Analysis Overview
SHA256
ce022a6a19e58bbbd4823f51cf798b006b4a683b93b0616a7bb5beeee901da98
Threat Level: Likely benign
The file Git-2.45.2-64-bit.exe was found to be: Likely benign.
Malicious Activity Summary
Checks installed software on the system
Executes dropped EXE
Loads dropped DLL
Drops file in Program Files directory
Enumerates physical storage devices
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Modifies registry class
Runs net.exe
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 14:01
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 14:01
Reported
2024-06-13 14:03
Platform
win10v2004-20240611-en
Max time kernel
79s
Max time network
80s
Command Line
Signatures
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\is-OTM1R.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\usr\share\vim\vim91\lang\is-VVQN5.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\usr\share\gnupg\is-97NV4.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\usr\share\vim\vim91\tutor\is-O1AR2.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\usr\share\vim\vim91\compiler\is-DQPUR.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\usr\share\vim\vim91\ftplugin\is-OEM8N.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\usr\share\vim\vim91\ftplugin\is-2579V.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\mingw64\share\doc\git-doc\is-5VCMO.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\usr\lib\perl5\core_perl\Encode\MIME\is-35QF7.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\In\is-8OC8M.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\usr\share\perl5\core_perl\Test\Tester\is-49HSP.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\mingw64\share\perl5\FromCPAN\Mail\is-JGO6Q.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\usr\lib\perl5\core_perl\List\Util\is-DTB0O.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\is-LK354.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\etc\gitconfig.lock | C:\Program Files\Git\mingw64\bin\git.exe | N/A |
| File created | C:\Program Files\Git\mingw64\lib\tcl8.6\tzdata\Australia\is-030GD.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\is-BAC4D.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\usr\share\perl5\core_perl\Test2\EventFacet\Info\is-8AH7N.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\usr\share\vim\vim91\tools\is-IS4MQ.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\mingw64\lib\tcl8.6\msgs\is-B3NQT.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\mingw64\lib\tcl8.6\msgs\is-71PB3.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\usr\share\mintty\lang\is-FVESK.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Perl\is-Q5JI6.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\usr\share\perl5\vendor_perl\URI\is-P34G3.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\mingw64\share\doc\xz\api\is-4L77C.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\mingw64\share\git-gui\lib\is-6K2GL.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InPC\is-JAD19.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\usr\share\vim\vim91\syntax\is-KSC3T.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\is-1B46O.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\usr\share\vim\vim91\syntax\is-B74V1.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\usr\bin\is-3RBT3.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\usr\bin\is-INFVS.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\usr\share\vim\vim91\compiler\is-EPCKQ.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\usr\share\vim\vim91\syntax\is-MIOEL.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\usr\share\vim\vim91\syntax\is-940TQ.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\mingw64\lib\tcl8.6\msgs\is-5GHH7.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\mingw64\lib\tcl8.6\tzdata\Australia\is-JDHVG.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\mingw64\lib\tcl8.6\tzdata\America\is-3GPRV.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\usr\bin\is-NJGIQ.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\usr\share\vim\vim91\doc\is-N5L1U.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File opened for modification | C:\Program Files\Git\mingw64\bin\Avalonia.dll | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\mingw64\lib\tcl8.6\tzdata\Pacific\is-C4GCV.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Perl\is-HB3EU.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\usr\share\perl5\core_perl\Term\is-UE1VO.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\mingw64\bin\is-IQEV9.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\usr\share\vim\vim91\syntax\is-3G793.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\is-7AS8R.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\usr\share\vim\vim91\lang\is-TJEF3.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\usr\lib\perl5\core_perl\Unicode\Collate\is-G1P4C.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\mingw64\lib\tk8.6\demos\is-DPMVN.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\usr\share\vim\vim91\lang\is-E4DA6.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\mingw64\lib\tcl8.6\encoding\is-MLQ4V.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\usr\share\licenses\libssh2\is-TU9GG.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\mingw64\lib\tcl8.6\msgs\is-LB9C8.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\usr\share\perl5\core_perl\Digest\is-05INB.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\usr\share\vim\vim91\doc\is-G2NPC.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\usr\share\vim\vim91\lang\is-1BB65.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\usr\share\vim\vim91\syntax\is-I67N4.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Ea\is-FB3SL.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\usr\bin\is-I847J.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\usr\lib\terminfo\78\is-4Q01P.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\usr\share\vim\vim91\doc\is-AS1D3.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\usr\share\vim\vim91\keymap\is-EST32.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| File created | C:\Program Files\Git\mingw64\share\doc\git-doc\is-2NQV8.tmp | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
Executes dropped EXE
Loads dropped DLL
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\Background\shell\git_shell | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\LibraryFolder\background\shell\git_shell\command | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\LibraryFolder\background\shell\git_shell\command\ = "\"C:\\Program Files\\Git\\git-bash.exe\" \"--cd=%v.\"" | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\background\shell\git_gui\Icon = "C:\\Program Files\\Git\\cmd\\git-gui.exe" | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.gitattributes | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\sh_auto_file\shell\open\command | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\sh_auto_file\ShellEx\DropHandler | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\LibraryFolder | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\LibraryFolder\background\shell | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\git_gui\ = "Open Git &GUI here" | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\sh_auto_file\shell\open\command | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\sh_auto_file\shell | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\sh_auto_file\ShellEx\DropHandler | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\Background\shell\git_shell\command | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\background\shell\git_shell\command\ = "\"C:\\Program Files\\Git\\git-bash.exe\" \"--cd=%v.\"" | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\git_gui | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\background\shell\git_gui\ = "Open Git &GUI here" | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.gitattributes\PerceivedType = "text" | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\git_shell\command\ = "\"C:\\Program Files\\Git\\git-bash.exe\" \"--cd=%1\"" | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.gitmodules\Content Type = "text/plain" | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.gitattributes\ = "txtfile" | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.gitattributes\Content Type = "text/plain" | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\background\shell\git_shell\Icon = "C:\\Program Files\\Git\\git-bash.exe" | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\LibraryFolder\background | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\LibraryFolder\background\shell\git_shell\ = "Open Git Ba&sh here" | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\git_shell | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\git_shell\ = "Open Git Ba&sh here" | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\sh_auto_file\ = "Shell Script" | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\git_gui\command\ = "\"C:\\Program Files\\Git\\cmd\\git-gui.exe\" \"--working-dir\" \"%1\"" | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\Background\shell\git_gui | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.sh | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\sh_auto_file | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\git_gui\Icon = "C:\\Program Files\\Git\\cmd\\git-gui.exe" | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\LibraryFolder\background\shell\git_gui\ = "Open Git &GUI here" | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\LibraryFolder\Background\shell\git_gui\command | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.gitignore | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\sh_auto_file | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\sh_auto_file\shell\open | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\sh_auto_file\ShellEx\DropHandler\ = "{60254CA5-953B-11CF-8C96-00AA00B8708C}" | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\LibraryFolder\background\shell\git_shell | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\LibraryFolder\Background\shell\git_gui | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\LibraryFolder\background\shell\git_gui\command\ = "\"C:\\Program Files\\Git\\cmd\\git-gui.exe\" \"--working-dir\" \"%v.\"" | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.gitmodules | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.gitmodules\PerceivedType = "text" | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\sh_auto_file\ShellEx | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\sh_auto_file\shell\open\command\ = "\"C:\\Program Files\\Git\\git-bash.exe\" --no-cd \"%L\" %*" | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\sh_auto_file\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\LibraryFolder\background\shell\git_gui\Icon = "C:\\Program Files\\Git\\cmd\\git-gui.exe" | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\sh_auto_file\DefaultIcon\ = "%SystemRoot%\\System32\\shell32.dll,-153" | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\Background\shell\git_gui\command | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\background\shell\git_gui\command\ = "\"C:\\Program Files\\Git\\cmd\\git-gui.exe\" \"--working-dir\" \"%v.\"" | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.gitignore\PerceivedType = "text" | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\LibraryFolder\background\shell\git_shell\Icon = "C:\\Program Files\\Git\\git-bash.exe" | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\git_shell\Icon = "C:\\Program Files\\Git\\git-bash.exe" | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\git_gui\command | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.gitignore\Content Type = "text/plain" | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\git_shell\command | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\background\shell\git_shell\ = "Open Git Ba&sh here" | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.sh\ = "sh_auto_file" | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.gitignore\ = "txtfile" | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.gitmodules\ = "txtfile" | C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Git-2.45.2-64-bit.exe
"C:\Users\Admin\AppData\Local\Temp\Git-2.45.2-64-bit.exe"
C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp
"C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp" /SL5="$A0122,66949336,867328,C:\Users\Admin\AppData\Local\Temp\Git-2.45.2-64-bit.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /d /c net session >"C:\Users\Admin\AppData\Local\Temp\is-IKN9K.tmp\net-session.txt"
C:\Windows\system32\net.exe
net session
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 session
C:\Program Files\Git\mingw64\bin\git.exe
"C:\Program Files\Git\mingw64\bin\git.exe" config --system --replace-all "diff.astextplain.textconv" "astextplain"
C:\Program Files\Git\mingw64\bin\git.exe
"C:\Program Files\Git\mingw64\bin\git.exe" config --system --replace-all "filter.lfs.clean" "git-lfs clean -- %f"
C:\Program Files\Git\mingw64\bin\git.exe
"C:\Program Files\Git\mingw64\bin\git.exe" config --system --replace-all "filter.lfs.smudge" "git-lfs smudge -- %f"
C:\Program Files\Git\mingw64\bin\git.exe
"C:\Program Files\Git\mingw64\bin\git.exe" config --system --replace-all "filter.lfs.process" "git-lfs filter-process"
C:\Program Files\Git\mingw64\bin\git.exe
"C:\Program Files\Git\mingw64\bin\git.exe" config --system --replace-all "filter.lfs.required" "true"
C:\Program Files\Git\mingw64\bin\git.exe
"C:\Program Files\Git\mingw64\bin\git.exe" config --system --replace-all "http.sslBackend" "openssl"
C:\Program Files\Git\mingw64\bin\git.exe
"C:\Program Files\Git\mingw64\bin\git.exe" config --system --replace-all "http.sslCAInfo" "C:/Program Files/Git/mingw64/etc/ssl/certs/ca-bundle.crt"
C:\Program Files\Git\mingw64\bin\git.exe
"C:\Program Files\Git\mingw64\bin\git.exe" config --system --replace-all "core.autocrlf" "true"
C:\Program Files\Git\mingw64\bin\git.exe
"C:\Program Files\Git\mingw64\bin\git.exe" config --system --replace-all "pull.rebase" "false"
C:\Program Files\Git\mingw64\bin\git.exe
"C:\Program Files\Git\mingw64\bin\git.exe" config --system --replace-all "credential.helper" "manager"
C:\Program Files\Git\mingw64\bin\git.exe
"C:\Program Files\Git\mingw64\bin\git.exe" config --system --replace-all "credential.https://dev.azure.com.useHttpPath" "true"
C:\Program Files\Git\mingw64\bin\git.exe
"C:\Program Files\Git\mingw64\bin\git.exe" config --system --replace-all "core.fscache" "true"
C:\Program Files\Git\mingw64\bin\git.exe
"C:\Program Files\Git\mingw64\bin\git.exe" config --system --replace-all "core.symlinks" "false"
C:\Program Files\Git\mingw64\bin\git.exe
"C:\Program Files\Git\mingw64\bin\git.exe" config --system --unset-all core.fsmonitor
C:\Program Files\Git\mingw64\bin\git.exe
"C:\Program Files\Git\mingw64\bin\git.exe" config --system --unset-all ssh.variant
C:\Program Files\Git\mingw64\bin\git.exe
"C:\Program Files\Git\mingw64\bin\git.exe" config --system --replace-all "init.defaultBranch" "master"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /D /C ""C:\Program Files\Git\cmd\scalar.exe" reconfigure --all >"C:\Users\Admin\AppData\Local\Temp\is-IKN9K.tmp\scalar-reconfigure.out" 2>"C:\Users\Admin\AppData\Local\Temp\is-IKN9K.tmp\scalar-reconfigure.err""
C:\Program Files\Git\cmd\scalar.exe
"C:\Program Files\Git\cmd\scalar.exe" reconfigure --all
C:\Program Files\Git\mingw64\bin\scalar.exe
git.exe reconfigure --all
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /C ""C:\Program Files\Git\post-install.bat" >"C:\Users\Admin\AppData\Local\Temp\is-IKN9K.tmp\post-install.log""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "VER"
C:\Program Files\Git\usr\bin\bash.exe
usr\bin\bash.exe --norc -c "export PATH=/usr/bin:$PATH; export SYSCONFDIR=/etc; for p in $(export LC_COLLATE=C; echo /etc/post-install/*.post); do test -e \"$p\" && . \"$p\"; done"
C:\Program Files\Git\usr\bin\bash.exe
usr\bin\bash.exe --norc -c "export PATH=/usr/bin:$PATH; export SYSCONFDIR=/etc; for p in $(export LC_COLLATE=C; echo /etc/post-install/*.post); do test -e \"$p\" && . \"$p\"; done"
C:\Program Files\Git\usr\bin\bash.exe
usr\bin\bash.exe --norc -c "export PATH=/usr/bin:$PATH; export SYSCONFDIR=/etc; for p in $(export LC_COLLATE=C; echo /etc/post-install/*.post); do test -e \"$p\" && . \"$p\"; done"
C:\Program Files\Git\usr\bin\ln.exe
"C:\Program Files\Git\usr\bin\ln.exe" -sf /proc/mounts /etc/mtab
C:\Program Files\Git\usr\bin\bash.exe
usr\bin\bash.exe --norc -c "export PATH=/usr/bin:$PATH; export SYSCONFDIR=/etc; for p in $(export LC_COLLATE=C; echo /etc/post-install/*.post); do test -e \"$p\" && . \"$p\"; done"
C:\Program Files\Git\usr\bin\cygpath.exe
"C:\Program Files\Git\usr\bin\cygpath.exe" -S -w
C:\Program Files\Git\usr\bin\bash.exe
usr\bin\bash.exe --norc -c "export PATH=/usr/bin:$PATH; export SYSCONFDIR=/etc; for p in $(export LC_COLLATE=C; echo /etc/post-install/*.post); do test -e \"$p\" && . \"$p\"; done"
C:\Program Files\Git\usr\bin\expr.exe
"C:\Program Files\Git\usr\bin\expr.exe" substr hosts 1 8
C:\Program Files\Git\usr\bin\bash.exe
usr\bin\bash.exe --norc -c "export PATH=/usr/bin:$PATH; export SYSCONFDIR=/etc; for p in $(export LC_COLLATE=C; echo /etc/post-install/*.post); do test -e \"$p\" && . \"$p\"; done"
C:\Program Files\Git\usr\bin\cp.exe
"C:\Program Files\Git\usr\bin\cp.exe" -p -v C:\Windows\system32\drivers\etc\hosts /etc/hosts
C:\Program Files\Git\usr\bin\bash.exe
usr\bin\bash.exe --norc -c "export PATH=/usr/bin:$PATH; export SYSCONFDIR=/etc; for p in $(export LC_COLLATE=C; echo /etc/post-install/*.post); do test -e \"$p\" && . \"$p\"; done"
C:\Program Files\Git\usr\bin\cygpath.exe
"C:\Program Files\Git\usr\bin\cygpath.exe" -S -w
C:\Program Files\Git\usr\bin\bash.exe
usr\bin\bash.exe --norc -c "export PATH=/usr/bin:$PATH; export SYSCONFDIR=/etc; for p in $(export LC_COLLATE=C; echo /etc/post-install/*.post); do test -e \"$p\" && . \"$p\"; done"
C:\Program Files\Git\usr\bin\expr.exe
"C:\Program Files\Git\usr\bin\expr.exe" substr protocols 1 8
C:\Program Files\Git\usr\bin\bash.exe
usr\bin\bash.exe --norc -c "export PATH=/usr/bin:$PATH; export SYSCONFDIR=/etc; for p in $(export LC_COLLATE=C; echo /etc/post-install/*.post); do test -e \"$p\" && . \"$p\"; done"
C:\Program Files\Git\usr\bin\cp.exe
"C:\Program Files\Git\usr\bin\cp.exe" -p -v C:\Windows\system32\drivers\etc\protocol /etc/protocols
C:\Program Files\Git\usr\bin\bash.exe
usr\bin\bash.exe --norc -c "export PATH=/usr/bin:$PATH; export SYSCONFDIR=/etc; for p in $(export LC_COLLATE=C; echo /etc/post-install/*.post); do test -e \"$p\" && . \"$p\"; done"
C:\Program Files\Git\usr\bin\cygpath.exe
"C:\Program Files\Git\usr\bin\cygpath.exe" -S -w
C:\Program Files\Git\usr\bin\bash.exe
usr\bin\bash.exe --norc -c "export PATH=/usr/bin:$PATH; export SYSCONFDIR=/etc; for p in $(export LC_COLLATE=C; echo /etc/post-install/*.post); do test -e \"$p\" && . \"$p\"; done"
C:\Program Files\Git\usr\bin\expr.exe
"C:\Program Files\Git\usr\bin\expr.exe" substr services 1 8
C:\Program Files\Git\usr\bin\bash.exe
usr\bin\bash.exe --norc -c "export PATH=/usr/bin:$PATH; export SYSCONFDIR=/etc; for p in $(export LC_COLLATE=C; echo /etc/post-install/*.post); do test -e \"$p\" && . \"$p\"; done"
C:\Program Files\Git\usr\bin\cp.exe
"C:\Program Files\Git\usr\bin\cp.exe" -p -v C:\Windows\system32\drivers\etc\services /etc/services
C:\Program Files\Git\usr\bin\bash.exe
usr\bin\bash.exe --norc -c "export PATH=/usr/bin:$PATH; export SYSCONFDIR=/etc; for p in $(export LC_COLLATE=C; echo /etc/post-install/*.post); do test -e \"$p\" && . \"$p\"; done"
C:\Program Files\Git\usr\bin\cygpath.exe
"C:\Program Files\Git\usr\bin\cygpath.exe" -S -w
C:\Program Files\Git\usr\bin\bash.exe
usr\bin\bash.exe --norc -c "export PATH=/usr/bin:$PATH; export SYSCONFDIR=/etc; for p in $(export LC_COLLATE=C; echo /etc/post-install/*.post); do test -e \"$p\" && . \"$p\"; done"
C:\Program Files\Git\usr\bin\expr.exe
"C:\Program Files\Git\usr\bin\expr.exe" substr networks 1 8
C:\Program Files\Git\usr\bin\bash.exe
usr\bin\bash.exe --norc -c "export PATH=/usr/bin:$PATH; export SYSCONFDIR=/etc; for p in $(export LC_COLLATE=C; echo /etc/post-install/*.post); do test -e \"$p\" && . \"$p\"; done"
C:\Program Files\Git\usr\bin\cp.exe
"C:\Program Files\Git\usr\bin\cp.exe" -p -v C:\Windows\system32\drivers\etc\networks /etc/networks
C:\Program Files\Git\usr\bin\bash.exe
usr\bin\bash.exe --norc -c "export PATH=/usr/bin:$PATH; export SYSCONFDIR=/etc; for p in $(export LC_COLLATE=C; echo /etc/post-install/*.post); do test -e \"$p\" && . \"$p\"; done"
C:\Program Files\Git\usr\bin\rm.exe
"C:\Program Files\Git\usr\bin\rm.exe" -rf /etc/post-install
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Program Files\Git\ReleaseNotes.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeef2946f8,0x7ffeef294708,0x7ffeef294718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,15461619225678536142,14985312928274455071,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,15461619225678536142,14985312928274455071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,15461619225678536142,14985312928274455071,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15461619225678536142,14985312928274455071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15461619225678536142,14985312928274455071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,15461619225678536142,14985312928274455071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,15461619225678536142,14985312928274455071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | 145.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.33.253.131.in-addr.arpa | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| BE | 88.221.83.185:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| BE | 88.221.83.185:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 185.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.83.221.88.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp |
Files
memory/372-0-0x0000000000400000-0x00000000004E1000-memory.dmp
memory/372-2-0x0000000000401000-0x00000000004B7000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-EOMTN.tmp\Git-2.45.2-64-bit.tmp
| MD5 | 2199ee2b5b3fe51b2780cd4eef861c80 |
| SHA1 | 3ec72b2e03fc17c6d710fabd9fed0ddb37e6a674 |
| SHA256 | 94be0c91ff410dad7af511ad32e27e04ddd145e1bec474a5a3b1149fc23cc0de |
| SHA512 | 70967c56b93794f396de27821e642543cfdcd3f5f0cdc22e04f1757bf1698a56119d9fabb8af61080dcff8eafd82b50569a6c87877e88a1e970512f097bdde47 |
memory/4824-6-0x0000000000400000-0x000000000071D000-memory.dmp
memory/372-13-0x0000000000400000-0x00000000004E1000-memory.dmp
memory/4824-14-0x0000000000400000-0x000000000071D000-memory.dmp
memory/4824-16-0x0000000000400000-0x000000000071D000-memory.dmp
C:\Program Files\Git\bin\sh.exe
| MD5 | aa12546c0c14824f2c9c64c55b21e4e4 |
| SHA1 | 30a6ae9ee714a70f7c8538197205972a5806143f |
| SHA256 | ea70169decdb4787b7503b899495a1edfa27e9077f8bc5e0ef5980cb42fef3e8 |
| SHA512 | 423967b096adea7e81de71b4332f6e4550f878cb3dae6cdbd0b41d256a394236f768f61d7d4120a3ffca3032e80aac9fa6ae38c4ec4f3537fbd610e00b348a71 |
C:\Program Files\Git\cmd\is-7RHFM.tmp
| MD5 | 04be23ba50b66d2e801e97b0058512c9 |
| SHA1 | 64cba1fb5292214555903877e84d3b7db615b3bd |
| SHA256 | 5385ff9ae361ca41e7a31b335fc0d81f2de9c35fc62a165c5e34850d837b59cc |
| SHA512 | 1a51c82d214121ff1d7cf48015b1d0a45e3a8afe88e7e41f508234d9b3b72a6541697c88f804bf8ef683386a5f3a8552e6f7645cf56a2346eb9c1a1cda655c31 |
C:\Program Files\Git\mingw64\bin\is-9VKEG.tmp
| MD5 | 3edb2e00504ce044aa1bdb71e8a6c32f |
| SHA1 | 9804181215d0dbbe5df59981e21437f7ff4eff34 |
| SHA256 | a8e368a31766c7862b8d0feeffe274c3bb43b969e3ccb4f9e77d13bfa447a5c9 |
| SHA512 | 475bbd71a9224e54d5ca69d81c55f95b3f5b5b4fbe169cdc9521ffc040689663bfe21b3075ab41920cf16179ee76b19e76511c827a5b094f57cf644560d3e70c |
C:\Program Files\Git\mingw64\bin\is-1P39N.tmp
| MD5 | 690898c148f72b5f65b482998edd0ace |
| SHA1 | 3ef1356afc65865c7242fd3a83369c7d144cf2ed |
| SHA256 | 4dd06837ccca65bb3be00d9f10bf4350143551d22a068e29345acff290a4a6b6 |
| SHA512 | ce6952501a70e5192e3f5c39c99cb73bece169c7b79b2018e8b5f1f4ecc6a84deddd0a203e3e0b12c08d87c717520ebdeb5b19373478f09b0dc670a93e4d472c |
C:\Program Files\Git\mingw64\bin\is-7GH8B.tmp
| MD5 | ad13683d85676e0d7d57f7e2e197484e |
| SHA1 | 8d442dbe6820cfa7225b17a2d4dc0b2062b8b065 |
| SHA256 | d3606171c89e7050ff2f274010a0b5cc586392f8faa8b5a121837c0204df9a01 |
| SHA512 | 57f86e42dbb5491823dedbf1a0203ca81db0c94f0b44fac25a43fb33e397e9a623cc4bdcda6d014c1c8877ee7837760fc363954bbebef64ce9bf99dd35999c40 |
C:\Program Files\Git\mingw64\bin\is-EQE7T.tmp
| MD5 | a98842b9e729c9f187190f6ab1c05035 |
| SHA1 | 6a60a697861e30a89ccda80c0d3d0c16e7993c4b |
| SHA256 | 1501b425f8923ec207a11063a31c36d6c6e7f89127d1312178d9196f93825352 |
| SHA512 | 2638f374ad4e33ae8349a34b38441270ecb2d09a4c19adbdbd8bceafaa0ec231bca24e187423a662431e690c68e3a9a149b93496895c551b31d7b0f02289d3e1 |
C:\Program Files\Git\mingw64\bin\is-2DIKO.tmp
| MD5 | 14b0466eccbe15208ce9639a25432d8d |
| SHA1 | 1192c4aa317e217305386467aa263ed3234966f9 |
| SHA256 | 7369291c8826e535c3207a319052266c8527e3fa8182d99f27cce0ad2a0dc3b7 |
| SHA512 | 2700b4a88bec045402bb00638e104ccef2b73baad151409b3191c1fbfde6ffc42e67d9956d3062a654093601fd1fa5364e4fb557d4c318575a3eb7ec3f1a1e5e |
C:\Program Files\Git\mingw64\etc\ssl\is-2IO7L.tmp
| MD5 | 2d22d09ab7598075386abc377041a93f |
| SHA1 | 024e6cdf35e9a3d0080a314ea6005c114b0e2ebe |
| SHA256 | 73d34a874eb28b5e7bf2e721a7c1322a6847d5ee4f1044f721c40054db8aa97e |
| SHA512 | 9ec1e3510cdb23d39ef19f7c7aecdf3425d20aa27f1767a0b2d452f20dd9304e838b934d05d51097f5b28cb054ed9e2844f3fe0ce6ddb2fdd1d2eec3ef2597ac |
C:\Program Files\Git\mingw64\etc\ssl\certs\is-CLUQU.tmp
| MD5 | 544cad78ac902087121c9f92cab994aa |
| SHA1 | 0e63eee2dd56eb1f3be003ad5731c577344274c8 |
| SHA256 | 80f520fdfae7ed96ecd10250bf164e13a27f8edc403d07db2bd6245a26f33c8f |
| SHA512 | bd7f4e63955458b4e245debfb77850d147d26d2b8fcbb95f092429415213712c163918be48b87a9092b9136245cbdeecbb03f277ea5a8d33d984e6882e8fcbec |
C:\Program Files\Git\mingw64\libexec\git-core\is-DBKDR.tmp
| MD5 | a23d17c6abc7e202fda9f2d13373b445 |
| SHA1 | e097594c09757e6db01b5ea567f9768e8f011917 |
| SHA256 | 341460aded1602f0e883a519d7dd26a2d2df884f6be246958b0197c126456867 |
| SHA512 | 643159492340e29d229f6cdd560c99aa2035d08b005245cff66c33c7fce81b48ddcfad519e25f2f56ea3dd31f1af8d48e8ae9d3d3ac286dd6d92c953f30b7eb1 |
memory/4824-2875-0x0000000000400000-0x000000000071D000-memory.dmp
C:\Program Files\Git\mingw64\share\licenses\libtasn1\is-BK49A.tmp
| MD5 | d32239bcb673463ab874e80d47fae504 |
| SHA1 | 8624bcdae55baeef00cd11d5dfcfa60f68710a02 |
| SHA256 | 8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903 |
| SHA512 | 7633623b66b5e686bb94dd96a7cdb5a7e5ee00e87004fab416a5610d59c62badaf512a2e26e34e2455b7ed6b76690d2cd47464836d7d85d78b51d50f7e933d5c |
C:\Program Files\Git\mingw64\share\licenses\libtasn1\is-3GCO8.tmp
| MD5 | 4fbd65380cdd255951079008b364516c |
| SHA1 | 01a6b4bf79aca9b556822601186afab86e8c4fbf |
| SHA256 | dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551 |
| SHA512 | 1bca76c9f2f559a7851c278650125cd4f44a7ae4a96ceee6a6ba81d34d28fe7d6125c5ee459fef729b6a2a0eba3075c0841c8a156b3a26f66194f77f7d49151c |
C:\Program Files\Git\usr\bin\is-2245N.tmp
| MD5 | e786fc0d18a8c8679897afec7dc20f81 |
| SHA1 | b53283980b78efb04ba9f0b0ff38d055bd3d751c |
| SHA256 | 1c1f96193cdf14b85ea65f140a7557a07ece8783a53ec5ba6b5c30644a9d3012 |
| SHA512 | c5421c591c25a0e7858e20d3211293898ec9eb77a766ece887b173dd1b5dc5ba331942006ee546fa98430a3f73e00ccff7b8332065988d86a7145f4ecd24065e |
C:\Program Files\Git\usr\bin\is-B522G.tmp
| MD5 | 8d87dcdd2ac38ce037afd0aba6d80259 |
| SHA1 | 5313a2fd333a05fa471776bc2df1b159b922ea06 |
| SHA256 | ac027e648f7d4bb8172d13a1bc27ac71784d193109aa48e76eff703aeb0f520d |
| SHA512 | 981476177942a7afe194407bfc57196d7a42a648975b7ea63e40fc2d6164e4c81416cad9625285185c304d392c9958dc412dd2b303bdd15ab18cb90159524d39 |
C:\Program Files\Git\usr\bin\is-R6B07.tmp
| MD5 | e243255b6cf3b9403df53cb9cd6176e1 |
| SHA1 | c90132a93c5cb1196e6cb10be1d6171c8f1b1472 |
| SHA256 | 0e7ca63849eebc9ea476ea1fefab05e60b0ac8066f73c7d58e8ff607c941f212 |
| SHA512 | 89262742db7bc927e72d55d7ff8ef57468ce9c518d9a284023c05f39373840db5697a314e6fa26c7c1fc920837c9b925759bc905b576359ffe975523eb8e65ab |
C:\Program Files\Git\usr\bin\is-R5GVN.tmp
| MD5 | 850a4dee8799bc92fc454aa7eb75b926 |
| SHA1 | 611f5640295cda4c03b989ac315c9fda83d735d0 |
| SHA256 | 6dad72258006dc40a68c8c4b3841387198071cb833e843e01bcfa7fed72a0766 |
| SHA512 | 6175e7afcdf3824a24f724884f7dc0f8f4250ec20e712d91c7c8c742ee5e8b230131ce6d4c30e024accdde9e04bcf369c984fb91095a540f2168c51329e5c9cd |
C:\Program Files\Git\usr\bin\is-HH8KB.tmp
| MD5 | f9a68afc932cb3bb7075f37cd817f6b3 |
| SHA1 | 7dcac7338ef9d9a2af2e5bfb2e35abc0cc764906 |
| SHA256 | 4153f217033705fc57de346030e884af4159088bae23f407b078024d7c3b712d |
| SHA512 | 72642343a07858d9becddb2c0927e8a73970320e18ab4ffe52e9503a3b72d25f88bc125422674a7d66d1a151e35f541de628b01164f456b114609272f20fba7d |
C:\Program Files\Git\usr\bin\is-VPK1J.tmp
| MD5 | 9eafbf81aa9b49b34b348f65861a246c |
| SHA1 | 707294378a1bbcc3c28773b4e34c3cff1db0372f |
| SHA256 | a9306406c14495513923084b500b750432ba2a58fa8fcca8ee64244b13a01d19 |
| SHA512 | 2a7bfb0e48387f238599b23276b9ecbf2cdbe9264772ca147ccf1884bfcddfda5f9fc6f1def6c3862272fdadb6826093d3d3ee464959a96f22db2645ab54be64 |
C:\Program Files\Git\usr\bin\is-UNHD6.tmp
| MD5 | c70255d8f9ab5e83c8ef8bccdac73a8b |
| SHA1 | 147c79a90c5aea3ece4891af2a012671d551fc2d |
| SHA256 | e2b5ada1f7434022e8e65a668ff831b564372f5c762a07c84c0ca23fd8dc4998 |
| SHA512 | 2360820ce780085d5adf3fdbb48d575076d8fae78cb205d6d6f70f962ea9ba8e0219984d89ae7bd932135d42088e6702b4b96d2973e127f5214781ff17f99a0d |
C:\Program Files\Git\usr\lib\terminfo\73\is-4D8KI.tmp
| MD5 | 2dd67d8d868e336a514e80529f77a1a7 |
| SHA1 | 08301e57d8bf02e4b9eba225c6d779fc8e70b37b |
| SHA256 | b7df16a05e6e2856e02ee8d7755439060a1b9f6971a75eaee3441057b2927abc |
| SHA512 | c0592f8dcf3629f6ba188cf3d4585ce40573d8c2c15123c2b38845bdce6f4734d466e2d57157de3407cf367da94ae2909278046f62b2084e34040c83ac21f4a0 |
C:\Program Files\Git\usr\share\gnupg\is-U4OV6.tmp
| MD5 | 14a267cde4ab3ba9bf15d6bac9eddff5 |
| SHA1 | 6acaa6d2d24416aa079ee3d87ac87ddb1d6744a6 |
| SHA256 | 05cdf5a33891882a1b96e007c0ac8dc9f99592f3667f79d83904a38e38e8bbe2 |
| SHA512 | 4a41044d63b7d1eded892b3f0bd1c60b6b2c6cf2c4fdee273149b9790c21e08dd829b5ff8be8731b029cc6a4cf4d15a4d531cff4033d5fdc545a10d6233df11e |
C:\Program Files\Git\usr\share\terminfo\73\is-38BK7.tmp
| MD5 | beb90a8a51c147c861736467cb681b60 |
| SHA1 | 40106a041df0f978906a6da09bd0651edb411c1e |
| SHA256 | f0f79f15f1e6399f89c588fab95672ac30b8e302909af932419b8f9a51a310a0 |
| SHA512 | 2799982653ac5c9795d051fddc16369833331090274962105abcded3f069fd0bedf57e4a7350991623ce5982332adedae5687375f88c6149c661667f4d3d269f |
C:\Program Files\Git\usr\share\terminfo\73\is-G6D1H.tmp
| MD5 | 6f4aedf2b5e49c8cd78b77e6a5f027b7 |
| SHA1 | 18295a4c44c35681f4061daad5cef797c190ebb1 |
| SHA256 | ce6cfad8b16adc144e7f0c183c42acca79ebfad2d02a96df1f92b0a003fcaccc |
| SHA512 | 213bc8ca403400c8d98bbb2b473b4f7f00c4c3b30917d5120531d911ab7f50b25b35d48bbd3d3926c1732aa0b95b3e9f037770c760dd3f5076e3f29114cb13f5 |
memory/4824-8317-0x0000000000400000-0x000000000071D000-memory.dmp
C:\Program Files\Git\usr\share\terminfo\78\is-0GF0E.tmp
| MD5 | 2bf3632732e606f17f8c3a153093976c |
| SHA1 | a1aa4db350f527c1e6794239e8e776a644d6a508 |
| SHA256 | 7b513964bf48559c404b5f08e7e66b163ecf83fcc2112ad3c5a4bc00d0ed05a7 |
| SHA512 | 730cd6d7b5e4edd11555879dc17e67c88f7142b98792c5104f9c130a37cd47c4368c271174dd1ea84fde1067f62cd687a37a1b289655fee5ce4dc25c0c00f83e |
C:\Program Files\Git\usr\share\vim\vim91\ftplugin\is-742R3.tmp
| MD5 | 4c05fe363a567f6f07c9f51b7db47b7f |
| SHA1 | 3770811af2b5f6a59f176ca38f089712f7d93411 |
| SHA256 | 7e324306b8898c97f934dc4e7a74ad8c4f8a2d8638ac9307aaf378868a3de469 |
| SHA512 | bcffe4b93ff033bcdfaca9c96450b216a3ff61c96a3b9043cc9800f8e31dfb485ccb0890d0b10f1ebd8bb59a6326c46cebb9cc988e95bf601d737bc1d2d2b284 |
C:\Program Files\Git\usr\share\vim\vim91\lang\ja\LC_MESSAGES\is-PKL2D.tmp
| MD5 | 833cdce09b5da0f0355f73a1c20eabc3 |
| SHA1 | 0c1f04eb1a7a06aa4aedb06b4da589c775e2fc56 |
| SHA256 | 8a329722aa3f78770e6fb1e1d398049f1e255f7b57e683161e4e5c8cfa3f0601 |
| SHA512 | c6af86a63dc7783bf62a1a582951e97f69e35488937ed30166cbf377b25871bbdfe3d6fa5ee1f67f44d9ccb94b7cc9a3cbf20d6bd1110bd1e9c42ffca655af3d |
C:\Program Files\Git\usr\share\vim\vim91\lang\is-LSBCQ.tmp
| MD5 | 22f0b13b13fada6da47bd9ba2dd46bc9 |
| SHA1 | b37d79ab8a5d12dc280089ebddc50640324cf32e |
| SHA256 | d0e02926e0de40f38d7e65c92bcfc26028614c4529a794dbfed8e5f75f001095 |
| SHA512 | d17925a64fb80409368a59c0c6b4a7c3f244c6db5b3bb2dde5927af8b4359fb6fd27f8e2be58e11f061353b15ddc80f59fa3186ac3aa62a2f3493cba28b8f133 |
C:\Program Files\Git\usr\share\vim\vim91\lang\pl\LC_MESSAGES\is-5BDK0.tmp
| MD5 | 99361b27633e2e520515f78b89eea343 |
| SHA1 | 714bc5416a31a13bf85dc2ebefee861b0869a657 |
| SHA256 | 6e840422fe85131250becffbd5e9dc3be30dc826bc8bc85f9462d9df6f000a05 |
| SHA512 | 1a3b0bdfd0b7ee17243606428a1da82904cc4f4d75f19ee997e6968a99d62e8f5c9c1521a1c4050a55414d5c4df0551eca948fb1cdf6fa548b82c5b65e4856e5 |
C:\Program Files\Git\usr\share\vim\vim91\lang\uk\LC_MESSAGES\is-OFC4I.tmp
| MD5 | a5dd099a1d4034dbf500da8428e86201 |
| SHA1 | ad0cda6deb3d6ed2a3f956d705d992ae7d590fe3 |
| SHA256 | 06092b191baf9b716586704e7da8cb228a7bdd9bffb2ea8a042bad13a39ddb26 |
| SHA512 | 77d948455c9023a36ff2758563711ad53b8fcc65c13343125f9fa8f6476b7c464e42c785cfe8ee10fd83ef98ac43a24cc9f07c8da97b040137cc8804a4077119 |
C:\Program Files\Git\usr\share\vim\vim91\lang\zh_CN\LC_MESSAGES\is-T3EKK.tmp
| MD5 | 1c3c73da82ab1f835982bcc4cce75a89 |
| SHA1 | fe8f4073d9b384f91eb3457f60d6ed6bf1364155 |
| SHA256 | 6a916bd5118bc85e17d9d9439f5ba58cecac85c82fed19e53ea5763bdf1cbe22 |
| SHA512 | be73c9277b0fc2245ac2ee94e125252d841b42211448f0d61304c4a9a43871d028d346c5639b1cf40cf438972df3a43da08c2ddef43ef8da44924eb4ab11b669 |
C:\Program Files\Git\usr\share\vim\vim91\lang\zh_TW\LC_MESSAGES\is-CKTFC.tmp
| MD5 | e498915038eeb85d47e393838021674a |
| SHA1 | 67fff2e8b0184e9871108088e908400a0d896d3d |
| SHA256 | 8023b8cd02e1798f3aaf0ef067fd752756895cad6d192a6108aeff1797635537 |
| SHA512 | b37a5868d97523ac2e92840374825fb4d9701dbab9c0b6140af3c7429495178ebdd7ccc613b672b3e12c717079ae7c2e4a564975d9c6fd5307e65a350aeccaae |
C:\Program Files\Git\usr\ssl\misc\is-USIE1.tmp
| MD5 | e02fb89e1ba600cbb4ea2f5840bce0eb |
| SHA1 | d5aabc6235d87f3b7f083f20c022e2d2103cb315 |
| SHA256 | 63930c8d3f5d516e809e40015bfec6380f7a2df8252103d668cb665658430a45 |
| SHA512 | 5a4574cb1d98a61230601fa444b3b0174c6fc23a0ff03a9c3f682b326ea714eba266aa385fe34d2d3ccc04e376b69673cdd3b46420e782a4cec9797a902029f1 |
C:\Program Files\Git\usr\ssl\is-ICJC7.tmp
| MD5 | 5b561a90362b8eb9127c792c3f5902e0 |
| SHA1 | a2587c4e97408b64274e5e052b74e3754892c13a |
| SHA256 | f1c1803d13d1d0b755b13b23c28bd4e20e07baf9f2b744c9337ba5866aa0ec3b |
| SHA512 | ce307f87b90e0a0d09335577283ab4509802b43d14725d76c65139f6625f7e4fe636f41c9c398ccc9a2c70b229a34fd796b8ae0e9f5f3720e43f727a60232167 |
C:\Program Files\Git\mingw64\bin\git.exe
| MD5 | c0d4b133e4f2a2f82b73b67d09ad66aa |
| SHA1 | c21a4fcfd86194471cd25fac5e306809ac1df5a8 |
| SHA256 | 3fe4878d8399f6fb7632b9325559d1bb38c3a17aac7a60f667c1e5f90b865248 |
| SHA512 | 1738110c7e276d46fd8c2a07eba5b361370e2da6bbf0e5fcab5491bd43bdc0c0579b547630eb5c7916fd7fb0efd442a1b834efb9ecbaf49e5800e707aab730d7 |
C:\Program Files\Git\mingw64\bin\libiconv-2.dll
| MD5 | 28c28885656c64fc5ed923cc97c77718 |
| SHA1 | 71f4b7e06010f8f4d975ad6e2c919b56801447f3 |
| SHA256 | 967189adfbc889fde89aafc867f7a1f02731f8592cf6fd5a4ace1929213e2e13 |
| SHA512 | eaa8888faa1c6e1a121061b4b110a49904e0553265eaf445e18c0bb283ad72774d25557a8e64648f69fb7822d6913924cb54bfe67a0dd2a8069701807f7bc488 |
C:\Program Files\Git\mingw64\bin\libpcre2-8-0.dll
| MD5 | 85f53770310c4b06becb458a905ca1cb |
| SHA1 | 200bb544b443e99464eff17ede7cc53712fbd0e1 |
| SHA256 | d45bc483e00500e9a847466f54a6a54d86148b71330fc133d4380389513f146f |
| SHA512 | 728ac8b102a12a7d37f7df55ef379cf36bfca55cb7c6f9563e324ff1cfa77815a7137a4707f3df5d5938619080503c8399df03b12639e85ba4500da9d442f6e0 |
C:\Program Files\Git\mingw64\bin\libintl-8.dll
| MD5 | e3f805c0b24a800c30a63e36e6153ad1 |
| SHA1 | 639f3f22b2a885335c8973d35b0923be979b621f |
| SHA256 | 42a63cb4c3c28a683d9f6c3510de5ec17849eb18c097fa02cd78aeb800bff202 |
| SHA512 | 7aa18d7160301d99f14bf9d53325d417199da767b73586dcf366b740c1ff8411b98768ec1440d76c70e3dd2f103d7083fa0c211fd7b24abeb06b30d67ad9ea72 |
C:\Program Files\Git\mingw64\bin\zlib1.dll
| MD5 | 66a3477a51e8b7d4586edf4659cde8d5 |
| SHA1 | 3306c6aca3937d8bca11dd076effb03746367b9f |
| SHA256 | cb7ab3788d10940df874acd97b1821bbb5ee4a91f3eec11982bb5bf7a3c96443 |
| SHA512 | 948ba42499bba17b552723c3189289e9f07879c9303ec6f27b4d631b7d701c16fe66fc8c6a681236cef778b0cb0a14420493e048aa90bba682606ce2990c64ab |
C:\Program Files\Git\mingw64\bin\libwinpthread-1.dll
| MD5 | 56594cd44297e40cc3ce337e96708d42 |
| SHA1 | a449663a88b47457a8befc78251f4f0a1a346aca |
| SHA256 | bc98934f17abad077500b46a53dedd39039993255a66fe7f25f6ceb8f4697ea9 |
| SHA512 | 85e3eeb5a2789765492ae9fe9c385d80db2c2855a3145e531e40115f5eb6ded734f3158d8840a59da1d1f054b645adff8b626e787de9006129d658541f2209c0 |
memory/2820-12792-0x00007FFEEF160000-0x00007FFEEF205000-memory.dmp
memory/2820-12787-0x00007FF727ED0000-0x00007FF728307000-memory.dmp
memory/2820-12791-0x00007FFEEFDE0000-0x00007FFEEFE15000-memory.dmp
memory/2820-12790-0x00007FFEEFDB0000-0x00007FFEEFDD4000-memory.dmp
memory/2820-12789-0x00007FFEF7A90000-0x00007FFEF7AA6000-memory.dmp
memory/2820-12788-0x00007FFEEF210000-0x00007FFEEF329000-memory.dmp
C:\Program Files\Git\etc\gitconfig
| MD5 | 8f55ac0e217098d452fe4f348ed521fd |
| SHA1 | 258dd63e9ddfd5bfcc5f0227ec061881afb15ac5 |
| SHA256 | ab94b4e64b3840f09d8211cdfecffac4a5fe223aa39621e91cef903d1f365ce5 |
| SHA512 | 1c77cd1692163774209d31b03f3a0a89011b62fa5356ae82b90decce9865079c043360ecb9ed31802088cb5b142fd8267a13ce36d3e226266e22f82a900ab130 |
memory/4996-12810-0x00007FFEEFDB0000-0x00007FFEEFDD4000-memory.dmp
memory/4996-12809-0x00007FFEEF160000-0x00007FFEEF205000-memory.dmp
memory/4996-12808-0x00007FFEF7A90000-0x00007FFEF7AA6000-memory.dmp
memory/4996-12805-0x00007FF727ED0000-0x00007FF728307000-memory.dmp
memory/4996-12807-0x00007FFEEF210000-0x00007FFEEF329000-memory.dmp
memory/4996-12806-0x00007FFEEFDE0000-0x00007FFEEFE15000-memory.dmp
C:\Program Files\Git\etc\gitconfig
| MD5 | 84535bef2af00a1d54a3b896d1054bf5 |
| SHA1 | 1978315a2831abd8509923474f557bc176f0ab87 |
| SHA256 | 9db8adb2e444a8ebb7d8357e49c3409d76c38b06a51089e854395d0e02fa0c20 |
| SHA512 | 63bb5622b5b2de478930e373624e8c99ab59d3cda97d7675b469ce20eb6e648832db68fb872624c577fb661bd574f52817eae982812598a4c8ad492d1b6d4244 |
memory/4836-12822-0x00007FFEEF210000-0x00007FFEEF329000-memory.dmp
memory/4836-12826-0x00007FFEEFDB0000-0x00007FFEEFDD4000-memory.dmp
memory/4836-12825-0x00007FFEF7A90000-0x00007FFEF7AA6000-memory.dmp
memory/4836-12824-0x00007FFEEF160000-0x00007FFEEF205000-memory.dmp
memory/4836-12823-0x00007FFEEFDE0000-0x00007FFEEFE15000-memory.dmp
memory/4836-12821-0x00007FF727ED0000-0x00007FF728307000-memory.dmp
C:\Program Files\Git\etc\gitconfig
| MD5 | 8f4ae6e3b6dadd4e8d4c0fccd2439f4a |
| SHA1 | f3e8cc50a2cecc4432369f493d6ae2af51a74fad |
| SHA256 | 3f9b65348c9a58965033781aad19fbd5f09d56b848684c07015891f51ab7342b |
| SHA512 | fca01d4f59ed31020b6706137ea4d39355a6d0ae39008a04f025a35da71370ff212b411533847c5de1a613a4da090e7efb8b21362849aad9b1a72d3ac108b145 |
memory/4556-12838-0x00007FFEEF210000-0x00007FFEEF329000-memory.dmp
memory/4556-12842-0x00007FFEEFDB0000-0x00007FFEEFDD4000-memory.dmp
memory/4556-12841-0x00007FFEF7A90000-0x00007FFEF7AA6000-memory.dmp
memory/4556-12840-0x00007FFEEF160000-0x00007FFEEF205000-memory.dmp
memory/4556-12839-0x00007FFEEFDE0000-0x00007FFEEFE15000-memory.dmp
memory/4556-12837-0x00007FF727ED0000-0x00007FF728307000-memory.dmp
C:\Program Files\Git\etc\gitconfig
| MD5 | e7b1bfb85ed4f3244b15ea2494f56961 |
| SHA1 | 255cb37ffce2e0e298557b210686fe7140a75009 |
| SHA256 | eb9f6319f59e1cc6fa5479572f58ba880fd6c9348914d2eb3ea35bc50250e37b |
| SHA512 | 3143e9b2cf687aa5f721229335142519fe45926b915abaa967e8c1581a070a0b8c37bb7ec28ef06bfec2203b7f3eb7527f14c23883e33dedefed86ed31ffb31c |
memory/3972-12861-0x00007FFEEF210000-0x00007FFEEF329000-memory.dmp
memory/3972-12860-0x00007FFEEFD90000-0x00007FFEEFDB4000-memory.dmp
memory/3972-12859-0x00007FFEF7A90000-0x00007FFEF7AA6000-memory.dmp
memory/3972-12858-0x00007FFEEF160000-0x00007FFEEF205000-memory.dmp
memory/3972-12857-0x00007FFEEF6E0000-0x00007FFEEF715000-memory.dmp
memory/3972-12856-0x00007FF727ED0000-0x00007FF728307000-memory.dmp
C:\Program Files\Git\etc\gitconfig
| MD5 | 380e295e64def727309804aa31ca55ca |
| SHA1 | 7ec90c8a42cba5191b7c7a01665e9861341a9ffc |
| SHA256 | b551d763f7d73e95bf95704490ea90adf5cc5a9aee7e1887a0ddb41a154d80c3 |
| SHA512 | 7a0d79c607defeb06f5bcdd4c5ebc46c69053c0c8ae1ae2ad1e9a515be3cfde925b3b4ecc8c0016b1b7c9d4b111bcdc4b17b8e3d2164249cfd9c4adeda62a654 |
memory/764-12875-0x00007FFEEF210000-0x00007FFEEF329000-memory.dmp
memory/764-12879-0x00007FFEEFD90000-0x00007FFEEFDB4000-memory.dmp
memory/764-12878-0x00007FFEF7A90000-0x00007FFEF7AA6000-memory.dmp
memory/764-12877-0x00007FFEEF160000-0x00007FFEEF205000-memory.dmp
memory/764-12876-0x00007FFEEF6E0000-0x00007FFEEF715000-memory.dmp
memory/764-12874-0x00007FF727ED0000-0x00007FF728307000-memory.dmp
C:\Program Files\Git\etc\gitconfig
| MD5 | 3275bc8e5aa22e7675b33a6729701f2e |
| SHA1 | c2d1aaa2cdb150f8bef5850d790a3ef420c742d5 |
| SHA256 | 11cb365e2fe86a6ad22ecf9761f82186300aa1ff39bf9d4996ed7d0f2e26f583 |
| SHA512 | d0439cc744d9ace2dff99db5feb8fd112c3b7086b1fb11f7cb860e39e3f9a1155c5235f85e4e014659fce5c6d4b78d9159e3485a3917ad753dff08d7e0951062 |
memory/2284-12895-0x00007FFEEF160000-0x00007FFEEF205000-memory.dmp
memory/2284-12897-0x00007FFEEFD90000-0x00007FFEEFDB4000-memory.dmp
memory/2284-12894-0x00007FFEEF6E0000-0x00007FFEEF715000-memory.dmp
memory/2284-12893-0x00007FFEEF210000-0x00007FFEEF329000-memory.dmp
memory/2284-12892-0x00007FF727ED0000-0x00007FF728307000-memory.dmp
memory/2284-12896-0x00007FFEF7A90000-0x00007FFEF7AA6000-memory.dmp
C:\Program Files\Git\etc\gitconfig
| MD5 | 4917f7923a23df61eb57bbeca5c9e068 |
| SHA1 | 877983f1d0776b436f01791f3a619af645249ed5 |
| SHA256 | 721516c8b55a8f2c9ff564a0f1f679ffc243e3fa6f1b88e130e41c0ef778abf1 |
| SHA512 | 526b98da5ea9585911ad5422d4967fee6ddd26f9dd1f41b9b1ba2ecfc6c76895519e10c7bf205f0de00dd735f6886ed48eb6fb74534f00db63561264d7c20645 |
memory/1348-12915-0x00007FFEEF160000-0x00007FFEEF205000-memory.dmp
memory/1348-12914-0x00007FFEEFD90000-0x00007FFEEFDB4000-memory.dmp
memory/1348-12910-0x00007FF727ED0000-0x00007FF728307000-memory.dmp
memory/1348-12913-0x00007FFEF7A90000-0x00007FFEF7AA6000-memory.dmp
memory/1348-12912-0x00007FFEEF210000-0x00007FFEEF329000-memory.dmp
memory/1348-12911-0x00007FFEEF6E0000-0x00007FFEEF715000-memory.dmp
memory/2940-12925-0x00007FFEEFD90000-0x00007FFEEFDB4000-memory.dmp
memory/2940-12924-0x00007FFEEF6E0000-0x00007FFEEF715000-memory.dmp
memory/2940-12923-0x00007FFEF7A90000-0x00007FFEF7AA6000-memory.dmp
memory/2940-12922-0x00007FFEEF160000-0x00007FFEEF205000-memory.dmp
memory/2940-12920-0x00007FF727ED0000-0x00007FF728307000-memory.dmp
memory/2940-12921-0x00007FFEEF210000-0x00007FFEEF329000-memory.dmp
C:\Program Files\Git\mingw64\bin\scalar.exe
| MD5 | 557a0040788412f4b5a6b5f6cb8e946e |
| SHA1 | 3c3f8f68d2c10c5065772d072c19aee366581270 |
| SHA256 | f34b4317e40cf5efa7bc3353bce02cf0a5810eac644b4a7e422e1a9804f28272 |
| SHA512 | ec883885f2e7650e829407e9f49e2594ed670ad2eb65473b74109ed5b98a2147fd60b1f1b5cba087e66ede38357eca5ccc74797514d4f218426bc5a7c81108b2 |
C:\Program Files\Git\usr\bin\bash.exe
| MD5 | 6a5808e6dd3e4ae18acee85a1eb7cd02 |
| SHA1 | e9441175c3f0561137cf885bbb85733917813fa8 |
| SHA256 | 19af3e33574ff81b86da0679e3e81e7051ab2ece082ee10c1887f7aaf9e06bb0 |
| SHA512 | 5a22b3a5fa7f3393eb42c94c0d50cf470eccbc9b93dc164baa6872634203e77c5b530f4f8fffbcaa86bd6dda4e42c9bcb4e2e75c98d227bd0b4237087fcb63f1 |
memory/4324-12999-0x0000000210040000-0x0000000211267000-memory.dmp
memory/3416-13005-0x0000000210040000-0x0000000211267000-memory.dmp
memory/4784-13007-0x0000000210040000-0x0000000211267000-memory.dmp
memory/4784-13016-0x0000000210040000-0x0000000211267000-memory.dmp
memory/4576-13015-0x0000000210040000-0x0000000211267000-memory.dmp
memory/3972-13025-0x0000000210040000-0x0000000211267000-memory.dmp
memory/4324-13145-0x0000000210040000-0x0000000211267000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-IKN9K.tmp\post-install.log
| MD5 | 6614300e9d2da66cfb9b26d1bb237de5 |
| SHA1 | 198e86c14939ffa3abc70983d7d6fb8d7f996f92 |
| SHA256 | d1076e8ae2603afa456b17bad9857743d9bc724ebd467aab0cf84cd88b717321 |
| SHA512 | 1566d4db026f39a939c3f5d8ca00a78ffb75ea26fd6fd79c55604c02290d73263711b1d43b232844846a0d29040bb83cab6cf9ac36c5830a5fc5b85f58c95038 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56067634f68231081c4bd5bdbfcc202f |
| SHA1 | 5582776da6ffc75bb0973840fc3d15598bc09eb1 |
| SHA256 | 8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4 |
| SHA512 | c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 81e892ca5c5683efdf9135fe0f2adb15 |
| SHA1 | 39159b30226d98a465ece1da28dc87088b20ecad |
| SHA256 | 830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17 |
| SHA512 | c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 474156c42a8ecf4137d86a1824f42dad |
| SHA1 | f89ceb973ab51dcb0e20058a633955925f3d0497 |
| SHA256 | 49584ba13cb5d192144393ace550c2bbd0d0cd90fd511b6afb9dc36281231fc9 |
| SHA512 | 9557632302767c9ca350c4eb37dea7135012997575763ee367254aa639f463c662eb6df88461bd6397b5b38905a5d7dda3ac5ca9b229e4acbe27bbc4a403f926 |
memory/4824-13174-0x0000000000400000-0x000000000071D000-memory.dmp
memory/3416-13178-0x0000000210040000-0x0000000211267000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e5ceaab1c0f493edb96026627c50fe25 |
| SHA1 | 14348e77ffd3558b758bfb3f15b56ccfda1c395f |
| SHA256 | 3e2d20c1e5c2cc424da04d287a3c338508bdbb789852e7475567905dedbc0aa4 |
| SHA512 | e8c1c6e42052db50b22419a995a0a78b41a24abf62b1817cbfec3002e7856fad66d5b3915afc4d9f1dd24db7be7e92400c27553642da655092e05527bebafe2f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0cfd428075f99c98270c3eefcc7fbcfe |
| SHA1 | 93dfb96a268541917ab1ac7efcfc17eb318c307d |
| SHA256 | 4a24d2ba0a062c4e76a298ff37db1cf68e9e1cab7bcc4adb100147ffccf2c9af |
| SHA512 | 5961b97faa57233115ee016b47cada07ad1e95a005e64ee942818a7871e25454fc4a1a7283bc6082ee20b9e3a9ddf4c026fc2c63a2bf97d0f1efaa60d564438c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
memory/4576-13260-0x0000000210040000-0x0000000211267000-memory.dmp