Analysis Overview
Threat Level: Known bad
The file https://github.com/Lachine1/xmrig-scripts/raw/main/linux.sh was found to be: Known bad.
Malicious Activity Summary
xmrig
XMRig Miner payload
Blocklisted process makes network request
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Drops file in System32 directory
Drops file in Windows directory
Command and Scripting Interpreter: PowerShell
Suspicious use of FindShellTrayWindow
NTFS ADS
Suspicious behavior: GetForegroundWindowSpam
Uses Task Scheduler COM API
Enumerates system info in registry
Modifies data under HKEY_USERS
Modifies registry class
Suspicious use of SetWindowsHookEx
Suspicious behavior: AddClipboardFormatListener
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-12 11:14
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-12 11:14
Reported
2024-07-12 11:44
Platform
win11-20240709-en
Max time kernel
1800s
Max time network
1760s
Command Line
Signatures
XMRig Miner payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
xmrig
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Videos\xmrig\xmrig-6.21.3\xmrig.exe | N/A |
| N/A | N/A | C:\Users\Admin\Videos\xmrig\xmrig-6.21.3\xmrig.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\root\Office16\Winword.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\root\Office16\Winword.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\root\Office16\Winword.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\root\Office16\Winword.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\root\Office16\Winword.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\root\Office16\Winword.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133652564833704606" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\0 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\0\NodeSlot = "8" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\MRUListEx = 00000000ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\0\MRUListEx = ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\FFlags = "1092616257" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\GroupView = "0" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\0 = 8c00310000000000ec580b5a110050524f4752417e310000740009000400efbec5525961ec580b5a2e0000003f0000000000010000000000000000004a0000000000b66e9c00500072006f006700720061006d002000460069006c0065007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370038003100000018000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Videos" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\GroupByDirection = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 03000000020000000000000001000000ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 020000000000000001000000ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\Mode = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\SniffedFolderType = "Generic" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\IconSize = "96" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3 = 19002f433a5c000000000000000000000000000000000000000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-126710838-2490174220-686410903-1000\{096F5134-5B3E-4BCC-AE7F-7D1E19E66964} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 000000000200000001000000ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\xmrig-6.21.3-msvc-win64.zip:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\5a56ec49-ae0d-4ac3-92b2-e0e49df01fbb.tmp:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\root\Office16\Winword.exe | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\root\Office16\Winword.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Lachine1/xmrig-scripts/raw/main/linux.sh
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe5174cc40,0x7ffe5174cc4c,0x7ffe5174cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1776,i,14402221805262693117,358502775744706054,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1736 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1948,i,14402221805262693117,358502775744706054,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2044 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,14402221805262693117,358502775744706054,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2432 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,14402221805262693117,358502775744706054,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3144 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,14402221805262693117,358502775744706054,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3316 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4100,i,14402221805262693117,358502775744706054,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3540 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4636,i,14402221805262693117,358502775744706054,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4660 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4312,i,14402221805262693117,358502775744706054,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4416 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1920 -prefMapHandle 1712 -prefsLen 25751 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cee2e6b0-6100-41d6-8292-1ecc3492a240} 244 "\\.\pipe\gecko-crash-server-pipe.244" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2392 -parentBuildID 20240401114208 -prefsHandle 2376 -prefMapHandle 2372 -prefsLen 25787 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {39a10761-8008-4e88-a009-0eda64264555} 244 "\\.\pipe\gecko-crash-server-pipe.244" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3244 -childID 1 -isForBrowser -prefsHandle 2980 -prefMapHandle 2944 -prefsLen 25928 -prefMapSize 244658 -jsInitHandle 1088 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3f96959-cb85-4a6c-b380-a5d4558101d4} 244 "\\.\pipe\gecko-crash-server-pipe.244" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3840 -childID 2 -isForBrowser -prefsHandle 3832 -prefMapHandle 2752 -prefsLen 31161 -prefMapSize 244658 -jsInitHandle 1088 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {332cd809-732a-4f57-8b75-e2e6defd3cee} 244 "\\.\pipe\gecko-crash-server-pipe.244" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4736 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4700 -prefMapHandle 4752 -prefsLen 31161 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b1e7905-681d-4ccc-a0d3-6336e915ba54} 244 "\\.\pipe\gecko-crash-server-pipe.244" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5420 -childID 3 -isForBrowser -prefsHandle 5360 -prefMapHandle 5388 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1088 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a4f25b1-4a32-4fa7-8fb9-bb6f01b0d8fc} 244 "\\.\pipe\gecko-crash-server-pipe.244" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5428 -childID 4 -isForBrowser -prefsHandle 5424 -prefMapHandle 5412 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1088 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {22244a1d-8db1-4c05-9fb2-955048201a2b} 244 "\\.\pipe\gecko-crash-server-pipe.244" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5652 -childID 5 -isForBrowser -prefsHandle 5420 -prefMapHandle 5748 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1088 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {62d589c9-0c86-4f6c-b039-804000ee0ffb} 244 "\\.\pipe\gecko-crash-server-pipe.244" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6156 -childID 6 -isForBrowser -prefsHandle 6148 -prefMapHandle 5904 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1088 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {29c24026-835c-4e6f-9bc9-ca225ebca10d} 244 "\\.\pipe\gecko-crash-server-pipe.244" tab
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=736,i,14402221805262693117,358502775744706054,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5108 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe599e3cb8,0x7ffe599e3cc8,0x7ffe599e3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1832,13593859003008025711,9123777645447907039,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1796 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1832,13593859003008025711,9123777645447907039,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1832,13593859003008025711,9123777645447907039,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2584 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,13593859003008025711,9123777645447907039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,13593859003008025711,9123777645447907039,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,13593859003008025711,9123777645447907039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,13593859003008025711,9123777645447907039,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1832,13593859003008025711,9123777645447907039,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3964 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1832,13593859003008025711,9123777645447907039,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5596 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,13593859003008025711,9123777645447907039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,13593859003008025711,9123777645447907039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1832,13593859003008025711,9123777645447907039,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3488 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1832,13593859003008025711,9123777645447907039,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3416 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,13593859003008025711,9123777645447907039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,13593859003008025711,9123777645447907039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,13593859003008025711,9123777645447907039,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,13593859003008025711,9123777645447907039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,13593859003008025711,9123777645447907039,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,13593859003008025711,9123777645447907039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,13593859003008025711,9123777645447907039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,13593859003008025711,9123777645447907039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,13593859003008025711,9123777645447907039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2880 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1832,13593859003008025711,9123777645447907039,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6516 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,13593859003008025711,9123777645447907039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,13593859003008025711,9123777645447907039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,13593859003008025711,9123777645447907039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,13593859003008025711,9123777645447907039,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,13593859003008025711,9123777645447907039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,13593859003008025711,9123777645447907039,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,13593859003008025711,9123777645447907039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1832,13593859003008025711,9123777645447907039,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5896 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1832,13593859003008025711,9123777645447907039,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4636 /prefetch:8
C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Videos\xmrig-6.21.3\pool_mine_example.cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Videos\xmrig-6.21.3\pool_mine_example.cmd" "
C:\Users\Admin\Videos\xmrig-6.21.3\xmrig.exe
xmrig.exe -a gr -o stratum ssl://ghostrider-asia.unmineable.com:443 -u DOGE:DBbAv4ZWFhjFLGwNo9FgxZPf7HJJWwuLWQ.NoxzyVIP1#mxeq-d0u9 -p x
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe5174cc40,0x7ffe5174cc4c,0x7ffe5174cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1816,i,3256022389957296426,7477799837886523136,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1780 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2108,i,3256022389957296426,7477799837886523136,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2100 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2212,i,3256022389957296426,7477799837886523136,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2160 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,3256022389957296426,7477799837886523136,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3256 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3220,i,3256022389957296426,7477799837886523136,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3284 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4392,i,3256022389957296426,7477799837886523136,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4452 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4692,i,3256022389957296426,7477799837886523136,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4768 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4768,i,3256022389957296426,7477799837886523136,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4980 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4836,i,3256022389957296426,7477799837886523136,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5032 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4368,i,3256022389957296426,7477799837886523136,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5068 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4264,i,3256022389957296426,7477799837886523136,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4500 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3276,i,3256022389957296426,7477799837886523136,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5004 /prefetch:8
C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe" "C:\Users\Admin\Videos\windows.ps1"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe599e3cb8,0x7ffe599e3cc8,0x7ffe599e3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,9476054871265228943,16446533204584872800,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1868 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1876,9476054871265228943,16446533204584872800,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1876,9476054871265228943,16446533204584872800,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2600 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,9476054871265228943,16446533204584872800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,9476054871265228943,16446533204584872800,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,9476054871265228943,16446533204584872800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,9476054871265228943,16446533204584872800,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1876,9476054871265228943,16446533204584872800,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1876,9476054871265228943,16446533204584872800,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,9476054871265228943,16446533204584872800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4540 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,9476054871265228943,16446533204584872800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,9476054871265228943,16446533204584872800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,9476054871265228943,16446533204584872800,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,9476054871265228943,16446533204584872800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,9476054871265228943,16446533204584872800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,9476054871265228943,16446533204584872800,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1876,9476054871265228943,16446533204584872800,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2984 /prefetch:8
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "-Command" "if((Get-ExecutionPolicy ) -ne 'AllSigned') { Set-ExecutionPolicy -Scope Process Bypass }; & 'C:\Users\Admin\Videos\windows.ps1'"
C:\Users\Admin\Videos\xmrig\xmrig-6.21.3\xmrig.exe
"C:\Users\Admin\Videos\xmrig\xmrig-6.21.3\xmrig.exe" -o ap.luckpool.net:3333 -u DBbAv4ZWFhjFLGwNo9FgxZPf7HJJWwuLWQ --cpu-priority 4
C:\Users\Admin\Videos\xmrig\xmrig-6.21.3\xmrig.exe
"C:\Users\Admin\Videos\xmrig\xmrig-6.21.3\xmrig.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Microsoft Office\root\Office16\Winword.exe
"C:\Program Files\Microsoft Office\root\Office16\Winword.exe" /n "C:\Users\Admin\Videos\xmrig\xmrig-6.21.3\config.json"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 2.18.66.59:443 | tcp | |
| US | 13.89.179.9:443 | browser.pipe.aria.microsoft.com | tcp |
| GB | 88.221.135.25:443 | r.bing.com | tcp |
| GB | 88.221.135.25:443 | r.bing.com | tcp |
| GB | 88.221.135.25:443 | r.bing.com | tcp |
| GB | 88.221.135.25:443 | r.bing.com | tcp |
| GB | 88.221.135.25:443 | r.bing.com | tcp |
| GB | 88.221.135.25:443 | r.bing.com | tcp |
| GB | 88.221.135.25:443 | r.bing.com | tcp |
| GB | 88.221.135.25:443 | r.bing.com | tcp |
| GB | 88.221.135.25:443 | r.bing.com | tcp |
| GB | 88.221.135.25:443 | r.bing.com | tcp |
| GB | 88.221.135.25:443 | r.bing.com | tcp |
| GB | 88.221.135.25:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| GB | 95.101.143.195:443 | www.bing.com | tcp |
| GB | 23.62.195.195:443 | cxcs.microsoft.net | tcp |
| US | 131.253.33.254:443 | a-ring-fallback.msedge.net | tcp |
| US | 13.107.237.254:443 | t-ring-fdv2.msedge.net | tcp |
| US | 8.8.8.8:53 | 254.33.253.131.in-addr.arpa | udp |
| NZ | 172.204.88.44:443 | 6e479489a967958a13c586dde7c89978.azr.footprintdns.com | tcp |
| US | 8.8.8.8:53 | 44.88.204.172.in-addr.arpa | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.187.234:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 52.33.222.107:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| N/A | 127.0.0.1:49925 | tcp | |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 44.242.121.21:443 | shavar.prod.mozaws.net | tcp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| N/A | 127.0.0.1:49933 | tcp | |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 35.244.181.201:443 | prod.balrog.prod.cloudops.mozgcp.net | tcp |
| US | 35.244.181.201:443 | prod.balrog.prod.cloudops.mozgcp.net | tcp |
| US | 35.244.181.201:443 | prod.balrog.prod.cloudops.mozgcp.net | tcp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| GB | 172.217.169.46:443 | redirector.gvt1.com | tcp |
| GB | 88.221.134.209:80 | a19.dscg10.akamai.net | tcp |
| GB | 172.217.169.46:443 | redirector.gvt1.com | udp |
| GB | 74.125.175.38:443 | r1---sn-aigzrnsr.gvt1.com | tcp |
| US | 8.8.8.8:53 | 209.134.221.88.in-addr.arpa | udp |
| GB | 74.125.175.38:443 | r1---sn-aigzrnsr.gvt1.com | udp |
| GB | 95.101.143.193:443 | www.bing.com | tcp |
| GB | 95.101.143.210:443 | th.bing.com | tcp |
| GB | 88.221.135.1:443 | www.bing.com | tcp |
| GB | 88.221.135.1:443 | www.bing.com | tcp |
| GB | 95.101.143.210:443 | th.bing.com | tcp |
| IE | 40.126.31.71:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| GB | 95.101.143.210:443 | th.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 104.21.61.81:443 | xmrig.com | tcp |
| US | 104.21.61.81:443 | xmrig.com | tcp |
| GB | 88.221.135.104:80 | apps.identrust.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.111.133:443 | objects.githubusercontent.com | tcp |
| US | 104.21.38.221:80 | goo.su | tcp |
| US | 104.21.38.221:80 | goo.su | tcp |
| US | 104.21.38.221:443 | goo.su | tcp |
| ID | 103.145.227.179:443 | pastelink.id | tcp |
| ID | 103.145.227.179:443 | pastelink.id | tcp |
| ID | 103.145.227.179:443 | pastelink.id | tcp |
| ID | 103.145.227.179:443 | pastelink.id | tcp |
| ID | 103.145.227.179:443 | pastelink.id | udp |
| GB | 143.244.38.136:443 | fonts.bunny.net | tcp |
| GB | 143.244.38.136:443 | fonts.bunny.net | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| DE | 178.63.248.54:443 | g0wow.net | tcp |
| DE | 178.63.248.54:443 | g0wow.net | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 172.217.16.238:443 | lens.google.com | udp |
| GB | 172.217.16.238:443 | lens.google.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.111.133:443 | objects.githubusercontent.com | tcp |
| GB | 172.217.16.238:443 | lens.google.com | tcp |
| GB | 95.101.129.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.129.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pastelink.id | udp |
| US | 104.21.38.221:443 | goo.su | tcp |
| ID | 103.145.227.179:443 | pastelink.id | tcp |
| ID | 103.145.227.179:443 | pastelink.id | tcp |
| ID | 103.145.227.179:443 | pastelink.id | tcp |
| ID | 103.145.227.179:443 | pastelink.id | tcp |
| ID | 103.145.227.179:443 | pastelink.id | udp |
| GB | 79.127.237.132:443 | fonts.bunny.net | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| DE | 49.12.134.254:443 | g0wow.net | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.108.133:443 | objects.githubusercontent.com | tcp |
| SG | 139.99.123.225:3333 | ap.luckpool.net | tcp |
| SG | 139.99.123.225:3333 | ap.luckpool.net | tcp |
| NL | 199.247.27.41:3333 | donate.v2.xmrig.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| GB | 23.40.43.123:443 | metadata.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.136:443 | binaries.templates.cdn.office.net | tcp |
| US | 8.8.8.8:53 | 136.252.19.2.in-addr.arpa | udp |
Files
\??\pipe\crashpad_3928_DNBONKPTNDWXXBKA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7a4d76d2460eaa4cdb5d9687120f0693 |
| SHA1 | e4f5f0e448abc61347f67bb636fd0da4a1ea0edd |
| SHA256 | d558f912c746c03987eef4cee30586773a02d7d87e2edb426db074380968f844 |
| SHA512 | c1309b89f0372c4e9cf380e963f6708d9f6a7e672756c48733ea398984440273561c381ba4b05f6709b3e93d3e3177b85d334df122297ad29eec3d6a9ef73adb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e0e27109904d0ccefcf3c5ef1e767746 |
| SHA1 | f022ecda7aad0c777490896dd23c728b3964a529 |
| SHA256 | b7b72c7df4b2ee689a2378f198c02549fbf29017ed1a2f6e36c4a7bd3da54bfa |
| SHA512 | debe839c0fb9d24a82b208c4f28edc4f1cadc6e3cb73c9b5983ff48c6842b86b49fc04eb0f88d380cb7005885b77e2b386c115f7a845849f1ad637fb79cc1ec8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 688731778ffd7074455d0194da6d462d |
| SHA1 | 98d102fc2781a10c5407957661131c2a15171522 |
| SHA256 | 327126da6fba783d2a21a68d9373dd6331e7284baa7323ba7e48f7170be559b1 |
| SHA512 | 8392ab44c2dfff4ea123f0ba1f3bfc097fe081b275d6bec010e3e6f71c32826a04983d7ff5c908177635a84675e412a0cea19cb4c8cd4c705ebcde5337f256a1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a51580b6e34960ac7fa42753c49e4323 |
| SHA1 | a77bd01caa0e5bb1c1e934f13b7a81e1f77d8368 |
| SHA256 | 017a2845aba98cb87020394e5259147b5ff3d79dddf8722c3d504da24adb8abc |
| SHA512 | 550587767cb8092e197ce08d9f76b83fdc5f64838b2bca8b9f6dbf8cf32e355a9e6581ff4b3fcc826bb1afbe74c1bcefe57895c8a9b857349a547755a32b6d33 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
| MD5 | 2b38ebcf2148207d5409435c37baa91f |
| SHA1 | 87fe72e51fb68082049a3233e6184f15ae69a81a |
| SHA256 | 07bb1c37aa8388d6f7b9e5a4f1a88e453d633d40f3cdb7fc2bb2a9b6b3f200c4 |
| SHA512 | 37b2c8ca0ffd135e99d5248b4159cab2dcc5e41bf46cf7f40e0da2c57c66f7f4ee0ca863df5f545ad9ddee5dabe7fb63d699168236212a03f2551f1c629ebcf6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e31f29123f88d48654e26d4adbe1b6af |
| SHA1 | c0afd45f5d156b9bc7d50497e21491625637fda8 |
| SHA256 | e74444c05ff0c762239c0518fdd73e8939d889df2c242702459ad8a8906dedbe |
| SHA512 | ea93b795e1c23b8410e0dd4fd7d2a9cc5f9166f80dac2106cb00c931f45c65dafb776e647cca6f15aebd7ff47c254ece35adae4737ff618cc8826587860c8932 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9910140918a70dc82ba62d92c455ec8f |
| SHA1 | d88ff566c5c830a8d0bf47c5540198f8aa2790d8 |
| SHA256 | 3599ff55d138e9313c4dfd14c45e8b63c5eb564b6b9b9a20309f6e34247c2498 |
| SHA512 | 0ab631ef778c92481161ba6b0d4639d26d5f4081ea8a1ff8712e3b122889b108b7a2cfb74ad3ff5595ed5453a76c2db2845d066899922e9c2d643fe52630c3f7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 61ab80d8a7d6c9fbaead53ec4a366154 |
| SHA1 | 28ac3a50a893a7a771b17146be136accf5177dbb |
| SHA256 | fe27ec0a56800d9f554699f667eb7ffd246a5e6c3ba78e3e95a9d98a83ff2cb3 |
| SHA512 | d9db75c99f6560d7b4fdf8a9abb175d7e9eb41fbbaf68e59712e0e5a8d402489dde20e912928ed745dd81e5baa5f6abf4fabd8d6d825ac4a00caf20d5f149c11 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 169642394fbc9b850c373090dc9e56a8 |
| SHA1 | f75cfc79d4f3ff9a7705ef2fe7e045dec2c1eed1 |
| SHA256 | 53c4601950b3a77e4e6c3f2535cbeb26d0713c18dbb6089e9257e1fc8781478b |
| SHA512 | d4e55cd1c4443408a6954ee6dadbc292f4e94dedcbf41c2973f4addf2712a59d7a56ec1f0b8e14f61b9132258bbd5bfdfe221b6f9e21c4ce35cec3753f9976a5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | dadc023f3aa3625e9377e246f3b59e59 |
| SHA1 | 8d7b932995e99892814dad81b8b86d3b0811cd62 |
| SHA256 | 99342febd925b23fd9e2431be074867848028ef0d6d7700a6b1bfc326fdbe70f |
| SHA512 | 8f0718c9286fdf38144968b83b171bd2502fc3a57b67f05caf112fe7913aff66f83055dfd377b6a9187b7d1d75e33f87389a90be618837a1c748c21131d83a11 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8334697efb956576b715553741144207 |
| SHA1 | 875b2a512a45d2a7d5479e0be3f49aa9625580af |
| SHA256 | 81070a6a7477435d1f18f6a1529e0425e9ed9a129ead0119033efecb241f1309 |
| SHA512 | a13a297f39390eae862f6453b08833e41792c691488f48aa7555d8a46a254baa14a81232c3b684ae0df9747211014196db8c2b0b61b6f66b6b3101d478e3f20a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
| MD5 | 151fb811968eaf8efb840908b89dc9d4 |
| SHA1 | 7ec811009fd9b0e6d92d12d78b002275f2f1bee1 |
| SHA256 | 043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed |
| SHA512 | 83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 1fef63c35d83004e95218e6b15b33b7d |
| SHA1 | 1afe70758f576205abd79c53bbc4564fa2ce4fbf |
| SHA256 | 8c9e23d96ce608715d3b00a248927a3874449f03434d5f0bd320da6f183242b8 |
| SHA512 | 58fd50d9595955e9eb07d0bcff1a11ebc4e2fd49b0b33e4e6550927e3376740b7cbf95d736499bd852fc2a010f8899a9b19695e31745ab43651ada3e9d6677b6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 05da0adf6c4aa9e1d151fa9dad895440 |
| SHA1 | bd3a2b92e2afb39e1d0e7b313699099ee2c20685 |
| SHA256 | a8ab370fbe81dfc0e050536ba058aeee9a243c8cd53910b408133f388ebe0b4e |
| SHA512 | fd7bdb698cade96e4dd2b53402a96433a44b8731064b5bc33508d750ef2076f25b2f190ed3131b29996ab125a2e200707f2521190067af87ceeb2c8f345cc740 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\datareporting\glean\pending_pings\969a9a5b-9c0d-43c9-862c-fdfb75e119f2
| MD5 | 43999b3ccbbf0010b49d87d53b894307 |
| SHA1 | bf9c799b8c7fd3c3d8d3def5e4c1dd931409e4df |
| SHA256 | 3a5b84b2ab87d140c0e11672d2f9705925b7e80124d13b9f1d8a99241bb9dc1f |
| SHA512 | c429f2fb02e781328e8efec34a2725ac7dfb7752e05040b983b24bf295c9bd8505c90f9275a87e130b3f703e7127fbcf68f9825053fcc9eaca7f944a11f581e0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 307ec965f55b768071e7a441fae93f19 |
| SHA1 | 817115c1cd8f2537f009cf1dd5321aa4d9a7271b |
| SHA256 | 673f0856996899e6b32ee0e3ada3cf5213de69a5878b0fdd7a7556b75f247455 |
| SHA512 | 140fd084575ccd8df21ea4e3be43422487e29e700b4e351ddc2b589f42aa948043e818affadd3d3d4b147041d8e5a150674e15ca363cdc8286e247c3fe2f038a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\datareporting\glean\pending_pings\687927df-6a56-434d-8c91-1490d77f2686
| MD5 | ef2bb0c7e0975ea75d26c55a090b2e1d |
| SHA1 | 6620ad9e31c6f2e0390e12ec49eb2da90e3b35da |
| SHA256 | e591537d800248516c53ea0dfc1f7cc54dd6228957c3ba1cd6b0320778c18072 |
| SHA512 | 647de6d63d6c8ba07f930933516758e366d969578d87f99af6b2ea1b21e2c28c273e135f9c2f66b31e442cfd7ae3b51fce40c26c08a03bae8f0e6c6c052c5b03 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\datareporting\glean\pending_pings\60d6e7f8-79e3-4c0b-9c36-ca330a1c962d
| MD5 | a54b4c2d67dfd783e317282b44b45f0e |
| SHA1 | 251969002a0d718c42daa91e7154a5cea278756d |
| SHA256 | 7c7b250fb08cc1c8411fc8cd601b546f39b29d691e6a955f29f7855724ed757a |
| SHA512 | 9f207e7acd03e788e2d1ed132809420adbc12a6cfc4521a806cf3d5ca900e60d50138b023232c363015ea2010cbe45d6659d1eadcaa3512ed65c40c0fd659808 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\prefs.js
| MD5 | ee193c97552c7bcbdf33c9becadf61d4 |
| SHA1 | 329d03ee6114f09180e20e9387ad0006dda33ca9 |
| SHA256 | 9a3c7dffc587d28e70ddc8f0d8ac08b68dc3cee343a975460bf1ad7cb41337c4 |
| SHA512 | 3df993d98dd74dbd8d6365e1b3d3d52912f118e6af0a9a6db397476585717d12cec787f29f5401cbcdfa0779ab4ff27cd6e2c3f84b87acee34ee707e54e63600 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\prefs-1.js
| MD5 | af52dac168ae215a8d52d58dde09bf16 |
| SHA1 | c7dd6dd630c151efeb1023d7f2fc9b15c6a0ba4f |
| SHA256 | 0ccaba5c8f17c3e9b18142d854caba584d5c8b20b69dc3081a80c85ca28c0940 |
| SHA512 | 90cb5ea4a15fd93367b5d00c09a7c7f21cfe980758992d1accd402aab2cf2f6afa56825ef2f2bceb304f842de2e16c741cc6cce1655ec3ec6b9ff47c87a0c6f8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3a77890cd6f6957b616b570385442bd4 |
| SHA1 | bd0f4ea66a7d9fad318f44d4dd8b1a842b5f6247 |
| SHA256 | 266746dcf8f189dd838070ce153ddcd8e7b8536a5094a79f9ae91b2255b2c824 |
| SHA512 | 55048d375ab05bd98fc8ab659ae869740da6c347c4401ed4cb361e88abfbbf009b0445da0ce8be2843f0ed18387c720e198bb64b0c61a62dcc649cbd65ce2a54 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\AlternateServices.bin
| MD5 | 34632940975beffdaf2433f500cff00d |
| SHA1 | 5d919b7fa2992e91a52221ca4711c1d4b2dc101f |
| SHA256 | 8e9ba914ed0697d05f6c3f29c749593bd40f8a174ba7c548ce0764b6317abfcb |
| SHA512 | b5c146c5215c0cddeb6ca26610e6bfdf5bb9d56865e5143ff3873ab8fd12d5f58a8ee96837e5d9bf18fe9d70b25c9111cd4d11b62b3673b4b197cf3671775e1d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\cache2\entries\D163E5941014961769E3A13B7473818E5FDB4286
| MD5 | 5c601b581c08cdcb8af09f5d62686ee7 |
| SHA1 | 3413f36e90e676dff62d0e39abc8445a54fe3f31 |
| SHA256 | 6e69de284e3657d3fab36c96a2dff4d8a6b3906824e135d64d678047f08eb80a |
| SHA512 | 7fee56eab8a52375c5b1b02c230c4304242bb6767fcea7a5cf85315206d328d56f6eded6f953b9273c196908789b9f06c44b358bf1a22bc8203a38d7b0a89d72 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 02ea4704880193c1737f994f00e7c043 |
| SHA1 | 14725fde684b070944ec6c3b37e711f7c6f9423a |
| SHA256 | ab6b5c155539c1242cd4385a86a77f620f3dce4ac687f9c3b6280c45a2b1c580 |
| SHA512 | 127a7222c50d0e178b61315b907c9087f10f93f4bc45f56be71f0f6dc2433dbeb8f7e00339a9f93c3c17f325e1fdc1d4c8929f57d065d7f4e5c3486c25e62f79 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8df72c932b1176093aa127f04ad1c874 |
| SHA1 | 7fcef45b1915309ee0e4b82f907452cb92531c15 |
| SHA256 | 58790182f92d33ee4b1a9f74828827c801c4938e167514b5d77edcc2f717b38b |
| SHA512 | b21545d042504bb5c92f4cab60a6642ff5a62c918627f44ec69f6adfed7fe404fcb6cb6328ca4fd4b40783dcc0fdce77bcb6311d29d4c7a79340962ec371e3bf |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
| MD5 | b5ad5caaaee00cb8cf445427975ae66c |
| SHA1 | dcde6527290a326e048f9c3a85280d3fa71e1e22 |
| SHA256 | b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8 |
| SHA512 | 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
| MD5 | d222b77a61527f2c177b0869e7babc24 |
| SHA1 | 3f23acb984307a4aeba41ebbb70439c97ad1f268 |
| SHA256 | 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747 |
| SHA512 | d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
| MD5 | bb113d69bea68c5a9046bfda75f49014 |
| SHA1 | 2fde2908ad5b87d30e328db6cd5093d9b5bf7bfd |
| SHA256 | 2ef8d715453a9ef0899735a31e90dd03f19995712345987eab124ff7b7b251ac |
| SHA512 | 19773fc35aed35898fa66e67de1e179867bad7620653fccc67c9f7dc76ff728f812c21558d3c8292e3bc4a65541264d3375d0e663c016aa69128204c60908408 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 61689ef336cc0dd8a41821a886080f55 |
| SHA1 | 853a18a61d1eea75b01c0c803cfeefe9fbc7579d |
| SHA256 | 25d10d442f6e6315e25d37ab09502fea9316f524946f6b82527e2271edb3ff6a |
| SHA512 | f01de1c323a4471bc0ce6283e91c75c25aee6b782b1e221556434c2e9331d097ab6041bf62f8ccf3039e996bd7c4659f9c2aa56c4fa439b3185e7d2ecc22325f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 8ce3e74716754ae5df8c1af11bbd6b8b |
| SHA1 | a84643468f4028ce28d81fb182802f29eab8e3f6 |
| SHA256 | f760687683669975b294887da108672af803f1d279bd5641a92c8db968d3ef22 |
| SHA512 | 1af0231139a6fe327f79d2398426cc0cc1d4781228d414ae931d0a4e406d37c13e2e84fdb08149071f3be3e3bcd2d345897c9243ec5d10316fbf3ea2c1bf96fa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 42ff5da4603a41442958252453fb2c48 |
| SHA1 | 772216563cecf421631bd85b0c08e0849696b98f |
| SHA256 | 3782da2fe6a24b9ca9a27ba06595c7b4997753cb36d7efdd5dd69ad43d480c55 |
| SHA512 | ddf2cf351f2f734495aea179977ed7d11b693cafcc7af80dcb2163ddf43cb8c9f90c85eb5d63195b4921278b435e6f470b4a084934fd5de77c3ee12396e0c7c6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\prefs-1.js
| MD5 | e79f5f6fa100a01887b6a3ea0b7916f0 |
| SHA1 | a1bca44d0da98a6326c0715dbcd48111d8c0e7ee |
| SHA256 | 852357722b6b436b1f2359f734bba9bd60c68523724baf2afafe5cf2e59e6cd9 |
| SHA512 | 47b1483371a3f9878b3844d95a80ebfe29a4ffbf313d76f338376555ef65ce8aedcfccfdd34bf6fcfb4472e3955f1267a1785777075dd7d759fc86998f59f1d7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\AlternateServices.bin
| MD5 | 27cce2e8a1baaeae51ceea915a15354b |
| SHA1 | 1ef571a872e1ffdcfc7506d1eb7867e12b196320 |
| SHA256 | 38cf9006ca2720c605f44ec19e272b821bf9e5fef52124d0610beb4c1e4dca3c |
| SHA512 | 3f242afb2cbaacbb18e70bd98467043da0e18ba0a5d6dbc546c37e0a1450a12cb4d4e393d309d7121f5e54798007fc8fce595413a9e9fb9fc1fd17f3dcb993e7 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 493979469b3adea07c42a9ce8ce6f7bc |
| SHA1 | 7e99264302947810c861c5840969a5d3b6f48e90 |
| SHA256 | 800fb0fe26d5babd3fb8e1a83add0a83dee5f85508d2027351cb645438d4bde4 |
| SHA512 | cec00baa1e814d9dbee4ea077e12f39596b830d12ecc9f68c17755becb196ebfe2160b9ba05660ddc141547d9af2495890d5d37258f63cc8a3c702d2ffd4c8e1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\sessionCheckpoints.json
| MD5 | 2d87ba02e79c11351c1d478b06ca9b29 |
| SHA1 | 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1 |
| SHA256 | 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524 |
| SHA512 | be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a2fd9ebf4e8c5673a0b6e27ad03404d5 |
| SHA1 | 090e5b13c567cd12940dcfa31831dacf5e55d9ff |
| SHA256 | 39d89789dd58661595ec222f8f7f5b1eaaf4039fc1ee16ec431e54d4727618a5 |
| SHA512 | 290587bee8597d20388ccc17c77f09cadfae72b014ba880c2985ffd7f6056ffb2a6ec4b137291042b588484eaa8e6757e72c46e71816d7905dab6598f5261c6e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 96199c3cabf55399b59b5a4dd3f63e31 |
| SHA1 | 072fe34c575b79e121fcc8edcf0fed70207dd147 |
| SHA256 | 9cb297e80997cd6a7b5bf9ce78b7f6019219684d7399a84851a9f2350f8a8bda |
| SHA512 | 0dea61e05beaa417817c4837ddcd3074da03a450af690fb40ce00a5c0fbd08b31a349691b986de6be114d4afe90376de342411346546dac945ddd73851f99268 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | aeb7426f5f60e0fca87821da4ebceed0 |
| SHA1 | 08c12deb725051014ea0a5c9f9a7da641587ded1 |
| SHA256 | c2c2056a1ba7d38b952160b420cf127edd9ac50a00a177178bbbc3e5b9b30c19 |
| SHA512 | 7c9b5e24ca3e2cc479568ed582d9dd19da73893a5e45fff013d158d26da85c6f3e447fad6a670085b2d6426480b0ab3b79e230bc27e9425368a86fa67c5af061 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | c8c978c5d774d808fdea570f69862d0f |
| SHA1 | 2aae9d184fa1f55709366ece691305a7dc0bc1cd |
| SHA256 | 60dc2b90978ad4ddc8742e870be8561ed902055eb4aa78be8b97eab828cf7181 |
| SHA512 | 580e3d060082bb330956b241393cd028df95f052149e1cc503dc055e498ae651bb8a6a4403f67106a473888df83495c7bc22e1897891a6a338955da9e4347a1f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 562b59fd3a3527ef4e850775b15d0836 |
| SHA1 | ffd14d901f78138fc2eece97c5e258b251bc6752 |
| SHA256 | 0a64863cb40f9d3b13a7b768b62e8b4707dfee1d3e86a07e999acb87bd7d3430 |
| SHA512 | ef9fd3d83ab85b18cf0e0d17e2c7d71936f783e3ae38005e5c78742560332f88be7c4c936d4dc4179e93fde0240d2882d71ef7038289c8cbddbfc4790c0603c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c1ff2a88b65e524450bf7c721960d7db |
| SHA1 | 382c798fcd7782c424d93262d79e625fcb5f84aa |
| SHA256 | 2d12365f3666f6e398456f0c441317bc8ad3e7b089feacc14756e2ae87379409 |
| SHA512 | f19c08edf1416435a7628064d85f89c643c248d0979ece629b882f600956f0d8cd93efbe253fa3ec61ad205233a8804807600f845e53e5ed8949290b80fe42d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e10756683fba82ca1bbdbc54df9cc7f9 |
| SHA1 | 3edda35214d747144dac59c70bedfe46246d6034 |
| SHA256 | ab08a06bdbe6ea9d293b94784def3f9b8edac9536fcac6a6ccd094732d1dfd3e |
| SHA512 | 1733971f3ea6ee2f42b647b8a43b7d74217806f365347f92dbfc9fcba0cca376d61dcef22e40addf1fbae9b51a245bf9dcb1e64b20768311a83eccf689844f05 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8c54d3ee810ebf24de63a3d25cc46032 |
| SHA1 | 0f9cd54478c21d58d16398a88ca938faab04517d |
| SHA256 | b16c727086038791dd3a2210a89811e7db832055f326618b9d5d8f04ac4ac797 |
| SHA512 | 7b5bfdd371f414ccc6fc082b700b45a42f1a1a104351af0be7252a0f7ba15e38fa9a6af6ae4db7a575e5ee138ee1224c33187343012c44dee497c9621fffc705 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a3e5bce4cc4834b306c263414b60c054 |
| SHA1 | ee005ff0e8eb0bb547f4c3d6afff20427a156d98 |
| SHA256 | f5ba7414431fb6cfdb96fcbbec80c00d4548a18268dbd46f61e682d5a9978268 |
| SHA512 | 3ceb0f743afda3f5f86bffaa71b7740356f319c32dd005b4a0a0d51e5195f862e98f5a1e87bc5b42def8db223d6fb72a7327bfa3c808c87f6bbc4ec4a82b9a94 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | 6d3c25de294d27958fe9151879026fe1 |
| SHA1 | d26788a3d86a71397fa2dfbcd8f66264f8071507 |
| SHA256 | 615520069a22132aa4e2e822eaffa71859512f2df84f7eaf34a4f31852f41b5c |
| SHA512 | 6600537c5e08845f35cea335077d4321a77fc1c1c7d270202e4f15a6cc3521beff35b033097134dc5fc3d171abf4fba9f55cde0b8fb93ff4b9995be3b847d3b7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | d6b36c7d4b06f140f860ddc91a4c659c |
| SHA1 | ccf16571637b8d3e4c9423688c5bd06167bfb9e9 |
| SHA256 | 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92 |
| SHA512 | 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | 7d5e1b1b9e9321b9e89504f2c2153b10 |
| SHA1 | 37847cc4c1d46d16265e0e4659e6b5611d62b935 |
| SHA256 | adbd44258f3952a53d9c99303e034d87c5c4f66c5c431910b1823bb3dd0326af |
| SHA512 | 6f3dc2c523127a58def4364a56c3daa0b2d532891d06f6432ad89b740ee87eacacfcea6fa62a6785e6b9844d404baee4ea4a73606841769ab2dfc5f0efe40989 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | 76a3f1e9a452564e0f8dce6c0ee111e8 |
| SHA1 | 11c3d925cbc1a52d53584fd8606f8f713aa59114 |
| SHA256 | 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c |
| SHA512 | a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 710d7637cc7e21b62fd3efe6aba1fd27 |
| SHA1 | 8645d6b137064c7b38e10c736724e17787db6cf3 |
| SHA256 | c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b |
| SHA512 | 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | b38fbbd0b5c8e8b4452b33d6f85df7dc |
| SHA1 | 386ba241790252df01a6a028b3238de2f995a559 |
| SHA256 | b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd |
| SHA512 | 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
| MD5 | 32f58aaf5a515bdbb3d13f72879d2bf0 |
| SHA1 | 1742585148dcce5d9a85464fdc5b25f394e4736b |
| SHA256 | b2be2096fe98a9b55d92512ae7859e8ba6a54be03afd7eb454b220f9ed888ec8 |
| SHA512 | 28c693e9a85da7cd7441209c60c4da4b9b6b7da7555c86c2039387b470c453a474a07597069959cccc2840360f76dbb307f88a77e52248adcf8de71ab99cbe19 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a7214.TMP
| MD5 | 8909effc62dcd28882fe206d9ef44b5a |
| SHA1 | 76603b1f69390da008b18e52e7acc878539f266e |
| SHA256 | 2a66f0f9b243063a6f90580979a3af4fe5a9f18ce1e04deda0a32f5da81fbbe2 |
| SHA512 | 8c9d42a6d45a07ec709f4f86215a8bb9aa64688183c3e1be2c7e1441a43c27977da874a0aaf0eccc82c94478ab5e68804e3e84c03a4f553b584eaa2dea176c4b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f42539e02a550826117765a6110e9baf |
| SHA1 | 90a89650485df9d6c450995c2a4a4f4f569ab030 |
| SHA256 | da7f94359ff8f0df8e0aba15af8b22f643cb2784711fb01656b172470736642d |
| SHA512 | f811ab2ec8789451e374c5a2245823fe7ff7162fdd815b2e587d04a13cb3ac3669f9722c025b473804d3f0645b4acdbec40ca330d55abe1a6eb141f743c7ec20 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1a2f01bff7c137844e846819a899f12d |
| SHA1 | 30142bae27c156637e85d8d62f6b2fe301bdd304 |
| SHA256 | 7ea51897c5be010584bf2706584f40c728e034b1da0a7a8e555bb53d36f5ca44 |
| SHA512 | e5627edae25d4af161083426fb3de2bd5cdfca6a0d5762d5407a8b4c74b014f571750c4d950d2291ca95584dbfe0dc3a2afd1b8a7bb50b75460736fe3cb46c33 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 99b7647aa694c08328152422791372d3 |
| SHA1 | 9c992aa81e1570e40bed5e9e5be2c903f89cffcc |
| SHA256 | 1408ce71b0878294ad2cb8ef6239b9303752be20874671053d07471dd5e4f5c0 |
| SHA512 | 3ef0a7f9b3d2cad62cbf6adcd4a9dabf4d3a68670d6bef9b689ab0cf68af6d2858b9d5c029f783cb136cddcd29f387f0477566c1620f7c0c4bccd3caa37ab97c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 432e1643d2f07f273d4ede3d39deeec8 |
| SHA1 | 040b3701dd5f594768bfed90de796309562eaa86 |
| SHA256 | 99cbac26eab28574d24c076dc66e833e9cdb22a156a42ca8d2582346fae1fe91 |
| SHA512 | caaa07badf05f9aff859b8a313459429431137617258ac7ca8014a6a31aec08d1c29624608839798cefb37dd8a5eb544cdd69fba9388c8a64cd8a3e596a433d1 |
C:\Users\Admin\Downloads\Unconfirmed 752950.crdownload
| MD5 | cef0ae1ab544e40b659261a4e07fe48f |
| SHA1 | e5ff855ce3c7726a50eb50a634ff9f406b3df093 |
| SHA256 | 713263085499ae626a6148fab67932c9a69611b21ac3d04cf52a5e23495f902e |
| SHA512 | 1fb23b385e6cff3653f0b4b397d092c7be4df62899c97e18f675df2024e5f06ef2596fb626b85ae2ef7d7583c5bf54b00dba1a5ad566c2707a669a48d9814ba8 |
C:\Users\Admin\Downloads\xmrig-6.21.3-msvc-win64.zip:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 222a64cb179d5f2aecfa718dcd695f7d |
| SHA1 | d2f4c04ed6de36abfc17b5d036f4e3c222843539 |
| SHA256 | 706375fb1fe4260e287bf7a3c52af371c4cfe9a9cb3e835727201fe7e15236bc |
| SHA512 | e7dd88c27427cff537370408b8b83a95eaf58414d2e4e8dd8b9e7f2a448d30d62c00b7e1499cd01f83db7d9746eaf4d490641403031267bed1c91b46a84d6a0e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 13738d7f668e584e6e6a5b2813c4c182 |
| SHA1 | 46af702cbe8f2a829199c6fe7241c3c217a42f00 |
| SHA256 | 267d20c6205d31663d6e5a8289a1c4ba2eb48293ae7a02393ac16564bf6f2b9d |
| SHA512 | 14bf0d73473439a2b0a0a3d2f07d1464ff0bd73f57a92dfe5aca5ab0006834046afe69c8fca96b6912a46e3352472f166e5200f94ac50a2b8c724d8a91af552d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b00632dcfa5a957e19900d58f493a44e |
| SHA1 | 1c59660a2df3453dbf70a4484a2e5c300a1cb4ee |
| SHA256 | 8ade2a048aa2756d58c67c5e49fe668c0935506f572ddf9ad96ff32c52fe20c9 |
| SHA512 | 8038745e13531188a2d211341a8dc76dca046270aec3cf2f88a12c2983c598152f82c53d252c6cb9c766496ef1ce0ae64c7ba77e526fc93d5732f26d946da682 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0d3b433b7b93ed44257173abb4f0d5e6 |
| SHA1 | ee1b67a5f208b535fcaf1125d2c26bb12c66157a |
| SHA256 | ee361e6f37ef26e39f0c7b076c7efa47e5b07eb29277073061b31d011f80e5b1 |
| SHA512 | 1994a4e5260871620975e8e2d14711dd951a8fa1d7f3584b8667693d742819113084d4bef8d84ac0988d5a50c1501848aa5b15ff7ecc6787fb292f3d2fd0e46c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 975dc495869c94b33da7aec03bef369d |
| SHA1 | 09e9c2c9bc84e5087d0f14a16b23dd695c161718 |
| SHA256 | 23aac4602fff4b3444052efccd5689c08a931b058fb3a5204f7438ba2ec0f304 |
| SHA512 | 63c189760fc6ce8e6b0b48581eb637d7ac55cef88d1881509ab1d93a484d03d36c4bb45b176871a3b691e896f46162d7a39500262b37031919c8f98cbada4989 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f23dc9335e0f0c33cfbd15e141f357fd |
| SHA1 | 35d5755d8077a087ac022ab9ae6db1eec1971ef7 |
| SHA256 | a4931963aed40d4fafbe2848dcecd2de06d79d8fd027eb49dcb02f0e92e63c63 |
| SHA512 | 57b419bb8ff32b175de1dc1a114e3a7c77ca76eff6ed8a9f92671f4da8fb869a52e1fb230a98be3d6b9ee5109f40ebee6d95a665c6be915b585337dfae70ea45 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ea745937e9060bc9ab0a791e39b1809d |
| SHA1 | 383fcfa21896d7599ccc643168429c59eb83d562 |
| SHA256 | 9351c7aa9e86ae2bf9ab3f62c1893c42e5c2a15781e714c2b67af7ca4b09867e |
| SHA512 | 1fdb61f17eef1d6cc0542399f006a51dcdc4b9e6f05b41b373d6db6555493700de09488654f20ac64ca08e850e4e942e11fa05fbac8e4746b70a1671905a1345 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 81c0ba0a8e68098732c0dde2786a5965 |
| SHA1 | c9a67f0484a0f4dac792508f018063f1e7aad176 |
| SHA256 | a54ec9a597c52039cb32e6d2135799409545a772439f7161f247f429b892bc49 |
| SHA512 | 8cdcba7054ccf85b2fc810d0ec21f03d2b86e43d430ba1608a2961946df66b7a6f6adfc77d928da6570f74c36fafc88a98e59ebcf37f8bb51874b05f9cab2df3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e44f4e1d233de719c908c35f2aa3986e |
| SHA1 | cfed8961cbf10046277dbdd6d3eaeeec9710bfb4 |
| SHA256 | 068ac092977847ca54880a8fa8a60c09330dcd3853db87dc771926382f08cfab |
| SHA512 | 9817541d809efbb8f76ed1494e7ce69a7d0c8f20a675deb317211812c85879dce8226da8c24f48dbe4ac1deb0a4c5274adf3ae298ed2dfa96de80fd7932c7d11 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 237ea6b2fc270ae523a1302d113538d7 |
| SHA1 | a8b7a392456e6394deb6c3dc363ab03058d5db8c |
| SHA256 | 56e76c4c24864d2acfed2bf6ababc088587c73a80c2d3f7e707e7b89cda9ff78 |
| SHA512 | fb5ccc8947b35617079b21d44a658f41869096b445831cbe2cab92486b1373665e73232f5aa3b2d2d67a5b6b74227e5840b41c526db9cc7d565417c4327a6e9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 40feb65ec9ae91dbd13f33480b243ac0 |
| SHA1 | 3ea41f66280843c3f7e5811a8a8b0ed12a514ed9 |
| SHA256 | d2c737202d95c7381bef778b8e5d3ab9594197e9e4b3ed1a25a695cfb2cee1f4 |
| SHA512 | 0ddda01166da50a3d4efe9d5182afd8ee39d762fb097775838f3641c265471b2146935eff42157c52b450825cdc35bb9c88d91c9962b1aa3b798b3f754212071 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 1f05b375f5e97b7cfd4a4246ce8bc726 |
| SHA1 | 9da210250a1d0d617285da5f1918908db4fde04c |
| SHA256 | a04d5fdb311ff397bf9a36ab17253113e8c4fc6a9605d9b1bf098cad540b1d3e |
| SHA512 | ce523fb33627710c140f1dba77a25abecb54cd86a0e5510c94d77b6d07bab03c0994b60abc75a6a92ba6d394fc80b4cdf71ac1d103fdb203c295f3f0f33aa855 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | edee0ccc029e6db8c5190922c1d5d711 |
| SHA1 | 604c19467f213765cd60eb822362303426799957 |
| SHA256 | 3158f14e641f457d710ab0a41d3f2d380e0c94f1f091c2d78e096cc40ebdc156 |
| SHA512 | e769f5275049e95c76a51c0007d887915dc47200171b689ababc3b5ae994bf911825034e6a0f4803b7ef7d2b4ec763025abeeedb7df5b7832b56482e13307b0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8fc994a18bee94dff7952aa750ff5777 |
| SHA1 | 537ecf66b2c7d234f3ff6e7c7f8c22bdabce02cf |
| SHA256 | 32dca253d4bc17b6e350f6d7b3751499ab22b319860b34fff1bf3e714c3cfebf |
| SHA512 | c0ee168ae4cf4aa02007932a09ba6de5a5040fc6199647dba855e850b4d45ba72592ac43dc727120fc3f4e2a57384b69e354a734a65e6878b36516fce1a64e03 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | de2a1193d1d6c593caf03ee3c66fae82 |
| SHA1 | f5ada925c49bcc113d93721e75099cdfb035bd9b |
| SHA256 | d88acb7665592edaf01660feb2d89857e06b4c1f94ff1b85aa5465bd5fc550e6 |
| SHA512 | 57de413048664e93c6561d91e41d2d121e027e00db34c8a55aa9678d6ee9cbdb47cadce188d0fb32e1ef6f0e8e8e2870db64acc503a5f8f501b7aca86aedb394 |
C:\Users\Admin\Videos\xmrig-6.21.3\pool_mine_example.cmd
| MD5 | e38e736748000dbaeda92531def64b30 |
| SHA1 | 2a7572d54e194a71b50767e1f8c05efe046279ca |
| SHA256 | 44705123e89d187bb8641918c5cc5a13a7825b5c4899f72795f355cac970c49f |
| SHA512 | 196666c75ab71b7577048cc66a43b74be8931ad351860490b1ac4eeda0a2c166f69c857540144c85b00b9d9b55c2adf4a7fcc5427a4ac916f6f8df51c020743a |
memory/2576-1662-0x0000015C05800000-0x0000015C05820000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 5427f2eb09c7eba7133b6ccf4d6c777d |
| SHA1 | e0930d342e01b408b77c69f91e62e8c5979c5665 |
| SHA256 | f872931bc7ef0729dc73c7bdcbc9866a4fd6254ed14d1cc4d867c531344fec03 |
| SHA512 | 81e9326c4929270a7d291be23512b26d942ff992a7b06895ab6fbfd8fb092288f7186dfae56a751d2a8e6484924462abbf8b688a423caa8343fe6b08343bbd8b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | bc6142469cd7dadf107be9ad87ea4753 |
| SHA1 | 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c |
| SHA256 | b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557 |
| SHA512 | 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | d97301e4874508894d48d4080c0ed9d3 |
| SHA1 | 0dcb6deaf02d0af47756de9323cf40cb9d82a6fc |
| SHA256 | 7e6c61f2646d09b1e1f4b928a2532bbffca9a1758aef170c2e1ffeb901a3ceac |
| SHA512 | bbfaf0ce8ec38131ca55be40164e0c36fdd1f8cd6de66a0c02964044789bd599cbc2a2673f486cce717b38082b57406181174de926d2a0fdf52cd94651449a10 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons
| MD5 | a9050356ecf2debd42a51f1cb8aa3c3d |
| SHA1 | 630d0c79c61647cc9f24f4a01d8179444320c61b |
| SHA256 | eb032bb0d0d2cb5973909f05e91c20afdec44240283ec329ce353d4cd67cf9d2 |
| SHA512 | cbce7a3c84f46312625dd8bee3bf3e062930c5ceebeb3e4b098a894e99f71872b936a0f1e72517e95c56c9f8cbb8b5956b5c2b4e3e85f56e5a987b77250e7df7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
| MD5 | 2801a5b88917fd34857817bfd4bff51c |
| SHA1 | a03f95f882316f530c48c7017a8eb6c192504d1b |
| SHA256 | 06fad6f60d737ff5ea8635b078c5ff7e3440d249e5552d79cb40de61c3223b73 |
| SHA512 | f99f3350bde9dc3f5d207a7284bd9babe4c00aadee3db122ae78f3266ee0a181177474fb695b97ebde6080256bfba386cccccd7dd50fdab395df3120fcb6814e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\44396ce8-69d7-4e36-80df-7d044e16c828.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003
| MD5 | b8e8bb712395a77ee47761885e9e0760 |
| SHA1 | bfbb191fe19abc21ad403ac05881ea99fd98fbae |
| SHA256 | ee0034cd53d1e5a0cd28d150f41cd106ee035b7957c2760271e0e65ba1ca54f8 |
| SHA512 | 3811e0ede647d17c9e9dd1c7f80c5f14262b181023ca1af86384464faa3971afd39ec9f8d7c4a7accc8aa4f81109921895da3ae5fab5dae4ff9339e9c3830193 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002
| MD5 | c594a826934b9505d591d0f7a7df80b7 |
| SHA1 | c04b8637e686f71f3fc46a29a86346ba9b04ae18 |
| SHA256 | e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610 |
| SHA512 | 04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3
| MD5 | ac5326cdf08129e93bb371fa7b8df7ed |
| SHA1 | 3dd8e1ce249bdc43f7395cc704163555534e3151 |
| SHA256 | f7012298b01509e7dff0a6224a6180dfb06d96a2cef589f6829d6011a79defa6 |
| SHA512 | 79d15896c93fdd547943b5b4bb72adda115d4665c1542eec31766d119442c6440115ce2052d40dc4fe362d4699d2bc12fc221259ed629566e1408f65b6d8d7e5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2
| MD5 | 55c1dd8240457c56907255cd086a7bf3 |
| SHA1 | 4cec7f24361ac554e8a521bb3b067973c68986f0 |
| SHA256 | f290f03028d8897ed18c6bcf59699a8d682706ffdcb617c10697872e7282c617 |
| SHA512 | 9c2470a458b8ddd2e04a0ff0626e47dcd1baf3212538f5dcc4d7640d04707fc29f5e9ac91db5bb6622a5c50138930e3a80cfcb3cbd82a703232b603de61eedd1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1
| MD5 | 3fd007ed418d4aaa8eae0779f46c9c42 |
| SHA1 | 134975b1b8f7d11a78e0d92b5d43c5ed7cfcf68a |
| SHA256 | 804e49e4a2db6bcc327e8f39257febdd9027f4a2650f08b84cbee8f740b2ba92 |
| SHA512 | bda1ef6f65bf3921e7cdcd0898ffbe4722532688a3e7ebeac3b5ba3ef076fbba7aefb06728e2e4831eba71138046eb494a5ed74167311f821d595722c83796d3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History
| MD5 | 1213e08da59e112d57be733fda20a26a |
| SHA1 | 1c822be2c8e398f27623490a5bf4e8b2a8d19e14 |
| SHA256 | 89baca66e0150f6c103b3042c4bde303941fdabe419929ee7dc995fea8e48748 |
| SHA512 | d322bb1c7e038c89841b3beb995b3dedb2af6fe6147356b7fe3b4e3eae70ce7b1d8e02b7f701742599bb49ab68fae893eafae3e781267a770744f8699ce473ca |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0
| MD5 | 4055560d6f7fdbc91eb71223b44356e0 |
| SHA1 | 270996e0d9199e8401059d59cf85d5aaac2880d6 |
| SHA256 | c71879a2286db72b54ed8e9972e529265a21f8804c48df22e7fea866b8c590f0 |
| SHA512 | 30c91f2de4cb39bc7aa8acbb9bac448e85298bb033ecf423a03c7be6473859c4841447e6350f6508bd461dad91a41bc1e9b43a998c1d3715fe23337e2040f4c5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db
| MD5 | 8004bb6d459fb55b560c68322ac4da0d |
| SHA1 | 3aa22105103cc6c0c91677086fe7bec7d4c2893f |
| SHA256 | d00b7b3756a9eeb3c6858ac8f0ebf638059537e3aead7f542dcc4005669facde |
| SHA512 | f49c3266371d0338459fe900a73e008b6bd67e6352ce426b09195dbc83d2ebe64364650bcdf6cca383713dba216f23c0751da0100d103484a820525f9c0ff7c9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
| MD5 | aaa1d3398c11429309df446cc70a4b24 |
| SHA1 | 426037d880450cfe67c0db4e8836d8cf67c3af33 |
| SHA256 | d3c5bb416732a0643cb435ce980e4cf7ed0d96375d6d1d866565ffa4cf5f4e31 |
| SHA512 | 5400a74ad59ee80e11b97e884bedee53af567520b807e4c3c43b68446bb495a967e22838aeee4bfbf02486ec5abfb2e821c5165ab2b894a54e0d7eb70c7355a9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 402d848b780559257262fd28903bfe9d |
| SHA1 | 0fe324b6d836f820a3010ee20fd6e75ba84a2433 |
| SHA256 | 8e3ab4e499865e9545ec7163d998d97183a49f5c7d69227343c4dd3aeaca48e9 |
| SHA512 | 8c73bafcbce0f789e4c92e7d7d545a9867fba8e7dc387facd098a87b4681acf13a765b2f6d66ef3acfa24a0337b3af6f94f5be5a359d533bce085ec70f6d8ef0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | af86a37d0efd5b3a9968083d71d53631 |
| SHA1 | 339c273ac6f13b3a831874719308eacd80d7882c |
| SHA256 | 8bf4641910d81a7a66f16d8a53693a64825d8c4744f4bb1f747fd8fcf12edcee |
| SHA512 | 7f09be2ad9f417fd8427ec14034e3b3c20f11d3f8df6cbb161fd242d3e23269d11a572a84dcb1b6dcd874d6c396222c517d8ab9a6392cfaaf2a6854ba981b93a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 50a8ff7e6dbed15d82edd9531e403539 |
| SHA1 | b8ddbd1b1db0656f082e3263d2dd4cb427f9a146 |
| SHA256 | efec535ad5f01fd832e536a920b41d8989ea563a7d9a2613a25e4769f0628b94 |
| SHA512 | 05c74965045d577d2c42454748bd6e6bf6015a4660cc08694574fe6ed6aaf4f6858501b3f23107d1fb48441238acffa42e8e77af427c5d19e54b3c3ae650cfbe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 9d42edf5bf4b69ab414dc8cae3190eb2 |
| SHA1 | 06a2fe2f2691874ad323145445c6cdf9ff409cb9 |
| SHA256 | c75e1b58d22f33b078905cbcc07b73285f54f798adb68cc8d07144d531c02639 |
| SHA512 | 02fa48b2195c310be76b7f481938d4667e623a16ba06ec1d492c5b17fbb5a814ba511c3e790106d1e4ae854cf2b46b84a2d1e8454497a314ad1768d471897cdc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c574c37e9df0308a2b9ba23f1f023b10 |
| SHA1 | 6c0beb8460db5a4f85cc75cb9fbd0f977fd79e2a |
| SHA256 | 2e29e2fa79d199754bd104986742e1a63f294517fd8062ec6075b8b3eb1978ab |
| SHA512 | b51286680d53d8df9b226c18266f3fa88396dc3ec9f593c61404e1b3154b61ed62ffa10b2e0d2a165e3bb0626a917cf4d4b8d2c10db75c375b5d400baa8ebcf5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5596b5721393a033eedc790955dddd10 |
| SHA1 | 3846092bc990497e42f1bc1bf30600db9143167f |
| SHA256 | 1b62fccb339fac29800ee1bdb52d9a33eebee7ef52fcba0b5856e665514eca50 |
| SHA512 | d850638e19f58d6d00d408a8e448c9502b50777e2acc16f128f319dda84042c3e2ac8cf909f11dcd4da339e28c82888b5a0027174a47f702e6c75627f9d7e84d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1a6cb04b45c0de704acdec4181a8a309 |
| SHA1 | 1a62eba0dd1b09d37b09755fcd891c72e759fb91 |
| SHA256 | e22f49b4cae2fc942a18eb34fe77f921400652c6950cae4159a27836f04d1e22 |
| SHA512 | bc44fcc0b6434b0a7802c272805ca30921e30acc6a534950c3e249d10d141745641e2f1e4e34f62e2ecc0812a15f152fd9a6ee5ee67edbf21bbc06759f3fb4c4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4682e15ac42177bbfe8e30c4e2a5b436 |
| SHA1 | ec94f53a41cab2c5fe5c57f290f6abab4fe3f726 |
| SHA256 | cd9f39c3062940b883854a03026a959c54c940b7a2304f9f79d86aeb386ac6bd |
| SHA512 | 5ebff340938b399393807dfc97cbda85db0500002087f52aa3f285bf65ebe9cb7c3899f8c51241b321b15a9a2bf9bc08f369bc0df189a1420e7800220a4edd07 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9a07719800428b157a161433757bf4cb |
| SHA1 | f07439a3bb02420759e5e038de9a6dd3cbad6844 |
| SHA256 | f730f8f1c60f34ddf86840b529f02cbe5d2d39bf877036fe5507b725d8ec227f |
| SHA512 | 782186cebe5f181fb66960c4bc3bd1a4dd3e4151189ca81c55be887072024dd5ad34b7bb3a3f196c114184e68f541b9d54792612ecfad7109a491bf43eced025 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 49f05c9d6c585ce1360b0b7384a2d31d |
| SHA1 | cccbce1a9ef003a97a39754581e581430b2df088 |
| SHA256 | 6c1fbd10081d9c7cb9de90e5cc8194ce71e4053df9c2e32d4f7ca09aa5d0f870 |
| SHA512 | 049a2a1448a65f7de0e3c7e3420f6508db059e7224d3a7b845ea2cf3b63185ef1705137634ca0e61e25a17b108896a2e37b84f42e9188e7c835c26cbe9ab62ad |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 0f82e3df9b32fbd7048e793e6cbf9ddf |
| SHA1 | 50f977c593e8073afc41fdbf787ff545cec5bbe0 |
| SHA256 | 75662dda2bf97ab6c143b54daa6ee488f9d3d860c5308a0f9efefee0801b98f8 |
| SHA512 | d75732d4a35b8ff0cc2804c807bed3a13097e4a5b6d24a28ed8fb2a0dd67dfc95f3530cd597a41f7042f237f7056f08fc1a74a7df670282fef869bc243c02e7f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 0efea1714091921e33da30062492c47a |
| SHA1 | 6420f6c664210fa3f66dc72985902753e2bef8f9 |
| SHA256 | 15b056aa423479fb485e0910d83a83feaf28f40255987804104572aa1752cc29 |
| SHA512 | f780c40dcf282ebb6aa17179777a234ed3d67edee249001a306ce308dbf8befedae1278e3bd5f06a007f2adf6f06e7925912a1515a2b0dc3b2faef07129b5843 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f2280e758da7d6f5a8a510d233f9a881 |
| SHA1 | a70cc65d32ef20293a53281e6cbaef2b91bce911 |
| SHA256 | 905a34ffc5d57fbfcc05cd8c3427d4bb925a8bf0033819f3ee03349684759e46 |
| SHA512 | b742b447d07c62e467bcd16e40dcf2a1f0a1970af9e65eecbe5e0a9b49d759f5121347249ad9b29ecb8f8ab1d396b4559773e697f9e2a9351faa42fdb7fee117 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 1f532761a71c93ac538a015575f6bbfe |
| SHA1 | 20801f4d483a48fab41624ceafbbebb0bbbfa927 |
| SHA256 | d4611956e8985cc26813e9a697bac37c4cc8196a323320bdf94f47d237cb212f |
| SHA512 | 627f9b7f4e05f1bde2b1c495c0fb2d3b4bbc49a3634eedfcd6ab8d590ab152d3846d0196bc90c208dd096a3c4b584859918d1b18db762c2b715341fad7c0f63d |
memory/4768-1914-0x000001DA59150000-0x000001DA59188000-memory.dmp
memory/4768-1915-0x000001DA754E0000-0x000001DA7552A000-memory.dmp
memory/4768-1916-0x000001DA75490000-0x000001DA7549E000-memory.dmp
memory/4768-1917-0x000001DA75530000-0x000001DA75568000-memory.dmp
memory/4768-1922-0x000001DA754C0000-0x000001DA754C8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_auyxhlzj.kqm.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/4768-1931-0x000001DA75890000-0x000001DA758B2000-memory.dmp
memory/4768-1932-0x000001DA75790000-0x000001DA75798000-memory.dmp
memory/4768-1933-0x000001DA757A0000-0x000001DA757A8000-memory.dmp
memory/4768-1934-0x000001DA75370000-0x000001DA75378000-memory.dmp
memory/4768-1935-0x000001DA759D0000-0x000001DA759F6000-memory.dmp
memory/4768-1937-0x000001DA75B20000-0x000001DA75B32000-memory.dmp
memory/4768-1938-0x000001DA75B80000-0x000001DA75BBC000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\gx3irhnf.tmp
| MD5 | 3224343ffc8c62e11d749781e0dba44f |
| SHA1 | fa11052b09277e19a86b54f141348841d4b31d82 |
| SHA256 | adae5a257718fb238a9003f744975c3d3011aea7cbe773b83bde9b2a9d739c7d |
| SHA512 | 755d99b1cf641e4d2e341a0c6a7681fa0bf8e3208d070009449bf1c834998fadcf51e07e16a19011a4972b3beb92c987d28b1086e38af51c05fdc60a5bca3a03 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 93fc21bf468490dadceda28a3d3b16cd |
| SHA1 | 41ffa55270305a67cc5aa63e98139bd2a6bbaf1c |
| SHA256 | 9a5f7dfb9ccd03edc013057eb52539252c3bb4954bd61945c8445950ccef9d79 |
| SHA512 | 14f0ac6981f4dcef1a9eeeac4e3f0306a25114020072d2805cb6bdeb56f931faa733d107790c07e0f645ef4e23948fe35751d1b084c6b77703b890fa149190ce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 89d14887e69b734382aa0d8b73ef9105 |
| SHA1 | d78a324b274e647721f2d93c5ab982999ff30eb2 |
| SHA256 | 7f683d45f600064d56fdaa6e10e0ee9491da612580e8be0c06ef54b467fe2b8a |
| SHA512 | 408db23017935b207fb54367317dfc18c54729213f43b2a36b9451d25611c269eb175abace465dc99cdd41aac8e9b4d09307246a243de558ee0b01ba5a5a0dde |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 32273c4a35369c5cb15aa4e2734153fc |
| SHA1 | c8b48f5e8b0156cbeb943cbd85f5801966742e58 |
| SHA256 | 7ece21f8bdf9b56b4d0f90095fd638b6b559406e3f0bb0d1de1840892b793380 |
| SHA512 | d3d27500b674bdb118a725c33090ec345aaa5b8f5af95c08fc76eb1246c814b834c069700fcc6ad63fba3dce22b8bea5af697a12172b87250d318db0e60b4300 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e56ef8274aaa76e9e2f510755024e44f |
| SHA1 | bac799f0281ee22fbd115cf4c1840fb47dad0b87 |
| SHA256 | 1fba9cefdceb43609112e6152158844dd005f878cacd66bee7098129f8c8b22c |
| SHA512 | 81c3be45204ac8297337bba0702c165f8c53a7d6ff38476645a244bc1722e7a9834fcf9a907374623de4b0cc4d6aa70b253c49f2a6508733d3095696b5146d54 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | cae337ac032eace90c86f1276d8867b7 |
| SHA1 | 0f911a0b35b2ed950c667579caa911fda6a18111 |
| SHA256 | 869b1b924ddd86e94f00d58312ab831c87e9bb3657e9eaf95acce0f01b8fa67d |
| SHA512 | e222fe98bc9b055bb40ce4990a871701a900d4663d520dc21f291a71eb0fdc507062310f0d0d2d051c087691b6d1192077d30b6fc46433a10f93e798d05de101 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | aafcd8a9fe71f81562b39ab1f7dece81 |
| SHA1 | 1c91ea568224b58ec7664ce2d785fe92ca537d54 |
| SHA256 | ef0d8fdaf9fa3db621495010b0e99fa9da5b3bfa500d48742086d0b0725e9d30 |
| SHA512 | 730731ff1b35acf11b360a0ff877856802290db6ec84c3e913bfdc97560575de247bef533ca53fddbd9a996d666d16894d8263dd5ce991016b382e3ae1765b40 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | cf52effae44522c74ee8fee714e9a9bf |
| SHA1 | bc7d5d8bde2c4ac3d12d04fdb22c162e6263880d |
| SHA256 | 890b72217ea7133aa70ffdcb2d99c06733e276eb47d336bfb93ab07d8e12ae50 |
| SHA512 | 4f8c97a7f7840325707e8bc5f3d11025674cb6201e657296fccd5b55fb760cceec53f210a6fd04291b0908787bad7112c88eb175688c70c7e4bdf1417450767d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | dd833dd618bc3ff61a9db7fba6af042c |
| SHA1 | c7e43e3f6afdf3ae8efadda0028d7ab89193619f |
| SHA256 | cb108124594a4490c4841e60aedede496a0bf70785615e04683dc4b487cacba0 |
| SHA512 | 978413324248e19b92b5c1eff8248bd6eb7a1074a4bce35261fc62e6d8abae977ff275feab894b19d482721d597a47d0bf2f175373b0674f1082c175c2923af7 |
memory/4768-2101-0x000001DA74BB0000-0x000001DA74C26000-memory.dmp
memory/4768-2102-0x000001DA74B50000-0x000001DA74B6E000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\4768.xml
| MD5 | 3ba1f2e9642122f4105e15b8b9ecefe4 |
| SHA1 | e8991133b02ef7ee207fc66fb34d9144765f0944 |
| SHA256 | acc5e3b058b89b2e74d80b9ee87358e9c7e9600af111cd4e9cbe49fc326a7f52 |
| SHA512 | 0ad14e2a0b9e8ebdd0300c67b4c9c405a54e2970690a2f8888c9313ec05828f98400ec453946b030ac9b29ccf4676c30b3e52b7800ae1576503b3d00c25d369c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 410a71accf26cb771793386a145e9779 |
| SHA1 | 25a23c133bafefd7da26fc26e76108f87c6a02d0 |
| SHA256 | 7262b3683bc20aedd443c5da1592ff711c78acab5bf62e704a2518131a5435a6 |
| SHA512 | 37fad5dadb5ec5631ae14db03438acfb2ad9d727c61853eed587f2a36c0c4412234f683177cbb9c5767b2169e9a07c54a3d4079596fe5981eee858ae5d3bcbb3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f98d24900f700577a76bfc50e0de8d7f |
| SHA1 | bf67f97e9006dcd09f010ab03877f6debba8fe07 |
| SHA256 | 29388cdf1b409bb5e4681d2540192fe575d9970f86b4810d585cb90ba8b1bfe7 |
| SHA512 | cb6b14e3ee93a436dd5baf636f4ea94b754fe578ba15a388f75d54ece51ca05602db9cb76cdf2f953939fda30efe04259bcf8c214cb2c091f6bad93012690c94 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c229649551c5596f40bb09a26f09cb88 |
| SHA1 | cc28e874c8b4e8c3dd73d52f3c6c18e7298418fa |
| SHA256 | 67173c101803dccc675331c8e0c6f9bd224cb11fc4e27b3a694e5054aa0c0a20 |
| SHA512 | 5187166d6d7df2404a895217ac86c2e92c10bb0cb810ea0227f2869d1df126e62b2237d555784e378dadf272360293aaaa94760fd4c567114e058562a20a40ad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9cd95cf1468ad46afdbf66c70e1595d9 |
| SHA1 | bceaea1bcb713f52e615421aa9f8acb72dea003f |
| SHA256 | 12a727cbd07ec6697b5ea76c7b3ede8f72a9a534fba506a6343d85900021da42 |
| SHA512 | e50596d1981093127392a62a2747bfcce76e4f1db2fb8faf0f01c358ab7f5a889aba781ffa931d6228d1bba8b1e94e2fd4d3e4c8db02606166f5a9abeab6bfa8 |
memory/6020-2268-0x00000225D1F30000-0x00000225D1F42000-memory.dmp
memory/6020-2269-0x00000225D1CD0000-0x00000225D1CDA000-memory.dmp
C:\Users\Admin\Videos\xmrig\xmrig-6.21.3\xmrig.exe
| MD5 | c0f8959614ae06561216158d78a787e5 |
| SHA1 | 73167d1fd0cee1c96a6505606d21cbfe4369eb00 |
| SHA256 | e199d88569fb54346d5fa20ee7b59b2ea6f16f4ecca3ea1e1c937b11aab7b2b0 |
| SHA512 | a24fcf344d08c64ac301d5e4979f062b5e28e8e4acf1d2790916149ffe7726b0c4a11e0775aeba6b841d2d5081e1bd13e2b80390bf9bfbc44d67e54ec07cd746 |
memory/4984-2299-0x00007FFE20570000-0x00007FFE20580000-memory.dmp
memory/4984-2301-0x00007FFE20570000-0x00007FFE20580000-memory.dmp
memory/4984-2300-0x00007FFE20570000-0x00007FFE20580000-memory.dmp
memory/4984-2303-0x00007FFE20570000-0x00007FFE20580000-memory.dmp
memory/4984-2302-0x00007FFE20570000-0x00007FFE20580000-memory.dmp
memory/4984-2304-0x00007FFE1E230000-0x00007FFE1E240000-memory.dmp
memory/4984-2305-0x00007FFE1E230000-0x00007FFE1E240000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
| MD5 | e774db0660d4414e1fb22b97ef92638c |
| SHA1 | 3e202da7832f2114cc3323fefb26f7233b79136f |
| SHA256 | 650acc943ad3b83d0a8e00ec1eab7a0070b3b303eb6051509527ad6e85b78d01 |
| SHA512 | 3fa23dfd134db0ef108d2937893797a0df192fa7ec717705a1ee7010cea68e9d93862da2b22bdb9bb7605c1116452bdfc72658de366c21ee256192c55ea2a43a |
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
| MD5 | d29962abc88624befc0135579ae485ec |
| SHA1 | e40a6458296ec6a2427bcb280572d023a9862b31 |
| SHA256 | a91a702aab9b8dd722843d3d208a21bcfa6556dfc64e2ded63975de4511eb866 |
| SHA512 | 4311e87d8d5559248d4174908817a4ddc917bf7378114435cf12da8ccb7a1542c851812afbaf7dc106771bdb2e2d05f52e7d0c50d110fc7fffe4395592492c2f |
C:\Users\Admin\AppData\Local\Temp\TCDBFD0.tmp\sist02.xsl
| MD5 | f883b260a8d67082ea895c14bf56dd56 |
| SHA1 | 7954565c1f243d46ad3b1e2f1baf3281451fc14b |
| SHA256 | ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353 |
| SHA512 | d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e |