\bin\bash.exe N/A
N/A N/A C:\Program Files\Git\usr\bin\cp.exe N/A
N/A N/A C:\Program Files\Git\usr\bin\bash.exe N/A
N/A N/A C:\Program Files\Git\usr\bin\cygpath.exe N/A
N/A N/A C:\Program Files\Git\usr\bin\bash.exe N/A
N/A N/A C:\Program Files\Git\usr\bin\expr.exe N/A
N/A N/A C:\Program Files\Git\usr\bin\bash.exe N/A
N/A N/A C:\Program Files\Git\usr\bin\cp.exe N/A
N/A N/A C:\Program Files\Git\usr\bin\bash.exe N/A
N/A N/A C:\Program Files\Git\usr\bin\cygpath.exe N/A
N/A N/A C:\Program Files\Git\usr\bin\bash.exe N/A
N/A N/A C:\Program Files\Git\usr\bin\expr.exe N/A
N/A N/A C:\Program Files\Git\usr\bin\bash.exe N/A
N/A N/A C:\Program Files\Git\usr\bin\cp.exe N/A
N/A N/A C:\Program Files\Git\usr\bin\bash.exe N/A
N/A N/A C:\Program Files\Git\usr\bin\cygpath.exe N/A
N/A N/A C:\Program Files\Git\usr\bin\bash.exe N/A
N/A N/A C:\Program Files\Git\usr\bin\expr.exe N/A
N/A N/A C:\Program Files\Git\usr\bin\bash.exe N/A
N/A N/A C:\Program Files\Git\usr\bin\cp.exe N/A
N/A N/A C:\Program Files\Git\usr\bin\bash.exe N/A
N/A N/A C:\Program Files\Git\usr\bin\rm.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A
N/A N/A C:\Program Files\Git\mingw64\bin\git.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\Background\shell\git_shell C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\LibraryFolder\background\shell\git_shell\command C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\LibraryFolder\background\shell\git_shell\command\ = "\"C:\\Program Files\\Git\\git-bash.exe\" \"--cd=%v.\"" C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\background\shell\git_gui\Icon = "C:\\Program Files\\Git\\cmd\\git-gui.exe" C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Key created \REGISTRY\MACHINE\Software\Classes\.gitattributes C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\sh_auto_file\shell\open\command C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Key created \REGISTRY\MACHINE\Software\Classes\sh_auto_file\ShellEx\DropHandler C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\LibraryFolder C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\LibraryFolder\background\shell C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\git_gui\ = "Open Git &GUI here" C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Key created \REGISTRY\MACHINE\Software\Classes\sh_auto_file\shell\open\command C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\sh_auto_file\shell C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\sh_auto_file\ShellEx\DropHandler C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\Background\shell\git_shell\command C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\background\shell\git_shell\command\ = "\"C:\\Program Files\\Git\\git-bash.exe\" \"--cd=%v.\"" C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\git_gui C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\background\shell\git_gui\ = "Open Git &GUI here" C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.gitattributes\PerceivedType = "text" C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\git_shell\command\ = "\"C:\\Program Files\\Git\\git-bash.exe\" \"--cd=%1\"" C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.gitmodules\Content Type = "text/plain" C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.gitattributes\ = "txtfile" C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.gitattributes\Content Type = "text/plain" C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\background\shell\git_shell\Icon = "C:\\Program Files\\Git\\git-bash.exe" C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\LibraryFolder\background C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\LibraryFolder\background\shell\git_shell\ = "Open Git Ba&sh here" C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\git_shell C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\git_shell\ = "Open Git Ba&sh here" C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\sh_auto_file\ = "Shell Script" C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\git_gui\command\ = "\"C:\\Program Files\\Git\\cmd\\git-gui.exe\" \"--working-dir\" \"%1\"" C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\Background\shell\git_gui C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Key created \REGISTRY\MACHINE\Software\Classes\.sh C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Key created \REGISTRY\MACHINE\Software\Classes\sh_auto_file C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\git_gui\Icon = "C:\\Program Files\\Git\\cmd\\git-gui.exe" C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\LibraryFolder\background\shell\git_gui\ = "Open Git &GUI here" C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\LibraryFolder\Background\shell\git_gui\command C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Key created \REGISTRY\MACHINE\Software\Classes\.gitignore C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\sh_auto_file C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\sh_auto_file\shell\open C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\sh_auto_file\ShellEx\DropHandler\ = "{60254CA5-953B-11CF-8C96-00AA00B8708C}" C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\LibraryFolder\background\shell\git_shell C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\LibraryFolder\Background\shell\git_gui C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\LibraryFolder\background\shell\git_gui\command\ = "\"C:\\Program Files\\Git\\cmd\\git-gui.exe\" \"--working-dir\" \"%v.\"" C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Key created \REGISTRY\MACHINE\Software\Classes\.gitmodules C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.gitmodules\PerceivedType = "text" C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\sh_auto_file\ShellEx C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\sh_auto_file\shell\open\command\ = "\"C:\\Program Files\\Git\\git-bash.exe\" --no-cd \"%L\" %*" C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Key created \REGISTRY\MACHINE\Software\Classes\sh_auto_file\DefaultIcon C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\LibraryFolder\background\shell\git_gui\Icon = "C:\\Program Files\\Git\\cmd\\git-gui.exe" C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\sh_auto_file\DefaultIcon\ = "%SystemRoot%\\System32\\shell32.dll,-153" C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\Background\shell\git_gui\command C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\background\shell\git_gui\command\ = "\"C:\\Program Files\\Git\\cmd\\git-gui.exe\" \"--working-dir\" \"%v.\"" C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.gitignore\PerceivedType = "text" C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\LibraryFolder\background\shell\git_shell\Icon = "C:\\Program Files\\Git\\git-bash.exe" C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\git_shell\Icon = "C:\\Program Files\\Git\\git-bash.exe" C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\git_gui\command C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.gitignore\Content Type = "text/plain" C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\git_shell\command C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\background\shell\git_shell\ = "Open Git Ba&sh here" C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.sh\ = "sh_auto_file" C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.gitignore\ = "txtfile" C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.gitmodules\ = "txtfile" C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A

Runs net.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\Git\usr\bin\bash.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\Git\usr\bin\bash.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Git\usr\bin\bash.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Git\usr\bin\bash.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\Git\usr\bin\bash.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Git\usr\bin\bash.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Git\usr\bin\bash.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\Git\usr\bin\bash.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Git\usr\bin\bash.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Git\usr\bin\bash.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\Git\usr\bin\bash.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Git\usr\bin\bash.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Git\usr\bin\bash.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\Git\usr\bin\bash.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Git\usr\bin\bash.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Git\usr\bin\ln.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\Git\usr\bin\ln.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Git\usr\bin\ln.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Git\usr\bin\bash.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\Git\usr\bin\bash.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Git\usr\bin\bash.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Git\usr\bin\bash.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\Git\usr\bin\bash.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Git\usr\bin\bash.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Git\usr\bin\cygpath.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\Git\usr\bin\cygpath.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Git\usr\bin\cygpath.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Git\usr\bin\bash.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\Git\usr\bin\bash.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Git\usr\bin\bash.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Git\usr\bin\bash.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\Git\usr\bin\bash.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Git\usr\bin\bash.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Git\usr\bin\expr.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\Git\usr\bin\expr.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Git\usr\bin\expr.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Git\usr\bin\bash.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\Git\usr\bin\bash.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Git\usr\bin\bash.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Git\usr\bin\bash.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\Git\usr\bin\bash.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Git\usr\bin\bash.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Git\usr\bin\cp.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\Git\usr\bin\cp.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Git\usr\bin\cp.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Git\usr\bin\bash.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\Git\usr\bin\bash.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Git\usr\bin\bash.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Git\usr\bin\bash.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\Git\usr\bin\bash.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Git\usr\bin\bash.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Git\usr\bin\cygpath.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\Git\usr\bin\cygpath.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Git\usr\bin\cygpath.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Git\usr\bin\bash.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\Git\usr\bin\bash.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Git\usr\bin\bash.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Git\usr\bin\bash.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\Git\usr\bin\bash.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Git\usr\bin\bash.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Git\usr\bin\expr.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\Git\usr\bin\expr.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Git\usr\bin\expr.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Git\usr\bin\bash.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 372 wrote to memory of 4824 N/A C:\Users\Admin\AppData\Local\Temp\Git-2.45.2-64-bit.exe C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp
PID 372 wrote to memory of 4824 N/A C:\Users\Admin\AppData\Local\Temp\Git-2.45.2-64-bit.exe C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp
PID 372 wrote to memory of 4824 N/A C:\Users\Admin\AppData\Local\Temp\Git-2.45.2-64-bit.exe C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp
PID 4824 wrote to memory of 1316 N/A C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp C:\Windows\system32\cmd.exe
PID 4824 wrote to memory of 1316 N/A C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp C:\Windows\system32\cmd.exe
PID 1316 wrote to memory of 2392 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 1316 wrote to memory of 2392 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 2392 wrote to memory of 4964 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2392 wrote to memory of 4964 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 4824 wrote to memory of 2820 N/A C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp C:\Program Files\Git\mingw64\bin\git.exe
PID 4824 wrote to memory of 2820 N/A C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp C:\Program Files\Git\mingw64\bin\git.exe
PID 4824 wrote to memory of 4996 N/A C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp C:\Program Files\Git\mingw64\bin\git.exe
PID 4824 wrote to memory of 4996 N/A C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp C:\Program Files\Git\mingw64\bin\git.exe
PID 4824 wrote to memory of 4836 N/A C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp C:\Program Files\Git\mingw64\bin\git.exe
PID 4824 wrote to memory of 4836 N/A C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp C:\Program Files\Git\mingw64\bin\git.exe
PID 4824 wrote to memory of 4556 N/A C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp C:\Program Files\Git\mingw64\bin\git.exe
PID 4824 wrote to memory of 4556 N/A C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp C:\Program Files\Git\mingw64\bin\git.exe
PID 4824 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp C:\Program Files\Git\mingw64\bin\git.exe
PID 4824 wrote to memory of 3972 N/A C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp C:\Program Files\Git\mingw64\bin\git.exe
PID 4824 wrote to memory of 764 N/A C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp C:\Program Files\Git\mingw64\bin\git.exe
PID 4824 wrote to memory of 764 N/A C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp C:\Program Files\Git\mingw64\bin\git.exe
PID 4824 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp C:\Program Files\Git\mingw64\bin\git.exe
PID 4824 wrote to memory of 2284 N/A C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp C:\Program Files\Git\mingw64\bin\git.exe
PID 4824 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp C:\Program Files\Git\mingw64\bin\git.exe
PID 4824 wrote to memory of 1348 N/A C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp C:\Program Files\Git\mingw64\bin\git.exe
PID 4824 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp C:\Program Files\Git\mingw64\bin\git.exe
PID 4824 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp C:\Program Files\Git\mingw64\bin\git.exe
PID 4824 wrote to memory of 3104 N/A C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp C:\Program Files\Git\mingw64\bin\git.exe
PID 4824 wrote to memory of 3104 N/A C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp C:\Program Files\Git\mingw64\bin\git.exe
PID 4824 wrote to memory of 1316 N/A C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp C:\Program Files\Git\mingw64\bin\git.exe
PID 4824 wrote to memory of 1316 N/A C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp C:\Program Files\Git\mingw64\bin\git.exe
PID 4824 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp C:\Program Files\Git\mingw64\bin\git.exe
PID 4824 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp C:\Program Files\Git\mingw64\bin\git.exe
PID 4824 wrote to memory of 436 N/A C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp C:\Program Files\Git\mingw64\bin\git.exe
PID 4824 wrote to memory of 436 N/A C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp C:\Program Files\Git\mingw64\bin\git.exe
PID 4824 wrote to memory of 3700 N/A C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp C:\Program Files\Git\mingw64\bin\git.exe
PID 4824 wrote to memory of 3700 N/A C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp C:\Program Files\Git\mingw64\bin\git.exe
PID 4824 wrote to memory of 4548 N/A C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp C:\Program Files\Git\mingw64\bin\git.exe
PID 4824 wrote to memory of 4548 N/A C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp C:\Program Files\Git\mingw64\bin\git.exe
PID 4824 wrote to memory of 540 N/A C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp C:\Program Files\Git\mingw64\bin\git.exe
PID 4824 wrote to memory of 540 N/A C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp C:\Program Files\Git\mingw64\bin\git.exe
PID 4824 wrote to memory of 732 N/A C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp C:\Windows\system32\cmd.exe
PID 4824 wrote to memory of 732 N/A C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp C:\Windows\system32\cmd.exe
PID 732 wrote to memory of 2820 N/A C:\Windows\system32\cmd.exe C:\Program Files\Git\cmd\scalar.exe
PID 732 wrote to memory of 2820 N/A C:\Windows\system32\cmd.exe C:\Program Files\Git\cmd\scalar.exe
PID 2820 wrote to memory of 1180 N/A C:\Program Files\Git\cmd\scalar.exe C:\Program Files\Git\mingw64\bin\scalar.exe
PID 2820 wrote to memory of 1180 N/A C:\Program Files\Git\cmd\scalar.exe C:\Program Files\Git\mingw64\bin\scalar.exe
PID 4824 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp C:\Windows\system32\cmd.exe
PID 4824 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp C:\Windows\system32\cmd.exe
PID 2752 wrote to memory of 5088 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2752 wrote to memory of 5088 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2752 wrote to memory of 4324 N/A C:\Windows\system32\cmd.exe C:\Program Files\Git\usr\bin\bash.exe
PID 2752 wrote to memory of 4324 N/A C:\Windows\system32\cmd.exe C:\Program Files\Git\usr\bin\bash.exe
PID 4324 wrote to memory of 3416 N/A C:\Program Files\Git\usr\bin\bash.exe C:\Program Files\Git\usr\bin\bash.exe
PID 4324 wrote to memory of 3416 N/A C:\Program Files\Git\usr\bin\bash.exe C:\Program Files\Git\usr\bin\bash.exe
PID 4324 wrote to memory of 3416 N/A C:\Program Files\Git\usr\bin\bash.exe C:\Program Files\Git\usr\bin\bash.exe
PID 4324 wrote to memory of 4784 N/A C:\Program Files\Git\usr\bin\bash.exe C:\Program Files\Git\usr\bin\bash.exe
PID 4324 wrote to memory of 4784 N/A C:\Program Files\Git\usr\bin\bash.exe C:\Program Files\Git\usr\bin\bash.exe
PID 4324 wrote to memory of 4784 N/A C:\Program Files\Git\usr\bin\bash.exe C:\Program Files\Git\usr\bin\bash.exe
PID 4784 wrote to memory of 4576 N/A C:\Program Files\Git\usr\bin\bash.exe C:\Program Files\Git\usr\bin\ln.exe
PID 4784 wrote to memory of 4576 N/A C:\Program Files\Git\usr\bin\bash.exe C:\Program Files\Git\usr\bin\ln.exe
PID 4324 wrote to memory of 3972 N/A C:\Program Files\Git\usr\bin\bash.exe C:\Program Files\Git\usr\bin\bash.exe
PID 4324 wrote to memory of 3972 N/A C:\Program Files\Git\usr\bin\bash.exe C:\Program Files\Git\usr\bin\bash.exe
PID 4324 wrote to memory of 3972 N/A C:\Program Files\Git\usr\bin\bash.exe C:\Program Files\Git\usr\bin\bash.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Git-2.45.2-64-bit.exe

"C:\Users\Admin\AppData\Local\Temp\Git-2.45.2-64-bit.exe"

C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp

"C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp" /SL5="$A0122,66949336,867328,C:\Users\Admin\AppData\Local\Temp\Git-2.45.2-64-bit.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe" /d /c net session >"C:\Users\Admin\AppData\Local\Temp\is-IKN9K.tmp\net-session.txt"

C:\Windows\system32\net.exe

net session

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 session

C:\Program Files\Git\mingw64\bin\git.exe

"C:\Program Files\Git\mingw64\bin\git.exe" config --system --replace-all "diff.astextplain.textconv" "astextplain"

C:\Program Files\Git\mingw64\bin\git.exe

"C:\Program Files\Git\mingw64\bin\git.exe" config --system --replace-all "filter.lfs.clean" "git-lfs clean -- %f"

C:\Program Files\Git\mingw64\bin\git.exe

"C:\Program Files\Git\mingw64\bin\git.exe" config --system --replace-all "filter.lfs.smudge" "git-lfs smudge -- %f"

C:\Program Files\Git\mingw64\bin\git.exe

"C:\Program Files\Git\mingw64\bin\git.exe" config --system --replace-all "filter.lfs.process" "git-lfs filter-process"

C:\Program Files\Git\mingw64\bin\git.exe

"C:\Program Files\Git\mingw64\bin\git.exe" config --system --replace-all "filter.lfs.required" "true"

C:\Program Files\Git\mingw64\bin\git.exe

"C:\Program Files\Git\mingw64\bin\git.exe" config --system --replace-all "http.sslBackend" "openssl"

C:\Program Files\Git\mingw64\bin\git.exe

"C:\Program Files\Git\mingw64\bin\git.exe" config --system --replace-all "http.sslCAInfo" "C:/Program Files/Git/mingw64/etc/ssl/certs/ca-bundle.crt"

C:\Program Files\Git\mingw64\bin\git.exe

"C:\Program Files\Git\mingw64\bin\git.exe" config --system --replace-all "core.autocrlf" "true"

C:\Program Files\Git\mingw64\bin\git.exe

"C:\Program Files\Git\mingw64\bin\git.exe" config --system --replace-all "pull.rebase" "false"

C:\Program Files\Git\mingw64\bin\git.exe

"C:\Program Files\Git\mingw64\bin\git.exe" config --system --replace-all "credential.helper" "manager"

C:\Program Files\Git\mingw64\bin\git.exe

"C:\Program Files\Git\mingw64\bin\git.exe" config --system --replace-all "credential.https://dev.azure.com.useHttpPath" "true"

C:\Program Files\Git\mingw64\bin\git.exe

"C:\Program Files\Git\mingw64\bin\git.exe" config --system --replace-all "core.fscache" "true"

C:\Program Files\Git\mingw64\bin\git.exe

"C:\Program Files\Git\mingw64\bin\git.exe" config --system --replace-all "core.symlinks" "false"

C:\Program Files\Git\mingw64\bin\git.exe

"C:\Program Files\Git\mingw64\bin\git.exe" config --system --unset-all core.fsmonitor

C:\Program Files\Git\mingw64\bin\git.exe

"C:\Program Files\Git\mingw64\bin\git.exe" config --system --unset-all ssh.variant

C:\Program Files\Git\mingw64\bin\git.exe

"C:\Program Files\Git\mingw64\bin\git.exe" config --system --replace-all "init.defaultBranch" "master"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe" /D /C ""C:\Program Files\Git\cmd\scalar.exe" reconfigure --all >"C:\Users\Admin\AppData\Local\Temp\is-IKN9K.tmp\scalar-reconfigure.out" 2>"C:\Users\Admin\AppData\Local\Temp\is-IKN9K.tmp\scalar-reconfigure.err""

C:\Program Files\Git\cmd\scalar.exe

"C:\Program Files\Git\cmd\scalar.exe" reconfigure --all

C:\Program Files\Git\mingw64\bin\scalar.exe

git.exe reconfigure --all

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe" /C ""C:\Program Files\Git\post-install.bat" >"C:\Users\Admin\AppData\Local\Temp\is-IKN9K.tmp\post-install.log""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "VER"

C:\Program Files\Git\usr\bin\bash.exe

usr\bin\bash.exe --norc -c "export PATH=/usr/bin:$PATH; export SYSCONFDIR=/etc; for p in $(export LC_COLLATE=C; echo /etc/post-install/*.post); do test -e \"$p\" && . \"$p\"; done"

C:\Program Files\Git\usr\bin\bash.exe

usr\bin\bash.exe --norc -c "export PATH=/usr/bin:$PATH; export SYSCONFDIR=/etc; for p in $(export LC_COLLATE=C; echo /etc/post-install/*.post); do test -e \"$p\" && . \"$p\"; done"

C:\Program Files\Git\usr\bin\bash.exe

usr\bin\bash.exe --norc -c "export PATH=/usr/bin:$PATH; export SYSCONFDIR=/etc; for p in $(export LC_COLLATE=C; echo /etc/post-install/*.post); do test -e \"$p\" && . \"$p\"; done"

C:\Program Files\Git\usr\bin\ln.exe

"C:\Program Files\Git\usr\bin\ln.exe" -sf /proc/mounts /etc/mtab

C:\Program Files\Git\usr\bin\bash.exe

usr\bin\bash.exe --norc -c "export PATH=/usr/bin:$PATH; export SYSCONFDIR=/etc; for p in $(export LC_COLLATE=C; echo /etc/post-install/*.post); do test -e \"$p\" && . \"$p\"; done"

C:\Program Files\Git\usr\bin\cygpath.exe

"C:\Program Files\Git\usr\bin\cygpath.exe" -S -w

C:\Program Files\Git\usr\bin\bash.exe

usr\bin\bash.exe --norc -c "export PATH=/usr/bin:$PATH; export SYSCONFDIR=/etc; for p in $(export LC_COLLATE=C; echo /etc/post-install/*.post); do test -e \"$p\" && . \"$p\"; done"

C:\Program Files\Git\usr\bin\expr.exe

"C:\Program Files\Git\usr\bin\expr.exe" substr hosts 1 8

C:\Program Files\Git\usr\bin\bash.exe

usr\bin\bash.exe --norc -c "export PATH=/usr/bin:$PATH; export SYSCONFDIR=/etc; for p in $(export LC_COLLATE=C; echo /etc/post-install/*.post); do test -e \"$p\" && . \"$p\"; done"

C:\Program Files\Git\usr\bin\cp.exe

"C:\Program Files\Git\usr\bin\cp.exe" -p -v C:\Windows\system32\drivers\etc\hosts /etc/hosts

C:\Program Files\Git\usr\bin\bash.exe

usr\bin\bash.exe --norc -c "export PATH=/usr/bin:$PATH; export SYSCONFDIR=/etc; for p in $(export LC_COLLATE=C; echo /etc/post-install/*.post); do test -e \"$p\" && . \"$p\"; done"

C:\Program Files\Git\usr\bin\cygpath.exe

"C:\Program Files\Git\usr\bin\cygpath.exe" -S -w

C:\Program Files\Git\usr\bin\bash.exe

usr\bin\bash.exe --norc -c "export PATH=/usr/bin:$PATH; export SYSCONFDIR=/etc; for p in $(export LC_COLLATE=C; echo /etc/post-install/*.post); do test -e \"$p\" && . \"$p\"; done"

C:\Program Files\Git\usr\bin\expr.exe

"C:\Program Files\Git\usr\bin\expr.exe" substr protocols 1 8

C:\Program Files\Git\usr\bin\bash.exe

usr\bin\bash.exe --norc -c "export PATH=/usr/bin:$PATH; export SYSCONFDIR=/etc; for p in $(export LC_COLLATE=C; echo /etc/post-install/*.post); do test -e \"$p\" && . \"$p\"; done"

C:\Program Files\Git\usr\bin\cp.exe

"C:\Program Files\Git\usr\bin\cp.exe" -p -v C:\Windows\system32\drivers\etc\protocol /etc/protocols

C:\Program Files\Git\usr\bin\bash.exe

usr\bin\bash.exe --norc -c "export PATH=/usr/bin:$PATH; export SYSCONFDIR=/etc; for p in $(export LC_COLLATE=C; echo /etc/post-install/*.post); do test -e \"$p\" && . \"$p\"; done"

C:\Program Files\Git\usr\bin\cygpath.exe

"C:\Program Files\Git\usr\bin\cygpath.exe" -S -w

C:\Program Files\Git\usr\bin\bash.exe

usr\bin\bash.exe --norc -c "export PATH=/usr/bin:$PATH; export SYSCONFDIR=/etc; for p in $(export LC_COLLATE=C; echo /etc/post-install/*.post); do test -e \"$p\" && . \"$p\"; done"

C:\Program Files\Git\usr\bin\expr.exe

"C:\Program Files\Git\usr\bin\expr.exe" substr services 1 8

C:\Program Files\Git\usr\bin\bash.exe

usr\bin\bash.exe --norc -c "export PATH=/usr/bin:$PATH; export SYSCONFDIR=/etc; for p in $(export LC_COLLATE=C; echo /etc/post-install/*.post); do test -e \"$p\" && . \"$p\"; done"

C:\Program Files\Git\usr\bin\cp.exe

"C:\Program Files\Git\usr\bin\cp.exe" -p -v C:\Windows\system32\drivers\etc\services /etc/services

C:\Program Files\Git\usr\bin\bash.exe

usr\bin\bash.exe --norc -c "export PATH=/usr/bin:$PATH; export SYSCONFDIR=/etc; for p in $(export LC_COLLATE=C; echo /etc/post-install/*.post); do test -e \"$p\" && . \"$p\"; done"

C:\Program Files\Git\usr\bin\cygpath.exe

"C:\Program Files\Git\usr\bin\cygpath.exe" -S -w

C:\Program Files\Git\usr\bin\bash.exe

usr\bin\bash.exe --norc -c "export PATH=/usr/bin:$PATH; export SYSCONFDIR=/etc; for p in $(export LC_COLLATE=C; echo /etc/post-install/*.post); do test -e \"$p\" && . \"$p\"; done"

C:\Program Files\Git\usr\bin\expr.exe

"C:\Program Files\Git\usr\bin\expr.exe" substr networks 1 8

C:\Program Files\Git\usr\bin\bash.exe

usr\bin\bash.exe --norc -c "export PATH=/usr/bin:$PATH; export SYSCONFDIR=/etc; for p in $(export LC_COLLATE=C; echo /etc/post-install/*.post); do test -e \"$p\" && . \"$p\"; done"

C:\Program Files\Git\usr\bin\cp.exe

"C:\Program Files\Git\usr\bin\cp.exe" -p -v C:\Windows\system32\drivers\etc\networks /etc/networks

C:\Program Files\Git\usr\bin\bash.exe

usr\bin\bash.exe --norc -c "export PATH=/usr/bin:$PATH; export SYSCONFDIR=/etc; for p in $(export LC_COLLATE=C; echo /etc/post-install/*.post); do test -e \"$p\" && . \"$p\"; done"

C:\Program Files\Git\usr\bin\rm.exe

"C:\Program Files\Git\usr\bin\rm.exe" -rf /etc/post-install

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Program Files\Git\ReleaseNotes.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeef2946f8,0x7ffeef294708,0x7ffeef294718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,15461619225678536142,14985312928274455071,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,15461619225678536142,14985312928274455071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,15461619225678536142,14985312928274455071,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15461619225678536142,14985312928274455071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15461619225678536142,14985312928274455071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,15461619225678536142,14985312928274455071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,15461619225678536142,14985312928274455071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 145.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 203.33.253.131.in-addr.arpa udp
US 204.79.197.237:443 g.bing.com tcp
BE 88.221.83.185:443 www.bing.com tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
BE 88.221.83.185:443 www.bing.com tcp
US 8.8.8.8:53 185.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 105.83.221.88.in-addr.arpa udp
N/A 224.0.0.251:5353 udp

Files

memory/372-0-0x0000000000400000-0x00000000004E1000-memory.dmp

memory/372-2-0x0000000000401000-0x00000000004B7000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp

MD5 2199ee2b5b3fe51b2780cd4eef861c80
SHA1 3ec72b2e03fc17c6d710fabd9fed0ddb37e6a674
SHA256 94be0c91ff410dad7af511ad32e27e04ddd145e1bec474a5a3b1149fc23cc0de
SHA512 70967c56b93794f396de27821e642543cfdcd3f5f0cdc22e04f1757bf1698a56119d9fabb8af61080dcff8eafd82b50569a6c87877e88a1e970512f097bdde47

memory/4824-6-0x0000000000400000-0x000000000071D000-memory.dmp

memory/372-13-0x0000000000400000-0x00000000004E1000-memory.dmp

memory/4824-14-0x0000000000400000-0x000000000071D000-memory.dmp

memory/4824-16-0x0000000000400000-0x000000000071D000-memory.dmp

C:\Program Files\Git\bin\sh.exe

MD5 aa12546c0c14824f2c9c64c55b21e4e4
SHA1 30a6ae9ee714a70f7c8538197205972a5806143f
SHA256 ea70169decdb4787b7503b899495a1edfa27e9077f8bc5e0ef5980cb42fef3e8
SHA512 423967b096adea7e81de71b4332f6e4550f878cb3dae6cdbd0b41d256a394236f768f61d7d4120a3ffca3032e80aac9fa6ae38c4ec4f3537fbd610e00b348a71

C:\Program Files\Git\cmd\is-7RHFM.tmp

MD5 04be23ba50b66d2e801e97b0058512c9
SHA1 64cba1fb5292214555903877e84d3b7db615b3bd
SHA256 5385ff9ae361ca41e7a31b335fc0d81f2de9c35fc62a165c5e34850d837b59cc
SHA512 1a51c82d214121ff1d7cf48015b1d0a45e3a8afe88e7e41f508234d9b3b72a6541697c88f804bf8ef683386a5f3a8552e6f7645cf56a2346eb9c1a1cda655c31

C:\Program Files\Git\mingw64\bin\is-9VKEG.tmp

MD5 3edb2e00504ce044aa1bdb71e8a6c32f
SHA1 9804181215d0dbbe5df59981e21437f7ff4eff34
SHA256 a8e368a31766c7862b8d0feeffe274c3bb43b969e3ccb4f9e77d13bfa447a5c9
SHA512 475bbd71a9224e54d5ca69d81c55f95b3f5b5b4fbe169cdc9521ffc040689663bfe21b3075ab41920cf16179ee76b19e76511c827a5b094f57cf644560d3e70c

C:\Program Files\Git\mingw64\bin\is-1P39N.tmp

MD5 690898c148f72b5f65b482998edd0ace
SHA1 3ef1356afc65865c7242fd3a83369c7d144cf2ed
SHA256 4dd06837ccca65bb3be00d9f10bf4350143551d22a068e29345acff290a4a6b6
SHA512 ce6952501a70e5192e3f5c39c99cb73bece169c7b79b2018e8b5f1f4ecc6a84deddd0a203e3e0b12c08d87c717520ebdeb5b19373478f09b0dc670a93e4d472c

C:\Program Files\Git\mingw64\bin\is-7GH8B.tmp

MD5 ad13683d85676e0d7d57f7e2e197484e
SHA1 8d442dbe6820cfa7225b17a2d4dc0b2062b8b065
SHA256 d3606171c89e7050ff2f274010a0b5cc586392f8faa8b5a121837c0204df9a01
SHA512 57f86e42dbb5491823dedbf1a0203ca81db0c94f0b44fac25a43fb33e397e9a623cc4bdcda6d014c1c8877ee7837760fc363954bbebef64ce9bf99dd35999c40

C:\Program Files\Git\mingw64\bin\is-EQE7T.tmp

MD5 a98842b9e729c9f187190f6ab1c05035
SHA1 6a60a697861e30a89ccda80c0d3d0c16e7993c4b
SHA256 1501b425f8923ec207a11063a31c36d6c6e7f89127d1312178d9196f93825352
SHA512 2638f374ad4e33ae8349a34b38441270ecb2d09a4c19adbdbd8bceafaa0ec231bca24e187423a662431e690c68e3a9a149b93496895c551b31d7b0f02289d3e1

C:\Program Files\Git\mingw64\bin\is-2DIKO.tmp

MD5 14b0466eccbe15208ce9639a25432d8d
SHA1 1192c4aa317e217305386467aa263ed3234966f9
SHA256 7369291c8826e535c3207a319052266c8527e3fa8182d99f27cce0ad2a0dc3b7
SHA512 2700b4a88bec045402bb00638e104ccef2b73baad151409b3191c1fbfde6ffc42e67d9956d3062a654093601fd1fa5364e4fb557d4c318575a3eb7ec3f1a1e5e

C:\Program Files\Git\mingw64\etc\ssl\is-2IO7L.tmp

MD5 2d22d09ab7598075386abc377041a93f
SHA1 024e6cdf35e9a3d0080a314ea6005c114b0e2ebe
SHA256 73d34a874eb28b5e7bf2e721a7c1322a6847d5ee4f1044f721c40054db8aa97e
SHA512 9ec1e3510cdb23d39ef19f7c7aecdf3425d20aa27f1767a0b2d452f20dd9304e838b934d05d51097f5b28cb054ed9e2844f3fe0ce6ddb2fdd1d2eec3ef2597ac

C:\Program Files\Git\mingw64\etc\ssl\certs\is-CLUQU.tmp

MD5 544cad78ac902087121c9f92cab994aa
SHA1 0e63eee2dd56eb1f3be003ad5731c577344274c8
SHA256 80f520fdfae7ed96ecd10250bf164e13a27f8edc403d07db2bd6245a26f33c8f
SHA512 bd7f4e63955458b4e245debfb77850d147d26d2b8fcbb95f092429415213712c163918be48b87a9092b9136245cbdeecbb03f277ea5a8d33d984e6882e8fcbec

C:\Program Files\Git\mingw64\libexec\git-core\is-DBKDR.tmp

MD5 a23d17c6abc7e202fda9f2d13373b445
SHA1 e097594c09757e6db01b5ea567f9768e8f011917
SHA256 341460aded1602f0e883a519d7dd26a2d2df884f6be246958b0197c126456867
SHA512 643159492340e29d229f6cdd560c99aa2035d08b005245cff66c33c7fce81b48ddcfad519e25f2f56ea3dd31f1af8d48e8ae9d3d3ac286dd6d92c953f30b7eb1

memory/4824-2875-0x0000000000400000-0x000000000071D000-memory.dmp

C:\Program Files\Git\mingw64\share\licenses\libtasn1\is-BK49A.tmp

MD5 d32239bcb673463ab874e80d47fae504
SHA1 8624bcdae55baeef00cd11d5dfcfa60f68710a02
SHA256 8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903
SHA512 7633623b66b5e686bb94dd96a7cdb5a7e5ee00e87004fab416a5610d59c62badaf512a2e26e34e2455b7ed6b76690d2cd47464836d7d85d78b51d50f7e933d5c

C:\Program Files\Git\mingw64\share\licenses\libtasn1\is-3GCO8.tmp

MD5 4fbd65380cdd255951079008b364516c
SHA1 01a6b4bf79aca9b556822601186afab86e8c4fbf
SHA256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551
SHA512 1bca76c9f2f559a7851c278650125cd4f44a7ae4a96ceee6a6ba81d34d28fe7d6125c5ee459fef729b6a2a0eba3075c0841c8a156b3a26f66194f77f7d49151c

C:\Program Files\Git\usr\bin\is-2245N.tmp

MD5 e786fc0d18a8c8679897afec7dc20f81
SHA1 b53283980b78efb04ba9f0b0ff38d055bd3d751c
SHA256 1c1f96193cdf14b85ea65f140a7557a07ece8783a53ec5ba6b5c30644a9d3012
SHA512 c5421c591c25a0e7858e20d3211293898ec9eb77a766ece887b173dd1b5dc5ba331942006ee546fa98430a3f73e00ccff7b8332065988d86a7145f4ecd24065e

C:\Program Files\Git\usr\bin\is-B522G.tmp

MD5 8d87dcdd2ac38ce037afd0aba6d80259
SHA1 5313a2fd333a05fa471776bc2df1b159b922ea06
SHA256 ac027e648f7d4bb8172d13a1bc27ac71784d193109aa48e76eff703aeb0f520d
SHA512 981476177942a7afe194407bfc57196d7a42a648975b7ea63e40fc2d6164e4c81416cad9625285185c304d392c9958dc412dd2b303bdd15ab18cb90159524d39

C:\Program Files\Git\usr\bin\is-R6B07.tmp

MD5 e243255b6cf3b9403df53cb9cd6176e1
SHA1 c90132a93c5cb1196e6cb10be1d6171c8f1b1472
SHA256 0e7ca63849eebc9ea476ea1fefab05e60b0ac8066f73c7d58e8ff607c941f212
SHA512 89262742db7bc927e72d55d7ff8ef57468ce9c518d9a284023c05f39373840db5697a314e6fa26c7c1fc920837c9b925759bc905b576359ffe975523eb8e65ab

C:\Program Files\Git\usr\bin\is-R5GVN.tmp

MD5 850a4dee8799bc92fc454aa7eb75b926
SHA1 611f5640295cda4c03b989ac315c9fda83d735d0
SHA256 6dad72258006dc40a68c8c4b3841387198071cb833e843e01bcfa7fed72a0766
SHA512 6175e7afcdf3824a24f724884f7dc0f8f4250ec20e712d91c7c8c742ee5e8b230131ce6d4c30e024accdde9e04bcf369c984fb91095a540f2168c51329e5c9cd

C:\Program Files\Git\usr\bin\is-HH8KB.tmp

MD5 f9a68afc932cb3bb7075f37cd817f6b3
SHA1 7dcac7338ef9d9a2af2e5bfb2e35abc0cc764906
SHA256 4153f217033705fc57de346030e884af4159088bae23f407b078024d7c3b712d
SHA512 72642343a07858d9becddb2c0927e8a73970320e18ab4ffe52e9503a3b72d25f88bc125422674a7d66d1a151e35f541de628b01164f456b114609272f20fba7d

C:\Program Files\Git\usr\bin\is-VPK1J.tmp

MD5 9eafbf81aa9b49b34b348f65861a246c
SHA1 707294378a1bbcc3c28773b4e34c3cff1db0372f
SHA256 a9306406c14495513923084b500b750432ba2a58fa8fcca8ee64244b13a01d19
SHA512 2a7bfb0e48387f238599b23276b9ecbf2cdbe9264772ca147ccf1884bfcddfda5f9fc6f1def6c3862272fdadb6826093d3d3ee464959a96f22db2645ab54be64

C:\Program Files\Git\usr\bin\is-UNHD6.tmp

MD5 c70255d8f9ab5e83c8ef8bccdac73a8b
SHA1 147c79a90c5aea3ece4891af2a012671d551fc2d
SHA256 e2b5ada1f7434022e8e65a668ff831b564372f5c762a07c84c0ca23fd8dc4998
SHA512 2360820ce780085d5adf3fdbb48d575076d8fae78cb205d6d6f70f962ea9ba8e0219984d89ae7bd932135d42088e6702b4b96d2973e127f5214781ff17f99a0d

C:\Program Files\Git\usr\lib\terminfo\73\is-4D8KI.tmp

MD5 2dd67d8d868e336a514e80529f77a1a7
SHA1 08301e57d8bf02e4b9eba225c6d779fc8e70b37b
SHA256 b7df16a05e6e2856e02ee8d7755439060a1b9f6971a75eaee3441057b2927abc
SHA512 c0592f8dcf3629f6ba188cf3d4585ce40573d8c2c15123c2b38845bdce6f4734d466e2d57157de3407cf367da94ae2909278046f62b2084e34040c83ac21f4a0

C:\Program Files\Git\usr\share\gnupg\is-U4OV6.tmp

MD5 14a267cde4ab3ba9bf15d6bac9eddff5
SHA1 6acaa6d2d24416aa079ee3d87ac87ddb1d6744a6
SHA256 05cdf5a33891882a1b96e007c0ac8dc9f99592f3667f79d83904a38e38e8bbe2
SHA512 4a41044d63b7d1eded892b3f0bd1c60b6b2c6cf2c4fdee273149b9790c21e08dd829b5ff8be8731b029cc6a4cf4d15a4d531cff4033d5fdc545a10d6233df11e

C:\Program Files\Git\usr\share\terminfo\73\is-38BK7.tmp

MD5 beb90a8a51c147c861736467cb681b60
SHA1 40106a041df0f978906a6da09bd0651edb411c1e
SHA256 f0f79f15f1e6399f89c588fab95672ac30b8e302909af932419b8f9a51a310a0
SHA512 2799982653ac5c9795d051fddc16369833331090274962105abcded3f069fd0bedf57e4a7350991623ce5982332adedae5687375f88c6149c661667f4d3d269f

C:\Program Files\Git\usr\share\terminfo\73\is-G6D1H.tmp

MD5 6f4aedf2b5e49c8cd78b77e6a5f027b7
SHA1 18295a4c44c35681f4061daad5cef797c190ebb1
SHA256 ce6cfad8b16adc144e7f0c183c42acca79ebfad2d02a96df1f92b0a003fcaccc
SHA512 213bc8ca403400c8d98bbb2b473b4f7f00c4c3b30917d5120531d911ab7f50b25b35d48bbd3d3926c1732aa0b95b3e9f037770c760dd3f5076e3f29114cb13f5

memory/4824-8317-0x0000000000400000-0x000000000071D000-memory.dmp

C:\Program Files\Git\usr\share\terminfo\78\is-0GF0E.tmp

MD5 2bf3632732e606f17f8c3a153093976c
SHA1 a1aa4db350f527c1e6794239e8e776a644d6a508
SHA256 7b513964bf48559c404b5f08e7e66b163ecf83fcc2112ad3c5a4bc00d0ed05a7
SHA512 730cd6d7b5e4edd11555879dc17e67c88f7142b98792c5104f9c130a37cd47c4368c271174dd1ea84fde1067f62cd687a37a1b289655fee5ce4dc25c0c00f83e

C:\Program Files\Git\usr\share\vim\vim91\ftplugin\is-742R3.tmp

MD5 4c05fe363a567f6f07c9f51b7db47b7f
SHA1 3770811af2b5f6a59f176ca38f089712f7d93411
SHA256 7e324306b8898c97f934dc4e7a74ad8c4f8a2d8638ac9307aaf378868a3de469
SHA512 bcffe4b93ff033bcdfaca9c96450b216a3ff61c96a3b9043cc9800f8e31dfb485ccb0890d0b10f1ebd8bb59a6326c46cebb9cc988e95bf601d737bc1d2d2b284

C:\Program Files\Git\usr\share\vim\vim91\lang\ja\LC_MESSAGES\is-PKL2D.tmp

MD5 833cdce09b5da0f0355f73a1c20eabc3
SHA1 0c1f04eb1a7a06aa4aedb06b4da589c775e2fc56
SHA256 8a329722aa3f78770e6fb1e1d398049f1e255f7b57e683161e4e5c8cfa3f0601
SHA512 c6af86a63dc7783bf62a1a582951e97f69e35488937ed30166cbf377b25871bbdfe3d6fa5ee1f67f44d9ccb94b7cc9a3cbf20d6bd1110bd1e9c42ffca655af3d

C:\Program Files\Git\usr\share\vim\vim91\lang\is-LSBCQ.tmp

MD5 22f0b13b13fada6da47bd9ba2dd46bc9
SHA1 b37d79ab8a5d12dc280089ebddc50640324cf32e
SHA256 d0e02926e0de40f38d7e65c92bcfc26028614c4529a794dbfed8e5f75f001095
SHA512 d17925a64fb80409368a59c0c6b4a7c3f244c6db5b3bb2dde5927af8b4359fb6fd27f8e2be58e11f061353b15ddc80f59fa3186ac3aa62a2f3493cba28b8f133

C:\Program Files\Git\usr\share\vim\vim91\lang\pl\LC_MESSAGES\is-5BDK0.tmp

MD5 99361b27633e2e520515f78b89eea343
SHA1 714bc5416a31a13bf85dc2ebefee861b0869a657
SHA256 6e840422fe85131250becffbd5e9dc3be30dc826bc8bc85f9462d9df6f000a05
SHA512 1a3b0bdfd0b7ee17243606428a1da82904cc4f4d75f19ee997e6968a99d62e8f5c9c1521a1c4050a55414d5c4df0551eca948fb1cdf6fa548b82c5b65e4856e5

C:\Program Files\Git\usr\share\vim\vim91\lang\uk\LC_MESSAGES\is-OFC4I.tmp

MD5 a5dd099a1d4034dbf500da8428e86201
SHA1 ad0cda6deb3d6ed2a3f956d705d992ae7d590fe3
SHA256 06092b191baf9b716586704e7da8cb228a7bdd9bffb2ea8a042bad13a39ddb26
SHA512 77d948455c9023a36ff2758563711ad53b8fcc65c13343125f9fa8f6476b7c464e42c785cfe8ee10fd83ef98ac43a24cc9f07c8da97b040137cc8804a4077119

C:\Program Files\Git\usr\share\vim\vim91\lang\zh_CN\LC_MESSAGES\is-T3EKK.tmp

MD5 1c3c73da82ab1f835982bcc4cce75a89
SHA1 fe8f4073d9b384f91eb3457f60d6ed6bf1364155
SHA256 6a916bd5118bc85e17d9d9439f5ba58cecac85c82fed19e53ea5763bdf1cbe22
SHA512 be73c9277b0fc2245ac2ee94e125252d841b42211448f0d61304c4a9a43871d028d346c5639b1cf40cf438972df3a43da08c2ddef43ef8da44924eb4ab11b669

C:\Program Files\Git\usr\share\vim\vim91\lang\zh_TW\LC_MESSAGES\is-CKTFC.tmp

MD5 e498915038eeb85d47e393838021674a
SHA1 67fff2e8b0184e9871108088e908400a0d896d3d
SHA256 8023b8cd02e1798f3aaf0ef067fd752756895cad6d192a6108aeff1797635537
SHA512 b37a5868d97523ac2e92840374825fb4d9701dbab9c0b6140af3c7429495178ebdd7ccc613b672b3e12c717079ae7c2e4a564975d9c6fd5307e65a350aeccaae

C:\Program Files\Git\usr\ssl\misc\is-USIE1.tmp

MD5 e02fb89e1ba600cbb4ea2f5840bce0eb
SHA1 d5aabc6235d87f3b7f083f20c022e2d2103cb315
SHA256 63930c8d3f5d516e809e40015bfec6380f7a2df8252103d668cb665658430a45
SHA512 5a4574cb1d98a61230601fa444b3b0174c6fc23a0ff03a9c3f682b326ea714eba266aa385fe34d2d3ccc04e376b69673cdd3b46420e782a4cec9797a902029f1

C:\Program Files\Git\usr\ssl\is-ICJC7.tmp

MD5 5b561a90362b8eb9127c792c3f5902e0
SHA1 a2587c4e97408b64274e5e052b74e3754892c13a
SHA256 f1c1803d13d1d0b755b13b23c28bd4e20e07baf9f2b744c9337ba5866aa0ec3b
SHA512 ce307f87b90e0a0d09335577283ab4509802b43d14725d76c65139f6625f7e4fe636f41c9c398ccc9a2c70b229a34fd796b8ae0e9f5f3720e43f727a60232167

C:\Program Files\Git\mingw64\bin\git.exe

MD5 c0d4b133e4f2a2f82b73b67d09ad66aa
SHA1 c21a4fcfd86194471cd25fac5e306809ac1df5a8
SHA256 3fe4878d8399f6fb7632b9325559d1bb38c3a17aac7a60f667c1e5f90b865248
SHA512 1738110c7e276d46fd8c2a07eba5b361370e2da6bbf0e5fcab5491bd43bdc0c0579b547630eb5c7916fd7fb0efd442a1b834efb9ecbaf49e5800e707aab730d7

C:\Program Files\Git\mingw64\bin\libiconv-2.dll

MD5 28c28885656c64fc5ed923cc97c77718
SHA1 71f4b7e06010f8f4d975ad6e2c919b56801447f3
SHA256 967189adfbc889fde89aafc867f7a1f02731f8592cf6fd5a4ace1929213e2e13
SHA512 eaa8888faa1c6e1a121061b4b110a49904e0553265eaf445e18c0bb283ad72774d25557a8e64648f69fb7822d6913924cb54bfe67a0dd2a8069701807f7bc488

C:\Program Files\Git\mingw64\bin\libpcre2-8-0.dll

MD5 85f53770310c4b06becb458a905ca1cb
SHA1 200bb544b443e99464eff17ede7cc53712fbd0e1
SHA256 d45bc483e00500e9a847466f54a6a54d86148b71330fc133d4380389513f146f
SHA512 728ac8b102a12a7d37f7df55ef379cf36bfca55cb7c6f9563e324ff1cfa77815a7137a4707f3df5d5938619080503c8399df03b12639e85ba4500da9d442f6e0

C:\Program Files\Git\mingw64\bin\libintl-8.dll

MD5 e3f805c0b24a800c30a63e36e6153ad1
SHA1 639f3f22b2a885335c8973d35b0923be979b621f
SHA256 42a63cb4c3c28a683d9f6c3510de5ec17849eb18c097fa02cd78aeb800bff202
SHA512 7aa18d7160301d99f14bf9d53325d417199da767b73586dcf366b740c1ff8411b98768ec1440d76c70e3dd2f103d7083fa0c211fd7b24abeb06b30d67ad9ea72

C:\Program Files\Git\mingw64\bin\zlib1.dll

MD5 66a3477a51e8b7d4586edf4659cde8d5
SHA1 3306c6aca3937d8bca11dd076effb03746367b9f
SHA256 cb7ab3788d10940df874acd97b1821bbb5ee4a91f3eec11982bb5bf7a3c96443
SHA512 948ba42499bba17b552723c3189289e9f07879c9303ec6f27b4d631b7d701c16fe66fc8c6a681236cef778b0cb0a14420493e048aa90bba682606ce2990c64ab

C:\Program Files\Git\mingw64\bin\libwinpthread-1.dll

MD5 56594cd44297e40cc3ce337e96708d42
SHA1 a449663a88b47457a8befc78251f4f0a1a346aca
SHA256 bc98934f17abad077500b46a53dedd39039993255a66fe7f25f6ceb8f4697ea9
SHA512 85e3eeb5a2789765492ae9fe9c385d80db2c2855a3145e531e40115f5eb6ded734f3158d8840a59da1d1f054b645adff8b626e787de9006129d658541f2209c0

memory/2820-12792-0x00007FFEEF160000-0x00007FFEEF205000-memory.dmp

memory/2820-12787-0x00007FF727ED0000-0x00007FF728307000-memory.dmp

memory/2820-12791-0x00007FFEEFDE0000-0x00007FFEEFE15000-memory.dmp

memory/2820-12790-0x00007FFEEFDB0000-0x00007FFEEFDD4000-memory.dmp

memory/2820-12789-0x00007FFEF7A90000-0x00007FFEF7AA6000-memory.dmp

memory/2820-12788-0x00007FFEEF210000-0x00007FFEEF329000-memory.dmp

C:\Program Files\Git\etc\gitconfig

MD5 8f55ac0e217098d452fe4f348ed521fd
SHA1 258dd63e9ddfd5bfcc5f0227ec061881afb15ac5
SHA256 ab94b4e64b3840f09d8211cdfecffac4a5fe223aa39621e91cef903d1f365ce5
SHA512 1c77cd1692163774209d31b03f3a0a89011b62fa5356ae82b90decce9865079c043360ecb9ed31802088cb5b142fd8267a13ce36d3e226266e22f82a900ab130

memory/4996-12810-0x00007FFEEFDB0000-0x00007FFEEFDD4000-memory.dmp

memory/4996-12809-0x00007FFEEF160000-0x00007FFEEF205000-memory.dmp

memory/4996-12808-0x00007FFEF7A90000-0x00007FFEF7AA6000-memory.dmp

memory/4996-12805-0x00007FF727ED0000-0x00007FF728307000-memory.dmp

memory/4996-12807-0x00007FFEEF210000-0x00007FFEEF329000-memory.dmp

memory/4996-12806-0x00007FFEEFDE0000-0x00007FFEEFE15000-memory.dmp

C:\Program Files\Git\etc\gitconfig

MD5 84535bef2af00a1d54a3b896d1054bf5
SHA1 1978315a2831abd8509923474f557bc176f0ab87
SHA256 9db8adb2e444a8ebb7d8357e49c3409d76c38b06a51089e854395d0e02fa0c20
SHA512 63bb5622b5b2de478930e373624e8c99ab59d3cda97d7675b469ce20eb6e648832db68fb872624c577fb661bd574f52817eae982812598a4c8ad492d1b6d4244

memory/4836-12822-0x00007FFEEF210000-0x00007FFEEF329000-memory.dmp

memory/4836-12826-0x00007FFEEFDB0000-0x00007FFEEFDD4000-memory.dmp

memory/4836-12825-0x00007FFEF7A90000-0x00007FFEF7AA6000-memory.dmp

memory/4836-12824-0x00007FFEEF160000-0x00007FFEEF205000-memory.dmp

memory/4836-12823-0x00007FFEEFDE0000-0x00007FFEEFE15000-memory.dmp

memory/4836-12821-0x00007FF727ED0000-0x00007FF728307000-memory.dmp

C:\Program Files\Git\etc\gitconfig

MD5 8f4ae6e3b6dadd4e8d4c0fccd2439f4a
SHA1 f3e8cc50a2cecc4432369f493d6ae2af51a74fad
SHA256 3f9b65348c9a58965033781aad19fbd5f09d56b848684c07015891f51ab7342b
SHA512 fca01d4f59ed31020b6706137ea4d39355a6d0ae39008a04f025a35da71370ff212b411533847c5de1a613a4da090e7efb8b21362849aad9b1a72d3ac108b145

memory/4556-12838-0x00007FFEEF210000-0x00007FFEEF329000-memory.dmp

memory/4556-12842-0x00007FFEEFDB0000-0x00007FFEEFDD4000-memory.dmp

memory/4556-12841-0x00007FFEF7A90000-0x00007FFEF7AA6000-memory.dmp

memory/4556-12840-0x00007FFEEF160000-0x00007FFEEF205000-memory.dmp

memory/4556-12839-0x00007FFEEFDE0000-0x00007FFEEFE15000-memory.dmp

memory/4556-12837-0x00007FF727ED0000-0x00007FF728307000-memory.dmp

C:\Program Files\Git\etc\gitconfig

MD5 e7b1bfb85ed4f3244b15ea2494f56961
SHA1 255cb37ffce2e0e298557b210686fe7140a75009
SHA256 eb9f6319f59e1cc6fa5479572f58ba880fd6c9348914d2eb3ea35bc50250e37b
SHA512 3143e9b2cf687aa5f721229335142519fe45926b915abaa967e8c1581a070a0b8c37bb7ec28ef06bfec2203b7f3eb7527f14c23883e33dedefed86ed31ffb31c

memory/3972-12861-0x00007FFEEF210000-0x00007FFEEF329000-memory.dmp

memory/3972-12860-0x00007FFEEFD90000-0x00007FFEEFDB4000-memory.dmp

memory/3972-12859-0x00007FFEF7A90000-0x00007FFEF7AA6000-memory.dmp

memory/3972-12858-0x00007FFEEF160000-0x00007FFEEF205000-memory.dmp

memory/3972-12857-0x00007FFEEF6E0000-0x00007FFEEF715000-memory.dmp

memory/3972-12856-0x00007FF727ED0000-0x00007FF728307000-memory.dmp

C:\Program Files\Git\etc\gitconfig

MD5 380e295e64def727309804aa31ca55ca
SHA1 7ec90c8a42cba5191b7c7a01665e9861341a9ffc
SHA256 b551d763f7d73e95bf95704490ea90adf5cc5a9aee7e1887a0ddb41a154d80c3
SHA512 7a0d79c607defeb06f5bcdd4c5ebc46c69053c0c8ae1ae2ad1e9a515be3cfde925b3b4ecc8c0016b1b7c9d4b111bcdc4b17b8e3d2164249cfd9c4adeda62a654

memory/764-12875-0x00007FFEEF210000-0x00007FFEEF329000-memory.dmp

memory/764-12879-0x00007FFEEFD90000-0x00007FFEEFDB4000-memory.dmp

memory/764-12878-0x00007FFEF7A90000-0x00007FFEF7AA6000-memory.dmp

memory/764-12877-0x00007FFEEF160000-0x00007FFEEF205000-memory.dmp

memory/764-12876-0x00007FFEEF6E0000-0x00007FFEEF715000-memory.dmp

memory/764-12874-0x00007FF727ED0000-0x00007FF728307000-memory.dmp

C:\Program Files\Git\etc\gitconfig

MD5 3275bc8e5aa22e7675b33a6729701f2e
SHA1 c2d1aaa2cdb150f8bef5850d790a3ef420c742d5
SHA256 11cb365e2fe86a6ad22ecf9761f82186300aa1ff39bf9d4996ed7d0f2e26f583
SHA512 d0439cc744d9ace2dff99db5feb8fd112c3b7086b1fb11f7cb860e39e3f9a1155c5235f85e4e014659fce5c6d4b78d9159e3485a3917ad753dff08d7e0951062

memory/2284-12895-0x00007FFEEF160000-0x00007FFEEF205000-memory.dmp

memory/2284-12897-0x00007FFEEFD90000-0x00007FFEEFDB4000-memory.dmp

memory/2284-12894-0x00007FFEEF6E0000-0x00007FFEEF715000-memory.dmp

memory/2284-12893-0x00007FFEEF210000-0x00007FFEEF329000-memory.dmp

memory/2284-12892-0x00007FF727ED0000-0x00007FF728307000-memory.dmp

memory/2284-12896-0x00007FFEF7A90000-0x00007FFEF7AA6000-memory.dmp

C:\Program Files\Git\etc\gitconfig

MD5 4917f7923a23df61eb57bbeca5c9e068
SHA1 877983f1d0776b436f01791f3a619af645249ed5
SHA256 721516c8b55a8f2c9ff564a0f1f679ffc243e3fa6f1b88e130e41c0ef778abf1
SHA512 526b98da5ea9585911ad5422d4967fee6ddd26f9dd1f41b9b1ba2ecfc6c76895519e10c7bf205f0de00dd735f6886ed48eb6fb74534f00db63561264d7c20645

memory/1348-12915-0x00007FFEEF160000-0x00007FFEEF205000-memory.dmp

memory/1348-12914-0x00007FFEEFD90000-0x00007FFEEFDB4000-memory.dmp

memory/1348-12910-0x00007FF727ED0000-0x00007FF728307000-memory.dmp

memory/1348-12913-0x00007FFEF7A90000-0x00007FFEF7AA6000-memory.dmp

memory/1348-12912-0x00007FFEEF210000-0x00007FFEEF329000-memory.dmp

memory/1348-12911-0x00007FFEEF6E0000-0x00007FFEEF715000-memory.dmp

memory/2940-12925-0x00007FFEEFD90000-0x00007FFEEFDB4000-memory.dmp

memory/2940-12924-0x00007FFEEF6E0000-0x00007FFEEF715000-memory.dmp

memory/2940-12923-0x00007FFEF7A90000-0x00007FFEF7AA6000-memory.dmp

memory/2940-12922-0x00007FFEEF160000-0x00007FFEEF205000-memory.dmp

memory/2940-12920-0x00007FF727ED0000-0x00007FF728307000-memory.dmp

memory/2940-12921-0x00007FFEEF210000-0x00007FFEEF329000-memory.dmp

C:\Program Files\Git\mingw64\bin\scalar.exe

MD5 557a0040788412f4b5a6b5f6cb8e946e
SHA1 3c3f8f68d2c10c5065772d072c19aee366581270
SHA256 f34b4317e40cf5efa7bc3353bce02cf0a5810eac644b4a7e422e1a9804f28272
SHA512 ec883885f2e7650e829407e9f49e2594ed670ad2eb65473b74109ed5b98a2147fd60b1f1b5cba087e66ede38357eca5ccc74797514d4f218426bc5a7c81108b2

C:\Program Files\Git\usr\bin\bash.exe

MD5 6a5808e6dd3e4ae18acee85a1eb7cd02
SHA1 e9441175c3f0561137cf885bbb85733917813fa8
SHA256 19af3e33574ff81b86da0679e3e81e7051ab2ece082ee10c1887f7aaf9e06bb0
SHA512 5a22b3a5fa7f3393eb42c94c0d50cf470eccbc9b93dc164baa6872634203e77c5b530f4f8fffbcaa86bd6dda4e42c9bcb4e2e75c98d227bd0b4237087fcb63f1

memory/4324-12999-0x0000000210040000-0x0000000211267000-memory.dmp

memory/3416-13005-0x0000000210040000-0x0000000211267000-memory.dmp

memory/4784-13007-0x0000000210040000-0x0000000211267000-memory.dmp

memory/4784-13016-0x0000000210040000-0x0000000211267000-memory.dmp

memory/4576-13015-0x0000000210040000-0x0000000211267000-memory.dmp

memory/3972-13025-0x0000000210040000-0x0000000211267000-memory.dmp

memory/4324-13145-0x0000000210040000-0x0000000211267000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-IKN9K.tmp\post-install.log

MD5 6614300e9d2da66cfb9b26d1bb237de5
SHA1 198e86c14939ffa3abc70983d7d6fb8d7f996f92
SHA256 d1076e8ae2603afa456b17bad9857743d9bc724ebd467aab0cf84cd88b717321
SHA512 1566d4db026f39a939c3f5d8ca00a78ffb75ea26fd6fd79c55604c02290d73263711b1d43b232844846a0d29040bb83cab6cf9ac36c5830a5fc5b85f58c95038

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 56067634f68231081c4bd5bdbfcc202f
SHA1 5582776da6ffc75bb0973840fc3d15598bc09eb1
SHA256 8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4
SHA512 c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 81e892ca5c5683efdf9135fe0f2adb15
SHA1 39159b30226d98a465ece1da28dc87088b20ecad
SHA256 830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17
SHA512 c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 474156c42a8ecf4137d86a1824f42dad
SHA1 f89ceb973ab51dcb0e20058a633955925f3d0497
SHA256 49584ba13cb5d192144393ace550c2bbd0d0cd90fd511b6afb9dc36281231fc9
SHA512 9557632302767c9ca350c4eb37dea7135012997575763ee367254aa639f463c662eb6df88461bd6397b5b38905a5d7dda3ac5ca9b229e4acbe27bbc4a403f926

memory/4824-13174-0x0000000000400000-0x000000000071D000-memory.dmp

memory/3416-13178-0x0000000210040000-0x0000000211267000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e5ceaab1c0f493edb96026627c50fe25
SHA1 14348e77ffd3558b758bfb3f15b56ccfda1c395f
SHA256 3e2d20c1e5c2cc424da04d287a3c338508bdbb789852e7475567905dedbc0aa4
SHA512 e8c1c6e42052db50b22419a995a0a78b41a24abf62b1817cbfec3002e7856fad66d5b3915afc4d9f1dd24db7be7e92400c27553642da655092e05527bebafe2f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0cfd428075f99c98270c3eefcc7fbcfe
SHA1 93dfb96a268541917ab1ac7efcfc17eb318c307d
SHA256 4a24d2ba0a062c4e76a298ff37db1cf68e9e1cab7bcc4adb100147ffccf2c9af
SHA512 5961b97faa57233115ee016b47cada07ad1e95a005e64ee942818a7871e25454fc4a1a7283bc6082ee20b9e3a9ddf4c026fc2c63a2bf97d0f1efaa60d564438c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

memory/4576-13260-0x0000000210040000-0x0000000211267000-memory.dmp