Malware Analysis Report

2024-11-30 05:23

Sample ID 240710-az5sgswamn
Target github.software.1.3.8.7z
SHA256 0ac38faaf5f1d16523192cdb563932165e246c20fb26c276e4780ac4534f6dda
Tags
lumma discovery evasion persistence privilege_escalation ransomware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

0ac38faaf5f1d16523192cdb563932165e246c20fb26c276e4780ac4534f6dda

Threat Level: Known bad

The file github.software.1.3.8.7z was found to be: Known bad.

Malicious Activity Summary

lumma discovery evasion persistence privilege_escalation ransomware stealer

Lumma Stealer

Disables Task Manager via registry modification

Downloads MZ/PE file

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Loads dropped DLL

Checks computer location settings

Modifies WinLogon

Enumerates connected drives

Legitimate hosting services abused for malware hosting/C2

Checks installed software on the system

Drops file in System32 directory

Sets desktop wallpaper using registry

Suspicious use of SetThreadContext

Drops file in Program Files directory

Enumerates physical storage devices

Checks SCSI registry key(s)

Enumerates system info in registry

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Uses Task Scheduler COM API

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Modifies registry class

Kills process with taskkill

Suspicious use of AdjustPrivilegeToken

Modifies data under HKEY_USERS

Script User-Agent

NTFS ADS

Checks processor information in registry

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-10 00:39

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-10 00:39

Reported

2024-07-10 00:56

Platform

win10v2004-20240709-en

Max time kernel

919s

Max time network

934s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\github.software.1.3.8.7z

Signatures

Lumma Stealer

stealer lumma

Disables Task Manager via registry modification

evasion

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation C:\Program Files\7-Zip\7zFM.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Loads dropped DLL

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-3G452.tmp\memz-trojan_VT21g-1.tmp N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\A: C:\Users\Admin\Downloads\000.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\Downloads\000.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\Downloads\000.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\Downloads\000.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\Downloads\000.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\Downloads\000.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\Downloads\000.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\Downloads\000.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\Downloads\000.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\Downloads\000.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\Downloads\000.exe N/A
File opened (read-only) \??\D: C:\Program Files (x86)\7-Zip\7zFM.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\Downloads\000.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\Downloads\000.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\Downloads\000.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\Downloads\000.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\Downloads\000.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\Downloads\000.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\Downloads\000.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\Downloads\000.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\Downloads\000.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\Downloads\000.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\Downloads\000.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\Downloads\000.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A camo.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Modifies WinLogon

persistence
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell = "0" C:\Users\Admin\Downloads\000.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\Desktop\Wallpaper C:\Users\Admin\Downloads\000.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\7-Zip\7-zip.dll C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\ext.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\pa-in.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\sa.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sq.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\az.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\cy.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\fr.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\bn.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sv.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\ca.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ba.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\bg.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\el.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\sv.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\tg.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\id.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sr-spc.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\br.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hy.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\kab.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\hy.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File opened for modification C:\Program Files\7-Zip\7-zip.chm C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\az.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\et.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mng2.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\zh-cn.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\fi.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\fy.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.dll C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File created C:\Program Files (x86)\7-Zip\History.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\af.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\br.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\hy.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File opened for modification C:\Program Files\Crashpad\metadata C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sk.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sl.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\va.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\ar.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\ca.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fy.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\ext.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\lij.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File opened for modification C:\Program Files\Crashpad\settings.dat C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\en.ttt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\gl.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\cs.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\pt-br.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\is.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pa-in.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\uk.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\vi.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\cs.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\el.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\ku-ckb.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\va.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\zh-tw.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File opened for modification C:\Program Files\7-Zip\History.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fi.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tk.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\en.ttt C:\Users\Admin\Downloads\7z2407.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\eo.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\mng2.txt C:\Users\Admin\Downloads\7z2407.exe N/A
File opened for modification C:\Program Files (x86)\7-Zip\Lang\ps.txt C:\Users\Admin\Downloads\7z2407.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\is-3G452.tmp\memz-trojan_VT21g-1.tmp N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ C:\Users\Admin\AppData\Local\Temp\is-3G452.tmp\memz-trojan_VT21g-1.tmp N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\Downloads\7z2407.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Program Files (x86)\7-Zip\7zFM.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2407.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Program Files (x86)\7-Zip\7zFM.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\is-3G452.tmp\memz-trojan_VT21g-1.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Program Files (x86)\7-Zip\7zFM.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000} C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip C:\Users\Admin\Downloads\7z2407.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2407.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000} C:\Users\Admin\Downloads\7z2407.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files (x86)\\7-Zip\\7-zip.dll" C:\Users\Admin\Downloads\7z2407.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1750093773-264148664-1320403265-1000\{C51FC1A3-6E29-4E10-930E-BB39F17AD1DE} C:\Users\Admin\Downloads\000.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Users\Admin\Downloads\7z2407.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Program Files (x86)\7-Zip\7zFM.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2407.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1750093773-264148664-1320403265-1000\{FED2BA17-357F-4F62-A112-6C422A36DCA5} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" C:\Users\Admin\Downloads\7z2407.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2407.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings C:\Program Files (x86)\7-Zip\7zFM.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Program Files (x86)\7-Zip\7zFM.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\icon.ico" C:\Users\Admin\Downloads\000.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2407.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2407.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip C:\Users\Admin\Downloads\7z2407.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Program Files (x86)\7-Zip\7zFM.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2407.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2407.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip C:\Users\Admin\Downloads\7z2407-x64.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 718312.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 708942.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 50650.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 687200.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 259448.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 720714.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Script User-Agent

Description Indicator Process Target
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files (x86)\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files (x86)\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 228 wrote to memory of 2452 N/A C:\Windows\system32\OpenWith.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 228 wrote to memory of 2452 N/A C:\Windows\system32\OpenWith.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2452 wrote to memory of 3640 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2452 wrote to memory of 3640 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2452 wrote to memory of 3640 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2452 wrote to memory of 3640 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2452 wrote to memory of 3640 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2452 wrote to memory of 3640 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2452 wrote to memory of 3640 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2452 wrote to memory of 3640 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2452 wrote to memory of 3640 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2452 wrote to memory of 3640 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2452 wrote to memory of 3640 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3640 wrote to memory of 640 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3640 wrote to memory of 640 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3640 wrote to memory of 640 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3640 wrote to memory of 640 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3640 wrote to memory of 640 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3640 wrote to memory of 640 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3640 wrote to memory of 640 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3640 wrote to memory of 640 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3640 wrote to memory of 640 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3640 wrote to memory of 640 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3640 wrote to memory of 640 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3640 wrote to memory of 640 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3640 wrote to memory of 640 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3640 wrote to memory of 640 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3640 wrote to memory of 640 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3640 wrote to memory of 640 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3640 wrote to memory of 640 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3640 wrote to memory of 640 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3640 wrote to memory of 640 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3640 wrote to memory of 640 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3640 wrote to memory of 640 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3640 wrote to memory of 640 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3640 wrote to memory of 640 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3640 wrote to memory of 640 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3640 wrote to memory of 640 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3640 wrote to memory of 640 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3640 wrote to memory of 640 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3640 wrote to memory of 640 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3640 wrote to memory of 640 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3640 wrote to memory of 640 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3640 wrote to memory of 640 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3640 wrote to memory of 640 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3640 wrote to memory of 640 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3640 wrote to memory of 640 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3640 wrote to memory of 640 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3640 wrote to memory of 640 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3640 wrote to memory of 640 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3640 wrote to memory of 640 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3640 wrote to memory of 640 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3640 wrote to memory of 640 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3640 wrote to memory of 640 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3640 wrote to memory of 640 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3640 wrote to memory of 640 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3640 wrote to memory of 640 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3640 wrote to memory of 640 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3640 wrote to memory of 3360 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3640 wrote to memory of 3360 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3640 wrote to memory of 3360 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3640 wrote to memory of 3360 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3640 wrote to memory of 3360 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3640 wrote to memory of 3360 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\github.software.1.3.8.7z

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\github.software.1.3.8.7z"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\github.software.1.3.8.7z

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2016 -parentBuildID 20240401114208 -prefsHandle 1932 -prefMapHandle 1908 -prefsLen 25757 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8725f78-76ab-44cd-bfd9-86a18dc9c0a8} 3640 "\\.\pipe\gecko-crash-server-pipe.3640" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2452 -parentBuildID 20240401114208 -prefsHandle 2444 -prefMapHandle 2440 -prefsLen 26677 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba476519-bdf9-4524-81ef-c57ed6a031bd} 3640 "\\.\pipe\gecko-crash-server-pipe.3640" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3204 -childID 1 -isForBrowser -prefsHandle 3140 -prefMapHandle 2996 -prefsLen 26818 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {75aeef3e-9444-4f59-afae-ad25bae8e37c} 3640 "\\.\pipe\gecko-crash-server-pipe.3640" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3784 -childID 2 -isForBrowser -prefsHandle 3772 -prefMapHandle 3764 -prefsLen 31167 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd7cae14-1066-4a06-bbc6-480ca180d773} 3640 "\\.\pipe\gecko-crash-server-pipe.3640" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4428 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4300 -prefMapHandle 4424 -prefsLen 31167 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f028ab6c-7dd2-4665-a15e-1e5b9632e3bb} 3640 "\\.\pipe\gecko-crash-server-pipe.3640" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5592 -childID 3 -isForBrowser -prefsHandle 5584 -prefMapHandle 5580 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa542340-ccba-4f8d-82ef-17dab303d31a} 3640 "\\.\pipe\gecko-crash-server-pipe.3640" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5756 -childID 4 -isForBrowser -prefsHandle 5708 -prefMapHandle 5608 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b5407e8-2f96-4e55-a88d-1b1a5e85c2b4} 3640 "\\.\pipe\gecko-crash-server-pipe.3640" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5916 -childID 5 -isForBrowser -prefsHandle 5924 -prefMapHandle 5928 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {17e6a5e0-cea5-4fd6-ac1c-c9b0e9661e6d} 3640 "\\.\pipe\gecko-crash-server-pipe.3640" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2888 -childID 6 -isForBrowser -prefsHandle 3328 -prefMapHandle 3156 -prefsLen 27297 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0784685-cae5-457b-9a45-b0a69a783576} 3640 "\\.\pipe\gecko-crash-server-pipe.3640" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6760 -childID 7 -isForBrowser -prefsHandle 6776 -prefMapHandle 6764 -prefsLen 32598 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {badd8329-7507-4cd9-9a58-7905659231fa} 3640 "\\.\pipe\gecko-crash-server-pipe.3640" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7032 -childID 8 -isForBrowser -prefsHandle 7016 -prefMapHandle 6748 -prefsLen 28035 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd81afee-b0af-4190-ba98-0a5d1db6e0f3} 3640 "\\.\pipe\gecko-crash-server-pipe.3640" tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9e3edcc40,0x7ff9e3edcc4c,0x7ff9e3edcc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1904,i,16774875575531131221,3881049512878159817,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1900 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2192,i,16774875575531131221,3881049512878159817,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2256 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2260,i,16774875575531131221,3881049512878159817,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2484 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,16774875575531131221,3881049512878159817,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3200 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3292,i,16774875575531131221,3881049512878159817,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3284 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3752,i,16774875575531131221,3881049512878159817,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3740 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4448,i,16774875575531131221,3881049512878159817,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4744 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4864,i,16774875575531131221,3881049512878159817,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5000 /prefetch:8

C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe" --reenable-autoupdates --system-level

C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x298,0x29c,0x2a0,0x274,0x2a4,0x7ff6488f4698,0x7ff6488f46a4,0x7ff6488f46b0

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4704,i,16774875575531131221,3881049512878159817,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5036 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3548,i,16774875575531131221,3881049512878159817,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3516 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5208,i,16774875575531131221,3881049512878159817,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5232 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5352,i,16774875575531131221,3881049512878159817,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9ced046f8,0x7ff9ced04708,0x7ff9ced04718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3728 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5132 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4260 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4260 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6072 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6400 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5148,i,16774875575531131221,3881049512878159817,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5136 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6188 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4336 /prefetch:1

C:\Users\Admin\Downloads\7z2407-x64.exe

"C:\Users\Admin\Downloads\7z2407-x64.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=3028 /prefetch:8

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6652 /prefetch:8

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /7

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6228 /prefetch:8

C:\Users\Admin\Downloads\7z2407.exe

"C:\Users\Admin\Downloads\7z2407.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5832 /prefetch:2

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\7-Zip\7zFM.exe

"C:\Program Files (x86)\7-Zip\7zFM.exe"

C:\Program Files (x86)\7-Zip\7zFM.exe

"C:\Program Files (x86)\7-Zip\7zFM.exe"

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\github.software.1.3.8.7z"

C:\Users\Admin\AppData\Local\Temp\7zO469C296F\github.software.1.3.8.exe

"C:\Users\Admin\AppData\Local\Temp\7zO469C296F\github.software.1.3.8.exe"

C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

C:\Users\Admin\AppData\Local\Temp\7zO469CC220\github.software.1.3.8.exe

"C:\Users\Admin\AppData\Local\Temp\7zO469CC220\github.software.1.3.8.exe"

C:\Users\Admin\AppData\Local\Temp\7zO46911620\github.software.1.3.8.exe

"C:\Users\Admin\AppData\Local\Temp\7zO46911620\github.software.1.3.8.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2768 -childID 9 -isForBrowser -prefsHandle 7164 -prefMapHandle 1752 -prefsLen 28544 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd179f50-c992-47f2-9205-98921c26ba97} 3640 "\\.\pipe\gecko-crash-server-pipe.3640" tab

C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7648 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7604 /prefetch:8

C:\Users\Admin\Downloads\SafeMEMZ.exe

"C:\Users\Admin\Downloads\SafeMEMZ.exe"

C:\Users\Admin\Downloads\SafeMEMZ.exe

"C:\Users\Admin\Downloads\SafeMEMZ.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4e4 0x3bc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8016 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=212 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7776 /prefetch:8

C:\Users\Admin\Downloads\memz-trojan_VT21g-1.exe

"C:\Users\Admin\Downloads\memz-trojan_VT21g-1.exe"

C:\Users\Admin\AppData\Local\Temp\is-3G452.tmp\memz-trojan_VT21g-1.tmp

"C:\Users\Admin\AppData\Local\Temp\is-3G452.tmp\memz-trojan_VT21g-1.tmp" /SL5="$A056C,1573616,832512,C:\Users\Admin\Downloads\memz-trojan_VT21g-1.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.fileplanet.com/windows

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9ced046f8,0x7ff9ced04708,0x7ff9ced04718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8172 /prefetch:1

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_memz-trojan.zip\MEMZ-master\README.md

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7012 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7564 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7640 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7852 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7516 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5908 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8

C:\Users\Admin\Downloads\000.exe

"C:\Users\Admin\Downloads\000.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\windl.bat""

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im explorer.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic useraccount where name='Admin' set FullName='UR NEXT'

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic useraccount where name='Admin' rename 'UR NEXT'

C:\Windows\SysWOW64\shutdown.exe

shutdown /f /r /t 0

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x4 /state0:0xa38ed055 /state1:0x41c64e6d

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
N/A 127.0.0.1:62566 tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 34.117.188.166:443 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 34.117.188.166:443 prod.ads.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 44.238.192.228:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 228.192.238.44.in-addr.arpa udp
N/A 127.0.0.1:62574 tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 4.180.250.142.in-addr.arpa udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 142.250.200.14:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.200.14:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-aigzrnsr.gvt1.com udp
GB 74.125.175.38:443 r1---sn-aigzrnsr.gvt1.com tcp
US 8.8.8.8:53 r1.sn-aigzrnsr.gvt1.com udp
US 8.8.8.8:53 r1.sn-aigzrnsr.gvt1.com udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 209.134.221.88.in-addr.arpa udp
GB 74.125.175.38:443 r1.sn-aigzrnsr.gvt1.com udp
US 8.8.8.8:53 38.175.125.74.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 240.143.123.92.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 support.mozilla.org udp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 27.173.189.20.in-addr.arpa udp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.187.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 198.32.209.4.in-addr.arpa udp
US 8.8.8.8:53 167.109.18.2.in-addr.arpa udp
US 8.8.8.8:53 112.245.100.95.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
GB 184.28.176.56:443 www.bing.com tcp
GB 184.28.176.56:443 www.bing.com tcp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 184.28.176.56:443 th.bing.com tcp
GB 184.28.176.56:443 th.bing.com tcp
GB 184.28.176.56:443 th.bing.com tcp
GB 184.28.176.56:443 th.bing.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 56.176.28.184.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
NL 40.126.32.133:443 login.microsoftonline.com tcp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 bing.com udp
US 204.79.197.200:443 bing.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 www.7-zip.org udp
DE 49.12.202.237:443 www.7-zip.org tcp
DE 49.12.202.237:443 www.7-zip.org tcp
US 8.8.8.8:53 237.202.12.49.in-addr.arpa udp
US 104.18.33.89:443 www2.bing.com tcp
US 104.18.33.89:443 www2.bing.com tcp
US 8.8.8.8:53 89.33.18.104.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 185.199.111.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 www.mozilla.org udp
US 8.8.8.8:53 wiki.mozilla.org udp
US 8.8.8.8:53 wiki-prod-850398177.us-west-2.elb.amazonaws.com udp
US 8.8.8.8:53 www.mozorg.moz.works udp
US 8.8.8.8:53 wiki-prod-850398177.us-west-2.elb.amazonaws.com udp
US 8.8.8.8:53 www.mozorg.moz.works udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 2.19.252.146:443 aefd.nelreports.net tcp
GB 2.19.252.146:443 aefd.nelreports.net udp
US 8.8.8.8:53 146.252.19.2.in-addr.arpa udp
US 8.8.8.8:53 sensitivyitszv.shop udp
US 104.21.21.105:443 sensitivyitszv.shop tcp
US 8.8.8.8:53 bouncedgowp.shop udp
US 104.21.93.198:443 bouncedgowp.shop tcp
US 8.8.8.8:53 bannngwko.shop udp
US 104.21.81.196:443 bannngwko.shop tcp
US 8.8.8.8:53 198.93.21.104.in-addr.arpa udp
US 8.8.8.8:53 105.21.21.104.in-addr.arpa udp
US 8.8.8.8:53 bargainnykwo.shop udp
US 104.21.47.93:443 bargainnykwo.shop tcp
US 8.8.8.8:53 affecthorsedpo.shop udp
US 172.67.135.137:443 affecthorsedpo.shop tcp
US 8.8.8.8:53 radiationnopp.shop udp
US 104.21.68.158:443 radiationnopp.shop tcp
US 8.8.8.8:53 196.81.21.104.in-addr.arpa udp
US 8.8.8.8:53 137.135.67.172.in-addr.arpa udp
US 8.8.8.8:53 93.47.21.104.in-addr.arpa udp
US 8.8.8.8:53 answerrsdo.shop udp
US 172.67.203.63:443 answerrsdo.shop tcp
US 8.8.8.8:53 publicitttyps.shop udp
US 172.67.134.88:443 publicitttyps.shop tcp
US 8.8.8.8:53 158.68.21.104.in-addr.arpa udp
US 8.8.8.8:53 63.203.67.172.in-addr.arpa udp
US 8.8.8.8:53 benchillppwo.shop udp
US 172.67.160.230:443 benchillppwo.shop tcp
US 8.8.8.8:53 steamcommunity.com udp
GB 23.214.143.155:443 steamcommunity.com tcp
US 8.8.8.8:53 230.160.67.172.in-addr.arpa udp
US 8.8.8.8:53 88.134.67.172.in-addr.arpa udp
US 8.8.8.8:53 reinforcedirectorywd.shop udp
US 172.67.214.98:443 reinforcedirectorywd.shop tcp
US 8.8.8.8:53 155.143.214.23.in-addr.arpa udp
US 8.8.8.8:53 98.214.67.172.in-addr.arpa udp
US 8.8.8.8:53 www.mozilla.org udp
GB 143.204.72.186:443 www.mozilla.org tcp
US 8.8.8.8:53 www.mozorg.moz.works udp
US 8.8.8.8:53 www.mozorg.moz.works udp
US 8.8.8.8:53 186.72.204.143.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 104.21.21.105:443 sensitivyitszv.shop tcp
US 104.21.93.198:443 bouncedgowp.shop tcp
US 104.21.81.196:443 bannngwko.shop tcp
US 104.21.47.93:443 bargainnykwo.shop tcp
US 172.67.135.137:443 affecthorsedpo.shop tcp
US 104.21.68.158:443 radiationnopp.shop tcp
US 104.21.21.105:443 sensitivyitszv.shop tcp
US 172.67.203.63:443 answerrsdo.shop tcp
US 104.21.93.198:443 bouncedgowp.shop tcp
US 104.21.81.196:443 bannngwko.shop tcp
US 172.67.134.88:443 publicitttyps.shop tcp
US 104.21.47.93:443 bargainnykwo.shop tcp
US 172.67.160.230:443 benchillppwo.shop tcp
US 8.8.8.8:53 steamcommunity.com udp
US 172.67.135.137:443 affecthorsedpo.shop tcp
GB 23.214.143.155:443 steamcommunity.com tcp
US 104.21.68.158:443 radiationnopp.shop tcp
US 172.67.214.98:443 reinforcedirectorywd.shop tcp
US 172.67.203.63:443 answerrsdo.shop tcp
US 172.67.134.88:443 publicitttyps.shop tcp
US 172.67.160.230:443 benchillppwo.shop tcp
GB 23.214.143.155:443 steamcommunity.com tcp
GB 184.28.176.56:443 www.bing.com tcp
US 172.67.214.98:443 reinforcedirectorywd.shop tcp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 184.28.176.56:443 r.bing.com tcp
GB 184.28.176.56:443 r.bing.com tcp
GB 184.28.176.56:443 r.bing.com tcp
GB 184.28.176.56:443 r.bing.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.112.22:443 collector.github.com tcp
US 140.82.112.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 8.8.8.8:53 22.112.82.140.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 167.154.64.172.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 2.19.252.134:443 aefd.nelreports.net udp
US 8.8.8.8:53 134.252.19.2.in-addr.arpa udp
US 8.8.8.8:53 memz-trojan.fileplanet.com udp
US 104.27.203.89:443 memz-trojan.fileplanet.com tcp
US 104.27.203.89:443 memz-trojan.fileplanet.com tcp
US 8.8.8.8:53 cdn.fileplanet.com udp
US 8.8.8.8:53 cmp.quantcast.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 secure.statcounter.com udp
GB 143.204.68.56:443 cmp.quantcast.com tcp
GB 142.250.187.234:443 ajax.googleapis.com tcp
US 104.27.204.89:443 cdn.fileplanet.com tcp
US 104.20.94.138:443 secure.statcounter.com tcp
US 8.8.8.8:53 cmp.inmobi.com udp
GB 18.244.114.32:443 cmp.inmobi.com tcp
US 8.8.8.8:53 89.203.27.104.in-addr.arpa udp
US 8.8.8.8:53 56.68.204.143.in-addr.arpa udp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 89.204.27.104.in-addr.arpa udp
US 8.8.8.8:53 138.94.20.104.in-addr.arpa udp
US 8.8.8.8:53 c.statcounter.com udp
US 8.8.8.8:53 fileplanet-1.disqus.com udp
US 199.232.196.134:443 fileplanet-1.disqus.com tcp
US 8.8.8.8:53 www.fileplanet.com udp
US 8.8.8.8:53 disqus.com udp
US 8.8.8.8:53 c.disquscdn.com udp
US 151.101.64.134:443 disqus.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
GB 18.244.140.59:443 c.disquscdn.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 referrer.disqus.com udp
US 199.232.192.134:443 referrer.disqus.com tcp
GB 18.244.140.59:443 c.disquscdn.com tcp
US 8.8.8.8:53 api.cmp.inmobi.com udp
US 8.8.8.8:53 32.114.244.18.in-addr.arpa udp
US 8.8.8.8:53 134.196.232.199.in-addr.arpa udp
US 8.8.8.8:53 72.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 134.64.101.151.in-addr.arpa udp
US 8.8.8.8:53 59.140.244.18.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 107.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 134.192.232.199.in-addr.arpa udp
DE 3.121.198.101:443 api.cmp.inmobi.com tcp
US 199.232.192.134:443 referrer.disqus.com tcp
US 199.232.192.134:443 referrer.disqus.com tcp
US 199.232.192.134:443 referrer.disqus.com tcp
US 8.8.8.8:53 101.198.121.3.in-addr.arpa udp
US 8.8.8.8:53 d1kfqy7iexjdta.cloudfront.net udp
GB 18.245.150.65:443 d1kfqy7iexjdta.cloudfront.net tcp
GB 18.245.150.65:443 d1kfqy7iexjdta.cloudfront.net tcp
US 8.8.8.8:53 65.150.245.18.in-addr.arpa udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 d1e9165hyidvf5.cloudfront.net udp
GB 18.165.196.57:443 d1e9165hyidvf5.cloudfront.net tcp
US 8.8.8.8:53 cdn.fileplanet.com udp
US 104.27.204.89:443 cdn.fileplanet.com tcp
US 8.8.8.8:53 57.196.165.18.in-addr.arpa udp
GB 18.165.196.57:443 d1e9165hyidvf5.cloudfront.net tcp
US 8.8.8.8:53 dl.jalecdn.com udp
NL 95.168.168.24:80 dl.jalecdn.com tcp
US 8.8.8.8:53 24.168.168.95.in-addr.arpa udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
GB 184.28.176.104:443 r.bing.com tcp
US 8.8.8.8:53 104.176.28.184.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 8.8.8.8:53 archive.org udp
US 207.241.224.2:443 archive.org tcp
US 207.241.224.2:443 archive.org tcp
US 207.241.224.2:443 archive.org tcp
US 8.8.8.8:53 2.224.241.207.in-addr.arpa udp
US 8.8.8.8:53 polyfill.archive.org udp
US 207.241.239.241:443 polyfill.archive.org tcp
US 207.241.239.241:443 polyfill.archive.org tcp
US 8.8.8.8:53 analytics.archive.org udp
US 207.241.225.195:443 analytics.archive.org tcp
US 8.8.8.8:53 241.239.241.207.in-addr.arpa udp
US 8.8.8.8:53 195.225.241.207.in-addr.arpa udp
US 8.8.8.8:53 dn720003.ca.archive.org udp
US 184.105.214.247:443 dn720003.ca.archive.org tcp
US 184.105.214.247:443 dn720003.ca.archive.org tcp
US 8.8.8.8:53 247.214.105.184.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ehv06adt.default-release\activity-stream.discovery_stream.json.tmp

MD5 d6c6b89041d8b958957441590218c6ba
SHA1 664b99bc41ac3a6db8a16c92a68bab43ba1c958a
SHA256 6178d49e00575fc377921ce9749fe87564ded4ebcfeccbb5e94a6229a39c126f
SHA512 ebef778ec174bd524898c501f88cec37dd5c1435a3057ccea614372ff2379555d37de821387bcb5223ec4dfce4801c2745c41a73a404996f02ecea23e9eddb5e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\datareporting\glean\pending_pings\f9ae8277-19ec-4b16-80cf-17b87670e205

MD5 9253ce2b7e75baa606e9ad46cbaff378
SHA1 5d393e5d11aeab7b666f1e5f63ed6df7fcb9d719
SHA256 dd09b727d588dc7ea0bb68063a4e39e0be5851f0799a75ee0472bf8177700366
SHA512 4deed1cc275bb62ee9f0b6d886a234d147821e14f7268fff20ba3f1731beea7dd104ad9a7e181dedded9dfbfb4b82ea17cb7b17a1a2d297d7a3a4dea503a3115

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\datareporting\glean\pending_pings\be0640f1-7a85-4c70-acd8-190dea99a299

MD5 11e7e4e0f898c76d3eebfa433f054f95
SHA1 6faf3fa123d435d4a59fec68cf7f75ec96720306
SHA256 75ad37b4e3cbefca83c473f460cdff46937fd6f2b0be083480c779f0535fd893
SHA512 134965cd01983032af264acc5808a6d9b3167b33c57999711036e51f4b356a893daa36e5dcb98d837e0f3507437b55e427390b0ced2e3aa30362a7522d0fe9dd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\datareporting\glean\db\data.safe.tmp

MD5 9e4bbfe65e265353d2c927d493839cd6
SHA1 db2b2af1393dc545309b23faf1f7b0d0955df010
SHA256 82e00db1143426d1590ee31eaa6bed853ea0da497c9385ec48aad7a5821c58e7
SHA512 a8147a4110a3a3b9eaec768093ba21b0945d528626a58dbcab5335b9e5bec4d40f1d7167758e35f864cdea3ccc76d787a277aa9495c9dee2046bccdb0e93f851

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\datareporting\glean\db\data.safe.tmp

MD5 f11c17296a82361b87eb3c2ebdede32a
SHA1 18e07f7dc643ae330a79841bf0d849ec8b56a808
SHA256 4212a0dec46df0e1b72d5558f8655890521a66c26f1041587922f9530cc72735
SHA512 a3d373cde47a7473a4e58344991077ae97c307f166973ae98c381b886f7a08da2121e76894313e3347bb04de94f58e14f9006bab60c4f7cad00e80df4cc1d3c7

C:\Users\Admin\Downloads\Bpb0sTCt.7z.part

MD5 6f21315800c0a6f79b3f2fe4fd0aad33
SHA1 893f74ea48b9d54d6ba906cbc1462fe830ff3fd9
SHA256 0ac38faaf5f1d16523192cdb563932165e246c20fb26c276e4780ac4534f6dda
SHA512 33f8677ba9e303a54e5b9cf888e520f9ff53104f1b035587024186b17f54bb8088f566b1d405905a63ac40c3334e525460b4c0d37583de775d70706214e840da

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\datareporting\glean\db\data.safe.tmp

MD5 c2973da2fc70226dfc36741cadbf12ae
SHA1 ecb85676be5f02612e9a8d4be1a195e6084137e8
SHA256 d8b6341defa421f8d45a8ecfb391434b6550559a9de46102c42397ce9012ed42
SHA512 dc43e8aa153a9ba6f35d49bcc18a098857f8eb629fc2f38c7cc38eda6f0938d056958723eb05ea727cf5c36eafbe1753f5866f56ef32e1bb4f15aa24f4bbe78e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\prefs.js

MD5 8f1722daeafc2775f3a9d8122484dc85
SHA1 abae96e38a1604bce4ab1998ed8e90ec41399713
SHA256 b757a3b845ef72774e1f6460593a98b5963cc71ffd4587c0763fda895ed0dfd8
SHA512 6ec02a4966cc959bf178899a0257745785577d2c1346e998ac7e22038018aba68cfc845fd22b598c896bd3a26441005d07bffe82020094cb4f871734a3b5437b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\AlternateServices.bin

MD5 5b55d8f4fcafd2935cce07f59ff0f95d
SHA1 b9091d4b8e78fa43bcd0bea93ff961031c31e9a5
SHA256 f2146e9c944e8498871bca6a40d1b01d7d1f920cae4e172d757b82cb88a1fd08
SHA512 9b83b6f34840106daad6d59b6bbec436a9864d613e0e270539eaa043ec41554064a3cf0f69e2f46d0f7b2dc9eba43af7574f0299d523cf4c468dbfb04058ae84

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\datareporting\glean\db\data.safe.tmp

MD5 02dfd79a32fe5998327ee9aaac75eaf0
SHA1 379484f1a5706b222751f686c137fc941ccfb9cb
SHA256 6e81836afcb70c0ed5316638d1293dcd7f13a1cf513a4a77c5e256f875fcddf3
SHA512 769ef7287bef906a7a412defb3144d1b1b4337b92fe2837272a824b665dc85cfbca34617e5d9d4f59a42641ef516d1f80a65639eb9de3eafa0cd870b51f01b85

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\prefs.js

MD5 a9233f9805183483b922154857d7c4cc
SHA1 9c94ac88edf14eb0cbf16b98e410b62c349703ad
SHA256 52885702cf4a25be82ad0c5c3b5bbb8b6fc47de4aa29ae265b3ee9c067ccf0af
SHA512 797ccec25e2d4c039d200a31ccb851b223f8b0fc1540e88f0aecb69f29d7713c434b592374b2782e41de82a60971bf3049f1618bbcae0aced94fbd75056ab483

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\prefs-1.js

MD5 367e5c195c0039b367de32a4b3fad939
SHA1 e70a55ed6a715fed91dbf9888375f5f13f084c0d
SHA256 1541f309383bcec637002a39202e549f495891d63a17a5894ee8db831e4cb842
SHA512 c766a8ffcd32b38a407a570e6b743e803b897c9eeadac7169f4c1f7fe21da596863da7427929e1d1f7cb49867cc6c19e19cdbcebf13144f87c7849bacd7c81c3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\AlternateServices.bin

MD5 e1f2e8c29167b6acc455c27b3395bbbb
SHA1 092102a9a7b8725bba0064f7dff0c14f6045f66b
SHA256 f7f6a63ffaa559edfaed032ca570bb1ef978493054fdb1b47a9c4c7cc064a487
SHA512 b4d6f8491ede89b303eb7bf2287865109b05bee10a0442b21e8f81ce3f89677c87fed2b99598ee2cde9b193458b4430988f1796f1d6414a1295f0148ba0449c9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\datareporting\glean\db\data.safe.tmp

MD5 ca4784b94724fe969a6b851403777c14
SHA1 cbc624f5d144ca0ab3c7bc0134a8271c4aefc179
SHA256 2a3689de40435d08cbe6dcb87150816be61955c34cd0d7ce022850af96e24ccc
SHA512 f0d997b01e626d8602fb2dbbc111e18560243531c2a2bb8fa5fd112a6c52a602d472742ec0b5273e54ccb56d7fe985dae96b0363ce3fe53ae2c588c9d71aa702

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 09372174e83dbbf696ee732fd2e875bb
SHA1 ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256 c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512 b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

MD5 2a461e9eb87fd1955cea740a3444ee7a
SHA1 b10755914c713f5a4677494dbe8a686ed458c3c5
SHA256 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA512 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\prefs-1.js

MD5 8061c5dcc052861086ea1cf2f460fa57
SHA1 3fe2084256bc4384bbd3f1ff313ef01ba491545d
SHA256 e5999353403960aedcaaf65a68046e7827c66382053e58195d8587931a6fe49d
SHA512 97e649f99c8adaf4a749f53e85e5bee043b02fea656eacc9f64d11cc3c2ca6c636ead2006d54fdb5356ff68fc15cf30901ea9f13045045d2a1a1b5babcaf03a4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

MD5 842039753bf41fa5e11b3a1383061a87
SHA1 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256 d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512 d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 0a8747a2ac9ac08ae9508f36c6d75692
SHA1 b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA256 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA512 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

MD5 bf957ad58b55f64219ab3f793e374316
SHA1 a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256 bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA512 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

MD5 daf7ef3acccab478aaa7d6dc1c60f865
SHA1 f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256 bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA512 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\sessionstore-backups\recovery.baklz4

MD5 c61684675c113ba49b3d49a88fc5a4cb
SHA1 bd475c7c010e7187132061fa9b3a76525c77a5e8
SHA256 86f1278b095aa5fdc2cc7a20241c564e1deb4deae3384cb81cdcd9e2b59b5a3c
SHA512 7fd73068cacdafdeda85d90641877f2193b19e11a414b2cb33596fac7790dc4f4b911f8eafb877effdee9bde06c72d22b24a8d0aee9e0d93f223ad7c13e503e6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\sessionstore-backups\recovery.baklz4

MD5 c4cd8defdd9b939a45d68aec958db6f4
SHA1 9c6253a166f99caa8d136291b7246163cf597161
SHA256 221bdf06de0f94f32b2318a73299415da55f69f291c5b7b3293093a331145a5e
SHA512 877f61630e17a4134923f436687a1cbfd69cd0dddcbdb1bbfb1e404ece17825d0b7040b9fe36ceaf6e04438190b08db11e731aa6abfbbdf0751a9fdfd7d687f7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ehv06adt.default-release\cache2\entries\8FE62B3DE243D41B99575D7049B709DEABDE78D1

MD5 9a71f2b84998c10dcf5782e8da2aab35
SHA1 4b0c0f4cc8c113725e51dffdc710caddb8e122a7
SHA256 084d20d1e488406dffe5619e3b4f2d26058f0983739a5481e68ed2c6633b9595
SHA512 83d01d719117da0ee23d9d0762a24d10e591a3129e84f06d71bb5f4bd4b435b4e1b2483b511727343e6d62f6cc35eb527804a3ba9d1cdbe75b246fd342d7d0b2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\sessionstore-backups\recovery.baklz4

MD5 e2c513fc4cf016d530419a4f72fce325
SHA1 6427c396b372d13cf3e839b494c3bc6c84d8294d
SHA256 655e7e4f70a4e89d9d128b11ab954e15dcc23f989be31276c39f74ab24691aac
SHA512 05805086efaaa1f032f262246db147b8b07caf8867109391299522ea49427288ae633ce870946e2a26bc2a77414bde8d3763da88bd588f0d9616413348dc4bab

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\sessionstore-backups\recovery.baklz4

MD5 8da695ebaa94bf152628d56b26dae759
SHA1 17f19764ff20290c14a9e0e8a4b3f2ab016379e8
SHA256 a11625b1838bae5e91d01c2cc68feff2b51539c6e21f4bf9d28afb6b178b9e4a
SHA512 221bb7b1e57f8c975b4d6cda74265357fe97b05177664875f529468478bdb8f705f074891a7f678bbc40df05b7499309b37f3e910daed41db7a538bd2244f3a2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ehv06adt.default-release\cache2\entries\4DABAF7EFACD377F68614B900873860C74399618

MD5 0b12f8787999f1102b1b5a0467ff51b9
SHA1 dc8614e432ae23f1509416adb4c227aeb6c31fd8
SHA256 6267efcae54be55b01d7d24071791d698be9d90ef78399b1c6bebdf2e9097732
SHA512 9dc22e4c399259dce68273e535fc9056f7eafc5b14e7351960c55540b86cedb45848892db6b776748f20d595b58e4685fb569bf15bc9c13a586502182a71bb42

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\sessionstore-backups\recovery.baklz4

MD5 37c4432b1315874a06c2d88aeedf6bfd
SHA1 72a8de1f079163c3957672a637b321c41bf6d740
SHA256 02c0ad70a08fddcce7022a8eb5ccec4012ebee393b6910647726cd236c7f7eea
SHA512 21044da36246513f1d8db334d5304b3559dca41fff2dc9cb454ca681db18cd39c8b362353fc1fb014647103f2f6aaffaab6034efa8f91375a089910d018406ad

\??\pipe\crashpad_2976_GUKNKNROPYUXJELI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

MD5 c594a826934b9505d591d0f7a7df80b7
SHA1 c04b8637e686f71f3fc46a29a86346ba9b04ae18
SHA256 e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610
SHA512 04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\datareporting\glean\pending_pings\9c6f353d-0d8a-43fb-8898-b2bafd0a228a

MD5 eb7d7ff3b73e7fc440bacf7f12e53adf
SHA1 a872eeb9fd63df3506005a1308b0b1ffa481b472
SHA256 e91f7a68f0caa8dbe4a7beae01fb4f3238a6bb4de0c32b1d9f1049bd2a599722
SHA512 439f39b4cd6d0df1dd483febb23729f7bd247d5ffe02159a9664ce54f13760ded3e2bef0d5fcc7f2070c8914b34b33f4a16a85303e4d8acf66778eded47c9f0a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\datareporting\glean\pending_pings\bd098c25-d253-4b29-ae64-16fdede3f2c1

MD5 a528db1fe47dc3574477e08c1e27aa5e
SHA1 02b96c1977faad0b4cc1f8affd54d4a96ff25199
SHA256 4669f32f112f5dc6985fa2b0c9ff78bc3ab4e04469c012594d5090cd81ec0df0
SHA512 cff15d91fad3edf18ac9e2a9968e7e66f28eafa9297b61442be9ff1030367a6037be94ff9b67128303ce29945766c6b1463e0fb91b0cf4ed7d92580ded24ec94

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\sessionstore-backups\recovery.baklz4

MD5 b851be1919864b5a56b700637b227681
SHA1 ce650d5c09e89412a91f57e7e8c25e3c1e9ca2ae
SHA256 183741aa0d7f314e1638d477df04d820ebd2d7bedd87bbf03bf32f7c373de069
SHA512 04b2982e850f8b467f3b8c5181dc65411398b679df85f1cb09eb495e7f4ab9de4e095cb7155f7ff632dddbe6e045bfbca005f083e1c5ac31bad830c3c90cca72

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 98c3d9a16492b2907fdf8564c1a12207
SHA1 1a1554e6d76f2b90f05fb9485767f7b787333358
SHA256 89795539faa37470c692a8f8e9534ecd6a91fa908b5e41f2175fe6c36bb9459c
SHA512 b57aa9431f6b2065a8a9b5e3069da27e15e020b4521eb12da73113be3460312d6ee3b901bef0b8a333b1b3d6d5d4e58939fad466b6c39f7dfdb8443529a651a8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 31a6e44310d2278bf1cd700e8dd6ef11
SHA1 747dfe72629c9b2de56ed045dc5d0e7098735269
SHA256 6dd098f57ca90e9551a068933fc27baecb9d3e5c8a1e71b2a796379aaeda2e8b
SHA512 750994e6be8a39d6523e0e5f502c276b1064673160e2f5b6c0db413dbcb42d99c43da4f3c18bc5235cae6e95cfc42bc646abd2c52afb9fd1120ce94ea8ab7b14

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 661313817c18e91bb2f1225ea1c82e53
SHA1 fcf7d7a25102c198f86f7db3699c8fe632eb8fc8
SHA256 837ed1d8b52b7c3ed7eed42b13b65e45e2c500479a9f41ff7383b5b182ee4bb9
SHA512 bfd7b9bab6c7b337efd08d5d43e4aec799ace74148ed5cd14a6a0fe88bef1222a3dcc41ef3125a593f0d505382bc3d28d831c90b495523308d758c4f16c4f297

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b90cd19f58d07366826c5292a4df14c0
SHA1 4901a1ef064a974a9a2299033b898bcb6a2557a5
SHA256 bec44976ed162c0e01c3edcef04235004ad86d0179308ce5dab6d0529e11e94a
SHA512 3102470afa405a24560cd12f64706c2e88089cf5b9fe7511e2dffc130b4b9f118f22471852459fa983e1f8fc456088396206bd8d2b38642454180509ea64f4b1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 951beab35312d95d0439aad30d174f86
SHA1 1b7a1ddd08fa5fa54fa253c41f561cc9e85aefbf
SHA256 8c7925716c58566471634d0dd74720e9d91bc00e6a6c42b1ea68827541404ef9
SHA512 1311dff10a79081291ea105f83b083218534e7e367af69ef598bbb7394abbe8c92d993bfa6dcd54c683ea3a00345efcaa9241ec18404b19fbc63e2702c5f0d14

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 982c94611aa00fcbeb453d7cf9d72316
SHA1 8b2f3301fba7b5635aea4cea99335360ec553a54
SHA256 edad26c1f61ae70d23ac6737d80f3ef85a82167859cb277fd72c98694b3ba51f
SHA512 a9c36c30b70286f88f0dcd4c0dbf435b71bd612d9c51c501417902e702cfd08da2c2d361e81a1e64962674aba1621085f3c466ccfbfeecbb98555e6c05bc8000

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\sessionstore-backups\recovery.baklz4

MD5 3339dfaf8b312b332980ff463f2187ad
SHA1 50b2eb56f60a77c399b8e034bfc6966ed0db301c
SHA256 37971eb7baab7672ed109486e7a221441059051373fbb64510d5b6218c272085
SHA512 e6323837324c2a48d3f3db7f1234af61a73ff1be3aec493ce63229ce35e05528efc98fe972de34f123d8bf48d056e5a47b1f11d7c4cc3583cb343b2de1249ad4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7e94d45d27fbc9d5f2bdf751530eb27e
SHA1 a73adba5f4b0979ba99f3b6fe2f08fd338d3752b
SHA256 28ff73a720f7610aeab70582ae20369b59e9e7fd649765a2de23f4eb04e6e701
SHA512 b9a783147b1dbc0b6c1d8d7c87a203e69a79ca46aa20683665a343d16daed7c6c4e53de6b26d89727a3f205de18b696198e0ca5223958bf075e9da43083ac2d4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6dc6486816bb0910dadd4ab7477870cb
SHA1 3e2efec3169b3c0eff42d1be23175cb3b9272f53
SHA256 1f4e084e0feafa268cc02831106761866c4b5abd8e927dcc729f26400f7f502f
SHA512 f349788a5f8e7aca901015aca12ef4e934f1aba7db0e4562553faa7cac261043249c851d6c7f956b3607de738141f23eb1a5c30bc46b8078ac2d277d7870ee89

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3d626449493b8a7232f1e72fc90b4e09
SHA1 b22b7293b980bae3ae143dc202fff608879a2b20
SHA256 229f8364b1fc9b3cd3ecf41dfc25ef35e8cc42a903e3cae42047f16ed5abdcd1
SHA512 85f9d9a499d2a69469d2799a18bea3ce8a25a5932546c2a2041e4d98bd71e9ca2ad7422a84c0f7b6b53f21a72f97ffa0e9a6b1baf6df9bdd30a9c18e91462486

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1eabcf3d0e5864450f4cef8c4cc465b1
SHA1 a428d4009e62c8259603e7c8edafead2626df74d
SHA256 d7f27383c343b6db191234c69e143142c998abe5fd1b8910d407a83640d7fb3c
SHA512 2f06dc3ed65337205f110a9e9a749ba5bd261faa2afec0bf797cad0287906a7f3099d944983bb2cda1ec9bb34619263653ea9f028d4bf8b71cb5d7c15a839c88

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 a298da55223e37f333c882a4049a8f0e
SHA1 8dd3879263f4caca8ad27f9c35005a9155bd05a3
SHA256 6d6552a8465b1f75ebb1427cbf6daa23ca324ddc52818a5316d4a0cf86e92933
SHA512 557db6e46815ed15bdb8c21b6b979f5bedb6bc15316ec21e0960a50d8d0f827e9171ed34e737b05dd4062a7f1ec99821d0d942e40a29fa7b471360bf38ebcd0f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 40afd618d464e590a97852483391600d
SHA1 196664076ad21c872f0827b8dd1d2aa460942010
SHA256 06e09bdfef39a2b21ec80bf0ce9eb17bb4e88906437e860792f8b021ceac1dc3
SHA512 85d6b860a43801b0bad62468737ed3bf45a6c5a096d744d8c04791b957cb4be8c5668f272347caaae33800647c1a053aef18d98d6d5be5f98ad9e84257baef4e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b28ef7d9f6d74f055cc49876767c886c
SHA1 d6b3267f36c340979f8fc3e012fdd02c468740bf
SHA256 fa6804456884789f4bdf9c3f5a4a8f29e0ededde149c4384072f3d8cc85bcc37
SHA512 491f893c8f765e5d629bce8dd5067cef4e2ebc558d43bfb05e358bca43e1a66ee1285519bc266fd0ff5b5e09769a56077b62ac55fa8797c1edf6205843356e75

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 658de7d805984d225ef1c432fb871113
SHA1 2192746c1c3136b11dd2b2563585e4dadf06f50f
SHA256 494b0412009eca688ae4f3eb9f7d975bb136641f876ccc47541dfe284950f9dd
SHA512 032ce5a9ba676a7c62436ec70487ee7d131d4e01c1c15c2d6162693f97eadee18b2e04758b9312e32887d6b24fbcb2fd641adc096ed1b314d0a17b5fa908e292

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 c8e960215e6f4865061ee59df95c8a75
SHA1 4fe6b01dc335bf53f6f716c023648fa70662af6c
SHA256 86773ef005b41f5d9a5c449c16c395c7d28c0ccf11386ba8353fa06422b11dce
SHA512 374b34186e76be079f8f18b6d0a5f9aa1514ec32f97e6c3fe7f9864792891399566898ff2650a8bf012cc8b481b9ea1a81c37df82ce28e4ba3df7f8673c7d37d

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 4a5a559504fa7a629f843ff2bc59fd94
SHA1 f583bef74646639fd101f78227f25513b3208354
SHA256 4a9eb2acdd3c0151b56cbf008ebcc306c7f5e0363ab074077e5b2a1973a8c22f
SHA512 87feeb184aad3d562d55eed2116fd0bb1f3159e69ba0b9fece11bbeede2b9c84f4d45b6c7d030f00a7af5cb1699b657f4bdc15b0a82c5f6ab19bd9ba35c108ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c627bf38ec16d1f6e05a9f08896f51a0
SHA1 e738a394de11f160df043ed44b637191ff8fafc5
SHA256 24e78ff9ba9ee1ab06ff702c0b16106ccb41c832ac85e3b9c36c39e74bb7ace8
SHA512 1b6f7f6bea35f10d6ee00d761b950b6a6fa06b46f8573484f74c144536c710574e55b79fa7dc5f3e0d31697953c34b206039c2fbe2366bed117305726fc4996e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f40738a3bd93fcb5dcbe41e0c8c9094c
SHA1 7262ed0b11aa40896ca268e7170df6c51839007e
SHA256 cd413ac5e3d6edb227934d8a90a0cbdb0bf509ca74c882093ee785fd980fbd1c
SHA512 338e058defb233d53449392f6ce84bc9490d218755c1017495539edb47c8f377cb0754f8128b2a3ce9d20d87bb3ae4f6e72bca058a5587f1dd5afa94e327a0b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 377bf0a715a6e4af8533fad2dc1c162c
SHA1 600bd5148f49a2321ca51dd90802b54aa4d583b6
SHA256 fe62308487a5a8d9d992df923ed36a01d69cfd2b202c2aaaef92225dbdd22ec1
SHA512 66245fd743c584ad74b38658e554a988017dc4067583b96407f0d4d643005d1eb906dd41d135684b291e132f05ef47d3b612fa6a32fbe55221ea040395f4b75b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 2e86a72f4e82614cd4842950d2e0a716
SHA1 d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256 c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA512 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 970d0e20692b74e97203d5cf9358350f
SHA1 3e45b858a775b05d117b26a317ceef16d3320ad1
SHA256 2c2ba720b00b5ea91083f203eba58347373081ef53201695e5b2de96405945a3
SHA512 75cd3e41d4094aad759b315eb56eefa1f2b3a4111899ad0da733b12ceef8157ad44d507a01705f9b1ac77c53866355a08edef8663608ec2d7753425c203ba507

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 7d5e1b1b9e9321b9e89504f2c2153b10
SHA1 37847cc4c1d46d16265e0e4659e6b5611d62b935
SHA256 adbd44258f3952a53d9c99303e034d87c5c4f66c5c431910b1823bb3dd0326af
SHA512 6f3dc2c523127a58def4364a56c3daa0b2d532891d06f6432ad89b740ee87eacacfcea6fa62a6785e6b9844d404baee4ea4a73606841769ab2dfc5f0efe40989

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 710d7637cc7e21b62fd3efe6aba1fd27
SHA1 8645d6b137064c7b38e10c736724e17787db6cf3
SHA256 c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA512 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 d6b36c7d4b06f140f860ddc91a4c659c
SHA1 ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA256 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA512 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1 386ba241790252df01a6a028b3238de2f995a559
SHA256 b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 620dd00003f691e6bda9ff44e1fc313f
SHA1 aaf106bb2767308c1056dee17ab2e92b9374fb00
SHA256 eea7813cba41e7062794087d5d4c820d7b30b699af3ec37cb545665940725586
SHA512 3e245851bfa901632ea796ddd5c64b86eda217ec5cd0587406f5c28328b5cb98c5d8089d868e409e40560c279332ba85dd8ce1159ae98e8588e35ed61da2f006

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fa1588065899a4971c50effd28416e2a
SHA1 fedfb34a7a7810660abf6179d600055e2c05fcb3
SHA256 2b34ccccb650c516c09c3f01247ae785fd19ab3e994f021566b2d5aca2770766
SHA512 efc05312ac8f10569beadbdd40b8700ac15d1ab553d4eaf3122a91d82cab6703eb64513e0234ce92f3edf14a0b69b3c14bffdcb9a8383253adc7a64e83b869e1

C:\Users\Admin\Downloads\Unconfirmed 718312.crdownload

MD5 f1320bd826092e99fcec85cc96a29791
SHA1 c0fa3b83cf9f9ec5e584fbca4a0afa9a9faa13ed
SHA256 ad12cec3a3957ff73a689e0d65a05b6328c80fd76336a1b1a6285335f8dab1ba
SHA512 c6ba7770de0302dd90b04393a47dd7d80a0de26fab0bc11e147bf356e3e54ec69ba78e3df05f4f8718ba08ccaefbd6ea0409857973af3b6b57d271762685823a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7ae527015a16df7834a1d38a58d7d6e0
SHA1 309be7581e029ea670340593b5632233ba5bcc16
SHA256 efdd5aab8f34dc0e20eb7d2cd9eab4cdebd7e74e63e26a58944b28445d335612
SHA512 30bd949780a7bb033426cc3c9f3511cdc3a9f06ccb9040a591ca982a623484b6c35231b0e01f868f83eafb092699b0dba1c88ef0f0d4dae8a9cf972b42fcf588

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 31338171db5787f6d19510aa244836d2
SHA1 522abff1335689c63a5bee40995270004ee0c00a
SHA256 266f38fe862a5f0dfe393b0cc93ace98249071950a288283bd05f32be6225302
SHA512 254788ecb29274c2fb955963eeb89ef635855469f1c366dc3e585b9abe23be8c91577f9ef013167075d99752379926233ff5aceea945c68e15c4322da6388333

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5ba555.TMP

MD5 20b7d82fa4a8631f41d270f99cf43389
SHA1 db8126967f984540119fb0814b3d77d685aef656
SHA256 397b666425fc40c459cf45314ce50762e052bdc2657dd6c19e040611e5a74451
SHA512 19b8671c087cb3ad6277a58e54f5bd24ac853a2555f40a6a3fd0af30f8ce4bb26ede2965914c7d63adaeb0a68e07d113aca2b615279ac4eea8666f05d2f27f65

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6e4d021c2eeb14a7302c6bc1385f292e
SHA1 97a648f31eb92781b19f7e289cb728c022b11471
SHA256 4b0166ba472eeb4be7e89a10917aacbd365873a0e2a43ec1660b80a290de7ced
SHA512 8f8b6e26a0c354b6817eefa8d1b1a4c228e537810de3b518ac7b642bbfc806855fece87c722bf146ce8ae67e77c1e5d0ee05f6c0564013b10a647671de8d8c21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8c870c1883d5428b5c7ef5cb0f813df2
SHA1 b27b2b2449daff7158dc5d0485a28e76661fd1f0
SHA256 681b1a89e13e77dfec8fd3ea535e81f65ca9c064b9bd4df8f079a4472c794f20
SHA512 238a74d34e488637ac75f3ef299fc796df5cb9badbd287af2dca133516226bdc91e06540362553a49d64bce089c4badffec58994726e0208a2b80fb1a1644041

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 29efd36fe1a736736afb3b2fee52b449
SHA1 2a7a2a66108eb345b7974a7dfe53a323254f1a5b
SHA256 486ee9b1f25541391239d9982a4cfe52e3a065a4ccb67222a314533b18f51829
SHA512 1f70fb061de53786ffc304eff3debfb0f516eb8ccdb1108753c20cfd7105a449f28098ebd96097eeb663de9521c6dfb59ced3a4bf2314a48162f5a1a33b86844

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 125127d3283ff0fc631fb2da2ccd1460
SHA1 f6e58368161a49ee62cf75d12625fdd47f8573b2
SHA256 c524d0919194e4e0ad5442ce2c6dbd29415c0a29bc929c37ee5ac5bb339bc405
SHA512 d1d0b5fe26248aaa63011caaf4a9e522714d16e2430f87cd69d5ca282e2f7566b0e6e98ab5e032b2d4464921ed808a0c6896db2fbdc4d9cd1d25feadc47b5cce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 138ea7d0d3f7d45a704d4a9c4bd34fb3
SHA1 3c8394b4736403ee0bbb88c011a605e030c34d5a
SHA256 ed951be34e4d416c54c014667baee716c23955ec0cf08a88faa79e40a2828fe0
SHA512 5947cb5cc880314595122942692d4a12b439979caeef6470fe9dfd4bf14d23ba88e687f4ebbcc92c0b9a979835c5f3d9cb8f80f5cb4af7298b50d89679561f24

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0a28d6db09336a250671ce355ada2387
SHA1 2d168e31b9fae37c0f21cef14e0cf019bbe1b677
SHA256 cfc19eebb310b0e9e8c91e34aa8d5c5f4a3a763e5af7988119276ceb1e8c3221
SHA512 72242f37291d7eebf96ec8a5bf58b4cda53b268f8ee694bc1cd9b715a7eeadf6a288bfa7f841e1663f439a2c15c259a49c002b1ceaaf3707141ecfdcf19df00e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\datareporting\glean\db\data.safe.tmp

MD5 f5d2ca1bed839bcbc34c9e09da376a17
SHA1 456af08feed559d4491151b12339eb54e21330ba
SHA256 75d313bbfec34b6d2606db829279ce882a27a1f61132c58744df34d60b19e16c
SHA512 844fd076202fd10f3ffa96fc487d8242514c2081a3feb1ca0f95cdfdbe6edf86f339bc3b039be728f7063853f5ed2007f94788a771ddd560dd8e383530a0c64c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\prefs-1.js

MD5 3dad8a33005d0cc8b99303e7b641563b
SHA1 782ce8d02f188fbb67880d6d834c812a0683356e
SHA256 7a39050bd3a6f5a84c8ca533b28db7d243d68c95d837c7c11092645a2c8b9db2
SHA512 c6d798f06c4d29ca50738649c08ed4f5ec3b5eccab940ef9dd04b3f1080ba3854273a997ed5679d45a9286ff91d9c711e5f263491843264e291179e070f3c5e1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c13aea2131ad4380a6df0a52aab77791
SHA1 2b431cc017678439aa0a8e653dfbb004e3f3adcc
SHA256 86e818674cc30d60ffba2cf12b7bba3359c6364074fafa5b9953021d1b9d2d08
SHA512 94b7ebfbca3a582273db355bf15bb2ac518abb7e1245d294d0bc2a5e5bfa27a340690bb5203bb38980c19924b18e9e5d0ef74855d302355fdd070b8b663e7c1a

C:\Users\Admin\Downloads\Unconfirmed 708942.crdownload

MD5 3f6d2cef65fe49a38190781a0cb46707
SHA1 6132b1cbb8b81a587d3eda3c9ac3a1c434fb13b0
SHA256 151261d221ba0f6120c7f16700ab0724b92ff3230f05a89ef15dbcd8198678bb
SHA512 731b8fe2c578444ce859bf2061c342b13716e49647d99517358b69740e2f6e49d751474c241f25381b0e194defc2af9fe0f434aedd3bd96aa39cbd19dd457a58

memory/7156-1757-0x00000256289B0000-0x00000256289B1000-memory.dmp

memory/7156-1759-0x00000256289B0000-0x00000256289B1000-memory.dmp

memory/7156-1758-0x00000256289B0000-0x00000256289B1000-memory.dmp

memory/7156-1769-0x00000256289B0000-0x00000256289B1000-memory.dmp

memory/7156-1768-0x00000256289B0000-0x00000256289B1000-memory.dmp

memory/7156-1767-0x00000256289B0000-0x00000256289B1000-memory.dmp

memory/7156-1766-0x00000256289B0000-0x00000256289B1000-memory.dmp

memory/7156-1765-0x00000256289B0000-0x00000256289B1000-memory.dmp

memory/7156-1764-0x00000256289B0000-0x00000256289B1000-memory.dmp

memory/7156-1763-0x00000256289B0000-0x00000256289B1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 98dbb04966ee92a1eff14301dc4c75eb
SHA1 46e0a483995269d91b7a300c391cf2a8a0f3313d
SHA256 38f5ee877039f18f692c1f64c3b6159a0fffe8cd19a999663acb146552af6d22
SHA512 739b7a6e8ed4dfd4fa605f58966e17a78ae029f23eec84265bc1239e0c3212b8d9f69108a19addf5ac8ad1b7fde7c038883be12c466e564c32d16a2cf76bd390

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e4c3ed5d44d5584642f869126af87bf9
SHA1 4ecc9a091502b53aef083486d71dcaca08ce6615
SHA256 6062df4046779d7f3812a984ea1b957dc57539f545e0d37909646b73e830f05a
SHA512 577862b7992c7ab7cbc676d4662381494277656f12db8a9288650fe23bc311c85d93d8d1d3765715f24b615512f3d125793c0cbbfd692e7446ba1e978c4d39cc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1f5f334b96e5306539716a1a683a085c
SHA1 d6f1be7c548973e881625e6f671c53eb98c156a0
SHA256 c6135d0e238c67325d070f01fd1aa0df2ba93b3e225343cba0324c764e8e3140
SHA512 6b8e601bdc9493a79b4eb6a945f9d1b3eebe2ddf57357394aa711464aa300c88f5f860b4adca9664025bbf012db6d771982bbc2a17d4995b4aa9886a9cb5c98b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 33695d65d01b4f67b208535571e03296
SHA1 fa76d0081225681db21e38e3e5691a9729697cb4
SHA256 ab0a30dc9dbeba19c0cdcf4e49baee502a5a25a4147d9b2f80f63cc37b7029f1
SHA512 5e36d9c7c61b37c21d48fb3b2c661cec1ca54a80e210364b8957b6ef3d25dcfb69464e62b081fb2b6be80ada147d028cd8f39b78ec41f99850ac2ca98b1d88fe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 94f301e97a1ae5a25b8b65c467a7c6d9
SHA1 82567e4f5972d9d4cbe68d044824f1821b379262
SHA256 0c1df138159869ae5199a244cf56a36826cf6b46cb3a26e8ba11fd84a1ea21f9
SHA512 1aa945920edd95eda883d5e7d38f1fe9a019c8d97c2fe7caf8742af5b8963e53324ace828d3f10692b299391dfc1e7a343dc7d764c0e13648518147f66fe6549

C:\Program Files (x86)\7-Zip\7-zip.chm

MD5 b79894fbee3c882c3efc71ff3d4a21bb
SHA1 8bb4fa0e32cc892f8be396dbaa35acef7a53e36e
SHA256 2d55ca494a8b6dcc739d84bdd112f5c50d612f8abf409c9fb5f2b5c2c84c37a0
SHA512 b66a75ee3831c56967e2c64f8c9ba434f3cd9e4dc4c4fa79580e5ef81e8595863a477ce487921d46891bffcb31c6d45ea332e441c5c26df9a1ee59c0769f32b6

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk

MD5 67fb299eede99a7c005eca86fcd6f51d
SHA1 a13b9de6a42b2e07866af1d8cbe1e11bc8e8e1c9
SHA256 39ec412b3782e88ca8cba098b3a6f5468db14bec39332abdcc03ca673f4de679
SHA512 d23c164b607a18a74278d0b6f7ad9ab3ebe3686972baac55c9b5f4368cc2f3cbd236b547865b94c3f645767762da619553fa8ef56e5555f5e61c338219f4d025

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk

MD5 a37962a8eeea9397d97edb6b99e5d099
SHA1 6d390863e9c2b5064a2bbfea4dc0e995cd055ee2
SHA256 da3ed1eeb2fffa0e2d4b5655ad2212969a96a9bf91cd2983cece91e7a94d1ba3
SHA512 00e7570655aa64cca6e8353f822661f52c0459e4f49cf573ecfcc43aeb8a888f8633dabe1d8022c4c4c812ae38dc2f446422a981b2cc170becf5468a4313890c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9fdb44575b4a29cf99722963458eb453
SHA1 040489bae0e9dbf0c820536e2ffe66dab0d2ef32
SHA256 1d6b01d791d30c846952c1586ce1ff5732941611044cf83cb8487ec238add18b
SHA512 1d6b87ef5991bd89c9ee8bc6f0c51b2d0d1cdd619f3888b690ce7bf08933637a7d33d42479afd613669e8248106a82a3a1a8d61ea15749965cbe4b200ca9c7d6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\sessionstore-backups\recovery.baklz4

MD5 6a38741e4702027708c1b469f1a1e8fc
SHA1 1b02f4e801cb426e7129bf114af8629179b448fb
SHA256 cc67889f51fe6eff77466b2ef3a12a65b19b0dda58f7c368a8aa27e566fd200b
SHA512 5935dda6ac961d347783fd29cd46372b4e426dcbd7f84b53eb5efbc4ccc4560581ea1951f740fff41306aece53078107d29a153ddf1e0926d91a9811c191eaa2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ddd2394eaad052f859c0ad63739f030e
SHA1 9aac2438bca43db3c5f957a39f2d23ba5eff4357
SHA256 cc24c21a4f77368b302bdde28f89bf3c11fe74b94edf42c4ea2da4bcd2ea5fac
SHA512 af48d752eb80525c202ee01572fd09ae67b5cd7dcbfb855e2e8d8c7a1497f77dca7175d6a8a14a9f2460b9f346e12d37cf646121e391e9cf3160e629cf3768d4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 2b4c0d931906e4a2fa04feb21f9b3952
SHA1 72af61f739c402551e6192e9f3b972bf5fa12e2d
SHA256 f1e98c62a1633b1e033bcf80f854532cd39305cecbcf4bfd460b613ac9375681
SHA512 28ce848eeff5cec226b63053f68ef40ec43e939c4b23660f25805dd2f6d919512a8ca2f02539b64e55a463858648704c9917d230923bda724ced52aec07f8fe6

C:\Program Files\7-Zip\7-zip.dll

MD5 8af282b10fd825dc83d827c1d8d23b53
SHA1 17c08d9ad0fb1537c7e6cb125ec0acbc72f2b355
SHA256 1c0012c9785c3283556ac33a70f77a1bc6914d79218a5c4903b1c174aaa558ca
SHA512 cb6811df9597796302d33c5c138b576651a1e1f660717dd79602db669692c18844b87c68f2126d5f56ff584eee3c8710206265465583de9ec9da42a6ed2477f8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c2f959f08724884941ab653f15dffb6c
SHA1 3ba299293624551f4a5275658714ef38a16753f0
SHA256 2e866758f57387438de927854413cb7d7d78af004391f1c4fbf786be5d0e4edb
SHA512 05bd93f246e7b7b677ee51b026f6b6ebe67eb1b5267061ae4b327a909c6d8701899a30f49cd8558a285279c4464b4a91c37f89d8eb1024341e9c3381848925fe

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 6d117d591ae6d9f6db724875847c189a
SHA1 dfdf5e25e5645d9a366410d27dac965cd77e5bf1
SHA256 da84e993b03507f3d9ebe3c758e9e3d5fc498048134c49c2dfe3cf04d2920aad
SHA512 b5cf3741132f84c328867a11ac32eac099ba5d7311cfe9a6b9660398be30d80383641fe51f957aaada6c27c8c27adece13c372628b0e2c62c0acd465d3e8e261

C:\Program Files (x86)\7-Zip\7zFM.exe

MD5 1e9ee7e5ef7b011c2ae93c24b1480072
SHA1 6cefd04d615dc2a6cc218e7a762dcd7bdb510bee
SHA256 1c263c236a27eeb6294d85782d4da44f5221a3c826debb5e2a3a970ad746c480
SHA512 b735f4ec1d1e2891048fac24b057bc80ae27cf5ce9f659eff13a58fa25e7040d63ecf9e95dadf1374859236ca3e20f4cf786c0d43b2d584285c0bbf47e6ad268

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a357189600fc69e365616baed930e094
SHA1 efb98cb5c6b820ecc0668d1411046020cda96464
SHA256 fbd4256bca0538a1c8bdaafbe541eb9e26ca5f5983e8e41ac13a7b5f28515ad6
SHA512 26ad10262a14faff0a00dcb978511b26f1de49e574c4a32611480f0471b16052bb2e36da2794ac1e0aeea5f0650cd0c69182e28f97d52648473983f3bdb6a7f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 72fe40e0c82b0e1b7b79eaf186452f1d
SHA1 9616b2f720e2417d607a2b5c41b9eed80490cdc5
SHA256 ae548d600eae386e1c5edb5ff5a9e38ba332a605098400d37ca73bcba69863ec
SHA512 00ac2a7bdddd21937945a8706fe80bcd78d39d5d0db58eb0a12a121409b31e4d054c172d1e54a5790bd97e88ec5ecc19c36dc8e5ef486002ab53909ddffe5f3a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a3b896d5cb15d5d83815d903892638b3
SHA1 42e15e255126b013abc0f8d9d0491a41d042e5da
SHA256 40a9cc7369d872c39860ca88a0d05e3a6e3043b0ace6ca29b609512b0e968429
SHA512 832aabd8727d46e72b893527e54ad16e3b5050e56f8500ea8c9d9ac38349b86b5a8e532f329676d25bd423fc0595bdf98b29cd29d7eee1ba3c801a6ea2caa320

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3ddfc2275938f8c60eb160a4aa3cc104
SHA1 ecca996f07b05502d0d07bb36ff09b32029db3b8
SHA256 846e0a55df9bc7e2e1b009b415d822c1a5d4f4b20a5496b2f7bfc9207a178775
SHA512 082892304923e0b6546cfc6c6f9c0ffeccc6f7c0f7d5c46e220093368fceecb3a68bb231129f0927268433d456abc74bfa613e31fc128369dbb6b13d3cba0d33

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4e59ef179bcf5c9c204b0cfc8858bd3c
SHA1 db70c045a0a8e59dc5d7938979e83035eeeb143b
SHA256 872554279fcf490249e58d6f9dfcb6f80e2693b1347099ce1f37e7c767b84b94
SHA512 d653b11f59cdd2d231b684115212396eda75e80f127ad3d5c5caebcc0ed0f7fd258298d9f1d791dabf10450d8289b773e04df6f1b02828d035065a0d8842524a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ab5c0ddb30b77a4db6e1df2bca28fe91
SHA1 c37394bbcc16f885d9fa867de9db8e72b468eca6
SHA256 0d9a8023e46d53c5278207a3e5d29ea9538dd0d5059ac78f607193b6c8f4606e
SHA512 024679806afafe6014b08b0ef850b0912e06ef29d8d3a952b1218824fc2225688d1b37127fb0a6dd89bca760b7d35efde3a9519f30b0a6833397c8bbbef96dc3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7e609b9faadbe0c72a622f9d950f0c50
SHA1 1b534d97bc55c77a5aa2671f28da13baebd29816
SHA256 febd7e456dd1aaae32b69408dbf82405623c5bda047cf3f2b83352b86de0f6da
SHA512 afd070d3a1f9f9f0b4a22c6896ba61459dce8a81487b1db787d063cd869178aa2eb38df16d0c123863a9487e47d5af244e6ad0f0cd782bd365e1189e2d8a0027

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f68b964d5e2370cad51bfcff06e2265d
SHA1 0c3d2aac331265cf47a54621fb9979d446c23e4b
SHA256 0daab7b8dc2357d507a03f0ec711af64d0928cb05e1b364330859291aa874766
SHA512 a90c5c333eb6f4d53d44f72e6335e18090a64127b0a0b9390928b46c53bfa976ced0833b948b9f9318b12ab2b07f1f651ed71b202134b7f10d441b3bbf42164d

C:\Program Files\7-Zip\7zFM.exe

MD5 79e8ca28aef2f3b1f1484430702b24e1
SHA1 76087153a547ce3f03f5b9de217c9b4b11d12f22
SHA256 5bc65256b92316f7792e27b0111e208aa6c27628a79a1dec238a4ad1cc9530f7
SHA512 b8426b44260a3adcbeaa38c5647e09a891a952774ecd3e6a1b971aef0e4c00d0f2a2def9965ee75be6c6494c3b4e3a84ce28572e376d6c82db0b53ccbbdb1438

C:\Program Files\7-Zip\7z.dll

MD5 0009bd5e13766d11a23289734b383cbe
SHA1 913784502be52ce33078d75b97a1c1396414cf44
SHA256 3691adcefc6da67eedd02a1b1fc7a21894afd83ecf1b6216d303ed55a5f8d129
SHA512 d92cd55fcef5b15975c741f645f9c3cc53ae7cd5dffd5d5745adecf098b9957e8ed379e50f3d0855d54598e950b2dbf79094da70d94dfd7fc40bda7163a09b2b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 848bf3173907fc22212158c6e92f355f
SHA1 607c28fb61ed58eeb2e317f1cc0ed606d936c77e
SHA256 8396ec36112a63a3e74671d5004f924cb972cb3fea946a21a92953548a1aa4c9
SHA512 3961dfd0001463ad0fdc251f4e47d5a8496a2bdb778246ed527b844ec02f2b9231cdbf9d518bf355105b1589c7cdb5de616f7efe9ee80e51da422e3f92725370

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dc59b6fdd438c73702bae7f877ed2323
SHA1 0187e92be653c678a3cdf4455a2d765d35fa7ac4
SHA256 950bb712e98fcb5c6fa023ff7002ab69bd4ce18924e273143779384f2d75d68d
SHA512 638b0f9c74894f05d532df57e645320ce7c8173dd41887725867cf165b1ede232b4ce4935b4cea0125586e99270bd87ce241b0b58f8ddc151c94cf1e47fdae38

C:\Users\Admin\AppData\Local\Temp\7zO469C296F\github.software.1.3.8.exe

MD5 6bd8ec66f8e5c585594a671ab47f1081
SHA1 61c8c79df9bf1b184c438ba27b60bce5932e55a8
SHA256 9ebb73f0b975b501eadd8b35426cdc230e2863d92170e77b9eefe3ec610252a4
SHA512 3c805d1bbaa2b6893afd9305e26012ee98ba89a77c6f0cc1f737674cb5a23728b25c888a7a181efbe77394a6eccadd1e160a71b099b8b02a9e75a1836d6c35ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ce0de8254bb91d0cb25e5d6abf5d03e2
SHA1 a27719d9750a28b48139e193ef52f8a959199eac
SHA256 825e76fa04ce23c261003c85d5b7fc8319fa081be671af0ab0044cedb9ef3ebc
SHA512 9f3bded2dc3d8f2c231ffabbde442f6edc9ceec8eafa998f2154e204d2b2541c8a622b8a436f7924e6ab62f798d4bbad71dc86f9ed236c6124161836edd19d77

memory/6832-2283-0x0000000001270000-0x00000000012C2000-memory.dmp

memory/6832-2285-0x0000000001270000-0x00000000012C2000-memory.dmp

memory/3848-2284-0x00007FF7D6A30000-0x00007FF7D801B000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7e4e66d1ddbeb0904c9308fee565e2ad
SHA1 80dfe1aacb14e26cb2a08e554538609ae76335e7
SHA256 83d0e90ec92d077178f987cd32fd5e78662f93b655c0cbec98b074fdc6f994a9
SHA512 1f09da828b8a854e43fb9ef766d9c0c81bf9c236e7b75eed56f25d3c7d9b9b57da3a3048e5f70746b9156bc2e2c8483bdb0fcebd8a15efa2c9f9c6f50ada9121

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2eb34d14b86496abe2a081b3b83527e3
SHA1 d57db3be648bf3039e0f832a17089f91a5afecb5
SHA256 dc4cbf9c35a32995150900517e9309f70f35647062b5ae84ef93194d91442972
SHA512 01ce76a4a591a2cd2b9c400cb2d13873fa83a87071f1975453374b71f8207feaa59355f269355edcbc936a5317bf092e9c565ba9b2105b07bb339bdbb45a067f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f8e466c9effc1702f4d3846e67bd2384
SHA1 ef8fae7213adc1982c561f941c29d173bbd0630d
SHA256 e98c74fd956bc5df1c36f7d1a32957c24290dba5ab50e69e2415dfa52b770c2c
SHA512 5d5fa19160bfd27e4e1802de14d1b7aec533c9c5f910ec3315b657c2d148b5d5d9444703db2fc98998eda67cd0b3034d2987afb195cc5065f47c3e936082eab4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\sessionstore-backups\recovery.baklz4

MD5 c457dd8beface8eeb65558c9ada014ca
SHA1 c76ec40937f9af5f5a4ea7bff6ba37668549117f
SHA256 5fc13c34df031d9eb41f85ed2f8f6f06533d0a456cceebb74750e2201ebc8159
SHA512 b87349a23f1e7ba43fce4f9e7677843ecfea47e7c0a4f2dec9fb113de8125c637c6c6dd4fe6a50f23821076c077378d5958fd48f6717c6f016b5f73354dd2831

memory/6488-2379-0x0000000001010000-0x0000000001062000-memory.dmp

memory/6488-2381-0x0000000001010000-0x0000000001062000-memory.dmp

memory/6944-2380-0x00007FF7A9140000-0x00007FF7AA72B000-memory.dmp

memory/6476-2382-0x0000000001260000-0x00000000012B2000-memory.dmp

memory/6476-2384-0x0000000001260000-0x00000000012B2000-memory.dmp

memory/2712-2383-0x00007FF631380000-0x00007FF63296B000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 04b286ab410dc28ea060535518b3986f
SHA1 ae45f2c978e19cfe9098e21ae4f4762f3dd3adc9
SHA256 26c14a8b4817a0120eca6be3227fc3b21730bb8049077623004025fe185d8667
SHA512 a576a465878b6ef0329205b8a3d53ea29b4181db9c3b8e45e6f20c03bc742f9d6a5544516705221d325727e93cedd0be718d8e14d60bde8a5f97a17c5dc418a5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\sessionstore-backups\recovery.baklz4

MD5 99948d51f676a1d04a5a5ef88bdaee5d
SHA1 4fc5aaa26aaaa1454a5dd32bc608ba61043d29ca
SHA256 cca64b0339d8edb572a6db60c68ee34b7daf7086c1dbd208ad8c768453fca564
SHA512 b62916d251b5792b704b35a56318be20f4c17827287631fcf0f866444a994adb147dcaacc7530b08260fa82410af400d543cb92abbe346e66b26b1d269c8d9a1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

MD5 7322a4b055089c74d35641df8ed19efa
SHA1 b9130bf21364c84ac5ed20d58577f5213ec957a1
SHA256 c27e6cbe88590ba6a04271b99d56aa22212ccf811a5d17a544ee816530d5fd44
SHA512 bad26b076fa0888bf7680f416b39417abe0c76c6366b87e5a420f7bc5a881cc81f65b3ef4af4ba792aa6030bcf08bdc56b462775f38c4dbf48ff4d842c971bea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 209af4da7e0c3b2a6471a968ba1fc992
SHA1 2240c2da3eba4f30b0c3ef2205ce7848ecff9e3f
SHA256 ecc145203f1c562cae7b733a807e9333c51d75726905a3af898154f3cefc9403
SHA512 09201e377e80a3d03616ff394d836c85712f39b65a3138924d62a1f3ede3eac192f1345761c012b0045393c501d48b5a774aeda7ab5d687e1d7971440dc1fc35

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

MD5 77757f79f44e6ac969bcac9051641c93
SHA1 e76399196e544695feb8d56780544a425321fa08
SHA256 e191359c2a09fce6714d5a8fb50d892ce932d216772c6588f87fb50bf4a08de0
SHA512 53507983ae85d251a53289b9e35bdc6cbcf138a104fed566226da0011db55e2c22a16855ca3629e9c064927c89134d47a41ce87db44af22d4e4f11d23e73b677

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d8a7efe524592a400e3a0a6fe98a2d39
SHA1 4dabe0e254f3caf77113886b016ddd91422645e3
SHA256 5475c390d5801c3e30878583874a9f13958112397e03b0f115a92a13b949a209
SHA512 60869ddd67780237457e2592a0c3fc0a022cfb4f0b94504729e60e024bc4952b03e9c58b38b9a90a029344193c91b957afd72a773d0d3f8b231c7a87fdb7a062

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d17e4463915260b61eaecb587090b96b
SHA1 10318ae04cd72bb7baa4e5b5254c1da5ad9c555c
SHA256 c140a07a1da1a1286ee8d78daffe4e20d719df02893d83a5ae3929097c538d15
SHA512 ae8e1f6d1402c929d948b21d1785b8fd026d5663bacf2b6b2d1b853ffbcb02095dc3305df2945443c8c65a2f6de763d9a02d81f2cfa0798f6e94ac3407acde82

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 654d9169875c4a55b2f31ae6337fe6c2
SHA1 d0c34df9ed96db5fa204a9e383cfb6b5d12fa1c6
SHA256 95f6c38bb08148911f6e7724bfef63bdf10a64e61fc4218d13f68fb1712891b5
SHA512 90aa04f0564a9e0a82ad9ca028ffc52535890121e4d59224c848282e7a76d336ed55ffe3153be4bd2cc8586a5db91992127cc186a3d57e5500d8657d25724053

C:\Users\Admin\Downloads\MEMZ.4.0.Clean.zip

MD5 8ce8fc61248ec439225bdd3a71ad4be9
SHA1 881d4c3f400b74fdde172df440a2eddb22eb90f6
SHA256 15ef265d305f4a1eac11fc0e65515b94b115cf6cbb498597125fa3a8a1af44f5
SHA512 fe66db34bde67304091281872510354c8381f2d1cf053b91dcd2ff16839e6e58969b2c4cb8f70544f5ddef2e7898af18aaaacb074fb2d51883687034ec18cdd9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\sessionstore-backups\recovery.baklz4

MD5 054d4eaa8f45541c269523cc837d7ba9
SHA1 23d6e9992cf6367b1c435610e5950ea1687ea1aa
SHA256 8427237cb84ba7215271e0dbe3996233f97ecb3ded5e6b0e2444981e5d3efd7d
SHA512 944e075d1002aad67d07005fd73b0d376323601fc9c79851739396ddf66bfd70bf06dce01f217382cbfb677d9c854b7619edbe4f3ead4c0641aa3cd820b7440b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4c076fcc991807d8502f9ce4c5e29b2a
SHA1 f6895c8d36b42f3491dd78e90c016a7879ed0fff
SHA256 32ec011bdb550f5e34c42db5f79338059976979101022b29623da7c7df8625f3
SHA512 ecbad0fa499bd3cb8fdebca564722672e1505f8d971ed1f6ce1e74d0c34b6266d550e07ee6211c437729e2ccee806528827f78fb72bb30e71938fabbb68179bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fda75d33d4ef8170e0d796fd655ebf75
SHA1 601c2e9a4bdf91ec79f06bcf713305928a705d8f
SHA256 67a651a75c72e30f3f2e30691a4bfb6fe15701e825950161c674a267f42ecfe3
SHA512 006e5b7835d1f1ca67f4cd2e1d67c1429b643a71dfad883a4d0a900d6e09a02dc642471b57265c4d5d10e45ba94b4c5ffbfc9ea147d8cc22648fd8d24d3da8f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 865a6e134083241a1f3835d8bf384a8f
SHA1 4e4ada530595d1b272da9585101e3745c5717e42
SHA256 f6dc58053b1ede555bcf7df4d3f6e40e7dc6870e06eb7d2f58c045bfa20b9423
SHA512 959444430eb41eef0ecc3b143d165b51a27854746ee83c8f2ed9c1f3d099d6a2767a0a6b81ff52d231903e1a85a72a5fc344d3cb3e8dd5594a3bb69b87e65b5d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\6590b536-7fd4-4e83-9e43-471d65303c58.tmp

MD5 f38d2dbd86697fca725cc26f7acf818d
SHA1 461932f8b6d7b36c17b23733ab23795662de6d87
SHA256 3110ca27d60a7ee88ee77b55597cf4c901ccec8752eea19fb68195d54d56d07e
SHA512 8d9865fdc94f6a789445cc08c5de73693fa709554e068aa9fbd0a5f72a41d15c2492e3a6e14b7bfe75b90248de9801206bf980d53339002b3e5b0c4efe8300d1

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 65ae1c422bd8f76d57393b1f1158dd56
SHA1 c93caf7615d1b0cd68421de7bfa1053c6043c246
SHA256 39da68e4317860d37d9a1f6bf9062c745396582989cb02b933b4dd4f0b6247e4
SHA512 9d8e0826f3d2adb16e5a126523e67599de97d38029a1e2707fba26939787ae4021262770686a59e6bd3712d26e343c07eb9f9d7cf3df71846c621dc508d31715

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\sessionstore-backups\recovery.baklz4

MD5 3286767e3a1fd99403f703da4239b4fd
SHA1 cdeadf7d96d9e8b0789795d4222979073ef5bd84
SHA256 9b770e80682fb5b11f9394ecff034d7e26732df6e006857ae2215b92c5814aeb
SHA512 e96d92989af72b8a1c6b77c9c6572ce9cd8d59a4f9cb7523da285b161d11120deee32c594a76320238f6f61468b20deafa147440099e023f608ebce13f0932eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7a1b414330450c4c624bd700ce08cce4
SHA1 70d6be027a9e615cd39a090845c97e62b3dd5e06
SHA256 3ccdadbfeebe306b37f75336da618161ec6024d85c8076e89631af2b6e3a15af
SHA512 68e74061fb7f659e425af560bfbcda3420483fba3c347723ae4177d91ab28c482082b137cfcf919e7fb5d008c7ac5915efcbba879e8ede80df3fd37b2df32dda

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 97aa1c7135c89c872d66c90e188f08ca
SHA1 80dfa834f16c87f5adbb374e0820fddcb0403f3f
SHA256 2cbede805c6c8295aded1a85c31ef8edb0a1647ae3bb3558bedd5c7c503b256e
SHA512 334b30cbffdca91bfa26e5f009e4e54bd07b25ebc2cd4d81f8b32ff008f3f9edb4301d91738d6f37b40b1126e4e99f433d4eb169b222411a8fd1552d76171ea3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 61785bbfe72fc95247ed671628d9be29
SHA1 b6a715d704c7bb623c77409a99f3ddfa8b990c14
SHA256 b8fe828d9c598612074dcc67c96ab63a3516fda59b4f81a3bcec1ca2cf8d88fb
SHA512 feab14f753b80c76fbff692501fd25bd2bc5c3e0c532ee679f1d7caaea01d91dad354e3b578c2476cc7fbb210dba74096018967cf95e3fd55a527b67b25a032a

C:\Users\Admin\Downloads\Unconfirmed 50650.crdownload

MD5 cffe1f958643d6120ca4b41ffc8c88cb
SHA1 6f65c3011fc96dc987411be51992ce40d411c890
SHA256 e6aebf723ca843c4c97532256851fd7bc6daf9d9acbcf5fff2b2135616f1e434
SHA512 2694ea6582521849d13a1dff07b9c30d5fe29ec21031bea0f683be582f7e949c7f0065445e7943c930c7906bc13267961b85b067c39f7ed12a9f87f3de922cc6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 52dadc6966c4ae06aeaf73b6cfacda91
SHA1 5f3645868ece7834ad813846cf4ef5c3ef36ecf3
SHA256 41fd131b34a768a409e163572c0bf0660737c641b1150c037479afb2897eb666
SHA512 7011b55468dbdeca4906f6c9981bf47084a8895e05309078da340d8143962faf71aef7c3980b8ec3f7a5bf3ed37777848e4de1308a40402dc17c48859d18527e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 df6dfa9a60720efce1c3ea4f33d65c6f
SHA1 c04e3b1cd48398b715e9d7ef9ec3645178e6c82c
SHA256 047a8068d6c456667a4b210eafd835d8de4d272d93e2678f3a8beadc5a348f40
SHA512 df3e55a6d1e38b21788cd7df27a60a03b26a91da3af06914c29b51e23462befe9a39458bcec98120ec7c6b4f08da459484a85d14547b769fc6d98c63d12a939f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\sessionstore-backups\recovery.baklz4

MD5 68bcad68d06128d3c07dafaad66831dd
SHA1 28aeacac6bd0f97b2a7daa28a977743e36e34558
SHA256 230bcaa88f3a135a1275c588febdbcc0af8bc002d7bf46446baa81d2f2954426
SHA512 a4e9a198298332ef0442abb945c766096e95a6261c2ee2888a97c74982f8775075afb1783c23119233e7899a18a52b49f65c13e53c6d6a97310e3b175ab4b447

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e557089ae6f0c53b12096acea12ccbc1
SHA1 d22975a688431a870e8630d07ad3f97c1551ed89
SHA256 4a951c7f0bff35c55ff295f2ebb871237865da44a3223794a2fcaac2aa1c1076
SHA512 4a89e0f06a57488b02bd068e33c5ec33622a3d2e6867189314abd11bfcaa562bcf2ceefc6b13359dd17c5a1322332516877fdb8ee8ba3564ad14e37343b77fe5

memory/436-3080-0x0000000000030000-0x000000000003C000-memory.dmp

memory/436-3081-0x0000000005020000-0x00000000055C4000-memory.dmp

memory/436-3082-0x0000000004A70000-0x0000000004B02000-memory.dmp

memory/436-3083-0x0000000004A40000-0x0000000004A4A000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0de0b649219d63aeab1c2902e452c32f
SHA1 f3a1bceaffe04d0f5924232f6ae7f4c5ddb8d02f
SHA256 347252543dd2568e623abb63a5f5185816c1d91a2178e9bd7589d4a9c992e59d
SHA512 aca8616702a19a8e545aff65ad72eeccb2ff24349d7973f3b09e0d7532cb50b358c6a19b01669ba4a5a187c47f5a646fb1f6b831f0bf640305f64980f97e6019

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ee526b427084915e09b56664499957ce
SHA1 4f0f3e8d9b07aa9aaea3281cf5ecbf4c3d168c1e
SHA256 d4eb695f33ed3f35dc0c3837cab13a46850b213e861aafe79cb6b43ea7464506
SHA512 6cdb22f035aff69258fba71d2086d479e38aaf325a894a4363285a6b9627a834532bafd570f332b433139bacd78dc478150a9218e98319a748f79aff204d784d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 013a211785c2677801f87098c51ba1e6
SHA1 3b512ac74ec85c213da5abcab4fe3e3a9ccd232b
SHA256 baf94cdae287a453de443683aabc66889b9d2401816829338366f9d38f122e52
SHA512 1c4df9e0ae24ac58a436bf8d881d5dcd5908b815f5dcfa4de568c8bbe86713f2d43465d118a3e4def95fd9dc5ac12a61bdc3e50083c7f64ac555c2cfb8654e3f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2d7295202b3da6b6920297ca3f4db1be
SHA1 e44456cb6745aff258791960293cf88c06e06e04
SHA256 077c17d51b71ed32b8df9947e6e5765d71f83d19b9706c7494cfd9a3ab071c70
SHA512 19706440d28449b0266f56eeb422ca97ef059b942f934564ebd6e09c38f86820ece40cd9fb37c8933db737496a384b0fb2a5003d63785c0a6097aa3554dcd756

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\sessionstore-backups\recovery.baklz4

MD5 ae70604a915974ceeeb2042677814cfd
SHA1 13d13b354104e0dbf4159c88bc4b4e04575362b5
SHA256 96b68287c20458b896f272e1c7bb8bc077f7d585f468db6ba86cb0014ca34618
SHA512 0532ec984b90b615864fccb2c8d23eaac1942769e8fa963ad8074950bafa62a1bb63f06a423623fdf36d9863a909e09a9fc5eafb98463e5a324e0d422de950ad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5773e312d8a7bd52c3723f56ded1858c
SHA1 700f9cfaada09ac00ad9f2561e9b6b3aa4c6f4c2
SHA256 f20b6b18747be522d14dd1a12d0f8cbeaddad408f4be70b5846deef1c1576d79
SHA512 4d8022b309d2a852307d7ac387cbf0cad3a62e3b6ff7bd24e9d60659f2e47ed8f697d3b6608be55ab75b88fe4bab19756e0eb2d262253a0c0a838d96b4e55c0a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2be78fdec0b3adcb7ef17eed35ce1e9b
SHA1 e1d2f79f8825a3e94b4a5708619ca6b5b95a1bfd
SHA256 facccad33e603858aa6d5ff490d9d7233fe30bfd220cd349edee30a79ce5adb5
SHA512 e24e3a912993707cc015f4c3b13fe64e02935dbbaf4e9fb4b792c8d60f4f9f26a6ac0bf9bb77cec90f322f4747d62f18a341b7ef4292deae403cb2608a4497ae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e3bd1dc887fb8f4e793856b289376318
SHA1 8c114928171528b018b381a0a89e059817c366b0
SHA256 d1c2e5c4ae3f210db0a89b7bad335d9c7e62b11a49c8da699391af6742a973c5
SHA512 3bc204e51aa6cf7e94e1590dcb2089612b2646914701f47690856d9937cb8bac9fa6eb9e24dceddf5e7e9ff9a6c89d5051da824eef1639f32b66cf9a545c3bf6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8099c09ccc02aa9177c1524c088a3b7a
SHA1 07e033cf4ca534a94bfc1a61f93380ad1371611b
SHA256 17519e96ec1cae0bc5b2f8f0d5d05de631b6b1fe624dc0dfe83eeca61adfac4d
SHA512 6c8da8f4e59bebd6d68938cb1990bcaa33372360bbe464c1ce09a356d9922a35173b50e015967bc65f10123b704d5155b63a2b050c296f5523aff71cecc22946

C:\Users\Admin\Downloads\Unconfirmed 259448.crdownload

MD5 2b94924855cb2faa5428d2392a223c9c
SHA1 e0fcee0fadbd0e0407f5b2e21cecd180445f19e8
SHA256 3929f40a5c5f7ded4c2fd50e48cc27cb38305b220fefce559c31f10bc6f0b1e1
SHA512 e1721a8e5fb45a8cdea2d2380b08b2b075f54a9cbad9f616199cf5a6f2023be721a3317a1cf3c75ac3a6e0a48fe451aed1333c3654cba8e92cc621efedfca8fb

C:\Users\Admin\Downloads\Unconfirmed 259448.crdownload:SmartScreen

MD5 4047530ecbc0170039e76fe1657bdb01
SHA1 32db7d5e662ebccdd1d71de285f907e3a1c68ac5
SHA256 82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750
SHA512 8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6192871012a04ae3e182bc394436b497
SHA1 fa144c34202b41caf0345a0a9ae1acc02a74aae2
SHA256 217297dd74ef0de3a50ad3bf789eb66738da88097d68c6546cff9b319aa18749
SHA512 4cee81faf1747ead3a40d16989f39645139f776d6ee91fdd45b61a19ee3e7f3a6d42e30317b6986260865d6061f2d11b9cfe473af6a15e52dcdc7052f3c512c7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 130c55a646d85ea9d5850c33ad324d2b
SHA1 8aa53af0a1742d86cb5ebd4048bd24b019e2df2f
SHA256 9ff11d63678525cba47a8190a15e3fb4e7d40c12e86e7e69d338a8ac1f81d5d1
SHA512 25a5e87962b8e7eafe4022e1bd2538e2c9f7cb968d1310c56acb0d1d3be1142ad585ff100fa0edbee193cbe7cc18f4c4593bc93b76dc6ef90df57a29df7e7bdf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ba2038595d2f4096d453422a105d7c0a
SHA1 184c0965eec581b8ad0ef1c1adcd3ff7b665aed5
SHA256 6a86a9c1437d415817b12482d15385ff89417ed8c7fd1459fd897cf99021b36a
SHA512 5f1ff0d60f7b923422d2eb40dfc3176796699b9951856f03292d715e69aaece8947f40da849875e10443d2962861be2e7cca056cddaef0cad906726fd3b1fb62

memory/6848-3361-0x0000000000400000-0x00000000004D8000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\sessionstore-backups\recovery.baklz4

MD5 ca3c554bb28a60fb4d0c9e9cea56164a
SHA1 d32192bc75fd4548e9b11abeb1e488257cdc1a80
SHA256 a69779c4ffb61da4fc2101af228d4ab00458980c22f5302c38b93a6bf0f7e4db
SHA512 f2791ef3c37ccbf513bef70ae0116026f39603b89f12ff8ea7f14541ae4bd4618c714a63c8d9073f86238abbf9a6d8f99200e2be842b9f83744f44b3e435727f

C:\Users\Admin\AppData\Local\Temp\is-G4VN2.tmp\Helper.dll

MD5 4eb0347e66fa465f602e52c03e5c0b4b
SHA1 fdfedb72614d10766565b7f12ab87f1fdca3ea81
SHA256 c73e53cbb7b98feafe27cc7de8fdad51df438e2235e91891461c5123888f73cc
SHA512 4c909a451059628119f92b2f0c8bcd67b31f63b57d5339b6ce8fd930be5c9baf261339fdd9da820321be497df8889ce7594b7bfaadbaa43c694156651bf6c1fd

C:\Users\Admin\AppData\Local\Temp\is-G4VN2.tmp\mainlogo.png

MD5 cd7f1e004d919724c4c5c5f377a4e2c5
SHA1 8ad9ff0daafa6ace17748cd6d2682993a95df073
SHA256 cb91c579311001831206cd0d044e8e50dfe2283920d952e510c1611a3f136483
SHA512 2ce555c46c5066b0e92964d3f88d94b5ba0ae5cf687401d2025ac10b77fdd46936b0302de4951bd9dc4fbbea59121d079d645caefc8ca40f2c1dc259abafd3d1

memory/7024-3388-0x0000000004C10000-0x0000000004D50000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 bd2f8d7e5eec6c9ced668e86f13d8a45
SHA1 ab4a4f8507f2227112d853bca40f717c73059590
SHA256 957ba650bde0960dadce201d6aac247775b7b3696ca0285378c6acb740d98e17
SHA512 713e2840bd565b83b392c8c09b6e0e7e42a3db33a15b7b3d1fd91e1e446b093bf80bed6a770bafde1673753be0f6250007ee64d0df38086aea8cc3a73ce5a4f7

C:\Users\Admin\AppData\Local\Temp\is-G4VN2.tmp\RAV_Cross.png

MD5 cd09f361286d1ad2622ba8a57b7613bd
SHA1 4cd3e5d4063b3517a950b9d030841f51f3c5f1b1
SHA256 b92a31d4853d1b2c4e5b9d9624f40b439856d0c6a517e100978cbde8d3c47dc8
SHA512 f73d60c92644e0478107e0402d1c7b4dfa1674f69b41856f74f937a7b57ceaa2b3be9242f2b59f1fcf71063aac6cbe16c594618d1a8cdd181510de3240f31dff

memory/7024-3401-0x0000000004C10000-0x0000000004D50000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 afdc8e5738cee1dd581edc9a76a153a3
SHA1 aeeea510682705c8ca180513234ed9a2b458e370
SHA256 d1bbfc55eaa955a5abcb046bd893487871921bb74c718b65e549be5402bc76d9
SHA512 29e9b1a4a78890161e6991a280285ef300197ad2b6bfe8ce2afc1acbc115050ce839c34b320c9d906b9206c5a02647a6eb94e5106f9898de8d3df13b71491276

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 693fcfd223fbab93cd6c1d504827c1f4
SHA1 e0ad768f84ca40d204a5deb787240abd9d5d5bb0
SHA256 53156f8e329c14c1c971825d39fba26863603fc4c95a462d09b93216bd226ff9
SHA512 e0e5d4017391194e3f30f25b8b25555abb66b7e95ee4e2a31c5eee3537e03a7a94f9030ec762c38fd56261c011f639946f46b8ebf190608dfba3c2bc0f907aec

C:\Users\Admin\Downloads\memz-trojan.zip

MD5 c31e52bf196d6936910fa3dff6b6031e
SHA1 405a89972d416d292b247fd70bbc080c3003b5e6
SHA256 8b47e773a782361209f8adacc8d6aeefb595e1c13ae6813df7de01c20a15c91e
SHA512 a5335c7d3beafdefa6cb1a459736615ca0151fa2e64dafb78de65aa4b924068ad0dc55c70a5317be19edeb899f94ea02e2e54279933b87828ebe86ef95f13291

memory/7024-3440-0x0000000004C10000-0x0000000004D50000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

MD5 a7424b9d898fb8ac5177227820b2206f
SHA1 dc5da70b45865030fad085922ccc0f92a6eedd7d
SHA256 ae624675e1f177411f5605c2454a25ce2063992422b8d0f93c687bbf8b7dacdf
SHA512 21ff2018b9e4962e41f5fd4e97dd5d825d967d4b906a49c349e46f6489931f26cc80d7a188923c07ab9123e37ebe8e97571055a676997ec4997ef03cedc5dd86

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

MD5 d66d66fe9bb66a4671a985efb28a9849
SHA1 265f7aabe4ffd2baa7bdb506968c663a8a5ad224
SHA256 38e209cd7eed6ffcd7ec1951797b7aae197cd369b52161d30f4da60c06fe3f46
SHA512 22e5e04f149fff8e39c067a5fac16121aebd9de792c40f00c34cc013224a00b14cef729146cc3f5908a8bc82a435caf863709ce7403e8374bfdc6bede9082b84

memory/7024-3484-0x0000000000400000-0x000000000071C000-memory.dmp

memory/6848-3485-0x0000000000400000-0x00000000004D8000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bbccb930484b2722acfc677f4e806096
SHA1 6ea279a51df9adf8be2c56bd69b4f6005de4f8f5
SHA256 a070a5b939f441999c6e843e769e5b09a833df806013d811b6619ed943122daf
SHA512 3bd9e9f0af09560a419e111b77ad51ae443c919a640704423bf56e3f818582a82375d45367775ebbbd4ef71ab5ff9504077602096089642cbbb2313590a3a4b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6ab0f8faf31d7962d53cd0f9e04125d6
SHA1 cf57844246427375abb2ec792952a67a10b99af3
SHA256 4eeaeb2931b263a9e2fbb05b6c68e8e6915ad6c371faedac1bf01c64c5a7ae6e
SHA512 64e50eb43cab29664b73ba144ecacf7f38eeb58fa098e3a8f2684b59bea6b7cc9abda303a1b9e9d5ff5cfcd87620d5bbe53aa9f8580a5c2c1782159eef0196d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 887e907f244fb0c69bc3333fde2e0683
SHA1 2f6d0ac686590cf2d98455188d01581bf84cb512
SHA256 b82bea68bb11b58f337a6aaebffe2c6643fd7c1999c9e3a4f4e76dca374032ae
SHA512 2ac5e49bc82b4bed4890bfca827e34ecf78457d71687a2a11ba715c4818ddf6b6c00dffb1eeb9f7a07801b1c3152f5e4235a444ef43d977950ba5f305b524194

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 38be1fdcad05fc0393b7e02e7876b53b
SHA1 b0d3defa55f6d1b8525f154f01abfdc5787a1db8
SHA256 7bdff7e1e2ac75fff47b081fd7b5857992e5d73bd906233d5a8a8a9e2f382686
SHA512 d2fc31473b4e3c3aa38cb9ba484ba52b9bae3e48f2a4451b8bf3b770026d685127b725ce2c6879c97ee04b76e06e0f6ea0619df26e5f95f09b0cf983b2dfb0d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8ad0779d9b09657851c92ecea468a21f
SHA1 356c7778d6adcb7045c32fd66ae36833d2963670
SHA256 f03a49753446fd4ab2bd046c6bc28d7ed234613858c38043abe36b5063ac9d9e
SHA512 f6fa19b40aba493033dc6c6cc9c0a2714a25ea9f6d0dfa74c4edcc265192f4c10623439f549dfb1d7581cc20b69d0fd39ba2b08d8cff554130721a2d01531eb4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5e0d33f72ad375d7e2436e122799ce37
SHA1 bd4f28b61c5ab75114bfca7f4d638ecc9eb83bd3
SHA256 78d1f6235844a400bbfe82f951336a010cf6ca34e557d630cc19f15334d860a3
SHA512 8a5b117b9468fa5bed1263221de269ca8144485ecc2e94c63ec432b3dab7c6fa3b3b0f551343c1e4cb2ccc5cdf93bc0d1c27515fad08a3e4b5fc46ed26420175

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 fabc0d40a6686c9d021d3b5e3c866f63
SHA1 3d663787c06e6a536a8c7a6f7bce7c8caba90954
SHA256 c1037b8d5b3a452e1e7b9b5e4bc03d00778dee259b91400c31218b4c05c20395
SHA512 839640665e42cbe06915ad2d026f2b9accbd88090db5123aca72a9497e6bd0c79c685e65353c43d4e4b730c4d5531d857cc24b7e034b8ef04edbc66689fc29b9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c4fb4fa21570e442047010bb27d3c512
SHA1 0d053be6c7235da80e85732e4102af11ecc584b1
SHA256 3654b11997e8eeac75997bd9887f69ac9fb16fd216b244aa8a9485ef820578ff
SHA512 5e03a5f83fcda5910a3db648499bcf0d524a208bf549549e46f2b901041bd7d8ba25dd89c49b430aa6e495c483470b275db7d00ea8aa2b17854011d914c4e08f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dbe54c749b2938113114343aee02f351
SHA1 ba0bdb9e8331850ece5cac6abd6be45044e35261
SHA256 331e3a263341db1b512f6bdd846701d77d73bb88c5079125221510a79fab45b2
SHA512 01a15d4e979ce6a42aef3ad59af965d9bf521526500fb44f1b4693eea85cd058c894f40955438e179981bc60811c974d4af0cb31f3d6a632b2acc03990c94675

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

MD5 628ba8d31375849e0943894669cd033c
SHA1 4fa6d50a37fa2dadec892474d3e713ef9de2d8a1
SHA256 80e3440c312f921afe33a7d4a3d11d1d2dc7162f8f50b748b796f424441d10d6
SHA512 d4406493dc8767c479460f3039b038866549feebf392280384da08adbcad2e871720d046220cb67ebe3ab75c14e06a31df2fa7c0f2c17f91eda26ba0a709d27f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

MD5 d7580dce32412dc9d53e8911beeac7e4
SHA1 fb93b2d7546f30ded645e40c4ad2ae962bced731
SHA256 136b2c40697b50198694dcf1ccae005f9a5dcd15b3d67bb48745df477a49df06
SHA512 2440ddd41e5d17fae4ff5e261d2d4694937f27d94292f1424c398585471f71cd20131f2babdf3332176ca2aa191bde920aeadb15705843fed3d4183fbfbe6e43

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

MD5 6f0d8c2d86b40b21934ff819a3961667
SHA1 2e411280d2191d0f9732fe01ebc522aa87363b34
SHA256 8ef59cad09decea1d3b42a9ddd4a9b25a6c7d7bdac03d0621b4bef1448276c88
SHA512 b9406b8e4f3ca0fb1a45d3ce677d12a84c83c9c1039be109b0002c4a42435d68107cacaec2e07474b7e9d48e6e00df1734e33d1b18d6aac7a604ea6500e01024

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

MD5 0f3de113dc536643a187f641efae47f4
SHA1 729e48891d13fb7581697f5fee8175f60519615e
SHA256 9bef33945e76bc0012cdbd9941eab34f9472aca8e0ddbbaea52658423dc579f8
SHA512 8332bf7bd97ec1ebfc8e7fcf75132ca3f6dfd820863f2559ab22ac867aa882921f2b208ab76a6deb2e6fa2907bb0244851023af6c9960a77d3ad4101b314797f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

MD5 0e9598f50db3875804b5cae6c9dca79b
SHA1 8337e55cde8ab625a187449b5cf3e814e183bba8
SHA256 f3f29a6f56ab6a7576981cdb058c75f952f970002ee9e855c5f65e5736446cb4
SHA512 b9e90dbb3d62226300c1cf017cd839e50b0a9372784279190be12bd95c3d1b2c6e3cb03b71faf4ca7ff2f2e33d89d359d4594c1f412fd54fc0c5b73dd90205df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

MD5 838ff1c9432529e8767cb82eedd81504
SHA1 b19d6bf6d966c59592600097d27bc4dcbdd20bdb
SHA256 eb231ce985c270c3f38016ec8095b7f350952f971452fe6500d8c62bb886a97b
SHA512 f1239ceb6d557b06867e5cc487dde32d72e035154de3855e52b4e66d2aea1582b07c0fb0b0a1a1369caea3e58a876fdf24255fd774e9b4417376844abe1574d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

MD5 f31a1ab9f483d9db21349522e39dd16e
SHA1 01a275d7fc1c4f578fa506c8e0bf9b7787dd4806
SHA256 463800c9ec072ae72a4f6fdc1f2f779c792cb7ceb6f57c7d1231eabefad2bd9d
SHA512 cab9bf13c36b854bef939e1d09c8d896caf1d7c20f6948f70f27eaf2869e49c8b9be728b4c95926ba869a987516a79d3193d416b0582b7570a58269c8caa7603

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

MD5 8fcb818bc23425964d10ac53464bf075
SHA1 396f40d25a7d38eed9730d97177cd0362f5af5d7
SHA256 8b56333cda4211c50ada778d598348b8a846d557ed9117d8b265e004db31e9f7
SHA512 6ec7588257bd1261f9b2876c3aa57fba2b6bdc33a2a68830c8d8d539f449c552cf6923a5e8afb5e665d12cad253a10d68ad665d9eb74ff8250c6daf2f61e6da8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

MD5 1c1d217fb96a2f08696c928339539e32
SHA1 5921a4ba778aa41f84ac5eb590a9b2b1b2bc1301
SHA256 c3c237d6752a083449cf8e67764d2ad13501e291339bfc1ccafb4c338cbcd78e
SHA512 e0095b1ff5404cdd049b00d9aec0ce29291afa407a5cdd1092cabd1fafbd478441c6ade141f3c6428d61003b79393b99613638432ca1130a1330348239a8cefa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

MD5 01088b35a7144b96e1c65db9ecf5aeab
SHA1 3d5b4a4fafdc3867adca4a4a640d6296bba06f82
SHA256 66616d0b8be2030b1f40d1da2a80bdf930172335226111b7965a4480bb584f1f
SHA512 bf639e6539792c3ebab0ddb646b795a1cb14e4359fe97726db69ba2e082debdb920c15d5eb96a552613ead61ee4320de0331c02aaba3f14dd83956cc7affba89

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

MD5 f2b3b5ae31aad5857de6b472b4b33502
SHA1 94b2968bcd37264d68fbd1189eea5271bf0399ff
SHA256 afb3b56c3fb32ea5657cfe81ed543e4f216ae5496476f567a1c800084ec6cb03
SHA512 bdb04854ca0a9cae61cf4c3e3a48ae40776a19da50d95ad54486c0c07a083328105739d8dc0235185f3d86d5f5a3104dfbe92c31357550803946402949e73b70

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a23c7397d969383960b6193ae86f4593
SHA1 1444cd170d21e1580afa25d40bb104b8550487b9
SHA256 892a52db94d8a4f22a6e8dc017eebf27905601d8f0d73ae91411c7049726790f
SHA512 dc168f9c65e8fbd87c0d047c7e640b15caf092029491606eb74668947c243ff3f385f66d73b47a0da20ae04fe5cb8fd80f28a1b322b1faaa462e235d3c063b08

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e255d6e15938e73b557bcfb40a001843
SHA1 ca90e3c9eaf6e7d11dccef617e9889c74cd029cb
SHA256 4c5cf642ca2d32dd2c57d0a687f4b76b02be5336784e79952e267a9ed103345f
SHA512 550274a16740d57b5f76a7a7b854573be1e46529fe6899c5227adc59d6cc6067cb57816b8a2ec6182f8ce2d3fffba185adef13742f5f3f4147f5c2cde256e733

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ba28b46e48c0c0390577237b850fd2f3
SHA1 f968f156c5d7b093cabe50dd0160907aa32cc7b0
SHA256 8abe751d7ffaade6c77f046752c1ef07cbd56add1cfc8e877821661005f37145
SHA512 4aba7e32a72cc1d7a01cdf4a65019895319622c04634d472401a32f53c6819b6710414824a03340a0e231c88c802e80f656b02487044343601bd2f6d7a19bbf3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4abf1353dd2196fb96db387d29306fa6
SHA1 904b540fe74f15f65ccc0d855dd086bc5c739428
SHA256 32a8e81dc9f460584983b88e4010b98a93730ceda493b94ee9a107231e020027
SHA512 f0811abb25d091febe02af66590f1a5b99948dde77e78d056b205f35826daaf63eee6c376861963ba97fd14c4150eac58689a8604f7f4fd57fcac3a4e2cd735d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ebb8ed370f8341b1be4a99b3665b4e57
SHA1 4e8df654ab33ccd0c8bb625ae46367ef36a17c66
SHA256 66bf203894cba8889821c6929b489a55ee891eaeb3e9ebc46381526efcc6539d
SHA512 f6775089d20abd26c98a463605a7d005365fba4b7b6b1d60853cbe2ffee5403640fed9007b216c747bea572717300a9efebfae1f2cbfa2eed5245834b55f427f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 3240ca41274c8acd47b7b12e3ded5cb3
SHA1 f753e6bfa0d3caaf4dc60ede2b51ffb3ce7f373f
SHA256 70fe4d06092755d1ba16e564123c4efb0fb7f008951a3165e0a0ca6b2bef9772
SHA512 ab98146c3b040141e4c1444728e8182b34bd587f57952ad87bbc25a2a5962d198f4286fb539f8bffeba7ee2e2772961fa185efe65deda2f285d3974b451b4979

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3518040ac35bb20b03493d89a4dc7c1a
SHA1 9389937959f007aaf965ec4d9e711e46cfa54f20
SHA256 93acbdbc050dc28c13ad7f23556aa07b933642994ddd9e00652c54ee41937d66
SHA512 5d07356efbb510ecbe22104461e660521ba1176386ed34f4eebad6a7c8eb7e8cdef696832cdda12ea6d7df088271ca9f1cda8578b0f88fec9874cfee7e522d48

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e87d7dcd4c853f9e413cc6623af28276
SHA1 d7c19c4390bdc36276395feb4697aca229c79316
SHA256 f01cf6c7cb095cb4cfc93a1a0feb5da81d4cedf2f35963be7b2a698e5066e64d
SHA512 1ac2091b7d49f6d7061def7b04be5d3acd5410dc6b0e9d500ef8d70d370e84de11f0dbfecdf84bfd9d89e7f729318435747286b1a4e38062b64fc7d75e28daf2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 408e24c7e1cc7fcb99bca8884d971304
SHA1 9753c8a2694c94b66b86e8f74a8ae558a487d457
SHA256 3a47dd4b5392cdf7614174ea7ed4d2ab86e93e3f1899d7b92de9f0c5de729def
SHA512 5f4dbb332eb30bc22ac4a0eabeb36aa3d318699db8754aca6a6abcf7aab6bbed81b4aa270f1667390f016472ea5851c387a211bb619415f949003e8845b9ac29

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 147d250724861d1963650acf9220b638
SHA1 81cfa744f2e77793e2cb70e78430c593aaa5372f
SHA256 e7213b3e5c4e45843f2fb4ea870e04881174d221ad988081172ae8123a681940
SHA512 767a0e892fdfa0b29eb6974cb0f4bb47347d223af35e006079bb8cda306a439e93dd2a6af6bb7902a72e18f087279f1f8772023772184fe91f0f6aac07e6e7f1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f56fcafb487bf75a4e4a88a101b3c4c3
SHA1 dd34bb6444749f64df0d2bccc4099dbda08ad8ed
SHA256 3a26a306ed8fd26adf8d5ca8171c7a755a873deaf3030f01c63791afc8a6611a
SHA512 90742f2f0afdb92bf5fa4f2b27def9dfb0af4ada1172ab6959e14740daebc9dc03722cf0ecc48776de471aa605720db5ab380e7e6bd879d17ab23996ed12bf9a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 64b0f1c66e10c4924390247d4e4e2110
SHA1 46b076fb4ba1e4c7de0e37ac963addffe80b8be2
SHA256 c21d1bf1c8733f8884a5c8fdb5d82c742e5d820805cf35caed9662484b24a073
SHA512 efc374d61cf485886ae267b042506249fe739f6fd6c68bb4536f7f0666124cdaa7e429e529c4aa3773b5e72ae5c221774dfbdca8a59e2bebdf27443fbf9bd008

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3665e27fa9d5e56ea8916374c7fbc84c
SHA1 65b23ba4aacfaa8b466699b85b592a111b28a84c
SHA256 aa350eece9b56c71ed7842527528675471a775ff85927e2f13daab8d4130af72
SHA512 049a110a54c5ed449564a400fc16743651a6fa015ee276483743757c1a91d10a97e7af6f4f3b0265835929229fb9e5dab67aadb03dc504752bad4b3b694dc303

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 652fc7e66434fd3ce68264758c84d43f
SHA1 54e6ac8080a439a34ccb8f11d80c07fbc2e83348
SHA256 3bbae4484da39a28484508168ab234089eeefe8f1ac9dcacaec82ea065ae988e
SHA512 a27e328015877d1238189ff0d51727f8dabb11c1d13b3e728e1c932ae0b71213caa18931b757c5a6d34a0428e6ad2e14b98dc87ae6a5678c9d75a9b0f7b60a76

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b109b3f4adc1f830e3a2b7e654473a8b
SHA1 f653683d9693fa272039c2d735ac9b3dc2f6422a
SHA256 7c7c9501fcb16fab211b971031e010ca6b7e37042342fc4cab4ffb31865dc3de
SHA512 c0f55879e7ef0ded32199e3c406fa30c3ac9d13d0dbda72f593be652fb2e9407936594cacc35bda0bd9cf3c34b963d0650a5dc3511964e851b631cfa996dc00e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 784f2cb851ef2a04aaab2e2d5529fbcc
SHA1 bb02a1bf231e00638aef65c4225bd8f63b3a5757
SHA256 4f650539ef4bf61a912127145c184cada8e9a69cd3f351cf52fdabef816e9126
SHA512 89bca0844f609d6f382cd4a9cee8257bcb95743ce18ef668f551c1a0e061095ae0e93ef01886abb1212c922377a733cefcedd9051a81e4e81aa0e452049a51cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b613845541a34fe8ec95635d9e7c6133
SHA1 51a84edd403501f2e367500892f1819f47dc5afb
SHA256 9f74c1bdac8dd8b3309baf11878b91957f77c571c29e2d1a9db2a22446ffa614
SHA512 68cd3ec1b6a24f48e8c2547cd5928c13e64aab58b40aa1cb68462037f3e8a2f6ee39a6df130af807a3c6566d3dce4570d074a9782b9c8a4e5cc3842cf1c8a44d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\64907cfb27b7c0f0_0

MD5 9ac6066b0aa6822493c370059469ee37
SHA1 0a8e905451097df8d81bedbc34854522781975c7
SHA256 93eb059faeb15ecf2e0800a66751747b3fc13ab6459bffa0e5936a2a4782da2e
SHA512 2549a9232db059494346a46583fc9ce8169363cb7b8517fc788176942dfd72ca3cb0c1de35d23b2034e1509121874ac38390ed0d423bd517bd0ed77d9d5439fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5c2e1ac0a94f7e2dcd6712582f3acdfa
SHA1 fde7702bd2bef4efbe5cc702788ede6494657699
SHA256 d771753955f9a651340222457a398de9795ad3a52b4e0565d1c6da476a48e317
SHA512 057c9b937bbd85289627cfdd1983b4cff9723fd0de379fbe46999098bbace74312e3373a2cb315e54a02a776dc416817ba6455f4a32dbc6e73017014e1b693a1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 956e51f751e5dd51f88f22c8ac15be32
SHA1 01c53128d067cb281cad0ad3e1175df41cab30b0
SHA256 900554deb6feda281625372b04e76359f7e97914e3755ea3952bd5bccb4ee7f4
SHA512 99cceff614d4f22ed184fa5c0c4d557ee8489245c5da5a6a7bac1528c7e8cfb5cc3cace360cdbb8ca1d1c7c16a2400ea9e9cbb4350f758ea4fb896e24540c11f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f29c69b6ccaa23e4af0a77296b513553
SHA1 40177feb23893098d4cffb63c2a09dfe271c06f0
SHA256 413d0743d485c5284ec1e5a18c578ae3f0a877450aa86e807a922e9bf7ba4d46
SHA512 5ee7ce9e667a004e697ca88cdf07a9694a48c81faf8dff64103d835468dc948f4e307e799af8829535b6b0ef1eca26659b36cce80dde96fecab6949adba88e96

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e9fc65d7a4803d7e9950ffb4c8fda829
SHA1 bfe638d83601cf8b3482e3c5015ead878695e20c
SHA256 a5eed7561a6e40989d34127a6653d8c758a5258297f3fe4fa214a25af5917010
SHA512 0a2700f58a411636211594c29a6885228182089cf3877d8fa3ca12b905fd074c375b15febff4ef99de64ec89923b84c05f1d22592c0dce50f067826942cc006d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 99f96f35cddf5d4f9fa4ce769f75a816
SHA1 e0485e7baa7fbf8af6b7beefe850eb08ec9faf0d
SHA256 863a8882aa796a90e4200da9720d6685aededf2c078a0cb0207dbd64582dcc96
SHA512 0e56e0b9a89ea9ca41bd538222308138baec45a6dc80adc475fc2eee1cbb4a86a5777b2a351e45810454ca06ba0f1b40e7cbea7864050f43285d40bf6cb57fde

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 20852bffa093ffe6c08cd354e948fc4a
SHA1 9feb8029425a6ab456dc955af7fb14f362004b8f
SHA256 90bdd82ddb290d25e4558e82cd18c3f2248f9cef86a3ed5569768a3e78ba8cfb
SHA512 8d8e028d6a5e1df97db21b5703b301d202d20f31b07bc16fd99461d829acde26e6843c72301b0dbd80cde6a5e4f78e73b9131673c81ceaea0ede9cc6f4201205

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8e48755d337d7e3c646fb64269e3bbf8
SHA1 686072ef2ad5301e4208717cb878b0092ed77f2c
SHA256 eeee3fded7101bd0db147d10299d401afeea883ee7066e6a7d8dd237b56e0ab2
SHA512 39acd613f506d324fa6e83d7482aee817044babd009ff69af70f1c5ba511797254f3035ec9e049e97df9b5afc62b5dc21fbca26f061cfc3fe3f057eef86d45fc

C:\Users\Admin\Downloads\Unconfirmed 720714.crdownload

MD5 f2b7074e1543720a9a98fda660e02688
SHA1 1029492c1a12789d8af78d54adcb921e24b9e5ca
SHA256 4ea1f2ecf7eb12896f2cbf8683dae8546d2b8dc43cf7710d68ce99e127c0a966
SHA512 73f9548633bc38bab64b1dd5a01401ef7f5b139163bdf291cc475dbd2613510c4c5e4d7702ecdfa74b49f3c9eaed37ed23b9d8f0064c66123eb0769c8671c6ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2cc004ad655ce8ecc1e0f41847884e0e
SHA1 eb712de306ad8c766ce39c5094842e356f433c67
SHA256 6f271564e8233edcb229e581cbfc8db5a6679fb16d548603c640a7368fade53a
SHA512 7fb7bb7b71265a7741c9f8502a5cb3536ffa17e8ba6d9f1f48a5656d595f321e561f84184a70cb19acb9d1d82e982c78a4e103181c525a8b92cf4639c0ef874c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7c935b2ef9898afcfda3f85357962f03
SHA1 55c043bc7e9fade8d05479c3037acb5d8bd80122
SHA256 ce937a325d5db29c0d9b392f3d02752f5fd61a8a7c816bf9e92507f61d9c2d69
SHA512 6fcd628096063cd8e114555371ca2120fad6710dbe1f8fab78638286290ddf96878da3658f7bccedeb1ac7e969a9df233d7a9a52faffe3ef32716398541836ec

memory/2084-4287-0x0000000000F20000-0x00000000015CE000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\datareporting\glean\db\data.safe.tmp

MD5 9db929240d6fcf2752b332e5cca8a7ea
SHA1 3a26937d547fe4a97847726f221c30d2bbe3c3fd
SHA256 7e5bb3fb1f2dde05dfddc5632c58a41c2536343c45814ca229f9a596eeb51b2a
SHA512 6c348aafb82144c59bd4e6e33d2b13d5f2984d6ee4041594c5831c8c4a97b33d1739ec4050f706b4c90ae744b7878cac8aee6255a22cbdef04b952315f99f3d1

C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

MD5 7050d5ae8acfbe560fa11073fef8185d
SHA1 5bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256 cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512 a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

memory/2084-4309-0x000000000C0F0000-0x000000000C0FE000-memory.dmp

memory/2084-4308-0x000000000C120000-0x000000000C158000-memory.dmp

memory/2084-4315-0x000000000C1A0000-0x000000000C1B0000-memory.dmp

memory/2084-4314-0x000000000C1A0000-0x000000000C1B0000-memory.dmp

memory/2084-4313-0x000000000C1A0000-0x000000000C1B0000-memory.dmp

memory/2084-4312-0x000000000C1A0000-0x000000000C1B0000-memory.dmp

memory/2084-4320-0x000000000D140000-0x000000000D150000-memory.dmp

memory/2084-4319-0x000000000C1A0000-0x000000000C1B0000-memory.dmp

memory/2084-4318-0x000000000C1A0000-0x000000000C1B0000-memory.dmp

memory/2084-4316-0x000000000D140000-0x000000000D150000-memory.dmp

memory/2084-4317-0x000000000D140000-0x000000000D150000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

MD5 27b72be1ef8959f59cbc755a5e6967c8
SHA1 9a1e729aa3ca822372452f3083494f8505b1d77b
SHA256 96fc785707029bc27628afaba444a25fcd2308cc585cd7414b82e99f1c33e7af
SHA512 b5ad1e116d2e6e7e0589173e635ca54a3af581c1b2fc33b41d0e19a761d9a3f6e7c56960b986a898624577da8d39fcf8c92e2b9cb122e7d896f0c5abc31512cc

C:\Users\Admin\Desktop\UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR N1XT.txt

MD5 9037ebf0a18a1c17537832bc73739109
SHA1 1d951dedfa4c172a1aa1aae096cfb576c1fb1d60
SHA256 38c889b5d7bdcb79bbcb55554c520a9ce74b5bfc29c19d1e4cb1419176c99f48
SHA512 4fb5c06089524c6dcd48b6d165cedb488e9efe2d27613289ef8834dbb6c010632d2bd5e3ac75f83b1d8024477ebdf05b9e0809602bbe1780528947c36e4de32f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fdb25637a4e557a5099e69df3437ce41
SHA1 9af883cdc3a8ee0a91e4a7ec1d8c45bac62d8967
SHA256 254385817be071e667b65ec36e1f9addf452ff1d840602cc3a2edc9d586e3bab
SHA512 4e304033d36fac4ff6a8d2ed43b6365c687f357c82e2b875f1fe32083fa66f6eb968620f07a079c1ac2fd2b28a26c8e9ddb0c79999fe979e7ef014d20179b53c

C:\Users\Admin\AppData\Local\Temp\v.mp4

MD5 d2774b188ab5dde3e2df5033a676a0b4
SHA1 6e8f668cba211f1c3303e4947676f2fc9e4a1bcc
SHA256 95374cf300097872a546d89306374e7cf2676f7a8b4c70274245d2dccfc79443
SHA512 3047a831ed9c8690b00763061807e98e15e9534ebc9499e3e5abb938199f9716c0e24a83a13291a8fd5b91a6598aeeef377d6793f6461fc0247ec4bbd901a131

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\sessionCheckpoints.json.tmp

MD5 c8dc58eff0c029d381a67f5dca34a913
SHA1 3576807e793473bcbd3cf7d664b83948e3ec8f2d
SHA256 4c22e8a42797f14510228f9f4de8eea45c526228a869837bd43c0540092e5f17
SHA512 b8f7c4150326f617b63d6bc72953160804a3749f6dec0492779f6c72b3b09c8d1bd58f47d499205c9a0e716f55fe5f1503d7676a4c85d31d1c1e456898af77b4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\datareporting\glean\db\data.safe.tmp

MD5 9d70fe20f39e9f64a4d34accaedc44e3
SHA1 ba6892ef3fed2a5848464206c75af4a17b90321c
SHA256 dd0a44847463534be79390afd1b59ec3669df2a5be91ad264f424bc5426aab10
SHA512 f55d9e9ce65810ae3b4bdc27369f60746ca6013ab6fc62cd942e943feb770013cc86f9e89b504a60ecee5772736b0b9cd6b8e7530dcbe863272ca40de70b3f99

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 214330d6034ac336a9d2c62e22c4b898
SHA1 b2cdd6113365379d6cc67d1ed1ad4b85c1117ba9
SHA256 187b614953d12cfb851fe2eceb6ee0cf006433e9bca5898b9d74057c0d5b58cc
SHA512 7b297524d0a736b1bf0a03257dfa145ca64acca4387818d9850604aa4c1ad81b0137da9ffaa7aec774ac595eb02bee9230d7bb21ba249474d12a395b1eb0451d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2030344523046c530b98c6ddb7b7172f
SHA1 373ab28f76c9d6abb40c59ca5ce057b8c893c3ef
SHA256 5e8f26c76a934c8463dd6e2e9c42e7f8a5265aafb333b79e11a81503851013c1
SHA512 30359e035158aff145aa930ff752191ee55d6dfbe07bc2af159ab51d7db79188b41c780bb7f479a7fce82fe14aa6bb6c85ad14c486542d2e18a0102d7bf684f6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\prefs-1.js

MD5 eae0765a7b1b07e2b8d0ce00f5e0f612
SHA1 a6e3c5cd388198620efca0a28f4eabf8cde79b58
SHA256 ff6f7162ae107c92c696ea0fe18ed6dc5b6e74548d32acae1c5a7166b51e06bf
SHA512 8404dd37910cd89ddbb1c230b1d680d0fb5a5103ca62e961264de4c83bdaae12fb5f2bc9737e5f0a24779e146618448a2d04916947686bc0740b4da3f902a968

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-10 00:39

Reported

2024-07-10 00:56

Platform

win11-20240709-en

Max time kernel

522s

Max time network

451s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\github.software.1.3.8.7z

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000 C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\NodeSlot = "1" C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = ffffffff C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 8c00310000000000e9589c8c110050524f4752417e310000740009000400efbec5525961e9589c8c2e0000003f0000000000010000000000000000004a000000000091879e00500072006f006700720061006d002000460069006c0065007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370038003100000018000000 C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Windows\system32\OpenWith.exe N/A
Key created \Registry\User\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\NotificationData C:\Windows\system32\OpenWith.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\github.software.1.3.8.7z

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
GB 95.101.129.233:443 tcp
GB 184.28.176.104:443 r.bing.com tcp
GB 184.28.176.104:443 r.bing.com tcp
GB 184.28.176.104:443 r.bing.com tcp
GB 184.28.176.104:443 r.bing.com tcp
GB 184.28.176.104:443 r.bing.com tcp
GB 184.28.176.104:443 r.bing.com tcp
GB 184.28.176.104:443 r.bing.com tcp
GB 184.28.176.104:443 r.bing.com tcp
GB 184.28.176.104:443 r.bing.com tcp
GB 184.28.176.104:443 r.bing.com tcp
US 13.89.179.11:443 browser.pipe.aria.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

MD5 4fdf8684015e3b9f2af12ebc88beaf87
SHA1 277937c0cb5c6be62e8f710dacc5bcc6353ec812
SHA256 c5594f7f7437603f659f0b9d1d6c284aadfe6f1ad7da9af961b5620dd4e6e389
SHA512 b123a8c4abebc16093891441b5a7c01b733aafe96d845de288f29f9fdaf231fa994760b1d88039601b3d2c2a437fb309b350a48dff7e80f335f626dcd3d66c6b