Analysis Overview
SHA256
0ac38faaf5f1d16523192cdb563932165e246c20fb26c276e4780ac4534f6dda
Threat Level: Known bad
The file github.software.1.3.8.7z was found to be: Known bad.
Malicious Activity Summary
Lumma Stealer
Disables Task Manager via registry modification
Downloads MZ/PE file
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Loads dropped DLL
Checks computer location settings
Modifies WinLogon
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
Checks installed software on the system
Drops file in System32 directory
Sets desktop wallpaper using registry
Suspicious use of SetThreadContext
Drops file in Program Files directory
Enumerates physical storage devices
Checks SCSI registry key(s)
Enumerates system info in registry
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Uses Task Scheduler COM API
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Modifies registry class
Kills process with taskkill
Suspicious use of AdjustPrivilegeToken
Modifies data under HKEY_USERS
Script User-Agent
NTFS ADS
Checks processor information in registry
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-10 00:39
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-10 00:39
Reported
2024-07-10 00:56
Platform
win10v2004-20240709-en
Max time kernel
919s
Max time network
934s
Command Line
Signatures
Lumma Stealer
Disables Task Manager via registry modification
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation | C:\Program Files\7-Zip\7zFM.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO469C296F\github.software.1.3.8.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO469CC220\github.software.1.3.8.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO46911620\github.software.1.3.8.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\SafeMEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\SafeMEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\memz-trojan_VT21g-1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-3G452.tmp\memz-trojan_VT21g-1.tmp | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\000.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-3G452.tmp\memz-trojan_VT21g-1.tmp | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\A: | C:\Users\Admin\Downloads\000.exe | N/A |
| File opened (read-only) | \??\N: | C:\Users\Admin\Downloads\000.exe | N/A |
| File opened (read-only) | \??\O: | C:\Users\Admin\Downloads\000.exe | N/A |
| File opened (read-only) | \??\S: | C:\Users\Admin\Downloads\000.exe | N/A |
| File opened (read-only) | \??\U: | C:\Users\Admin\Downloads\000.exe | N/A |
| File opened (read-only) | \??\B: | C:\Users\Admin\Downloads\000.exe | N/A |
| File opened (read-only) | \??\E: | C:\Users\Admin\Downloads\000.exe | N/A |
| File opened (read-only) | \??\G: | C:\Users\Admin\Downloads\000.exe | N/A |
| File opened (read-only) | \??\L: | C:\Users\Admin\Downloads\000.exe | N/A |
| File opened (read-only) | \??\T: | C:\Users\Admin\Downloads\000.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Users\Admin\Downloads\000.exe | N/A |
| File opened (read-only) | \??\D: | C:\Program Files (x86)\7-Zip\7zFM.exe | N/A |
| File opened (read-only) | \??\H: | C:\Users\Admin\Downloads\000.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Users\Admin\Downloads\000.exe | N/A |
| File opened (read-only) | \??\R: | C:\Users\Admin\Downloads\000.exe | N/A |
| File opened (read-only) | \??\W: | C:\Users\Admin\Downloads\000.exe | N/A |
| File opened (read-only) | \??\V: | C:\Users\Admin\Downloads\000.exe | N/A |
| File opened (read-only) | \??\X: | C:\Users\Admin\Downloads\000.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Users\Admin\Downloads\000.exe | N/A |
| File opened (read-only) | \??\I: | C:\Users\Admin\Downloads\000.exe | N/A |
| File opened (read-only) | \??\J: | C:\Users\Admin\Downloads\000.exe | N/A |
| File opened (read-only) | \??\K: | C:\Users\Admin\Downloads\000.exe | N/A |
| File opened (read-only) | \??\M: | C:\Users\Admin\Downloads\000.exe | N/A |
| File opened (read-only) | \??\P: | C:\Users\Admin\Downloads\000.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Modifies WinLogon
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell = "0" | C:\Users\Admin\Downloads\000.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\Desktop\Wallpaper | C:\Users\Admin\Downloads\000.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 3848 set thread context of 6832 | N/A | C:\Users\Admin\AppData\Local\Temp\7zO469C296F\github.software.1.3.8.exe | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
| PID 6944 set thread context of 6488 | N/A | C:\Users\Admin\AppData\Local\Temp\7zO469CC220\github.software.1.3.8.exe | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
| PID 2712 set thread context of 6476 | N/A | C:\Users\Admin\AppData\Local\Temp\7zO46911620\github.software.1.3.8.exe | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\7-Zip\7-zip.dll | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files (x86)\7-Zip\Lang\ext.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\pa-in.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File opened for modification | C:\Program Files (x86)\7-Zip\Lang\sa.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sq.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\az.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\cy.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\fr.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\bn.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sv.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files (x86)\7-Zip\Lang\ca.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ba.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\bg.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\el.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\sv.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\tg.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\id.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sr-spc.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\br.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\hy.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\kab.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\hy.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7-zip.chm | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\az.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\et.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mng2.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\zh-cn.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files (x86)\7-Zip\Lang\fi.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\fy.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7z.dll | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\History.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File opened for modification | C:\Program Files (x86)\7-Zip\Lang\af.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File opened for modification | C:\Program Files (x86)\7-Zip\Lang\br.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File opened for modification | C:\Program Files (x86)\7-Zip\Lang\hy.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File opened for modification | C:\Program Files\Crashpad\metadata | C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sk.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sl.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\va.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files (x86)\7-Zip\Lang\ar.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\ca.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fy.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\ext.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\lij.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File opened for modification | C:\Program Files\Crashpad\settings.dat | C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\en.ttt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\gl.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files (x86)\7-Zip\Lang\cs.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\pt-br.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\is.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\pa-in.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\uk.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\vi.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\cs.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File opened for modification | C:\Program Files (x86)\7-Zip\Lang\el.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File opened for modification | C:\Program Files (x86)\7-Zip\Lang\ku-ckb.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File opened for modification | C:\Program Files (x86)\7-Zip\Lang\va.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File opened for modification | C:\Program Files (x86)\7-Zip\Lang\zh-tw.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\History.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fi.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\tk.txt | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\en.ttt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File opened for modification | C:\Program Files (x86)\7-Zip\Lang\eo.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\mng2.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| File opened for modification | C:\Program Files (x86)\7-Zip\Lang\ps.txt | C:\Users\Admin\Downloads\7z2407.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\is-3G452.tmp\memz-trojan_VT21g-1.tmp | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ | C:\Users\Admin\AppData\Local\Temp\is-3G452.tmp\memz-trojan_VT21g-1.tmp | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 | C:\Program Files (x86)\7-Zip\7zFM.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Program Files (x86)\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\is-3G452.tmp\memz-trojan_VT21g-1.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Program Files (x86)\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000} | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000} | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files (x86)\\7-Zip\\7-zip.dll" | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1750093773-264148664-1320403265-1000\{C51FC1A3-6E29-4E10-930E-BB39F17AD1DE} | C:\Users\Admin\Downloads\000.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Program Files (x86)\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1750093773-264148664-1320403265-1000\{FED2BA17-357F-4F62-A112-6C422A36DCA5} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings | C:\Program Files (x86)\7-Zip\7zFM.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 | C:\Program Files (x86)\7-Zip\7zFM.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\icon.ico" | C:\Users\Admin\Downloads\000.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Program Files (x86)\7-Zip\7zFM.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2407.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip | C:\Users\Admin\Downloads\7z2407-x64.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 718312.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 708942.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 50650.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 687200.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 259448.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 720714.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Script User-Agent
| Description | Indicator | Process | Target |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\github.software.1.3.8.7z
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\github.software.1.3.8.7z"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\github.software.1.3.8.7z
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2016 -parentBuildID 20240401114208 -prefsHandle 1932 -prefMapHandle 1908 -prefsLen 25757 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8725f78-76ab-44cd-bfd9-86a18dc9c0a8} 3640 "\\.\pipe\gecko-crash-server-pipe.3640" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2452 -parentBuildID 20240401114208 -prefsHandle 2444 -prefMapHandle 2440 -prefsLen 26677 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba476519-bdf9-4524-81ef-c57ed6a031bd} 3640 "\\.\pipe\gecko-crash-server-pipe.3640" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3204 -childID 1 -isForBrowser -prefsHandle 3140 -prefMapHandle 2996 -prefsLen 26818 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {75aeef3e-9444-4f59-afae-ad25bae8e37c} 3640 "\\.\pipe\gecko-crash-server-pipe.3640" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3784 -childID 2 -isForBrowser -prefsHandle 3772 -prefMapHandle 3764 -prefsLen 31167 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd7cae14-1066-4a06-bbc6-480ca180d773} 3640 "\\.\pipe\gecko-crash-server-pipe.3640" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4428 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4300 -prefMapHandle 4424 -prefsLen 31167 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f028ab6c-7dd2-4665-a15e-1e5b9632e3bb} 3640 "\\.\pipe\gecko-crash-server-pipe.3640" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5592 -childID 3 -isForBrowser -prefsHandle 5584 -prefMapHandle 5580 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa542340-ccba-4f8d-82ef-17dab303d31a} 3640 "\\.\pipe\gecko-crash-server-pipe.3640" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5756 -childID 4 -isForBrowser -prefsHandle 5708 -prefMapHandle 5608 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b5407e8-2f96-4e55-a88d-1b1a5e85c2b4} 3640 "\\.\pipe\gecko-crash-server-pipe.3640" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5916 -childID 5 -isForBrowser -prefsHandle 5924 -prefMapHandle 5928 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {17e6a5e0-cea5-4fd6-ac1c-c9b0e9661e6d} 3640 "\\.\pipe\gecko-crash-server-pipe.3640" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2888 -childID 6 -isForBrowser -prefsHandle 3328 -prefMapHandle 3156 -prefsLen 27297 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0784685-cae5-457b-9a45-b0a69a783576} 3640 "\\.\pipe\gecko-crash-server-pipe.3640" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6760 -childID 7 -isForBrowser -prefsHandle 6776 -prefMapHandle 6764 -prefsLen 32598 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {badd8329-7507-4cd9-9a58-7905659231fa} 3640 "\\.\pipe\gecko-crash-server-pipe.3640" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7032 -childID 8 -isForBrowser -prefsHandle 7016 -prefMapHandle 6748 -prefsLen 28035 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd81afee-b0af-4190-ba98-0a5d1db6e0f3} 3640 "\\.\pipe\gecko-crash-server-pipe.3640" tab
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9e3edcc40,0x7ff9e3edcc4c,0x7ff9e3edcc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1904,i,16774875575531131221,3881049512878159817,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1900 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2192,i,16774875575531131221,3881049512878159817,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2256 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2260,i,16774875575531131221,3881049512878159817,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2484 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,16774875575531131221,3881049512878159817,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3200 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3292,i,16774875575531131221,3881049512878159817,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3284 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3752,i,16774875575531131221,3881049512878159817,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3740 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4448,i,16774875575531131221,3881049512878159817,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4744 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4864,i,16774875575531131221,3881049512878159817,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5000 /prefetch:8
C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe" --reenable-autoupdates --system-level
C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x298,0x29c,0x2a0,0x274,0x2a4,0x7ff6488f4698,0x7ff6488f46a4,0x7ff6488f46b0
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4704,i,16774875575531131221,3881049512878159817,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5036 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3548,i,16774875575531131221,3881049512878159817,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3516 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5208,i,16774875575531131221,3881049512878159817,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5232 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5352,i,16774875575531131221,3881049512878159817,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9ced046f8,0x7ff9ced04708,0x7ff9ced04718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3728 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5132 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4260 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4260 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6072 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6400 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5148,i,16774875575531131221,3881049512878159817,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5136 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6188 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4336 /prefetch:1
C:\Users\Admin\Downloads\7z2407-x64.exe
"C:\Users\Admin\Downloads\7z2407-x64.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=3028 /prefetch:8
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6652 /prefetch:8
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6228 /prefetch:8
C:\Users\Admin\Downloads\7z2407.exe
"C:\Users\Admin\Downloads\7z2407.exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5832 /prefetch:2
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\7-Zip\7zFM.exe
"C:\Program Files (x86)\7-Zip\7zFM.exe"
C:\Program Files (x86)\7-Zip\7zFM.exe
"C:\Program Files (x86)\7-Zip\7zFM.exe"
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\github.software.1.3.8.7z"
C:\Users\Admin\AppData\Local\Temp\7zO469C296F\github.software.1.3.8.exe
"C:\Users\Admin\AppData\Local\Temp\7zO469C296F\github.software.1.3.8.exe"
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Users\Admin\AppData\Local\Temp\7zO469CC220\github.software.1.3.8.exe
"C:\Users\Admin\AppData\Local\Temp\7zO469CC220\github.software.1.3.8.exe"
C:\Users\Admin\AppData\Local\Temp\7zO46911620\github.software.1.3.8.exe
"C:\Users\Admin\AppData\Local\Temp\7zO46911620\github.software.1.3.8.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2768 -childID 9 -isForBrowser -prefsHandle 7164 -prefMapHandle 1752 -prefsLen 28544 -prefMapSize 244658 -jsInitHandle 1212 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd179f50-c992-47f2-9205-98921c26ba97} 3640 "\\.\pipe\gecko-crash-server-pipe.3640" tab
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7648 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7604 /prefetch:8
C:\Users\Admin\Downloads\SafeMEMZ.exe
"C:\Users\Admin\Downloads\SafeMEMZ.exe"
C:\Users\Admin\Downloads\SafeMEMZ.exe
"C:\Users\Admin\Downloads\SafeMEMZ.exe"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4e4 0x3bc
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7876 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=212 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7776 /prefetch:8
C:\Users\Admin\Downloads\memz-trojan_VT21g-1.exe
"C:\Users\Admin\Downloads\memz-trojan_VT21g-1.exe"
C:\Users\Admin\AppData\Local\Temp\is-3G452.tmp\memz-trojan_VT21g-1.tmp
"C:\Users\Admin\AppData\Local\Temp\is-3G452.tmp\memz-trojan_VT21g-1.tmp" /SL5="$A056C,1573616,832512,C:\Users\Admin\Downloads\memz-trojan_VT21g-1.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.fileplanet.com/windows
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9ced046f8,0x7ff9ced04708,0x7ff9ced04718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8172 /prefetch:1
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_memz-trojan.zip\MEMZ-master\README.md
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7564 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7640 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7852 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7516 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5908 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,9559438681591329874,9838136296801130504,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8
C:\Users\Admin\Downloads\000.exe
"C:\Users\Admin\Downloads\000.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\windl.bat""
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im explorer.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic useraccount where name='Admin' set FullName='UR NEXT'
C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic useraccount where name='Admin' rename 'UR NEXT'
C:\Windows\SysWOW64\shutdown.exe
shutdown /f /r /t 0
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa38ed055 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| N/A | 127.0.0.1:62566 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 44.238.192.228:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | 228.192.238.44.in-addr.arpa | udp |
| N/A | 127.0.0.1:62574 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.180.250.142.in-addr.arpa | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 88.221.134.209:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-aigzrnsr.gvt1.com | udp |
| GB | 74.125.175.38:443 | r1---sn-aigzrnsr.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-aigzrnsr.gvt1.com | udp |
| US | 8.8.8.8:53 | r1.sn-aigzrnsr.gvt1.com | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.134.221.88.in-addr.arpa | udp |
| GB | 74.125.175.38:443 | r1.sn-aigzrnsr.gvt1.com | udp |
| US | 8.8.8.8:53 | 38.175.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 240.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | support.mozilla.org | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 27.173.189.20.in-addr.arpa | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.200.14:443 | clients2.google.com | udp |
| GB | 142.250.200.14:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.187.234:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.244.181.201:443 | prod.balrog.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 198.32.209.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.109.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.245.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| GB | 184.28.176.56:443 | www.bing.com | tcp |
| GB | 184.28.176.56:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 184.28.176.56:443 | th.bing.com | tcp |
| GB | 184.28.176.56:443 | th.bing.com | tcp |
| GB | 184.28.176.56:443 | th.bing.com | tcp |
| GB | 184.28.176.56:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 56.176.28.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 40.126.32.133:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bing.com | udp |
| US | 204.79.197.200:443 | bing.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.7-zip.org | udp |
| DE | 49.12.202.237:443 | www.7-zip.org | tcp |
| DE | 49.12.202.237:443 | www.7-zip.org | tcp |
| US | 8.8.8.8:53 | 237.202.12.49.in-addr.arpa | udp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | 89.33.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.111.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.mozilla.org | udp |
| US | 8.8.8.8:53 | wiki.mozilla.org | udp |
| US | 8.8.8.8:53 | wiki-prod-850398177.us-west-2.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | www.mozorg.moz.works | udp |
| US | 8.8.8.8:53 | wiki-prod-850398177.us-west-2.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | www.mozorg.moz.works | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 2.19.252.146:443 | aefd.nelreports.net | tcp |
| GB | 2.19.252.146:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | 146.252.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sensitivyitszv.shop | udp |
| US | 104.21.21.105:443 | sensitivyitszv.shop | tcp |
| US | 8.8.8.8:53 | bouncedgowp.shop | udp |
| US | 104.21.93.198:443 | bouncedgowp.shop | tcp |
| US | 8.8.8.8:53 | bannngwko.shop | udp |
| US | 104.21.81.196:443 | bannngwko.shop | tcp |
| US | 8.8.8.8:53 | 198.93.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.21.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bargainnykwo.shop | udp |
| US | 104.21.47.93:443 | bargainnykwo.shop | tcp |
| US | 8.8.8.8:53 | affecthorsedpo.shop | udp |
| US | 172.67.135.137:443 | affecthorsedpo.shop | tcp |
| US | 8.8.8.8:53 | radiationnopp.shop | udp |
| US | 104.21.68.158:443 | radiationnopp.shop | tcp |
| US | 8.8.8.8:53 | 196.81.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.135.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.47.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | answerrsdo.shop | udp |
| US | 172.67.203.63:443 | answerrsdo.shop | tcp |
| US | 8.8.8.8:53 | publicitttyps.shop | udp |
| US | 172.67.134.88:443 | publicitttyps.shop | tcp |
| US | 8.8.8.8:53 | 158.68.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.203.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | benchillppwo.shop | udp |
| US | 172.67.160.230:443 | benchillppwo.shop | tcp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| GB | 23.214.143.155:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | 230.160.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.134.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | reinforcedirectorywd.shop | udp |
| US | 172.67.214.98:443 | reinforcedirectorywd.shop | tcp |
| US | 8.8.8.8:53 | 155.143.214.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.214.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.mozilla.org | udp |
| GB | 143.204.72.186:443 | www.mozilla.org | tcp |
| US | 8.8.8.8:53 | www.mozorg.moz.works | udp |
| US | 8.8.8.8:53 | www.mozorg.moz.works | udp |
| US | 8.8.8.8:53 | 186.72.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 104.21.21.105:443 | sensitivyitszv.shop | tcp |
| US | 104.21.93.198:443 | bouncedgowp.shop | tcp |
| US | 104.21.81.196:443 | bannngwko.shop | tcp |
| US | 104.21.47.93:443 | bargainnykwo.shop | tcp |
| US | 172.67.135.137:443 | affecthorsedpo.shop | tcp |
| US | 104.21.68.158:443 | radiationnopp.shop | tcp |
| US | 104.21.21.105:443 | sensitivyitszv.shop | tcp |
| US | 172.67.203.63:443 | answerrsdo.shop | tcp |
| US | 104.21.93.198:443 | bouncedgowp.shop | tcp |
| US | 104.21.81.196:443 | bannngwko.shop | tcp |
| US | 172.67.134.88:443 | publicitttyps.shop | tcp |
| US | 104.21.47.93:443 | bargainnykwo.shop | tcp |
| US | 172.67.160.230:443 | benchillppwo.shop | tcp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 172.67.135.137:443 | affecthorsedpo.shop | tcp |
| GB | 23.214.143.155:443 | steamcommunity.com | tcp |
| US | 104.21.68.158:443 | radiationnopp.shop | tcp |
| US | 172.67.214.98:443 | reinforcedirectorywd.shop | tcp |
| US | 172.67.203.63:443 | answerrsdo.shop | tcp |
| US | 172.67.134.88:443 | publicitttyps.shop | tcp |
| US | 172.67.160.230:443 | benchillppwo.shop | tcp |
| GB | 23.214.143.155:443 | steamcommunity.com | tcp |
| GB | 184.28.176.56:443 | www.bing.com | tcp |
| US | 172.67.214.98:443 | reinforcedirectorywd.shop | tcp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 184.28.176.56:443 | r.bing.com | tcp |
| GB | 184.28.176.56:443 | r.bing.com | tcp |
| GB | 184.28.176.56:443 | r.bing.com | tcp |
| GB | 184.28.176.56:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | 22.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.154.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 2.19.252.134:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | 134.252.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | memz-trojan.fileplanet.com | udp |
| US | 104.27.203.89:443 | memz-trojan.fileplanet.com | tcp |
| US | 104.27.203.89:443 | memz-trojan.fileplanet.com | tcp |
| US | 8.8.8.8:53 | cdn.fileplanet.com | udp |
| US | 8.8.8.8:53 | cmp.quantcast.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | secure.statcounter.com | udp |
| GB | 143.204.68.56:443 | cmp.quantcast.com | tcp |
| GB | 142.250.187.234:443 | ajax.googleapis.com | tcp |
| US | 104.27.204.89:443 | cdn.fileplanet.com | tcp |
| US | 104.20.94.138:443 | secure.statcounter.com | tcp |
| US | 8.8.8.8:53 | cmp.inmobi.com | udp |
| GB | 18.244.114.32:443 | cmp.inmobi.com | tcp |
| US | 8.8.8.8:53 | 89.203.27.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.68.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.204.27.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.94.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.statcounter.com | udp |
| US | 8.8.8.8:53 | fileplanet-1.disqus.com | udp |
| US | 199.232.196.134:443 | fileplanet-1.disqus.com | tcp |
| US | 8.8.8.8:53 | www.fileplanet.com | udp |
| US | 8.8.8.8:53 | disqus.com | udp |
| US | 8.8.8.8:53 | c.disquscdn.com | udp |
| US | 151.101.64.134:443 | disqus.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| GB | 18.244.140.59:443 | c.disquscdn.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | referrer.disqus.com | udp |
| US | 199.232.192.134:443 | referrer.disqus.com | tcp |
| GB | 18.244.140.59:443 | c.disquscdn.com | tcp |
| US | 8.8.8.8:53 | api.cmp.inmobi.com | udp |
| US | 8.8.8.8:53 | 32.114.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.196.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.64.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.140.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.192.232.199.in-addr.arpa | udp |
| DE | 3.121.198.101:443 | api.cmp.inmobi.com | tcp |
| US | 199.232.192.134:443 | referrer.disqus.com | tcp |
| US | 199.232.192.134:443 | referrer.disqus.com | tcp |
| US | 199.232.192.134:443 | referrer.disqus.com | tcp |
| US | 8.8.8.8:53 | 101.198.121.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d1kfqy7iexjdta.cloudfront.net | udp |
| GB | 18.245.150.65:443 | d1kfqy7iexjdta.cloudfront.net | tcp |
| GB | 18.245.150.65:443 | d1kfqy7iexjdta.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 65.150.245.18.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d1e9165hyidvf5.cloudfront.net | udp |
| GB | 18.165.196.57:443 | d1e9165hyidvf5.cloudfront.net | tcp |
| US | 8.8.8.8:53 | cdn.fileplanet.com | udp |
| US | 104.27.204.89:443 | cdn.fileplanet.com | tcp |
| US | 8.8.8.8:53 | 57.196.165.18.in-addr.arpa | udp |
| GB | 18.165.196.57:443 | d1e9165hyidvf5.cloudfront.net | tcp |
| US | 8.8.8.8:53 | dl.jalecdn.com | udp |
| NL | 95.168.168.24:80 | dl.jalecdn.com | tcp |
| US | 8.8.8.8:53 | 24.168.168.95.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 184.28.176.104:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 104.176.28.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 8.8.8.8:53 | archive.org | udp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 8.8.8.8:53 | 2.224.241.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | polyfill.archive.org | udp |
| US | 207.241.239.241:443 | polyfill.archive.org | tcp |
| US | 207.241.239.241:443 | polyfill.archive.org | tcp |
| US | 8.8.8.8:53 | analytics.archive.org | udp |
| US | 207.241.225.195:443 | analytics.archive.org | tcp |
| US | 8.8.8.8:53 | 241.239.241.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.225.241.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dn720003.ca.archive.org | udp |
| US | 184.105.214.247:443 | dn720003.ca.archive.org | tcp |
| US | 184.105.214.247:443 | dn720003.ca.archive.org | tcp |
| US | 8.8.8.8:53 | 247.214.105.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ehv06adt.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | d6c6b89041d8b958957441590218c6ba |
| SHA1 | 664b99bc41ac3a6db8a16c92a68bab43ba1c958a |
| SHA256 | 6178d49e00575fc377921ce9749fe87564ded4ebcfeccbb5e94a6229a39c126f |
| SHA512 | ebef778ec174bd524898c501f88cec37dd5c1435a3057ccea614372ff2379555d37de821387bcb5223ec4dfce4801c2745c41a73a404996f02ecea23e9eddb5e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\datareporting\glean\pending_pings\f9ae8277-19ec-4b16-80cf-17b87670e205
| MD5 | 9253ce2b7e75baa606e9ad46cbaff378 |
| SHA1 | 5d393e5d11aeab7b666f1e5f63ed6df7fcb9d719 |
| SHA256 | dd09b727d588dc7ea0bb68063a4e39e0be5851f0799a75ee0472bf8177700366 |
| SHA512 | 4deed1cc275bb62ee9f0b6d886a234d147821e14f7268fff20ba3f1731beea7dd104ad9a7e181dedded9dfbfb4b82ea17cb7b17a1a2d297d7a3a4dea503a3115 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\datareporting\glean\pending_pings\be0640f1-7a85-4c70-acd8-190dea99a299
| MD5 | 11e7e4e0f898c76d3eebfa433f054f95 |
| SHA1 | 6faf3fa123d435d4a59fec68cf7f75ec96720306 |
| SHA256 | 75ad37b4e3cbefca83c473f460cdff46937fd6f2b0be083480c779f0535fd893 |
| SHA512 | 134965cd01983032af264acc5808a6d9b3167b33c57999711036e51f4b356a893daa36e5dcb98d837e0f3507437b55e427390b0ced2e3aa30362a7522d0fe9dd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 9e4bbfe65e265353d2c927d493839cd6 |
| SHA1 | db2b2af1393dc545309b23faf1f7b0d0955df010 |
| SHA256 | 82e00db1143426d1590ee31eaa6bed853ea0da497c9385ec48aad7a5821c58e7 |
| SHA512 | a8147a4110a3a3b9eaec768093ba21b0945d528626a58dbcab5335b9e5bec4d40f1d7167758e35f864cdea3ccc76d787a277aa9495c9dee2046bccdb0e93f851 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | f11c17296a82361b87eb3c2ebdede32a |
| SHA1 | 18e07f7dc643ae330a79841bf0d849ec8b56a808 |
| SHA256 | 4212a0dec46df0e1b72d5558f8655890521a66c26f1041587922f9530cc72735 |
| SHA512 | a3d373cde47a7473a4e58344991077ae97c307f166973ae98c381b886f7a08da2121e76894313e3347bb04de94f58e14f9006bab60c4f7cad00e80df4cc1d3c7 |
C:\Users\Admin\Downloads\Bpb0sTCt.7z.part
| MD5 | 6f21315800c0a6f79b3f2fe4fd0aad33 |
| SHA1 | 893f74ea48b9d54d6ba906cbc1462fe830ff3fd9 |
| SHA256 | 0ac38faaf5f1d16523192cdb563932165e246c20fb26c276e4780ac4534f6dda |
| SHA512 | 33f8677ba9e303a54e5b9cf888e520f9ff53104f1b035587024186b17f54bb8088f566b1d405905a63ac40c3334e525460b4c0d37583de775d70706214e840da |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | c2973da2fc70226dfc36741cadbf12ae |
| SHA1 | ecb85676be5f02612e9a8d4be1a195e6084137e8 |
| SHA256 | d8b6341defa421f8d45a8ecfb391434b6550559a9de46102c42397ce9012ed42 |
| SHA512 | dc43e8aa153a9ba6f35d49bcc18a098857f8eb629fc2f38c7cc38eda6f0938d056958723eb05ea727cf5c36eafbe1753f5866f56ef32e1bb4f15aa24f4bbe78e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\prefs.js
| MD5 | 8f1722daeafc2775f3a9d8122484dc85 |
| SHA1 | abae96e38a1604bce4ab1998ed8e90ec41399713 |
| SHA256 | b757a3b845ef72774e1f6460593a98b5963cc71ffd4587c0763fda895ed0dfd8 |
| SHA512 | 6ec02a4966cc959bf178899a0257745785577d2c1346e998ac7e22038018aba68cfc845fd22b598c896bd3a26441005d07bffe82020094cb4f871734a3b5437b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\AlternateServices.bin
| MD5 | 5b55d8f4fcafd2935cce07f59ff0f95d |
| SHA1 | b9091d4b8e78fa43bcd0bea93ff961031c31e9a5 |
| SHA256 | f2146e9c944e8498871bca6a40d1b01d7d1f920cae4e172d757b82cb88a1fd08 |
| SHA512 | 9b83b6f34840106daad6d59b6bbec436a9864d613e0e270539eaa043ec41554064a3cf0f69e2f46d0f7b2dc9eba43af7574f0299d523cf4c468dbfb04058ae84 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 02dfd79a32fe5998327ee9aaac75eaf0 |
| SHA1 | 379484f1a5706b222751f686c137fc941ccfb9cb |
| SHA256 | 6e81836afcb70c0ed5316638d1293dcd7f13a1cf513a4a77c5e256f875fcddf3 |
| SHA512 | 769ef7287bef906a7a412defb3144d1b1b4337b92fe2837272a824b665dc85cfbca34617e5d9d4f59a42641ef516d1f80a65639eb9de3eafa0cd870b51f01b85 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\prefs.js
| MD5 | a9233f9805183483b922154857d7c4cc |
| SHA1 | 9c94ac88edf14eb0cbf16b98e410b62c349703ad |
| SHA256 | 52885702cf4a25be82ad0c5c3b5bbb8b6fc47de4aa29ae265b3ee9c067ccf0af |
| SHA512 | 797ccec25e2d4c039d200a31ccb851b223f8b0fc1540e88f0aecb69f29d7713c434b592374b2782e41de82a60971bf3049f1618bbcae0aced94fbd75056ab483 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\prefs-1.js
| MD5 | 367e5c195c0039b367de32a4b3fad939 |
| SHA1 | e70a55ed6a715fed91dbf9888375f5f13f084c0d |
| SHA256 | 1541f309383bcec637002a39202e549f495891d63a17a5894ee8db831e4cb842 |
| SHA512 | c766a8ffcd32b38a407a570e6b743e803b897c9eeadac7169f4c1f7fe21da596863da7427929e1d1f7cb49867cc6c19e19cdbcebf13144f87c7849bacd7c81c3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\AlternateServices.bin
| MD5 | e1f2e8c29167b6acc455c27b3395bbbb |
| SHA1 | 092102a9a7b8725bba0064f7dff0c14f6045f66b |
| SHA256 | f7f6a63ffaa559edfaed032ca570bb1ef978493054fdb1b47a9c4c7cc064a487 |
| SHA512 | b4d6f8491ede89b303eb7bf2287865109b05bee10a0442b21e8f81ce3f89677c87fed2b99598ee2cde9b193458b4430988f1796f1d6414a1295f0148ba0449c9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | ca4784b94724fe969a6b851403777c14 |
| SHA1 | cbc624f5d144ca0ab3c7bc0134a8271c4aefc179 |
| SHA256 | 2a3689de40435d08cbe6dcb87150816be61955c34cd0d7ce022850af96e24ccc |
| SHA512 | f0d997b01e626d8602fb2dbbc111e18560243531c2a2bb8fa5fd112a6c52a602d472742ec0b5273e54ccb56d7fe985dae96b0363ce3fe53ae2c588c9d71aa702 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\prefs-1.js
| MD5 | 8061c5dcc052861086ea1cf2f460fa57 |
| SHA1 | 3fe2084256bc4384bbd3f1ff313ef01ba491545d |
| SHA256 | e5999353403960aedcaaf65a68046e7827c66382053e58195d8587931a6fe49d |
| SHA512 | 97e649f99c8adaf4a749f53e85e5bee043b02fea656eacc9f64d11cc3c2ca6c636ead2006d54fdb5356ff68fc15cf30901ea9f13045045d2a1a1b5babcaf03a4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\sessionstore-backups\recovery.baklz4
| MD5 | c61684675c113ba49b3d49a88fc5a4cb |
| SHA1 | bd475c7c010e7187132061fa9b3a76525c77a5e8 |
| SHA256 | 86f1278b095aa5fdc2cc7a20241c564e1deb4deae3384cb81cdcd9e2b59b5a3c |
| SHA512 | 7fd73068cacdafdeda85d90641877f2193b19e11a414b2cb33596fac7790dc4f4b911f8eafb877effdee9bde06c72d22b24a8d0aee9e0d93f223ad7c13e503e6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\sessionstore-backups\recovery.baklz4
| MD5 | c4cd8defdd9b939a45d68aec958db6f4 |
| SHA1 | 9c6253a166f99caa8d136291b7246163cf597161 |
| SHA256 | 221bdf06de0f94f32b2318a73299415da55f69f291c5b7b3293093a331145a5e |
| SHA512 | 877f61630e17a4134923f436687a1cbfd69cd0dddcbdb1bbfb1e404ece17825d0b7040b9fe36ceaf6e04438190b08db11e731aa6abfbbdf0751a9fdfd7d687f7 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ehv06adt.default-release\cache2\entries\8FE62B3DE243D41B99575D7049B709DEABDE78D1
| MD5 | 9a71f2b84998c10dcf5782e8da2aab35 |
| SHA1 | 4b0c0f4cc8c113725e51dffdc710caddb8e122a7 |
| SHA256 | 084d20d1e488406dffe5619e3b4f2d26058f0983739a5481e68ed2c6633b9595 |
| SHA512 | 83d01d719117da0ee23d9d0762a24d10e591a3129e84f06d71bb5f4bd4b435b4e1b2483b511727343e6d62f6cc35eb527804a3ba9d1cdbe75b246fd342d7d0b2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\sessionstore-backups\recovery.baklz4
| MD5 | e2c513fc4cf016d530419a4f72fce325 |
| SHA1 | 6427c396b372d13cf3e839b494c3bc6c84d8294d |
| SHA256 | 655e7e4f70a4e89d9d128b11ab954e15dcc23f989be31276c39f74ab24691aac |
| SHA512 | 05805086efaaa1f032f262246db147b8b07caf8867109391299522ea49427288ae633ce870946e2a26bc2a77414bde8d3763da88bd588f0d9616413348dc4bab |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 8da695ebaa94bf152628d56b26dae759 |
| SHA1 | 17f19764ff20290c14a9e0e8a4b3f2ab016379e8 |
| SHA256 | a11625b1838bae5e91d01c2cc68feff2b51539c6e21f4bf9d28afb6b178b9e4a |
| SHA512 | 221bb7b1e57f8c975b4d6cda74265357fe97b05177664875f529468478bdb8f705f074891a7f678bbc40df05b7499309b37f3e910daed41db7a538bd2244f3a2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ehv06adt.default-release\cache2\entries\4DABAF7EFACD377F68614B900873860C74399618
| MD5 | 0b12f8787999f1102b1b5a0467ff51b9 |
| SHA1 | dc8614e432ae23f1509416adb4c227aeb6c31fd8 |
| SHA256 | 6267efcae54be55b01d7d24071791d698be9d90ef78399b1c6bebdf2e9097732 |
| SHA512 | 9dc22e4c399259dce68273e535fc9056f7eafc5b14e7351960c55540b86cedb45848892db6b776748f20d595b58e4685fb569bf15bc9c13a586502182a71bb42 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 37c4432b1315874a06c2d88aeedf6bfd |
| SHA1 | 72a8de1f079163c3957672a637b321c41bf6d740 |
| SHA256 | 02c0ad70a08fddcce7022a8eb5ccec4012ebee393b6910647726cd236c7f7eea |
| SHA512 | 21044da36246513f1d8db334d5304b3559dca41fff2dc9cb454ca681db18cd39c8b362353fc1fb014647103f2f6aaffaab6034efa8f91375a089910d018406ad |
\??\pipe\crashpad_2976_GUKNKNROPYUXJELI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002
| MD5 | c594a826934b9505d591d0f7a7df80b7 |
| SHA1 | c04b8637e686f71f3fc46a29a86346ba9b04ae18 |
| SHA256 | e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610 |
| SHA512 | 04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\datareporting\glean\pending_pings\9c6f353d-0d8a-43fb-8898-b2bafd0a228a
| MD5 | eb7d7ff3b73e7fc440bacf7f12e53adf |
| SHA1 | a872eeb9fd63df3506005a1308b0b1ffa481b472 |
| SHA256 | e91f7a68f0caa8dbe4a7beae01fb4f3238a6bb4de0c32b1d9f1049bd2a599722 |
| SHA512 | 439f39b4cd6d0df1dd483febb23729f7bd247d5ffe02159a9664ce54f13760ded3e2bef0d5fcc7f2070c8914b34b33f4a16a85303e4d8acf66778eded47c9f0a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\datareporting\glean\pending_pings\bd098c25-d253-4b29-ae64-16fdede3f2c1
| MD5 | a528db1fe47dc3574477e08c1e27aa5e |
| SHA1 | 02b96c1977faad0b4cc1f8affd54d4a96ff25199 |
| SHA256 | 4669f32f112f5dc6985fa2b0c9ff78bc3ab4e04469c012594d5090cd81ec0df0 |
| SHA512 | cff15d91fad3edf18ac9e2a9968e7e66f28eafa9297b61442be9ff1030367a6037be94ff9b67128303ce29945766c6b1463e0fb91b0cf4ed7d92580ded24ec94 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\sessionstore-backups\recovery.baklz4
| MD5 | b851be1919864b5a56b700637b227681 |
| SHA1 | ce650d5c09e89412a91f57e7e8c25e3c1e9ca2ae |
| SHA256 | 183741aa0d7f314e1638d477df04d820ebd2d7bedd87bbf03bf32f7c373de069 |
| SHA512 | 04b2982e850f8b467f3b8c5181dc65411398b679df85f1cb09eb495e7f4ab9de4e095cb7155f7ff632dddbe6e045bfbca005f083e1c5ac31bad830c3c90cca72 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 98c3d9a16492b2907fdf8564c1a12207 |
| SHA1 | 1a1554e6d76f2b90f05fb9485767f7b787333358 |
| SHA256 | 89795539faa37470c692a8f8e9534ecd6a91fa908b5e41f2175fe6c36bb9459c |
| SHA512 | b57aa9431f6b2065a8a9b5e3069da27e15e020b4521eb12da73113be3460312d6ee3b901bef0b8a333b1b3d6d5d4e58939fad466b6c39f7dfdb8443529a651a8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 31a6e44310d2278bf1cd700e8dd6ef11 |
| SHA1 | 747dfe72629c9b2de56ed045dc5d0e7098735269 |
| SHA256 | 6dd098f57ca90e9551a068933fc27baecb9d3e5c8a1e71b2a796379aaeda2e8b |
| SHA512 | 750994e6be8a39d6523e0e5f502c276b1064673160e2f5b6c0db413dbcb42d99c43da4f3c18bc5235cae6e95cfc42bc646abd2c52afb9fd1120ce94ea8ab7b14 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 661313817c18e91bb2f1225ea1c82e53 |
| SHA1 | fcf7d7a25102c198f86f7db3699c8fe632eb8fc8 |
| SHA256 | 837ed1d8b52b7c3ed7eed42b13b65e45e2c500479a9f41ff7383b5b182ee4bb9 |
| SHA512 | bfd7b9bab6c7b337efd08d5d43e4aec799ace74148ed5cd14a6a0fe88bef1222a3dcc41ef3125a593f0d505382bc3d28d831c90b495523308d758c4f16c4f297 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b90cd19f58d07366826c5292a4df14c0 |
| SHA1 | 4901a1ef064a974a9a2299033b898bcb6a2557a5 |
| SHA256 | bec44976ed162c0e01c3edcef04235004ad86d0179308ce5dab6d0529e11e94a |
| SHA512 | 3102470afa405a24560cd12f64706c2e88089cf5b9fe7511e2dffc130b4b9f118f22471852459fa983e1f8fc456088396206bd8d2b38642454180509ea64f4b1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 951beab35312d95d0439aad30d174f86 |
| SHA1 | 1b7a1ddd08fa5fa54fa253c41f561cc9e85aefbf |
| SHA256 | 8c7925716c58566471634d0dd74720e9d91bc00e6a6c42b1ea68827541404ef9 |
| SHA512 | 1311dff10a79081291ea105f83b083218534e7e367af69ef598bbb7394abbe8c92d993bfa6dcd54c683ea3a00345efcaa9241ec18404b19fbc63e2702c5f0d14 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 982c94611aa00fcbeb453d7cf9d72316 |
| SHA1 | 8b2f3301fba7b5635aea4cea99335360ec553a54 |
| SHA256 | edad26c1f61ae70d23ac6737d80f3ef85a82167859cb277fd72c98694b3ba51f |
| SHA512 | a9c36c30b70286f88f0dcd4c0dbf435b71bd612d9c51c501417902e702cfd08da2c2d361e81a1e64962674aba1621085f3c466ccfbfeecbb98555e6c05bc8000 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 3339dfaf8b312b332980ff463f2187ad |
| SHA1 | 50b2eb56f60a77c399b8e034bfc6966ed0db301c |
| SHA256 | 37971eb7baab7672ed109486e7a221441059051373fbb64510d5b6218c272085 |
| SHA512 | e6323837324c2a48d3f3db7f1234af61a73ff1be3aec493ce63229ce35e05528efc98fe972de34f123d8bf48d056e5a47b1f11d7c4cc3583cb343b2de1249ad4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7e94d45d27fbc9d5f2bdf751530eb27e |
| SHA1 | a73adba5f4b0979ba99f3b6fe2f08fd338d3752b |
| SHA256 | 28ff73a720f7610aeab70582ae20369b59e9e7fd649765a2de23f4eb04e6e701 |
| SHA512 | b9a783147b1dbc0b6c1d8d7c87a203e69a79ca46aa20683665a343d16daed7c6c4e53de6b26d89727a3f205de18b696198e0ca5223958bf075e9da43083ac2d4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6dc6486816bb0910dadd4ab7477870cb |
| SHA1 | 3e2efec3169b3c0eff42d1be23175cb3b9272f53 |
| SHA256 | 1f4e084e0feafa268cc02831106761866c4b5abd8e927dcc729f26400f7f502f |
| SHA512 | f349788a5f8e7aca901015aca12ef4e934f1aba7db0e4562553faa7cac261043249c851d6c7f956b3607de738141f23eb1a5c30bc46b8078ac2d277d7870ee89 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3d626449493b8a7232f1e72fc90b4e09 |
| SHA1 | b22b7293b980bae3ae143dc202fff608879a2b20 |
| SHA256 | 229f8364b1fc9b3cd3ecf41dfc25ef35e8cc42a903e3cae42047f16ed5abdcd1 |
| SHA512 | 85f9d9a499d2a69469d2799a18bea3ce8a25a5932546c2a2041e4d98bd71e9ca2ad7422a84c0f7b6b53f21a72f97ffa0e9a6b1baf6df9bdd30a9c18e91462486 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1eabcf3d0e5864450f4cef8c4cc465b1 |
| SHA1 | a428d4009e62c8259603e7c8edafead2626df74d |
| SHA256 | d7f27383c343b6db191234c69e143142c998abe5fd1b8910d407a83640d7fb3c |
| SHA512 | 2f06dc3ed65337205f110a9e9a749ba5bd261faa2afec0bf797cad0287906a7f3099d944983bb2cda1ec9bb34619263653ea9f028d4bf8b71cb5d7c15a839c88 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | a298da55223e37f333c882a4049a8f0e |
| SHA1 | 8dd3879263f4caca8ad27f9c35005a9155bd05a3 |
| SHA256 | 6d6552a8465b1f75ebb1427cbf6daa23ca324ddc52818a5316d4a0cf86e92933 |
| SHA512 | 557db6e46815ed15bdb8c21b6b979f5bedb6bc15316ec21e0960a50d8d0f827e9171ed34e737b05dd4062a7f1ec99821d0d942e40a29fa7b471360bf38ebcd0f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 40afd618d464e590a97852483391600d |
| SHA1 | 196664076ad21c872f0827b8dd1d2aa460942010 |
| SHA256 | 06e09bdfef39a2b21ec80bf0ce9eb17bb4e88906437e860792f8b021ceac1dc3 |
| SHA512 | 85d6b860a43801b0bad62468737ed3bf45a6c5a096d744d8c04791b957cb4be8c5668f272347caaae33800647c1a053aef18d98d6d5be5f98ad9e84257baef4e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b28ef7d9f6d74f055cc49876767c886c |
| SHA1 | d6b3267f36c340979f8fc3e012fdd02c468740bf |
| SHA256 | fa6804456884789f4bdf9c3f5a4a8f29e0ededde149c4384072f3d8cc85bcc37 |
| SHA512 | 491f893c8f765e5d629bce8dd5067cef4e2ebc558d43bfb05e358bca43e1a66ee1285519bc266fd0ff5b5e09769a56077b62ac55fa8797c1edf6205843356e75 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 658de7d805984d225ef1c432fb871113 |
| SHA1 | 2192746c1c3136b11dd2b2563585e4dadf06f50f |
| SHA256 | 494b0412009eca688ae4f3eb9f7d975bb136641f876ccc47541dfe284950f9dd |
| SHA512 | 032ce5a9ba676a7c62436ec70487ee7d131d4e01c1c15c2d6162693f97eadee18b2e04758b9312e32887d6b24fbcb2fd641adc096ed1b314d0a17b5fa908e292 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | c8e960215e6f4865061ee59df95c8a75 |
| SHA1 | 4fe6b01dc335bf53f6f716c023648fa70662af6c |
| SHA256 | 86773ef005b41f5d9a5c449c16c395c7d28c0ccf11386ba8353fa06422b11dce |
| SHA512 | 374b34186e76be079f8f18b6d0a5f9aa1514ec32f97e6c3fe7f9864792891399566898ff2650a8bf012cc8b481b9ea1a81c37df82ce28e4ba3df7f8673c7d37d |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 4a5a559504fa7a629f843ff2bc59fd94 |
| SHA1 | f583bef74646639fd101f78227f25513b3208354 |
| SHA256 | 4a9eb2acdd3c0151b56cbf008ebcc306c7f5e0363ab074077e5b2a1973a8c22f |
| SHA512 | 87feeb184aad3d562d55eed2116fd0bb1f3159e69ba0b9fece11bbeede2b9c84f4d45b6c7d030f00a7af5cb1699b657f4bdc15b0a82c5f6ab19bd9ba35c108ea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c627bf38ec16d1f6e05a9f08896f51a0 |
| SHA1 | e738a394de11f160df043ed44b637191ff8fafc5 |
| SHA256 | 24e78ff9ba9ee1ab06ff702c0b16106ccb41c832ac85e3b9c36c39e74bb7ace8 |
| SHA512 | 1b6f7f6bea35f10d6ee00d761b950b6a6fa06b46f8573484f74c144536c710574e55b79fa7dc5f3e0d31697953c34b206039c2fbe2366bed117305726fc4996e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f40738a3bd93fcb5dcbe41e0c8c9094c |
| SHA1 | 7262ed0b11aa40896ca268e7170df6c51839007e |
| SHA256 | cd413ac5e3d6edb227934d8a90a0cbdb0bf509ca74c882093ee785fd980fbd1c |
| SHA512 | 338e058defb233d53449392f6ce84bc9490d218755c1017495539edb47c8f377cb0754f8128b2a3ce9d20d87bb3ae4f6e72bca058a5587f1dd5afa94e327a0b4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 377bf0a715a6e4af8533fad2dc1c162c |
| SHA1 | 600bd5148f49a2321ca51dd90802b54aa4d583b6 |
| SHA256 | fe62308487a5a8d9d992df923ed36a01d69cfd2b202c2aaaef92225dbdd22ec1 |
| SHA512 | 66245fd743c584ad74b38658e554a988017dc4067583b96407f0d4d643005d1eb906dd41d135684b291e132f05ef47d3b612fa6a32fbe55221ea040395f4b75b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | 2e86a72f4e82614cd4842950d2e0a716 |
| SHA1 | d7b4ee0c9af735d098bff474632fc2c0113e0b9c |
| SHA256 | c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f |
| SHA512 | 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | 970d0e20692b74e97203d5cf9358350f |
| SHA1 | 3e45b858a775b05d117b26a317ceef16d3320ad1 |
| SHA256 | 2c2ba720b00b5ea91083f203eba58347373081ef53201695e5b2de96405945a3 |
| SHA512 | 75cd3e41d4094aad759b315eb56eefa1f2b3a4111899ad0da733b12ceef8157ad44d507a01705f9b1ac77c53866355a08edef8663608ec2d7753425c203ba507 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | 7d5e1b1b9e9321b9e89504f2c2153b10 |
| SHA1 | 37847cc4c1d46d16265e0e4659e6b5611d62b935 |
| SHA256 | adbd44258f3952a53d9c99303e034d87c5c4f66c5c431910b1823bb3dd0326af |
| SHA512 | 6f3dc2c523127a58def4364a56c3daa0b2d532891d06f6432ad89b740ee87eacacfcea6fa62a6785e6b9844d404baee4ea4a73606841769ab2dfc5f0efe40989 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 710d7637cc7e21b62fd3efe6aba1fd27 |
| SHA1 | 8645d6b137064c7b38e10c736724e17787db6cf3 |
| SHA256 | c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b |
| SHA512 | 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | d6b36c7d4b06f140f860ddc91a4c659c |
| SHA1 | ccf16571637b8d3e4c9423688c5bd06167bfb9e9 |
| SHA256 | 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92 |
| SHA512 | 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | b38fbbd0b5c8e8b4452b33d6f85df7dc |
| SHA1 | 386ba241790252df01a6a028b3238de2f995a559 |
| SHA256 | b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd |
| SHA512 | 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | 620dd00003f691e6bda9ff44e1fc313f |
| SHA1 | aaf106bb2767308c1056dee17ab2e92b9374fb00 |
| SHA256 | eea7813cba41e7062794087d5d4c820d7b30b699af3ec37cb545665940725586 |
| SHA512 | 3e245851bfa901632ea796ddd5c64b86eda217ec5cd0587406f5c28328b5cb98c5d8089d868e409e40560c279332ba85dd8ce1159ae98e8588e35ed61da2f006 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fa1588065899a4971c50effd28416e2a |
| SHA1 | fedfb34a7a7810660abf6179d600055e2c05fcb3 |
| SHA256 | 2b34ccccb650c516c09c3f01247ae785fd19ab3e994f021566b2d5aca2770766 |
| SHA512 | efc05312ac8f10569beadbdd40b8700ac15d1ab553d4eaf3122a91d82cab6703eb64513e0234ce92f3edf14a0b69b3c14bffdcb9a8383253adc7a64e83b869e1 |
C:\Users\Admin\Downloads\Unconfirmed 718312.crdownload
| MD5 | f1320bd826092e99fcec85cc96a29791 |
| SHA1 | c0fa3b83cf9f9ec5e584fbca4a0afa9a9faa13ed |
| SHA256 | ad12cec3a3957ff73a689e0d65a05b6328c80fd76336a1b1a6285335f8dab1ba |
| SHA512 | c6ba7770de0302dd90b04393a47dd7d80a0de26fab0bc11e147bf356e3e54ec69ba78e3df05f4f8718ba08ccaefbd6ea0409857973af3b6b57d271762685823a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7ae527015a16df7834a1d38a58d7d6e0 |
| SHA1 | 309be7581e029ea670340593b5632233ba5bcc16 |
| SHA256 | efdd5aab8f34dc0e20eb7d2cd9eab4cdebd7e74e63e26a58944b28445d335612 |
| SHA512 | 30bd949780a7bb033426cc3c9f3511cdc3a9f06ccb9040a591ca982a623484b6c35231b0e01f868f83eafb092699b0dba1c88ef0f0d4dae8a9cf972b42fcf588 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 31338171db5787f6d19510aa244836d2 |
| SHA1 | 522abff1335689c63a5bee40995270004ee0c00a |
| SHA256 | 266f38fe862a5f0dfe393b0cc93ace98249071950a288283bd05f32be6225302 |
| SHA512 | 254788ecb29274c2fb955963eeb89ef635855469f1c366dc3e585b9abe23be8c91577f9ef013167075d99752379926233ff5aceea945c68e15c4322da6388333 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5ba555.TMP
| MD5 | 20b7d82fa4a8631f41d270f99cf43389 |
| SHA1 | db8126967f984540119fb0814b3d77d685aef656 |
| SHA256 | 397b666425fc40c459cf45314ce50762e052bdc2657dd6c19e040611e5a74451 |
| SHA512 | 19b8671c087cb3ad6277a58e54f5bd24ac853a2555f40a6a3fd0af30f8ce4bb26ede2965914c7d63adaeb0a68e07d113aca2b615279ac4eea8666f05d2f27f65 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6e4d021c2eeb14a7302c6bc1385f292e |
| SHA1 | 97a648f31eb92781b19f7e289cb728c022b11471 |
| SHA256 | 4b0166ba472eeb4be7e89a10917aacbd365873a0e2a43ec1660b80a290de7ced |
| SHA512 | 8f8b6e26a0c354b6817eefa8d1b1a4c228e537810de3b518ac7b642bbfc806855fece87c722bf146ce8ae67e77c1e5d0ee05f6c0564013b10a647671de8d8c21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8c870c1883d5428b5c7ef5cb0f813df2 |
| SHA1 | b27b2b2449daff7158dc5d0485a28e76661fd1f0 |
| SHA256 | 681b1a89e13e77dfec8fd3ea535e81f65ca9c064b9bd4df8f079a4472c794f20 |
| SHA512 | 238a74d34e488637ac75f3ef299fc796df5cb9badbd287af2dca133516226bdc91e06540362553a49d64bce089c4badffec58994726e0208a2b80fb1a1644041 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 29efd36fe1a736736afb3b2fee52b449 |
| SHA1 | 2a7a2a66108eb345b7974a7dfe53a323254f1a5b |
| SHA256 | 486ee9b1f25541391239d9982a4cfe52e3a065a4ccb67222a314533b18f51829 |
| SHA512 | 1f70fb061de53786ffc304eff3debfb0f516eb8ccdb1108753c20cfd7105a449f28098ebd96097eeb663de9521c6dfb59ced3a4bf2314a48162f5a1a33b86844 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 125127d3283ff0fc631fb2da2ccd1460 |
| SHA1 | f6e58368161a49ee62cf75d12625fdd47f8573b2 |
| SHA256 | c524d0919194e4e0ad5442ce2c6dbd29415c0a29bc929c37ee5ac5bb339bc405 |
| SHA512 | d1d0b5fe26248aaa63011caaf4a9e522714d16e2430f87cd69d5ca282e2f7566b0e6e98ab5e032b2d4464921ed808a0c6896db2fbdc4d9cd1d25feadc47b5cce |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 138ea7d0d3f7d45a704d4a9c4bd34fb3 |
| SHA1 | 3c8394b4736403ee0bbb88c011a605e030c34d5a |
| SHA256 | ed951be34e4d416c54c014667baee716c23955ec0cf08a88faa79e40a2828fe0 |
| SHA512 | 5947cb5cc880314595122942692d4a12b439979caeef6470fe9dfd4bf14d23ba88e687f4ebbcc92c0b9a979835c5f3d9cb8f80f5cb4af7298b50d89679561f24 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0a28d6db09336a250671ce355ada2387 |
| SHA1 | 2d168e31b9fae37c0f21cef14e0cf019bbe1b677 |
| SHA256 | cfc19eebb310b0e9e8c91e34aa8d5c5f4a3a763e5af7988119276ceb1e8c3221 |
| SHA512 | 72242f37291d7eebf96ec8a5bf58b4cda53b268f8ee694bc1cd9b715a7eeadf6a288bfa7f841e1663f439a2c15c259a49c002b1ceaaf3707141ecfdcf19df00e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | f5d2ca1bed839bcbc34c9e09da376a17 |
| SHA1 | 456af08feed559d4491151b12339eb54e21330ba |
| SHA256 | 75d313bbfec34b6d2606db829279ce882a27a1f61132c58744df34d60b19e16c |
| SHA512 | 844fd076202fd10f3ffa96fc487d8242514c2081a3feb1ca0f95cdfdbe6edf86f339bc3b039be728f7063853f5ed2007f94788a771ddd560dd8e383530a0c64c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\prefs-1.js
| MD5 | 3dad8a33005d0cc8b99303e7b641563b |
| SHA1 | 782ce8d02f188fbb67880d6d834c812a0683356e |
| SHA256 | 7a39050bd3a6f5a84c8ca533b28db7d243d68c95d837c7c11092645a2c8b9db2 |
| SHA512 | c6d798f06c4d29ca50738649c08ed4f5ec3b5eccab940ef9dd04b3f1080ba3854273a997ed5679d45a9286ff91d9c711e5f263491843264e291179e070f3c5e1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c13aea2131ad4380a6df0a52aab77791 |
| SHA1 | 2b431cc017678439aa0a8e653dfbb004e3f3adcc |
| SHA256 | 86e818674cc30d60ffba2cf12b7bba3359c6364074fafa5b9953021d1b9d2d08 |
| SHA512 | 94b7ebfbca3a582273db355bf15bb2ac518abb7e1245d294d0bc2a5e5bfa27a340690bb5203bb38980c19924b18e9e5d0ef74855d302355fdd070b8b663e7c1a |
C:\Users\Admin\Downloads\Unconfirmed 708942.crdownload
| MD5 | 3f6d2cef65fe49a38190781a0cb46707 |
| SHA1 | 6132b1cbb8b81a587d3eda3c9ac3a1c434fb13b0 |
| SHA256 | 151261d221ba0f6120c7f16700ab0724b92ff3230f05a89ef15dbcd8198678bb |
| SHA512 | 731b8fe2c578444ce859bf2061c342b13716e49647d99517358b69740e2f6e49d751474c241f25381b0e194defc2af9fe0f434aedd3bd96aa39cbd19dd457a58 |
memory/7156-1757-0x00000256289B0000-0x00000256289B1000-memory.dmp
memory/7156-1759-0x00000256289B0000-0x00000256289B1000-memory.dmp
memory/7156-1758-0x00000256289B0000-0x00000256289B1000-memory.dmp
memory/7156-1769-0x00000256289B0000-0x00000256289B1000-memory.dmp
memory/7156-1768-0x00000256289B0000-0x00000256289B1000-memory.dmp
memory/7156-1767-0x00000256289B0000-0x00000256289B1000-memory.dmp
memory/7156-1766-0x00000256289B0000-0x00000256289B1000-memory.dmp
memory/7156-1765-0x00000256289B0000-0x00000256289B1000-memory.dmp
memory/7156-1764-0x00000256289B0000-0x00000256289B1000-memory.dmp
memory/7156-1763-0x00000256289B0000-0x00000256289B1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 98dbb04966ee92a1eff14301dc4c75eb |
| SHA1 | 46e0a483995269d91b7a300c391cf2a8a0f3313d |
| SHA256 | 38f5ee877039f18f692c1f64c3b6159a0fffe8cd19a999663acb146552af6d22 |
| SHA512 | 739b7a6e8ed4dfd4fa605f58966e17a78ae029f23eec84265bc1239e0c3212b8d9f69108a19addf5ac8ad1b7fde7c038883be12c466e564c32d16a2cf76bd390 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | e4c3ed5d44d5584642f869126af87bf9 |
| SHA1 | 4ecc9a091502b53aef083486d71dcaca08ce6615 |
| SHA256 | 6062df4046779d7f3812a984ea1b957dc57539f545e0d37909646b73e830f05a |
| SHA512 | 577862b7992c7ab7cbc676d4662381494277656f12db8a9288650fe23bc311c85d93d8d1d3765715f24b615512f3d125793c0cbbfd692e7446ba1e978c4d39cc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1f5f334b96e5306539716a1a683a085c |
| SHA1 | d6f1be7c548973e881625e6f671c53eb98c156a0 |
| SHA256 | c6135d0e238c67325d070f01fd1aa0df2ba93b3e225343cba0324c764e8e3140 |
| SHA512 | 6b8e601bdc9493a79b4eb6a945f9d1b3eebe2ddf57357394aa711464aa300c88f5f860b4adca9664025bbf012db6d771982bbc2a17d4995b4aa9886a9cb5c98b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 33695d65d01b4f67b208535571e03296 |
| SHA1 | fa76d0081225681db21e38e3e5691a9729697cb4 |
| SHA256 | ab0a30dc9dbeba19c0cdcf4e49baee502a5a25a4147d9b2f80f63cc37b7029f1 |
| SHA512 | 5e36d9c7c61b37c21d48fb3b2c661cec1ca54a80e210364b8957b6ef3d25dcfb69464e62b081fb2b6be80ada147d028cd8f39b78ec41f99850ac2ca98b1d88fe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 94f301e97a1ae5a25b8b65c467a7c6d9 |
| SHA1 | 82567e4f5972d9d4cbe68d044824f1821b379262 |
| SHA256 | 0c1df138159869ae5199a244cf56a36826cf6b46cb3a26e8ba11fd84a1ea21f9 |
| SHA512 | 1aa945920edd95eda883d5e7d38f1fe9a019c8d97c2fe7caf8742af5b8963e53324ace828d3f10692b299391dfc1e7a343dc7d764c0e13648518147f66fe6549 |
C:\Program Files (x86)\7-Zip\7-zip.chm
| MD5 | b79894fbee3c882c3efc71ff3d4a21bb |
| SHA1 | 8bb4fa0e32cc892f8be396dbaa35acef7a53e36e |
| SHA256 | 2d55ca494a8b6dcc739d84bdd112f5c50d612f8abf409c9fb5f2b5c2c84c37a0 |
| SHA512 | b66a75ee3831c56967e2c64f8c9ba434f3cd9e4dc4c4fa79580e5ef81e8595863a477ce487921d46891bffcb31c6d45ea332e441c5c26df9a1ee59c0769f32b6 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk
| MD5 | 67fb299eede99a7c005eca86fcd6f51d |
| SHA1 | a13b9de6a42b2e07866af1d8cbe1e11bc8e8e1c9 |
| SHA256 | 39ec412b3782e88ca8cba098b3a6f5468db14bec39332abdcc03ca673f4de679 |
| SHA512 | d23c164b607a18a74278d0b6f7ad9ab3ebe3686972baac55c9b5f4368cc2f3cbd236b547865b94c3f645767762da619553fa8ef56e5555f5e61c338219f4d025 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk
| MD5 | a37962a8eeea9397d97edb6b99e5d099 |
| SHA1 | 6d390863e9c2b5064a2bbfea4dc0e995cd055ee2 |
| SHA256 | da3ed1eeb2fffa0e2d4b5655ad2212969a96a9bf91cd2983cece91e7a94d1ba3 |
| SHA512 | 00e7570655aa64cca6e8353f822661f52c0459e4f49cf573ecfcc43aeb8a888f8633dabe1d8022c4c4c812ae38dc2f446422a981b2cc170becf5468a4313890c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9fdb44575b4a29cf99722963458eb453 |
| SHA1 | 040489bae0e9dbf0c820536e2ffe66dab0d2ef32 |
| SHA256 | 1d6b01d791d30c846952c1586ce1ff5732941611044cf83cb8487ec238add18b |
| SHA512 | 1d6b87ef5991bd89c9ee8bc6f0c51b2d0d1cdd619f3888b690ce7bf08933637a7d33d42479afd613669e8248106a82a3a1a8d61ea15749965cbe4b200ca9c7d6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 6a38741e4702027708c1b469f1a1e8fc |
| SHA1 | 1b02f4e801cb426e7129bf114af8629179b448fb |
| SHA256 | cc67889f51fe6eff77466b2ef3a12a65b19b0dda58f7c368a8aa27e566fd200b |
| SHA512 | 5935dda6ac961d347783fd29cd46372b4e426dcbd7f84b53eb5efbc4ccc4560581ea1951f740fff41306aece53078107d29a153ddf1e0926d91a9811c191eaa2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ddd2394eaad052f859c0ad63739f030e |
| SHA1 | 9aac2438bca43db3c5f957a39f2d23ba5eff4357 |
| SHA256 | cc24c21a4f77368b302bdde28f89bf3c11fe74b94edf42c4ea2da4bcd2ea5fac |
| SHA512 | af48d752eb80525c202ee01572fd09ae67b5cd7dcbfb855e2e8d8c7a1497f77dca7175d6a8a14a9f2460b9f346e12d37cf646121e391e9cf3160e629cf3768d4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 2b4c0d931906e4a2fa04feb21f9b3952 |
| SHA1 | 72af61f739c402551e6192e9f3b972bf5fa12e2d |
| SHA256 | f1e98c62a1633b1e033bcf80f854532cd39305cecbcf4bfd460b613ac9375681 |
| SHA512 | 28ce848eeff5cec226b63053f68ef40ec43e939c4b23660f25805dd2f6d919512a8ca2f02539b64e55a463858648704c9917d230923bda724ced52aec07f8fe6 |
C:\Program Files\7-Zip\7-zip.dll
| MD5 | 8af282b10fd825dc83d827c1d8d23b53 |
| SHA1 | 17c08d9ad0fb1537c7e6cb125ec0acbc72f2b355 |
| SHA256 | 1c0012c9785c3283556ac33a70f77a1bc6914d79218a5c4903b1c174aaa558ca |
| SHA512 | cb6811df9597796302d33c5c138b576651a1e1f660717dd79602db669692c18844b87c68f2126d5f56ff584eee3c8710206265465583de9ec9da42a6ed2477f8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c2f959f08724884941ab653f15dffb6c |
| SHA1 | 3ba299293624551f4a5275658714ef38a16753f0 |
| SHA256 | 2e866758f57387438de927854413cb7d7d78af004391f1c4fbf786be5d0e4edb |
| SHA512 | 05bd93f246e7b7b677ee51b026f6b6ebe67eb1b5267061ae4b327a909c6d8701899a30f49cd8558a285279c4464b4a91c37f89d8eb1024341e9c3381848925fe |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 6d117d591ae6d9f6db724875847c189a |
| SHA1 | dfdf5e25e5645d9a366410d27dac965cd77e5bf1 |
| SHA256 | da84e993b03507f3d9ebe3c758e9e3d5fc498048134c49c2dfe3cf04d2920aad |
| SHA512 | b5cf3741132f84c328867a11ac32eac099ba5d7311cfe9a6b9660398be30d80383641fe51f957aaada6c27c8c27adece13c372628b0e2c62c0acd465d3e8e261 |
C:\Program Files (x86)\7-Zip\7zFM.exe
| MD5 | 1e9ee7e5ef7b011c2ae93c24b1480072 |
| SHA1 | 6cefd04d615dc2a6cc218e7a762dcd7bdb510bee |
| SHA256 | 1c263c236a27eeb6294d85782d4da44f5221a3c826debb5e2a3a970ad746c480 |
| SHA512 | b735f4ec1d1e2891048fac24b057bc80ae27cf5ce9f659eff13a58fa25e7040d63ecf9e95dadf1374859236ca3e20f4cf786c0d43b2d584285c0bbf47e6ad268 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a357189600fc69e365616baed930e094 |
| SHA1 | efb98cb5c6b820ecc0668d1411046020cda96464 |
| SHA256 | fbd4256bca0538a1c8bdaafbe541eb9e26ca5f5983e8e41ac13a7b5f28515ad6 |
| SHA512 | 26ad10262a14faff0a00dcb978511b26f1de49e574c4a32611480f0471b16052bb2e36da2794ac1e0aeea5f0650cd0c69182e28f97d52648473983f3bdb6a7f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 72fe40e0c82b0e1b7b79eaf186452f1d |
| SHA1 | 9616b2f720e2417d607a2b5c41b9eed80490cdc5 |
| SHA256 | ae548d600eae386e1c5edb5ff5a9e38ba332a605098400d37ca73bcba69863ec |
| SHA512 | 00ac2a7bdddd21937945a8706fe80bcd78d39d5d0db58eb0a12a121409b31e4d054c172d1e54a5790bd97e88ec5ecc19c36dc8e5ef486002ab53909ddffe5f3a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a3b896d5cb15d5d83815d903892638b3 |
| SHA1 | 42e15e255126b013abc0f8d9d0491a41d042e5da |
| SHA256 | 40a9cc7369d872c39860ca88a0d05e3a6e3043b0ace6ca29b609512b0e968429 |
| SHA512 | 832aabd8727d46e72b893527e54ad16e3b5050e56f8500ea8c9d9ac38349b86b5a8e532f329676d25bd423fc0595bdf98b29cd29d7eee1ba3c801a6ea2caa320 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3ddfc2275938f8c60eb160a4aa3cc104 |
| SHA1 | ecca996f07b05502d0d07bb36ff09b32029db3b8 |
| SHA256 | 846e0a55df9bc7e2e1b009b415d822c1a5d4f4b20a5496b2f7bfc9207a178775 |
| SHA512 | 082892304923e0b6546cfc6c6f9c0ffeccc6f7c0f7d5c46e220093368fceecb3a68bb231129f0927268433d456abc74bfa613e31fc128369dbb6b13d3cba0d33 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4e59ef179bcf5c9c204b0cfc8858bd3c |
| SHA1 | db70c045a0a8e59dc5d7938979e83035eeeb143b |
| SHA256 | 872554279fcf490249e58d6f9dfcb6f80e2693b1347099ce1f37e7c767b84b94 |
| SHA512 | d653b11f59cdd2d231b684115212396eda75e80f127ad3d5c5caebcc0ed0f7fd258298d9f1d791dabf10450d8289b773e04df6f1b02828d035065a0d8842524a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ab5c0ddb30b77a4db6e1df2bca28fe91 |
| SHA1 | c37394bbcc16f885d9fa867de9db8e72b468eca6 |
| SHA256 | 0d9a8023e46d53c5278207a3e5d29ea9538dd0d5059ac78f607193b6c8f4606e |
| SHA512 | 024679806afafe6014b08b0ef850b0912e06ef29d8d3a952b1218824fc2225688d1b37127fb0a6dd89bca760b7d35efde3a9519f30b0a6833397c8bbbef96dc3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7e609b9faadbe0c72a622f9d950f0c50 |
| SHA1 | 1b534d97bc55c77a5aa2671f28da13baebd29816 |
| SHA256 | febd7e456dd1aaae32b69408dbf82405623c5bda047cf3f2b83352b86de0f6da |
| SHA512 | afd070d3a1f9f9f0b4a22c6896ba61459dce8a81487b1db787d063cd869178aa2eb38df16d0c123863a9487e47d5af244e6ad0f0cd782bd365e1189e2d8a0027 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f68b964d5e2370cad51bfcff06e2265d |
| SHA1 | 0c3d2aac331265cf47a54621fb9979d446c23e4b |
| SHA256 | 0daab7b8dc2357d507a03f0ec711af64d0928cb05e1b364330859291aa874766 |
| SHA512 | a90c5c333eb6f4d53d44f72e6335e18090a64127b0a0b9390928b46c53bfa976ced0833b948b9f9318b12ab2b07f1f651ed71b202134b7f10d441b3bbf42164d |
C:\Program Files\7-Zip\7zFM.exe
| MD5 | 79e8ca28aef2f3b1f1484430702b24e1 |
| SHA1 | 76087153a547ce3f03f5b9de217c9b4b11d12f22 |
| SHA256 | 5bc65256b92316f7792e27b0111e208aa6c27628a79a1dec238a4ad1cc9530f7 |
| SHA512 | b8426b44260a3adcbeaa38c5647e09a891a952774ecd3e6a1b971aef0e4c00d0f2a2def9965ee75be6c6494c3b4e3a84ce28572e376d6c82db0b53ccbbdb1438 |
C:\Program Files\7-Zip\7z.dll
| MD5 | 0009bd5e13766d11a23289734b383cbe |
| SHA1 | 913784502be52ce33078d75b97a1c1396414cf44 |
| SHA256 | 3691adcefc6da67eedd02a1b1fc7a21894afd83ecf1b6216d303ed55a5f8d129 |
| SHA512 | d92cd55fcef5b15975c741f645f9c3cc53ae7cd5dffd5d5745adecf098b9957e8ed379e50f3d0855d54598e950b2dbf79094da70d94dfd7fc40bda7163a09b2b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 848bf3173907fc22212158c6e92f355f |
| SHA1 | 607c28fb61ed58eeb2e317f1cc0ed606d936c77e |
| SHA256 | 8396ec36112a63a3e74671d5004f924cb972cb3fea946a21a92953548a1aa4c9 |
| SHA512 | 3961dfd0001463ad0fdc251f4e47d5a8496a2bdb778246ed527b844ec02f2b9231cdbf9d518bf355105b1589c7cdb5de616f7efe9ee80e51da422e3f92725370 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | dc59b6fdd438c73702bae7f877ed2323 |
| SHA1 | 0187e92be653c678a3cdf4455a2d765d35fa7ac4 |
| SHA256 | 950bb712e98fcb5c6fa023ff7002ab69bd4ce18924e273143779384f2d75d68d |
| SHA512 | 638b0f9c74894f05d532df57e645320ce7c8173dd41887725867cf165b1ede232b4ce4935b4cea0125586e99270bd87ce241b0b58f8ddc151c94cf1e47fdae38 |
C:\Users\Admin\AppData\Local\Temp\7zO469C296F\github.software.1.3.8.exe
| MD5 | 6bd8ec66f8e5c585594a671ab47f1081 |
| SHA1 | 61c8c79df9bf1b184c438ba27b60bce5932e55a8 |
| SHA256 | 9ebb73f0b975b501eadd8b35426cdc230e2863d92170e77b9eefe3ec610252a4 |
| SHA512 | 3c805d1bbaa2b6893afd9305e26012ee98ba89a77c6f0cc1f737674cb5a23728b25c888a7a181efbe77394a6eccadd1e160a71b099b8b02a9e75a1836d6c35ed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ce0de8254bb91d0cb25e5d6abf5d03e2 |
| SHA1 | a27719d9750a28b48139e193ef52f8a959199eac |
| SHA256 | 825e76fa04ce23c261003c85d5b7fc8319fa081be671af0ab0044cedb9ef3ebc |
| SHA512 | 9f3bded2dc3d8f2c231ffabbde442f6edc9ceec8eafa998f2154e204d2b2541c8a622b8a436f7924e6ab62f798d4bbad71dc86f9ed236c6124161836edd19d77 |
memory/6832-2283-0x0000000001270000-0x00000000012C2000-memory.dmp
memory/6832-2285-0x0000000001270000-0x00000000012C2000-memory.dmp
memory/3848-2284-0x00007FF7D6A30000-0x00007FF7D801B000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7e4e66d1ddbeb0904c9308fee565e2ad |
| SHA1 | 80dfe1aacb14e26cb2a08e554538609ae76335e7 |
| SHA256 | 83d0e90ec92d077178f987cd32fd5e78662f93b655c0cbec98b074fdc6f994a9 |
| SHA512 | 1f09da828b8a854e43fb9ef766d9c0c81bf9c236e7b75eed56f25d3c7d9b9b57da3a3048e5f70746b9156bc2e2c8483bdb0fcebd8a15efa2c9f9c6f50ada9121 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2eb34d14b86496abe2a081b3b83527e3 |
| SHA1 | d57db3be648bf3039e0f832a17089f91a5afecb5 |
| SHA256 | dc4cbf9c35a32995150900517e9309f70f35647062b5ae84ef93194d91442972 |
| SHA512 | 01ce76a4a591a2cd2b9c400cb2d13873fa83a87071f1975453374b71f8207feaa59355f269355edcbc936a5317bf092e9c565ba9b2105b07bb339bdbb45a067f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f8e466c9effc1702f4d3846e67bd2384 |
| SHA1 | ef8fae7213adc1982c561f941c29d173bbd0630d |
| SHA256 | e98c74fd956bc5df1c36f7d1a32957c24290dba5ab50e69e2415dfa52b770c2c |
| SHA512 | 5d5fa19160bfd27e4e1802de14d1b7aec533c9c5f910ec3315b657c2d148b5d5d9444703db2fc98998eda67cd0b3034d2987afb195cc5065f47c3e936082eab4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\sessionstore-backups\recovery.baklz4
| MD5 | c457dd8beface8eeb65558c9ada014ca |
| SHA1 | c76ec40937f9af5f5a4ea7bff6ba37668549117f |
| SHA256 | 5fc13c34df031d9eb41f85ed2f8f6f06533d0a456cceebb74750e2201ebc8159 |
| SHA512 | b87349a23f1e7ba43fce4f9e7677843ecfea47e7c0a4f2dec9fb113de8125c637c6c6dd4fe6a50f23821076c077378d5958fd48f6717c6f016b5f73354dd2831 |
memory/6488-2379-0x0000000001010000-0x0000000001062000-memory.dmp
memory/6488-2381-0x0000000001010000-0x0000000001062000-memory.dmp
memory/6944-2380-0x00007FF7A9140000-0x00007FF7AA72B000-memory.dmp
memory/6476-2382-0x0000000001260000-0x00000000012B2000-memory.dmp
memory/6476-2384-0x0000000001260000-0x00000000012B2000-memory.dmp
memory/2712-2383-0x00007FF631380000-0x00007FF63296B000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 04b286ab410dc28ea060535518b3986f |
| SHA1 | ae45f2c978e19cfe9098e21ae4f4762f3dd3adc9 |
| SHA256 | 26c14a8b4817a0120eca6be3227fc3b21730bb8049077623004025fe185d8667 |
| SHA512 | a576a465878b6ef0329205b8a3d53ea29b4181db9c3b8e45e6f20c03bc742f9d6a5544516705221d325727e93cedd0be718d8e14d60bde8a5f97a17c5dc418a5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 99948d51f676a1d04a5a5ef88bdaee5d |
| SHA1 | 4fc5aaa26aaaa1454a5dd32bc608ba61043d29ca |
| SHA256 | cca64b0339d8edb572a6db60c68ee34b7daf7086c1dbd208ad8c768453fca564 |
| SHA512 | b62916d251b5792b704b35a56318be20f4c17827287631fcf0f866444a994adb147dcaacc7530b08260fa82410af400d543cb92abbe346e66b26b1d269c8d9a1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
| MD5 | 7322a4b055089c74d35641df8ed19efa |
| SHA1 | b9130bf21364c84ac5ed20d58577f5213ec957a1 |
| SHA256 | c27e6cbe88590ba6a04271b99d56aa22212ccf811a5d17a544ee816530d5fd44 |
| SHA512 | bad26b076fa0888bf7680f416b39417abe0c76c6366b87e5a420f7bc5a881cc81f65b3ef4af4ba792aa6030bcf08bdc56b462775f38c4dbf48ff4d842c971bea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | 209af4da7e0c3b2a6471a968ba1fc992 |
| SHA1 | 2240c2da3eba4f30b0c3ef2205ce7848ecff9e3f |
| SHA256 | ecc145203f1c562cae7b733a807e9333c51d75726905a3af898154f3cefc9403 |
| SHA512 | 09201e377e80a3d03616ff394d836c85712f39b65a3138924d62a1f3ede3eac192f1345761c012b0045393c501d48b5a774aeda7ab5d687e1d7971440dc1fc35 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a
| MD5 | 77757f79f44e6ac969bcac9051641c93 |
| SHA1 | e76399196e544695feb8d56780544a425321fa08 |
| SHA256 | e191359c2a09fce6714d5a8fb50d892ce932d216772c6588f87fb50bf4a08de0 |
| SHA512 | 53507983ae85d251a53289b9e35bdc6cbcf138a104fed566226da0011db55e2c22a16855ca3629e9c064927c89134d47a41ce87db44af22d4e4f11d23e73b677 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d8a7efe524592a400e3a0a6fe98a2d39 |
| SHA1 | 4dabe0e254f3caf77113886b016ddd91422645e3 |
| SHA256 | 5475c390d5801c3e30878583874a9f13958112397e03b0f115a92a13b949a209 |
| SHA512 | 60869ddd67780237457e2592a0c3fc0a022cfb4f0b94504729e60e024bc4952b03e9c58b38b9a90a029344193c91b957afd72a773d0d3f8b231c7a87fdb7a062 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d17e4463915260b61eaecb587090b96b |
| SHA1 | 10318ae04cd72bb7baa4e5b5254c1da5ad9c555c |
| SHA256 | c140a07a1da1a1286ee8d78daffe4e20d719df02893d83a5ae3929097c538d15 |
| SHA512 | ae8e1f6d1402c929d948b21d1785b8fd026d5663bacf2b6b2d1b853ffbcb02095dc3305df2945443c8c65a2f6de763d9a02d81f2cfa0798f6e94ac3407acde82 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 654d9169875c4a55b2f31ae6337fe6c2 |
| SHA1 | d0c34df9ed96db5fa204a9e383cfb6b5d12fa1c6 |
| SHA256 | 95f6c38bb08148911f6e7724bfef63bdf10a64e61fc4218d13f68fb1712891b5 |
| SHA512 | 90aa04f0564a9e0a82ad9ca028ffc52535890121e4d59224c848282e7a76d336ed55ffe3153be4bd2cc8586a5db91992127cc186a3d57e5500d8657d25724053 |
C:\Users\Admin\Downloads\MEMZ.4.0.Clean.zip
| MD5 | 8ce8fc61248ec439225bdd3a71ad4be9 |
| SHA1 | 881d4c3f400b74fdde172df440a2eddb22eb90f6 |
| SHA256 | 15ef265d305f4a1eac11fc0e65515b94b115cf6cbb498597125fa3a8a1af44f5 |
| SHA512 | fe66db34bde67304091281872510354c8381f2d1cf053b91dcd2ff16839e6e58969b2c4cb8f70544f5ddef2e7898af18aaaacb074fb2d51883687034ec18cdd9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 054d4eaa8f45541c269523cc837d7ba9 |
| SHA1 | 23d6e9992cf6367b1c435610e5950ea1687ea1aa |
| SHA256 | 8427237cb84ba7215271e0dbe3996233f97ecb3ded5e6b0e2444981e5d3efd7d |
| SHA512 | 944e075d1002aad67d07005fd73b0d376323601fc9c79851739396ddf66bfd70bf06dce01f217382cbfb677d9c854b7619edbe4f3ead4c0641aa3cd820b7440b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4c076fcc991807d8502f9ce4c5e29b2a |
| SHA1 | f6895c8d36b42f3491dd78e90c016a7879ed0fff |
| SHA256 | 32ec011bdb550f5e34c42db5f79338059976979101022b29623da7c7df8625f3 |
| SHA512 | ecbad0fa499bd3cb8fdebca564722672e1505f8d971ed1f6ce1e74d0c34b6266d550e07ee6211c437729e2ccee806528827f78fb72bb30e71938fabbb68179bb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fda75d33d4ef8170e0d796fd655ebf75 |
| SHA1 | 601c2e9a4bdf91ec79f06bcf713305928a705d8f |
| SHA256 | 67a651a75c72e30f3f2e30691a4bfb6fe15701e825950161c674a267f42ecfe3 |
| SHA512 | 006e5b7835d1f1ca67f4cd2e1d67c1429b643a71dfad883a4d0a900d6e09a02dc642471b57265c4d5d10e45ba94b4c5ffbfc9ea147d8cc22648fd8d24d3da8f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 865a6e134083241a1f3835d8bf384a8f |
| SHA1 | 4e4ada530595d1b272da9585101e3745c5717e42 |
| SHA256 | f6dc58053b1ede555bcf7df4d3f6e40e7dc6870e06eb7d2f58c045bfa20b9423 |
| SHA512 | 959444430eb41eef0ecc3b143d165b51a27854746ee83c8f2ed9c1f3d099d6a2767a0a6b81ff52d231903e1a85a72a5fc344d3cb3e8dd5594a3bb69b87e65b5d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\6590b536-7fd4-4e83-9e43-471d65303c58.tmp
| MD5 | f38d2dbd86697fca725cc26f7acf818d |
| SHA1 | 461932f8b6d7b36c17b23733ab23795662de6d87 |
| SHA256 | 3110ca27d60a7ee88ee77b55597cf4c901ccec8752eea19fb68195d54d56d07e |
| SHA512 | 8d9865fdc94f6a789445cc08c5de73693fa709554e068aa9fbd0a5f72a41d15c2492e3a6e14b7bfe75b90248de9801206bf980d53339002b3e5b0c4efe8300d1 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 65ae1c422bd8f76d57393b1f1158dd56 |
| SHA1 | c93caf7615d1b0cd68421de7bfa1053c6043c246 |
| SHA256 | 39da68e4317860d37d9a1f6bf9062c745396582989cb02b933b4dd4f0b6247e4 |
| SHA512 | 9d8e0826f3d2adb16e5a126523e67599de97d38029a1e2707fba26939787ae4021262770686a59e6bd3712d26e343c07eb9f9d7cf3df71846c621dc508d31715 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 3286767e3a1fd99403f703da4239b4fd |
| SHA1 | cdeadf7d96d9e8b0789795d4222979073ef5bd84 |
| SHA256 | 9b770e80682fb5b11f9394ecff034d7e26732df6e006857ae2215b92c5814aeb |
| SHA512 | e96d92989af72b8a1c6b77c9c6572ce9cd8d59a4f9cb7523da285b161d11120deee32c594a76320238f6f61468b20deafa147440099e023f608ebce13f0932eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7a1b414330450c4c624bd700ce08cce4 |
| SHA1 | 70d6be027a9e615cd39a090845c97e62b3dd5e06 |
| SHA256 | 3ccdadbfeebe306b37f75336da618161ec6024d85c8076e89631af2b6e3a15af |
| SHA512 | 68e74061fb7f659e425af560bfbcda3420483fba3c347723ae4177d91ab28c482082b137cfcf919e7fb5d008c7ac5915efcbba879e8ede80df3fd37b2df32dda |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 97aa1c7135c89c872d66c90e188f08ca |
| SHA1 | 80dfa834f16c87f5adbb374e0820fddcb0403f3f |
| SHA256 | 2cbede805c6c8295aded1a85c31ef8edb0a1647ae3bb3558bedd5c7c503b256e |
| SHA512 | 334b30cbffdca91bfa26e5f009e4e54bd07b25ebc2cd4d81f8b32ff008f3f9edb4301d91738d6f37b40b1126e4e99f433d4eb169b222411a8fd1552d76171ea3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 61785bbfe72fc95247ed671628d9be29 |
| SHA1 | b6a715d704c7bb623c77409a99f3ddfa8b990c14 |
| SHA256 | b8fe828d9c598612074dcc67c96ab63a3516fda59b4f81a3bcec1ca2cf8d88fb |
| SHA512 | feab14f753b80c76fbff692501fd25bd2bc5c3e0c532ee679f1d7caaea01d91dad354e3b578c2476cc7fbb210dba74096018967cf95e3fd55a527b67b25a032a |
C:\Users\Admin\Downloads\Unconfirmed 50650.crdownload
| MD5 | cffe1f958643d6120ca4b41ffc8c88cb |
| SHA1 | 6f65c3011fc96dc987411be51992ce40d411c890 |
| SHA256 | e6aebf723ca843c4c97532256851fd7bc6daf9d9acbcf5fff2b2135616f1e434 |
| SHA512 | 2694ea6582521849d13a1dff07b9c30d5fe29ec21031bea0f683be582f7e949c7f0065445e7943c930c7906bc13267961b85b067c39f7ed12a9f87f3de922cc6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 52dadc6966c4ae06aeaf73b6cfacda91 |
| SHA1 | 5f3645868ece7834ad813846cf4ef5c3ef36ecf3 |
| SHA256 | 41fd131b34a768a409e163572c0bf0660737c641b1150c037479afb2897eb666 |
| SHA512 | 7011b55468dbdeca4906f6c9981bf47084a8895e05309078da340d8143962faf71aef7c3980b8ec3f7a5bf3ed37777848e4de1308a40402dc17c48859d18527e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | df6dfa9a60720efce1c3ea4f33d65c6f |
| SHA1 | c04e3b1cd48398b715e9d7ef9ec3645178e6c82c |
| SHA256 | 047a8068d6c456667a4b210eafd835d8de4d272d93e2678f3a8beadc5a348f40 |
| SHA512 | df3e55a6d1e38b21788cd7df27a60a03b26a91da3af06914c29b51e23462befe9a39458bcec98120ec7c6b4f08da459484a85d14547b769fc6d98c63d12a939f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 68bcad68d06128d3c07dafaad66831dd |
| SHA1 | 28aeacac6bd0f97b2a7daa28a977743e36e34558 |
| SHA256 | 230bcaa88f3a135a1275c588febdbcc0af8bc002d7bf46446baa81d2f2954426 |
| SHA512 | a4e9a198298332ef0442abb945c766096e95a6261c2ee2888a97c74982f8775075afb1783c23119233e7899a18a52b49f65c13e53c6d6a97310e3b175ab4b447 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e557089ae6f0c53b12096acea12ccbc1 |
| SHA1 | d22975a688431a870e8630d07ad3f97c1551ed89 |
| SHA256 | 4a951c7f0bff35c55ff295f2ebb871237865da44a3223794a2fcaac2aa1c1076 |
| SHA512 | 4a89e0f06a57488b02bd068e33c5ec33622a3d2e6867189314abd11bfcaa562bcf2ceefc6b13359dd17c5a1322332516877fdb8ee8ba3564ad14e37343b77fe5 |
memory/436-3080-0x0000000000030000-0x000000000003C000-memory.dmp
memory/436-3081-0x0000000005020000-0x00000000055C4000-memory.dmp
memory/436-3082-0x0000000004A70000-0x0000000004B02000-memory.dmp
memory/436-3083-0x0000000004A40000-0x0000000004A4A000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0de0b649219d63aeab1c2902e452c32f |
| SHA1 | f3a1bceaffe04d0f5924232f6ae7f4c5ddb8d02f |
| SHA256 | 347252543dd2568e623abb63a5f5185816c1d91a2178e9bd7589d4a9c992e59d |
| SHA512 | aca8616702a19a8e545aff65ad72eeccb2ff24349d7973f3b09e0d7532cb50b358c6a19b01669ba4a5a187c47f5a646fb1f6b831f0bf640305f64980f97e6019 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ee526b427084915e09b56664499957ce |
| SHA1 | 4f0f3e8d9b07aa9aaea3281cf5ecbf4c3d168c1e |
| SHA256 | d4eb695f33ed3f35dc0c3837cab13a46850b213e861aafe79cb6b43ea7464506 |
| SHA512 | 6cdb22f035aff69258fba71d2086d479e38aaf325a894a4363285a6b9627a834532bafd570f332b433139bacd78dc478150a9218e98319a748f79aff204d784d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 013a211785c2677801f87098c51ba1e6 |
| SHA1 | 3b512ac74ec85c213da5abcab4fe3e3a9ccd232b |
| SHA256 | baf94cdae287a453de443683aabc66889b9d2401816829338366f9d38f122e52 |
| SHA512 | 1c4df9e0ae24ac58a436bf8d881d5dcd5908b815f5dcfa4de568c8bbe86713f2d43465d118a3e4def95fd9dc5ac12a61bdc3e50083c7f64ac555c2cfb8654e3f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2d7295202b3da6b6920297ca3f4db1be |
| SHA1 | e44456cb6745aff258791960293cf88c06e06e04 |
| SHA256 | 077c17d51b71ed32b8df9947e6e5765d71f83d19b9706c7494cfd9a3ab071c70 |
| SHA512 | 19706440d28449b0266f56eeb422ca97ef059b942f934564ebd6e09c38f86820ece40cd9fb37c8933db737496a384b0fb2a5003d63785c0a6097aa3554dcd756 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\sessionstore-backups\recovery.baklz4
| MD5 | ae70604a915974ceeeb2042677814cfd |
| SHA1 | 13d13b354104e0dbf4159c88bc4b4e04575362b5 |
| SHA256 | 96b68287c20458b896f272e1c7bb8bc077f7d585f468db6ba86cb0014ca34618 |
| SHA512 | 0532ec984b90b615864fccb2c8d23eaac1942769e8fa963ad8074950bafa62a1bb63f06a423623fdf36d9863a909e09a9fc5eafb98463e5a324e0d422de950ad |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5773e312d8a7bd52c3723f56ded1858c |
| SHA1 | 700f9cfaada09ac00ad9f2561e9b6b3aa4c6f4c2 |
| SHA256 | f20b6b18747be522d14dd1a12d0f8cbeaddad408f4be70b5846deef1c1576d79 |
| SHA512 | 4d8022b309d2a852307d7ac387cbf0cad3a62e3b6ff7bd24e9d60659f2e47ed8f697d3b6608be55ab75b88fe4bab19756e0eb2d262253a0c0a838d96b4e55c0a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2be78fdec0b3adcb7ef17eed35ce1e9b |
| SHA1 | e1d2f79f8825a3e94b4a5708619ca6b5b95a1bfd |
| SHA256 | facccad33e603858aa6d5ff490d9d7233fe30bfd220cd349edee30a79ce5adb5 |
| SHA512 | e24e3a912993707cc015f4c3b13fe64e02935dbbaf4e9fb4b792c8d60f4f9f26a6ac0bf9bb77cec90f322f4747d62f18a341b7ef4292deae403cb2608a4497ae |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e3bd1dc887fb8f4e793856b289376318 |
| SHA1 | 8c114928171528b018b381a0a89e059817c366b0 |
| SHA256 | d1c2e5c4ae3f210db0a89b7bad335d9c7e62b11a49c8da699391af6742a973c5 |
| SHA512 | 3bc204e51aa6cf7e94e1590dcb2089612b2646914701f47690856d9937cb8bac9fa6eb9e24dceddf5e7e9ff9a6c89d5051da824eef1639f32b66cf9a545c3bf6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8099c09ccc02aa9177c1524c088a3b7a |
| SHA1 | 07e033cf4ca534a94bfc1a61f93380ad1371611b |
| SHA256 | 17519e96ec1cae0bc5b2f8f0d5d05de631b6b1fe624dc0dfe83eeca61adfac4d |
| SHA512 | 6c8da8f4e59bebd6d68938cb1990bcaa33372360bbe464c1ce09a356d9922a35173b50e015967bc65f10123b704d5155b63a2b050c296f5523aff71cecc22946 |
C:\Users\Admin\Downloads\Unconfirmed 259448.crdownload
| MD5 | 2b94924855cb2faa5428d2392a223c9c |
| SHA1 | e0fcee0fadbd0e0407f5b2e21cecd180445f19e8 |
| SHA256 | 3929f40a5c5f7ded4c2fd50e48cc27cb38305b220fefce559c31f10bc6f0b1e1 |
| SHA512 | e1721a8e5fb45a8cdea2d2380b08b2b075f54a9cbad9f616199cf5a6f2023be721a3317a1cf3c75ac3a6e0a48fe451aed1333c3654cba8e92cc621efedfca8fb |
C:\Users\Admin\Downloads\Unconfirmed 259448.crdownload:SmartScreen
| MD5 | 4047530ecbc0170039e76fe1657bdb01 |
| SHA1 | 32db7d5e662ebccdd1d71de285f907e3a1c68ac5 |
| SHA256 | 82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750 |
| SHA512 | 8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6192871012a04ae3e182bc394436b497 |
| SHA1 | fa144c34202b41caf0345a0a9ae1acc02a74aae2 |
| SHA256 | 217297dd74ef0de3a50ad3bf789eb66738da88097d68c6546cff9b319aa18749 |
| SHA512 | 4cee81faf1747ead3a40d16989f39645139f776d6ee91fdd45b61a19ee3e7f3a6d42e30317b6986260865d6061f2d11b9cfe473af6a15e52dcdc7052f3c512c7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 130c55a646d85ea9d5850c33ad324d2b |
| SHA1 | 8aa53af0a1742d86cb5ebd4048bd24b019e2df2f |
| SHA256 | 9ff11d63678525cba47a8190a15e3fb4e7d40c12e86e7e69d338a8ac1f81d5d1 |
| SHA512 | 25a5e87962b8e7eafe4022e1bd2538e2c9f7cb968d1310c56acb0d1d3be1142ad585ff100fa0edbee193cbe7cc18f4c4593bc93b76dc6ef90df57a29df7e7bdf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ba2038595d2f4096d453422a105d7c0a |
| SHA1 | 184c0965eec581b8ad0ef1c1adcd3ff7b665aed5 |
| SHA256 | 6a86a9c1437d415817b12482d15385ff89417ed8c7fd1459fd897cf99021b36a |
| SHA512 | 5f1ff0d60f7b923422d2eb40dfc3176796699b9951856f03292d715e69aaece8947f40da849875e10443d2962861be2e7cca056cddaef0cad906726fd3b1fb62 |
memory/6848-3361-0x0000000000400000-0x00000000004D8000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\sessionstore-backups\recovery.baklz4
| MD5 | ca3c554bb28a60fb4d0c9e9cea56164a |
| SHA1 | d32192bc75fd4548e9b11abeb1e488257cdc1a80 |
| SHA256 | a69779c4ffb61da4fc2101af228d4ab00458980c22f5302c38b93a6bf0f7e4db |
| SHA512 | f2791ef3c37ccbf513bef70ae0116026f39603b89f12ff8ea7f14541ae4bd4618c714a63c8d9073f86238abbf9a6d8f99200e2be842b9f83744f44b3e435727f |
C:\Users\Admin\AppData\Local\Temp\is-G4VN2.tmp\Helper.dll
| MD5 | 4eb0347e66fa465f602e52c03e5c0b4b |
| SHA1 | fdfedb72614d10766565b7f12ab87f1fdca3ea81 |
| SHA256 | c73e53cbb7b98feafe27cc7de8fdad51df438e2235e91891461c5123888f73cc |
| SHA512 | 4c909a451059628119f92b2f0c8bcd67b31f63b57d5339b6ce8fd930be5c9baf261339fdd9da820321be497df8889ce7594b7bfaadbaa43c694156651bf6c1fd |
C:\Users\Admin\AppData\Local\Temp\is-G4VN2.tmp\mainlogo.png
| MD5 | cd7f1e004d919724c4c5c5f377a4e2c5 |
| SHA1 | 8ad9ff0daafa6ace17748cd6d2682993a95df073 |
| SHA256 | cb91c579311001831206cd0d044e8e50dfe2283920d952e510c1611a3f136483 |
| SHA512 | 2ce555c46c5066b0e92964d3f88d94b5ba0ae5cf687401d2025ac10b77fdd46936b0302de4951bd9dc4fbbea59121d079d645caefc8ca40f2c1dc259abafd3d1 |
memory/7024-3388-0x0000000004C10000-0x0000000004D50000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | bd2f8d7e5eec6c9ced668e86f13d8a45 |
| SHA1 | ab4a4f8507f2227112d853bca40f717c73059590 |
| SHA256 | 957ba650bde0960dadce201d6aac247775b7b3696ca0285378c6acb740d98e17 |
| SHA512 | 713e2840bd565b83b392c8c09b6e0e7e42a3db33a15b7b3d1fd91e1e446b093bf80bed6a770bafde1673753be0f6250007ee64d0df38086aea8cc3a73ce5a4f7 |
C:\Users\Admin\AppData\Local\Temp\is-G4VN2.tmp\RAV_Cross.png
| MD5 | cd09f361286d1ad2622ba8a57b7613bd |
| SHA1 | 4cd3e5d4063b3517a950b9d030841f51f3c5f1b1 |
| SHA256 | b92a31d4853d1b2c4e5b9d9624f40b439856d0c6a517e100978cbde8d3c47dc8 |
| SHA512 | f73d60c92644e0478107e0402d1c7b4dfa1674f69b41856f74f937a7b57ceaa2b3be9242f2b59f1fcf71063aac6cbe16c594618d1a8cdd181510de3240f31dff |
memory/7024-3401-0x0000000004C10000-0x0000000004D50000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | afdc8e5738cee1dd581edc9a76a153a3 |
| SHA1 | aeeea510682705c8ca180513234ed9a2b458e370 |
| SHA256 | d1bbfc55eaa955a5abcb046bd893487871921bb74c718b65e549be5402bc76d9 |
| SHA512 | 29e9b1a4a78890161e6991a280285ef300197ad2b6bfe8ce2afc1acbc115050ce839c34b320c9d906b9206c5a02647a6eb94e5106f9898de8d3df13b71491276 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 693fcfd223fbab93cd6c1d504827c1f4 |
| SHA1 | e0ad768f84ca40d204a5deb787240abd9d5d5bb0 |
| SHA256 | 53156f8e329c14c1c971825d39fba26863603fc4c95a462d09b93216bd226ff9 |
| SHA512 | e0e5d4017391194e3f30f25b8b25555abb66b7e95ee4e2a31c5eee3537e03a7a94f9030ec762c38fd56261c011f639946f46b8ebf190608dfba3c2bc0f907aec |
C:\Users\Admin\Downloads\memz-trojan.zip
| MD5 | c31e52bf196d6936910fa3dff6b6031e |
| SHA1 | 405a89972d416d292b247fd70bbc080c3003b5e6 |
| SHA256 | 8b47e773a782361209f8adacc8d6aeefb595e1c13ae6813df7de01c20a15c91e |
| SHA512 | a5335c7d3beafdefa6cb1a459736615ca0151fa2e64dafb78de65aa4b924068ad0dc55c70a5317be19edeb899f94ea02e2e54279933b87828ebe86ef95f13291 |
memory/7024-3440-0x0000000004C10000-0x0000000004D50000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d
| MD5 | a7424b9d898fb8ac5177227820b2206f |
| SHA1 | dc5da70b45865030fad085922ccc0f92a6eedd7d |
| SHA256 | ae624675e1f177411f5605c2454a25ce2063992422b8d0f93c687bbf8b7dacdf |
| SHA512 | 21ff2018b9e4962e41f5fd4e97dd5d825d967d4b906a49c349e46f6489931f26cc80d7a188923c07ab9123e37ebe8e97571055a676997ec4997ef03cedc5dd86 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e
| MD5 | d66d66fe9bb66a4671a985efb28a9849 |
| SHA1 | 265f7aabe4ffd2baa7bdb506968c663a8a5ad224 |
| SHA256 | 38e209cd7eed6ffcd7ec1951797b7aae197cd369b52161d30f4da60c06fe3f46 |
| SHA512 | 22e5e04f149fff8e39c067a5fac16121aebd9de792c40f00c34cc013224a00b14cef729146cc3f5908a8bc82a435caf863709ce7403e8374bfdc6bede9082b84 |
memory/7024-3484-0x0000000000400000-0x000000000071C000-memory.dmp
memory/6848-3485-0x0000000000400000-0x00000000004D8000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bbccb930484b2722acfc677f4e806096 |
| SHA1 | 6ea279a51df9adf8be2c56bd69b4f6005de4f8f5 |
| SHA256 | a070a5b939f441999c6e843e769e5b09a833df806013d811b6619ed943122daf |
| SHA512 | 3bd9e9f0af09560a419e111b77ad51ae443c919a640704423bf56e3f818582a82375d45367775ebbbd4ef71ab5ff9504077602096089642cbbb2313590a3a4b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6ab0f8faf31d7962d53cd0f9e04125d6 |
| SHA1 | cf57844246427375abb2ec792952a67a10b99af3 |
| SHA256 | 4eeaeb2931b263a9e2fbb05b6c68e8e6915ad6c371faedac1bf01c64c5a7ae6e |
| SHA512 | 64e50eb43cab29664b73ba144ecacf7f38eeb58fa098e3a8f2684b59bea6b7cc9abda303a1b9e9d5ff5cfcd87620d5bbe53aa9f8580a5c2c1782159eef0196d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 887e907f244fb0c69bc3333fde2e0683 |
| SHA1 | 2f6d0ac686590cf2d98455188d01581bf84cb512 |
| SHA256 | b82bea68bb11b58f337a6aaebffe2c6643fd7c1999c9e3a4f4e76dca374032ae |
| SHA512 | 2ac5e49bc82b4bed4890bfca827e34ecf78457d71687a2a11ba715c4818ddf6b6c00dffb1eeb9f7a07801b1c3152f5e4235a444ef43d977950ba5f305b524194 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 38be1fdcad05fc0393b7e02e7876b53b |
| SHA1 | b0d3defa55f6d1b8525f154f01abfdc5787a1db8 |
| SHA256 | 7bdff7e1e2ac75fff47b081fd7b5857992e5d73bd906233d5a8a8a9e2f382686 |
| SHA512 | d2fc31473b4e3c3aa38cb9ba484ba52b9bae3e48f2a4451b8bf3b770026d685127b725ce2c6879c97ee04b76e06e0f6ea0619df26e5f95f09b0cf983b2dfb0d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8ad0779d9b09657851c92ecea468a21f |
| SHA1 | 356c7778d6adcb7045c32fd66ae36833d2963670 |
| SHA256 | f03a49753446fd4ab2bd046c6bc28d7ed234613858c38043abe36b5063ac9d9e |
| SHA512 | f6fa19b40aba493033dc6c6cc9c0a2714a25ea9f6d0dfa74c4edcc265192f4c10623439f549dfb1d7581cc20b69d0fd39ba2b08d8cff554130721a2d01531eb4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5e0d33f72ad375d7e2436e122799ce37 |
| SHA1 | bd4f28b61c5ab75114bfca7f4d638ecc9eb83bd3 |
| SHA256 | 78d1f6235844a400bbfe82f951336a010cf6ca34e557d630cc19f15334d860a3 |
| SHA512 | 8a5b117b9468fa5bed1263221de269ca8144485ecc2e94c63ec432b3dab7c6fa3b3b0f551343c1e4cb2ccc5cdf93bc0d1c27515fad08a3e4b5fc46ed26420175 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | fabc0d40a6686c9d021d3b5e3c866f63 |
| SHA1 | 3d663787c06e6a536a8c7a6f7bce7c8caba90954 |
| SHA256 | c1037b8d5b3a452e1e7b9b5e4bc03d00778dee259b91400c31218b4c05c20395 |
| SHA512 | 839640665e42cbe06915ad2d026f2b9accbd88090db5123aca72a9497e6bd0c79c685e65353c43d4e4b730c4d5531d857cc24b7e034b8ef04edbc66689fc29b9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c4fb4fa21570e442047010bb27d3c512 |
| SHA1 | 0d053be6c7235da80e85732e4102af11ecc584b1 |
| SHA256 | 3654b11997e8eeac75997bd9887f69ac9fb16fd216b244aa8a9485ef820578ff |
| SHA512 | 5e03a5f83fcda5910a3db648499bcf0d524a208bf549549e46f2b901041bd7d8ba25dd89c49b430aa6e495c483470b275db7d00ea8aa2b17854011d914c4e08f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | dbe54c749b2938113114343aee02f351 |
| SHA1 | ba0bdb9e8331850ece5cac6abd6be45044e35261 |
| SHA256 | 331e3a263341db1b512f6bdd846701d77d73bb88c5079125221510a79fab45b2 |
| SHA512 | 01a15d4e979ce6a42aef3ad59af965d9bf521526500fb44f1b4693eea85cd058c894f40955438e179981bc60811c974d4af0cb31f3d6a632b2acc03990c94675 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e
| MD5 | 628ba8d31375849e0943894669cd033c |
| SHA1 | 4fa6d50a37fa2dadec892474d3e713ef9de2d8a1 |
| SHA256 | 80e3440c312f921afe33a7d4a3d11d1d2dc7162f8f50b748b796f424441d10d6 |
| SHA512 | d4406493dc8767c479460f3039b038866549feebf392280384da08adbcad2e871720d046220cb67ebe3ab75c14e06a31df2fa7c0f2c17f91eda26ba0a709d27f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021
| MD5 | d7580dce32412dc9d53e8911beeac7e4 |
| SHA1 | fb93b2d7546f30ded645e40c4ad2ae962bced731 |
| SHA256 | 136b2c40697b50198694dcf1ccae005f9a5dcd15b3d67bb48745df477a49df06 |
| SHA512 | 2440ddd41e5d17fae4ff5e261d2d4694937f27d94292f1424c398585471f71cd20131f2babdf3332176ca2aa191bde920aeadb15705843fed3d4183fbfbe6e43 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020
| MD5 | 6f0d8c2d86b40b21934ff819a3961667 |
| SHA1 | 2e411280d2191d0f9732fe01ebc522aa87363b34 |
| SHA256 | 8ef59cad09decea1d3b42a9ddd4a9b25a6c7d7bdac03d0621b4bef1448276c88 |
| SHA512 | b9406b8e4f3ca0fb1a45d3ce677d12a84c83c9c1039be109b0002c4a42435d68107cacaec2e07474b7e9d48e6e00df1734e33d1b18d6aac7a604ea6500e01024 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f
| MD5 | 0f3de113dc536643a187f641efae47f4 |
| SHA1 | 729e48891d13fb7581697f5fee8175f60519615e |
| SHA256 | 9bef33945e76bc0012cdbd9941eab34f9472aca8e0ddbbaea52658423dc579f8 |
| SHA512 | 8332bf7bd97ec1ebfc8e7fcf75132ca3f6dfd820863f2559ab22ac867aa882921f2b208ab76a6deb2e6fa2907bb0244851023af6c9960a77d3ad4101b314797f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022
| MD5 | 0e9598f50db3875804b5cae6c9dca79b |
| SHA1 | 8337e55cde8ab625a187449b5cf3e814e183bba8 |
| SHA256 | f3f29a6f56ab6a7576981cdb058c75f952f970002ee9e855c5f65e5736446cb4 |
| SHA512 | b9e90dbb3d62226300c1cf017cd839e50b0a9372784279190be12bd95c3d1b2c6e3cb03b71faf4ca7ff2f2e33d89d359d4594c1f412fd54fc0c5b73dd90205df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c
| MD5 | 838ff1c9432529e8767cb82eedd81504 |
| SHA1 | b19d6bf6d966c59592600097d27bc4dcbdd20bdb |
| SHA256 | eb231ce985c270c3f38016ec8095b7f350952f971452fe6500d8c62bb886a97b |
| SHA512 | f1239ceb6d557b06867e5cc487dde32d72e035154de3855e52b4e66d2aea1582b07c0fb0b0a1a1369caea3e58a876fdf24255fd774e9b4417376844abe1574d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d
| MD5 | f31a1ab9f483d9db21349522e39dd16e |
| SHA1 | 01a275d7fc1c4f578fa506c8e0bf9b7787dd4806 |
| SHA256 | 463800c9ec072ae72a4f6fdc1f2f779c792cb7ceb6f57c7d1231eabefad2bd9d |
| SHA512 | cab9bf13c36b854bef939e1d09c8d896caf1d7c20f6948f70f27eaf2869e49c8b9be728b4c95926ba869a987516a79d3193d416b0582b7570a58269c8caa7603 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024
| MD5 | 8fcb818bc23425964d10ac53464bf075 |
| SHA1 | 396f40d25a7d38eed9730d97177cd0362f5af5d7 |
| SHA256 | 8b56333cda4211c50ada778d598348b8a846d557ed9117d8b265e004db31e9f7 |
| SHA512 | 6ec7588257bd1261f9b2876c3aa57fba2b6bdc33a2a68830c8d8d539f449c552cf6923a5e8afb5e665d12cad253a10d68ad665d9eb74ff8250c6daf2f61e6da8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023
| MD5 | 1c1d217fb96a2f08696c928339539e32 |
| SHA1 | 5921a4ba778aa41f84ac5eb590a9b2b1b2bc1301 |
| SHA256 | c3c237d6752a083449cf8e67764d2ad13501e291339bfc1ccafb4c338cbcd78e |
| SHA512 | e0095b1ff5404cdd049b00d9aec0ce29291afa407a5cdd1092cabd1fafbd478441c6ade141f3c6428d61003b79393b99613638432ca1130a1330348239a8cefa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025
| MD5 | 01088b35a7144b96e1c65db9ecf5aeab |
| SHA1 | 3d5b4a4fafdc3867adca4a4a640d6296bba06f82 |
| SHA256 | 66616d0b8be2030b1f40d1da2a80bdf930172335226111b7965a4480bb584f1f |
| SHA512 | bf639e6539792c3ebab0ddb646b795a1cb14e4359fe97726db69ba2e082debdb920c15d5eb96a552613ead61ee4320de0331c02aaba3f14dd83956cc7affba89 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026
| MD5 | f2b3b5ae31aad5857de6b472b4b33502 |
| SHA1 | 94b2968bcd37264d68fbd1189eea5271bf0399ff |
| SHA256 | afb3b56c3fb32ea5657cfe81ed543e4f216ae5496476f567a1c800084ec6cb03 |
| SHA512 | bdb04854ca0a9cae61cf4c3e3a48ae40776a19da50d95ad54486c0c07a083328105739d8dc0235185f3d86d5f5a3104dfbe92c31357550803946402949e73b70 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a23c7397d969383960b6193ae86f4593 |
| SHA1 | 1444cd170d21e1580afa25d40bb104b8550487b9 |
| SHA256 | 892a52db94d8a4f22a6e8dc017eebf27905601d8f0d73ae91411c7049726790f |
| SHA512 | dc168f9c65e8fbd87c0d047c7e640b15caf092029491606eb74668947c243ff3f385f66d73b47a0da20ae04fe5cb8fd80f28a1b322b1faaa462e235d3c063b08 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e255d6e15938e73b557bcfb40a001843 |
| SHA1 | ca90e3c9eaf6e7d11dccef617e9889c74cd029cb |
| SHA256 | 4c5cf642ca2d32dd2c57d0a687f4b76b02be5336784e79952e267a9ed103345f |
| SHA512 | 550274a16740d57b5f76a7a7b854573be1e46529fe6899c5227adc59d6cc6067cb57816b8a2ec6182f8ce2d3fffba185adef13742f5f3f4147f5c2cde256e733 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ba28b46e48c0c0390577237b850fd2f3 |
| SHA1 | f968f156c5d7b093cabe50dd0160907aa32cc7b0 |
| SHA256 | 8abe751d7ffaade6c77f046752c1ef07cbd56add1cfc8e877821661005f37145 |
| SHA512 | 4aba7e32a72cc1d7a01cdf4a65019895319622c04634d472401a32f53c6819b6710414824a03340a0e231c88c802e80f656b02487044343601bd2f6d7a19bbf3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4abf1353dd2196fb96db387d29306fa6 |
| SHA1 | 904b540fe74f15f65ccc0d855dd086bc5c739428 |
| SHA256 | 32a8e81dc9f460584983b88e4010b98a93730ceda493b94ee9a107231e020027 |
| SHA512 | f0811abb25d091febe02af66590f1a5b99948dde77e78d056b205f35826daaf63eee6c376861963ba97fd14c4150eac58689a8604f7f4fd57fcac3a4e2cd735d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ebb8ed370f8341b1be4a99b3665b4e57 |
| SHA1 | 4e8df654ab33ccd0c8bb625ae46367ef36a17c66 |
| SHA256 | 66bf203894cba8889821c6929b489a55ee891eaeb3e9ebc46381526efcc6539d |
| SHA512 | f6775089d20abd26c98a463605a7d005365fba4b7b6b1d60853cbe2ffee5403640fed9007b216c747bea572717300a9efebfae1f2cbfa2eed5245834b55f427f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 3240ca41274c8acd47b7b12e3ded5cb3 |
| SHA1 | f753e6bfa0d3caaf4dc60ede2b51ffb3ce7f373f |
| SHA256 | 70fe4d06092755d1ba16e564123c4efb0fb7f008951a3165e0a0ca6b2bef9772 |
| SHA512 | ab98146c3b040141e4c1444728e8182b34bd587f57952ad87bbc25a2a5962d198f4286fb539f8bffeba7ee2e2772961fa185efe65deda2f285d3974b451b4979 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3518040ac35bb20b03493d89a4dc7c1a |
| SHA1 | 9389937959f007aaf965ec4d9e711e46cfa54f20 |
| SHA256 | 93acbdbc050dc28c13ad7f23556aa07b933642994ddd9e00652c54ee41937d66 |
| SHA512 | 5d07356efbb510ecbe22104461e660521ba1176386ed34f4eebad6a7c8eb7e8cdef696832cdda12ea6d7df088271ca9f1cda8578b0f88fec9874cfee7e522d48 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e87d7dcd4c853f9e413cc6623af28276 |
| SHA1 | d7c19c4390bdc36276395feb4697aca229c79316 |
| SHA256 | f01cf6c7cb095cb4cfc93a1a0feb5da81d4cedf2f35963be7b2a698e5066e64d |
| SHA512 | 1ac2091b7d49f6d7061def7b04be5d3acd5410dc6b0e9d500ef8d70d370e84de11f0dbfecdf84bfd9d89e7f729318435747286b1a4e38062b64fc7d75e28daf2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 408e24c7e1cc7fcb99bca8884d971304 |
| SHA1 | 9753c8a2694c94b66b86e8f74a8ae558a487d457 |
| SHA256 | 3a47dd4b5392cdf7614174ea7ed4d2ab86e93e3f1899d7b92de9f0c5de729def |
| SHA512 | 5f4dbb332eb30bc22ac4a0eabeb36aa3d318699db8754aca6a6abcf7aab6bbed81b4aa270f1667390f016472ea5851c387a211bb619415f949003e8845b9ac29 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 147d250724861d1963650acf9220b638 |
| SHA1 | 81cfa744f2e77793e2cb70e78430c593aaa5372f |
| SHA256 | e7213b3e5c4e45843f2fb4ea870e04881174d221ad988081172ae8123a681940 |
| SHA512 | 767a0e892fdfa0b29eb6974cb0f4bb47347d223af35e006079bb8cda306a439e93dd2a6af6bb7902a72e18f087279f1f8772023772184fe91f0f6aac07e6e7f1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f56fcafb487bf75a4e4a88a101b3c4c3 |
| SHA1 | dd34bb6444749f64df0d2bccc4099dbda08ad8ed |
| SHA256 | 3a26a306ed8fd26adf8d5ca8171c7a755a873deaf3030f01c63791afc8a6611a |
| SHA512 | 90742f2f0afdb92bf5fa4f2b27def9dfb0af4ada1172ab6959e14740daebc9dc03722cf0ecc48776de471aa605720db5ab380e7e6bd879d17ab23996ed12bf9a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 64b0f1c66e10c4924390247d4e4e2110 |
| SHA1 | 46b076fb4ba1e4c7de0e37ac963addffe80b8be2 |
| SHA256 | c21d1bf1c8733f8884a5c8fdb5d82c742e5d820805cf35caed9662484b24a073 |
| SHA512 | efc374d61cf485886ae267b042506249fe739f6fd6c68bb4536f7f0666124cdaa7e429e529c4aa3773b5e72ae5c221774dfbdca8a59e2bebdf27443fbf9bd008 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3665e27fa9d5e56ea8916374c7fbc84c |
| SHA1 | 65b23ba4aacfaa8b466699b85b592a111b28a84c |
| SHA256 | aa350eece9b56c71ed7842527528675471a775ff85927e2f13daab8d4130af72 |
| SHA512 | 049a110a54c5ed449564a400fc16743651a6fa015ee276483743757c1a91d10a97e7af6f4f3b0265835929229fb9e5dab67aadb03dc504752bad4b3b694dc303 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 652fc7e66434fd3ce68264758c84d43f |
| SHA1 | 54e6ac8080a439a34ccb8f11d80c07fbc2e83348 |
| SHA256 | 3bbae4484da39a28484508168ab234089eeefe8f1ac9dcacaec82ea065ae988e |
| SHA512 | a27e328015877d1238189ff0d51727f8dabb11c1d13b3e728e1c932ae0b71213caa18931b757c5a6d34a0428e6ad2e14b98dc87ae6a5678c9d75a9b0f7b60a76 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b109b3f4adc1f830e3a2b7e654473a8b |
| SHA1 | f653683d9693fa272039c2d735ac9b3dc2f6422a |
| SHA256 | 7c7c9501fcb16fab211b971031e010ca6b7e37042342fc4cab4ffb31865dc3de |
| SHA512 | c0f55879e7ef0ded32199e3c406fa30c3ac9d13d0dbda72f593be652fb2e9407936594cacc35bda0bd9cf3c34b963d0650a5dc3511964e851b631cfa996dc00e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 784f2cb851ef2a04aaab2e2d5529fbcc |
| SHA1 | bb02a1bf231e00638aef65c4225bd8f63b3a5757 |
| SHA256 | 4f650539ef4bf61a912127145c184cada8e9a69cd3f351cf52fdabef816e9126 |
| SHA512 | 89bca0844f609d6f382cd4a9cee8257bcb95743ce18ef668f551c1a0e061095ae0e93ef01886abb1212c922377a733cefcedd9051a81e4e81aa0e452049a51cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b613845541a34fe8ec95635d9e7c6133 |
| SHA1 | 51a84edd403501f2e367500892f1819f47dc5afb |
| SHA256 | 9f74c1bdac8dd8b3309baf11878b91957f77c571c29e2d1a9db2a22446ffa614 |
| SHA512 | 68cd3ec1b6a24f48e8c2547cd5928c13e64aab58b40aa1cb68462037f3e8a2f6ee39a6df130af807a3c6566d3dce4570d074a9782b9c8a4e5cc3842cf1c8a44d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\64907cfb27b7c0f0_0
| MD5 | 9ac6066b0aa6822493c370059469ee37 |
| SHA1 | 0a8e905451097df8d81bedbc34854522781975c7 |
| SHA256 | 93eb059faeb15ecf2e0800a66751747b3fc13ab6459bffa0e5936a2a4782da2e |
| SHA512 | 2549a9232db059494346a46583fc9ce8169363cb7b8517fc788176942dfd72ca3cb0c1de35d23b2034e1509121874ac38390ed0d423bd517bd0ed77d9d5439fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5c2e1ac0a94f7e2dcd6712582f3acdfa |
| SHA1 | fde7702bd2bef4efbe5cc702788ede6494657699 |
| SHA256 | d771753955f9a651340222457a398de9795ad3a52b4e0565d1c6da476a48e317 |
| SHA512 | 057c9b937bbd85289627cfdd1983b4cff9723fd0de379fbe46999098bbace74312e3373a2cb315e54a02a776dc416817ba6455f4a32dbc6e73017014e1b693a1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 956e51f751e5dd51f88f22c8ac15be32 |
| SHA1 | 01c53128d067cb281cad0ad3e1175df41cab30b0 |
| SHA256 | 900554deb6feda281625372b04e76359f7e97914e3755ea3952bd5bccb4ee7f4 |
| SHA512 | 99cceff614d4f22ed184fa5c0c4d557ee8489245c5da5a6a7bac1528c7e8cfb5cc3cace360cdbb8ca1d1c7c16a2400ea9e9cbb4350f758ea4fb896e24540c11f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f29c69b6ccaa23e4af0a77296b513553 |
| SHA1 | 40177feb23893098d4cffb63c2a09dfe271c06f0 |
| SHA256 | 413d0743d485c5284ec1e5a18c578ae3f0a877450aa86e807a922e9bf7ba4d46 |
| SHA512 | 5ee7ce9e667a004e697ca88cdf07a9694a48c81faf8dff64103d835468dc948f4e307e799af8829535b6b0ef1eca26659b36cce80dde96fecab6949adba88e96 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e9fc65d7a4803d7e9950ffb4c8fda829 |
| SHA1 | bfe638d83601cf8b3482e3c5015ead878695e20c |
| SHA256 | a5eed7561a6e40989d34127a6653d8c758a5258297f3fe4fa214a25af5917010 |
| SHA512 | 0a2700f58a411636211594c29a6885228182089cf3877d8fa3ca12b905fd074c375b15febff4ef99de64ec89923b84c05f1d22592c0dce50f067826942cc006d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 99f96f35cddf5d4f9fa4ce769f75a816 |
| SHA1 | e0485e7baa7fbf8af6b7beefe850eb08ec9faf0d |
| SHA256 | 863a8882aa796a90e4200da9720d6685aededf2c078a0cb0207dbd64582dcc96 |
| SHA512 | 0e56e0b9a89ea9ca41bd538222308138baec45a6dc80adc475fc2eee1cbb4a86a5777b2a351e45810454ca06ba0f1b40e7cbea7864050f43285d40bf6cb57fde |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 20852bffa093ffe6c08cd354e948fc4a |
| SHA1 | 9feb8029425a6ab456dc955af7fb14f362004b8f |
| SHA256 | 90bdd82ddb290d25e4558e82cd18c3f2248f9cef86a3ed5569768a3e78ba8cfb |
| SHA512 | 8d8e028d6a5e1df97db21b5703b301d202d20f31b07bc16fd99461d829acde26e6843c72301b0dbd80cde6a5e4f78e73b9131673c81ceaea0ede9cc6f4201205 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8e48755d337d7e3c646fb64269e3bbf8 |
| SHA1 | 686072ef2ad5301e4208717cb878b0092ed77f2c |
| SHA256 | eeee3fded7101bd0db147d10299d401afeea883ee7066e6a7d8dd237b56e0ab2 |
| SHA512 | 39acd613f506d324fa6e83d7482aee817044babd009ff69af70f1c5ba511797254f3035ec9e049e97df9b5afc62b5dc21fbca26f061cfc3fe3f057eef86d45fc |
C:\Users\Admin\Downloads\Unconfirmed 720714.crdownload
| MD5 | f2b7074e1543720a9a98fda660e02688 |
| SHA1 | 1029492c1a12789d8af78d54adcb921e24b9e5ca |
| SHA256 | 4ea1f2ecf7eb12896f2cbf8683dae8546d2b8dc43cf7710d68ce99e127c0a966 |
| SHA512 | 73f9548633bc38bab64b1dd5a01401ef7f5b139163bdf291cc475dbd2613510c4c5e4d7702ecdfa74b49f3c9eaed37ed23b9d8f0064c66123eb0769c8671c6ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2cc004ad655ce8ecc1e0f41847884e0e |
| SHA1 | eb712de306ad8c766ce39c5094842e356f433c67 |
| SHA256 | 6f271564e8233edcb229e581cbfc8db5a6679fb16d548603c640a7368fade53a |
| SHA512 | 7fb7bb7b71265a7741c9f8502a5cb3536ffa17e8ba6d9f1f48a5656d595f321e561f84184a70cb19acb9d1d82e982c78a4e103181c525a8b92cf4639c0ef874c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7c935b2ef9898afcfda3f85357962f03 |
| SHA1 | 55c043bc7e9fade8d05479c3037acb5d8bd80122 |
| SHA256 | ce937a325d5db29c0d9b392f3d02752f5fd61a8a7c816bf9e92507f61d9c2d69 |
| SHA512 | 6fcd628096063cd8e114555371ca2120fad6710dbe1f8fab78638286290ddf96878da3658f7bccedeb1ac7e969a9df233d7a9a52faffe3ef32716398541836ec |
memory/2084-4287-0x0000000000F20000-0x00000000015CE000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 9db929240d6fcf2752b332e5cca8a7ea |
| SHA1 | 3a26937d547fe4a97847726f221c30d2bbe3c3fd |
| SHA256 | 7e5bb3fb1f2dde05dfddc5632c58a41c2536343c45814ca229f9a596eeb51b2a |
| SHA512 | 6c348aafb82144c59bd4e6e33d2b13d5f2984d6ee4041594c5831c8c4a97b33d1739ec4050f706b4c90ae744b7878cac8aee6255a22cbdef04b952315f99f3d1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
| MD5 | 7050d5ae8acfbe560fa11073fef8185d |
| SHA1 | 5bc38e77ff06785fe0aec5a345c4ccd15752560e |
| SHA256 | cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b |
| SHA512 | a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b |
memory/2084-4309-0x000000000C0F0000-0x000000000C0FE000-memory.dmp
memory/2084-4308-0x000000000C120000-0x000000000C158000-memory.dmp
memory/2084-4315-0x000000000C1A0000-0x000000000C1B0000-memory.dmp
memory/2084-4314-0x000000000C1A0000-0x000000000C1B0000-memory.dmp
memory/2084-4313-0x000000000C1A0000-0x000000000C1B0000-memory.dmp
memory/2084-4312-0x000000000C1A0000-0x000000000C1B0000-memory.dmp
memory/2084-4320-0x000000000D140000-0x000000000D150000-memory.dmp
memory/2084-4319-0x000000000C1A0000-0x000000000C1B0000-memory.dmp
memory/2084-4318-0x000000000C1A0000-0x000000000C1B0000-memory.dmp
memory/2084-4316-0x000000000D140000-0x000000000D150000-memory.dmp
memory/2084-4317-0x000000000D140000-0x000000000D150000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
| MD5 | 27b72be1ef8959f59cbc755a5e6967c8 |
| SHA1 | 9a1e729aa3ca822372452f3083494f8505b1d77b |
| SHA256 | 96fc785707029bc27628afaba444a25fcd2308cc585cd7414b82e99f1c33e7af |
| SHA512 | b5ad1e116d2e6e7e0589173e635ca54a3af581c1b2fc33b41d0e19a761d9a3f6e7c56960b986a898624577da8d39fcf8c92e2b9cb122e7d896f0c5abc31512cc |
C:\Users\Admin\Desktop\UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR N1XT.txt
| MD5 | 9037ebf0a18a1c17537832bc73739109 |
| SHA1 | 1d951dedfa4c172a1aa1aae096cfb576c1fb1d60 |
| SHA256 | 38c889b5d7bdcb79bbcb55554c520a9ce74b5bfc29c19d1e4cb1419176c99f48 |
| SHA512 | 4fb5c06089524c6dcd48b6d165cedb488e9efe2d27613289ef8834dbb6c010632d2bd5e3ac75f83b1d8024477ebdf05b9e0809602bbe1780528947c36e4de32f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fdb25637a4e557a5099e69df3437ce41 |
| SHA1 | 9af883cdc3a8ee0a91e4a7ec1d8c45bac62d8967 |
| SHA256 | 254385817be071e667b65ec36e1f9addf452ff1d840602cc3a2edc9d586e3bab |
| SHA512 | 4e304033d36fac4ff6a8d2ed43b6365c687f357c82e2b875f1fe32083fa66f6eb968620f07a079c1ac2fd2b28a26c8e9ddb0c79999fe979e7ef014d20179b53c |
C:\Users\Admin\AppData\Local\Temp\v.mp4
| MD5 | d2774b188ab5dde3e2df5033a676a0b4 |
| SHA1 | 6e8f668cba211f1c3303e4947676f2fc9e4a1bcc |
| SHA256 | 95374cf300097872a546d89306374e7cf2676f7a8b4c70274245d2dccfc79443 |
| SHA512 | 3047a831ed9c8690b00763061807e98e15e9534ebc9499e3e5abb938199f9716c0e24a83a13291a8fd5b91a6598aeeef377d6793f6461fc0247ec4bbd901a131 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\sessionCheckpoints.json.tmp
| MD5 | c8dc58eff0c029d381a67f5dca34a913 |
| SHA1 | 3576807e793473bcbd3cf7d664b83948e3ec8f2d |
| SHA256 | 4c22e8a42797f14510228f9f4de8eea45c526228a869837bd43c0540092e5f17 |
| SHA512 | b8f7c4150326f617b63d6bc72953160804a3749f6dec0492779f6c72b3b09c8d1bd58f47d499205c9a0e716f55fe5f1503d7676a4c85d31d1c1e456898af77b4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 9d70fe20f39e9f64a4d34accaedc44e3 |
| SHA1 | ba6892ef3fed2a5848464206c75af4a17b90321c |
| SHA256 | dd0a44847463534be79390afd1b59ec3669df2a5be91ad264f424bc5426aab10 |
| SHA512 | f55d9e9ce65810ae3b4bdc27369f60746ca6013ab6fc62cd942e943feb770013cc86f9e89b504a60ecee5772736b0b9cd6b8e7530dcbe863272ca40de70b3f99 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 214330d6034ac336a9d2c62e22c4b898 |
| SHA1 | b2cdd6113365379d6cc67d1ed1ad4b85c1117ba9 |
| SHA256 | 187b614953d12cfb851fe2eceb6ee0cf006433e9bca5898b9d74057c0d5b58cc |
| SHA512 | 7b297524d0a736b1bf0a03257dfa145ca64acca4387818d9850604aa4c1ad81b0137da9ffaa7aec774ac595eb02bee9230d7bb21ba249474d12a395b1eb0451d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2030344523046c530b98c6ddb7b7172f |
| SHA1 | 373ab28f76c9d6abb40c59ca5ce057b8c893c3ef |
| SHA256 | 5e8f26c76a934c8463dd6e2e9c42e7f8a5265aafb333b79e11a81503851013c1 |
| SHA512 | 30359e035158aff145aa930ff752191ee55d6dfbe07bc2af159ab51d7db79188b41c780bb7f479a7fce82fe14aa6bb6c85ad14c486542d2e18a0102d7bf684f6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\prefs-1.js
| MD5 | eae0765a7b1b07e2b8d0ce00f5e0f612 |
| SHA1 | a6e3c5cd388198620efca0a28f4eabf8cde79b58 |
| SHA256 | ff6f7162ae107c92c696ea0fe18ed6dc5b6e74548d32acae1c5a7166b51e06bf |
| SHA512 | 8404dd37910cd89ddbb1c230b1d680d0fb5a5103ca62e961264de4c83bdaae12fb5f2bc9737e5f0a24779e146618448a2d04916947686bc0740b4da3f902a968 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-07-10 00:39
Reported
2024-07-10 00:56
Platform
win11-20240709-en
Max time kernel
522s
Max time network
451s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\NodeSlot = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 8c00310000000000e9589c8c110050524f4752417e310000740009000400efbec5525961e9589c8c2e0000003f0000000000010000000000000000004a000000000091879e00500072006f006700720061006d002000460069006c0065007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370038003100000018000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \Registry\User\S-1-5-21-3637748876-3197268895-3385380113-1000_Classes\NotificationData | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\github.software.1.3.8.7z
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| GB | 95.101.129.233:443 | tcp | |
| GB | 184.28.176.104:443 | r.bing.com | tcp |
| GB | 184.28.176.104:443 | r.bing.com | tcp |
| GB | 184.28.176.104:443 | r.bing.com | tcp |
| GB | 184.28.176.104:443 | r.bing.com | tcp |
| GB | 184.28.176.104:443 | r.bing.com | tcp |
| GB | 184.28.176.104:443 | r.bing.com | tcp |
| GB | 184.28.176.104:443 | r.bing.com | tcp |
| GB | 184.28.176.104:443 | r.bing.com | tcp |
| GB | 184.28.176.104:443 | r.bing.com | tcp |
| GB | 184.28.176.104:443 | r.bing.com | tcp |
| US | 13.89.179.11:443 | browser.pipe.aria.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
| MD5 | 4fdf8684015e3b9f2af12ebc88beaf87 |
| SHA1 | 277937c0cb5c6be62e8f710dacc5bcc6353ec812 |
| SHA256 | c5594f7f7437603f659f0b9d1d6c284aadfe6f1ad7da9af961b5620dd4e6e389 |
| SHA512 | b123a8c4abebc16093891441b5a7c01b733aafe96d845de288f29f9fdaf231fa994760b1d88039601b3d2c2a437fb309b350a48dff7e80f335f626dcd3d66c6b |