Analysis Overview
Threat Level: Known bad
The file https://github.com/TheDarkMythos/windows-malware was found to be: Known bad.
Malicious Activity Summary
UAC bypass
Executes dropped EXE
Checks computer location settings
Obfuscated with Agile.Net obfuscator
Loads dropped DLL
Legitimate hosting services abused for malware hosting/C2
Writes to the Master Boot Record (MBR)
Enumerates physical storage devices
Command and Scripting Interpreter: JavaScript
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
NTFS ADS
System policy modification
Enumerates system info in registry
Suspicious use of WriteProcessMemory
Modifies registry class
Suspicious use of FindShellTrayWindow
Checks processor information in registry
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Uses Task Scheduler COM API
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-28 09:39
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-28 09:39
Reported
2024-08-28 09:46
Platform
win10v2004-20240802-en
Max time kernel
409s
Max time network
416s
Command Line
Signatures
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\wscript.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\87A6.tmp\eulascr.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\wscript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\87A6.tmp\eulascr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\87A6.tmp\eulascr.exe | N/A |
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | drive.google.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
Browser Information Discovery
Command and Scripting Interpreter: JavaScript
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\notepad.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\windows-malware-master\SpySheriff\Install.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\notepad.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\windows-malware-master.zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\87A6.tmp\eulascr.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\windows-malware-master\MrsMajor 3.0\MrsMajor3.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\system32\wscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\wscript.exe | N/A |
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://github.com/TheDarkMythos/windows-malware"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://github.com/TheDarkMythos/windows-malware
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1996 -parentBuildID 20240401114208 -prefsHandle 1920 -prefMapHandle 1912 -prefsLen 23602 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {636ea9d1-9cd4-4397-9d83-a8df1484c0d2} 2188 "\\.\pipe\gecko-crash-server-pipe.2188" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2420 -parentBuildID 20240401114208 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 24522 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {029e9776-92fe-4144-85b5-94d2588cb343} 2188 "\\.\pipe\gecko-crash-server-pipe.2188" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3228 -childID 1 -isForBrowser -prefsHandle 3232 -prefMapHandle 3400 -prefsLen 22590 -prefMapSize 244628 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9f05a6f-94af-4757-9d92-f3fa5e8c30d5} 2188 "\\.\pipe\gecko-crash-server-pipe.2188" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3672 -childID 2 -isForBrowser -prefsHandle 3664 -prefMapHandle 2956 -prefsLen 29012 -prefMapSize 244628 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8baf124-ea09-4436-88bb-9968e9648611} 2188 "\\.\pipe\gecko-crash-server-pipe.2188" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4656 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4668 -prefMapHandle 4664 -prefsLen 29012 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e07a1537-2a43-4820-bbcf-b2526584e07e} 2188 "\\.\pipe\gecko-crash-server-pipe.2188" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5292 -childID 3 -isForBrowser -prefsHandle 5312 -prefMapHandle 5268 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d0b7828-c002-4e02-ae5b-af54ba487abb} 2188 "\\.\pipe\gecko-crash-server-pipe.2188" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5396 -childID 4 -isForBrowser -prefsHandle 5404 -prefMapHandle 5388 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a925573-d18b-40c8-ac0b-6ac02bf19470} 2188 "\\.\pipe\gecko-crash-server-pipe.2188" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5736 -childID 5 -isForBrowser -prefsHandle 5656 -prefMapHandle 5664 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2bc317c-ad0f-48dd-a52e-fd1ffadccc31} 2188 "\\.\pipe\gecko-crash-server-pipe.2188" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6132 -childID 6 -isForBrowser -prefsHandle 6136 -prefMapHandle 6112 -prefsLen 29159 -prefMapSize 244628 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {28343d21-1020-430c-8ffc-8d6852264c99} 2188 "\\.\pipe\gecko-crash-server-pipe.2188" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6792 -childID 7 -isForBrowser -prefsHandle 3612 -prefMapHandle 3080 -prefsLen 27108 -prefMapSize 244628 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a48f6f3-0935-40b0-8d12-6a07d577a879} 2188 "\\.\pipe\gecko-crash-server-pipe.2188" tab
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\windows-malware-master\MEMZ\Geometry dash auto speedhack.bat" "
C:\Windows\system32\cscript.exe
cscript x.js
C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe"
C:\Users\Admin\Desktop\windows-malware-master\MrsMajor 3.0\MrsMajor3.0.exe
"C:\Users\Admin\Desktop\windows-malware-master\MrsMajor 3.0\MrsMajor3.0.exe"
C:\Windows\system32\wscript.exe
"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\87A6.tmp\87A7.tmp\87A8.vbs //Nologo
C:\Users\Admin\AppData\Local\Temp\87A6.tmp\eulascr.exe
"C:\Users\Admin\AppData\Local\Temp\87A6.tmp\eulascr.exe"
C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /main
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9d0d846f8,0x7ff9d0d84708,0x7ff9d0d84718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,16433196871063836933,8280336076445260780,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,16433196871063836933,8280336076445260780,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,16433196871063836933,8280336076445260780,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16433196871063836933,8280336076445260780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16433196871063836933,8280336076445260780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16433196871063836933,8280336076445260780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16433196871063836933,8280336076445260780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,16433196871063836933,8280336076445260780,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,16433196871063836933,8280336076445260780,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\windows-malware-master\ILOVEYOU\LOVE-LETTER-FOR-YOU.TXT.vbs"
C:\Users\Admin\Desktop\windows-malware-master\SpySheriff\Install.exe
"C:\Users\Admin\Desktop\windows-malware-master\SpySheriff\Install.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16433196871063836933,8280336076445260780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16433196871063836933,8280336076445260780,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16433196871063836933,8280336076445260780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16433196871063836933,8280336076445260780,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:61313 | tcp | |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 255.254.81.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| N/A | 127.0.0.1:61322 | tcp | |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| GB | 20.26.156.216:443 | codeload.github.com | tcp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| US | 8.8.8.8:53 | 216.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.mozilla.org | udp |
| IE | 18.66.173.186:443 | www.mozilla.org | tcp |
| US | 8.8.8.8:53 | www.mozorg.moz.works | udp |
| US | 8.8.8.8:53 | www.mozorg.moz.works | udp |
| US | 8.8.8.8:53 | 186.173.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 228.179.250.142.in-addr.arpa | udp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | 216.72.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| GB | 88.221.134.155:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 172.217.169.14:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 172.217.169.14:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-aigzrnsr.gvt1.com | udp |
| US | 8.8.8.8:53 | 155.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.169.217.172.in-addr.arpa | udp |
| GB | 74.125.175.38:443 | r1---sn-aigzrnsr.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-aigzrnsr.gvt1.com | udp |
| US | 8.8.8.8:53 | r1.sn-aigzrnsr.gvt1.com | udp |
| GB | 74.125.175.38:443 | r1.sn-aigzrnsr.gvt1.com | udp |
| US | 8.8.8.8:53 | 38.175.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 140.82.113.22:443 | glb-db52c2cf8be544.github.com | tcp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 5.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | drive.google.com | udp |
| GB | 142.250.200.14:443 | drive.google.com | tcp |
| US | 8.8.8.8:53 | drive.usercontent.google.com | udp |
| GB | 142.250.178.1:443 | drive.usercontent.google.com | tcp |
| US | 8.8.8.8:53 | 1.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.179.228:80 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | support.google.com | udp |
| US | 8.8.8.8:53 | 228.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| N/A | 224.0.0.251:5353 | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\pending_pings\901c4869-1995-42ae-be2e-9bb6c165c06e
| MD5 | c728c6da2b4d525302741750925a967e |
| SHA1 | ad97656387c7cf5337272dbff7bbcf4e31e39b75 |
| SHA256 | 530e05aaf09a62cdb9cd9a4f5f14aa0a6cd00b4ccfa27ced6d17ea2ff60ea34b |
| SHA512 | bb800e4119e67de53b9fe5472a2c22d1b277735a1fb7761fa266a8c784748321688c7f8df9a5a96e5ec019812e950f3d0c0c1f2119b6086ece5d36bbbc21e5da |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\pending_pings\2ceb333c-c767-421a-a834-7468b06cfcdf
| MD5 | 3c4e7b4cb9a93c579ff423e96d3801f3 |
| SHA1 | 0af47ec2d469b3ee0ae14da707989fe5d777eb09 |
| SHA256 | 5ae315acdd299f4e38b4d5b4fa26bc8bccdaadbb62e4e715377539ced8740334 |
| SHA512 | d91caacb8f5126b7e3304210b81bf0701a7463ee1473d4af3baad469afa5c99e557c08b94af0db5b51559a0c1e4a6b609ab62988be8047fc2d7f0f741a542198 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\pending_pings\9b1e58d0-1894-499b-996d-5ea571cd1e6f
| MD5 | c2b912382b41bcac5c8052773d02ddc4 |
| SHA1 | 48b880b5e288973a62c37019275596c814699195 |
| SHA256 | 1c07a70aaf34f33f508d8a0c4f94d082135f2471b5b91695a0a9bcfd02918f6d |
| SHA512 | 9400847e038b6b1241ee7661b6313b257ae4c962e013b9dcb4489103edcb1d09e6c2f592966d770ff8cdc5b377c4a6c7f8dae56bad99f864d60f71a49fa5380a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 0b755d0cef0796ba0cb6f016f2620388 |
| SHA1 | cbe11f52fe9b4d9feca5c1e264838ef84e47dd0d |
| SHA256 | 7d623a09f51c8fab7d70752a82cae6a497160a4e936f3a83b34d37d937a8d7ed |
| SHA512 | 154b1d86be7be363df7f87ef615d8b7cfc237204d25399a78e655a5726c78e2c87e2a9ddefd21d4fb959d363d9ba4abf7502b466643df4385cff9ee9c0b3b411 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\activity-stream.discovery_stream.json
| MD5 | 7f7425c66b00a058fa2e0f2f3882981e |
| SHA1 | 370db5d115747470ef24eba4783c153c6457b338 |
| SHA256 | f34622140535691018256a81b34fea7a07fe073f056b97e75a062d488dd666fc |
| SHA512 | 328b089190a6a2b770f076067660079698661d11f0f561fb76626f18c3b5260c3af75dbc7b8b4d6d345a3de79a567ea33469831a4245f7dac2a4d404ed080af0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | fe8c20ffea2025758a38ee83a3251f0c |
| SHA1 | 69f0c1259e3742ee74b1fd9c62e0564d5958adda |
| SHA256 | b667844e0da3eb8395e4182188afbc09020c191d71a624b69ef262bc2ed97c2f |
| SHA512 | 24e2eb21b0422378a9eced8f3dc721eebe9f9e8e66ea7e89a3fd653a49f45ff25fef72d6a870da73595fea877a12015bb9cfd9a4425a0cd5c6bc70ec965bac39 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\prefs.js
| MD5 | ad5f865cd819b8731ed5afafcc6d51a4 |
| SHA1 | 378c0eefc5c5824b12d313cce0b27468eb310690 |
| SHA256 | b0737a781d8acb6227da1991092d258a8d16ac97a54b9b18480e0285ebdce339 |
| SHA512 | f74cd57153c60fb3de3971d2b6806740b9bcf609f7711f95380f2d1016c2111b9530dd2d9519fac7df60ee6f89168ecc9868987ee0941aa62cbd1295041f82cf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\prefs.js
| MD5 | 7b51391cac7a35c95bb1fe95d36b4775 |
| SHA1 | e3aac91152db6ae6b28ecbc793c9d3e4c74d9c95 |
| SHA256 | a61678e8ad3513635d602b4cf3bf29e25f85464598ae745dd7c49804e6904070 |
| SHA512 | 559ea562a63eabca05f0c19449c06248a8a8a873bfa03c38bb87a70b60fc3a0a625de05b8c92f42bb81b007dd315f0ed64fe0aabcbd38dc19edb90df8dad528a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\prefs.js
| MD5 | 0d10621b83a1c8aef7d5b5ed3da43bbb |
| SHA1 | 79524dec52e1c54b531a128f0f94a87b07fa26a8 |
| SHA256 | cf3838d4330749f4bb967bf8abb91409290b2ceb764c0060e9283946d328a11c |
| SHA512 | 040448c4006ecc3e6828ee85aa39be025bdf0d0727cfcf9595a2455dd5f24cfae41426c0cda64d760a0e45da66a212517d9621d3b957671fd3f494fb88090e13 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\AlternateServices.bin
| MD5 | fd7fed7b9e2d45a9f9fe93e8c345700c |
| SHA1 | aab5a7fed0ce77340ac991dc0b53a6753ca3d640 |
| SHA256 | 611a70c73a738760ca00d07deb053c55354fc1ff4a8132a512ea2f9a8e9e7db0 |
| SHA512 | 0571f982573288960b495be70ea650f3effa0866e76a87337e0ff9043a3e9c4f460092457f209121ddd51297fbfc3384ce69478a31edf8bba548002b80b13167 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 749103d23e23565ac73d972cc72e5d4b |
| SHA1 | f4675259fb2428fec060e4ba00e8bae69cf736a3 |
| SHA256 | 3c7bed3dcf25f25bc59406fcb85f37ea306e1be401761b499b7db8865ebcaf35 |
| SHA512 | ebf1d7ddb7df7444a6b53a5b75a523b010deca86b60d2965bbe31181f60feaf9369fbcea1b409f026ce6d709a80b07ac8116b03d34174e7021452d8ea714330e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 10a5e93e07683aadfb6fb9f5dfc832b3 |
| SHA1 | b0b38c2424b514d30b8ab3294ff488b9caf79f7d |
| SHA256 | b43c99e7d956a26162ccec65fccf6fb2d60bbd81fa23c210fe1e726d1648ed88 |
| SHA512 | 705821604910291b015e069056a9ce6ce6549cdd6fd7c3d9f156f737975b814d32d60bc9d601a03e0e09663236711576818391efa5c79acc8a52716ba6f82484 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\prefs-1.js
| MD5 | 731e74f1c24ead5ac4f1bfd911876594 |
| SHA1 | 8e43e8a6d958ca9b8f70132a6d525f8eb1b7632e |
| SHA256 | 3ddeeef54e19a2078a1b2f995d4b01513552c9604b23a971f1c5237710197755 |
| SHA512 | 76abb2f28000e75f761309714e1e836845745561da1404e3cf56c04f290c1c048f7a53f669a5b54b0add20700f88ca3e0fc572a18c2ce6f0ab8f0692b3ea8ab2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\AlternateServices.bin
| MD5 | e38b939d60ae8ebc4e0fbaaa835c54eb |
| SHA1 | 0e9ffc29b879817fea60980910335fb8e056d9aa |
| SHA256 | 5b774d5e7eff0d1936b933d4e9f3f8812281c892c77ee9f31b94565b3ab32c8c |
| SHA512 | f7ec750ddb937c53b0d62f3ad775ee71028d31dc99bd9569211d910ae9e2b0f36e1ed12d2d2ee5a67112d6685787e22d88a5c522fe9eb3c8974e9c98d3f2785b |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 5865564e77009f7bb52499ce5b175cae |
| SHA1 | f14ac419802d508d1da9605906d8134197eb3d5e |
| SHA256 | f7a1bc64070f4fc1754d50673dad3ab23ca1561e3383deefce12e7c0aea0fb6b |
| SHA512 | 13fd6c3bbb00b1dedc66a143143f73c4076915581f64f81d2843f0ebae35224c2b0c5e0320d8a98ee4c916d83ff518855b99851e80b5f492261d8695c1634ac2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 095587fe7a2071181ffc511cf883447a |
| SHA1 | da3f34d924ad9892c0318d858e0d45139d668ecf |
| SHA256 | 822b2052688ca6485bd040ea4da3a8b8ccf1f18f756c64f0623670a8618a9acf |
| SHA512 | 9bd3e7f7e9340cad25454bf499cf1f6e7319d0ef963faed3d6f09c6ae819f7210e06af6f2fcc9e57fa38fa508e28a60739deba5ab04120d57e459ec5b123d100 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\cache2\entries\04AF3DF2C0644295C5AA12083A3265F4C82831A0
| MD5 | 6aeda9eac502a9e2a7b272791e48be64 |
| SHA1 | 9c96d44296ae1539877f9cfb8d2f47d0d160c820 |
| SHA256 | ed4bd62c3ddf875938ccca1b70301cb5938c6be6c8a42b05c014bb24c6872435 |
| SHA512 | ca736c322fecb3f874c3f3c4450630f7c932f6fd90025f40a0dc78fa2827bec4faeb011e87f1b469a66686be733970c2b2b1bcc18a4970f9ba72a08adf13cd1d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 40580ea55471cda75bbcd4852ed670c5 |
| SHA1 | e456ed0e84db2442c033e8d9945b577f4dc4099b |
| SHA256 | 5c2d18928dc469713e7c3d8862ce3336dc510ba84a92a27313e1d4d56c9a2462 |
| SHA512 | c66cfd65ae1607cffc3ce90dd13a9d0762fb69fd2c99e8f13beecd72bf333329768f9d32c8839aa6891d0e81fe6df2f49ed102b68e6ed59f3f4d714469e557d0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\sessionstore-backups\recovery.baklz4
| MD5 | ebe6a66d79444551607cb3a499bed1e5 |
| SHA1 | 62b6897ebc79569829ab417cd986065f6ef9172e |
| SHA256 | e702002db9f8dacb61f70b43a7f30e959aa87f3da34e097eec70287736a1e2e8 |
| SHA512 | 14dee0747d09af7ba977228fdbdb6bed3da76fed7f5b701bcd56df0d1b3740516319a50254db1306a2b38c062bf7fb885617325e04375660128b8c3354e492fb |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\sessionstore-backups\recovery.baklz4
| MD5 | a2fe57c867223e65e770a0e56c9fe6db |
| SHA1 | 96734daa658d7e84e7c37d174f6ca3103410ef89 |
| SHA256 | 8d486b0c0203288866c40d6383a47c58fc16b9e183ccfb20e3cb48f29e5fdb5c |
| SHA512 | aafa436b5d45516913e7a39e292f79a60a412cb627387bc7b23eb45a83aa7cf2f58582a3aaab4f7fc29561260dd2b0075b643b0702580c3a16f6fe7abb422a84 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 48007286e668e907b0c18df6b1c2ca99 |
| SHA1 | 100243aa2a18e14fc2b57206cd6f6b571fcc011c |
| SHA256 | 24b70e5fa2518dbd891017db886ab3392c5493ab95f57ffd56584a32c345334d |
| SHA512 | 131ee5249357b507e09472a7eb58094652fe363fa05737a360c20cc1b232cbbb57013e720b4262926b8897cc71b528d6d8ccc238c75bbbcb7cd081b80a461aec |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\H0WQJ3E979V8TTH418VQ.temp
| MD5 | a98ab9185fd95389bec8397fbb8274d2 |
| SHA1 | 4f59dbdda346d7d1c22fd975c7458461b33bf76c |
| SHA256 | 8426b9f2687f2450656e4f8e0e92ac6349e2a9016a062f623a08d015a76b53da |
| SHA512 | d91b6ea4b18d31168c0a2eec2c560c66d53f0a6723c4d820fa63c02fa60d2c05d2d631bb2fec68822fc4696eae247227b6884fc359cdd1b7e2d1b12b1aa80995 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 500ab457a8e35cb07bfa6ef5eb387df4 |
| SHA1 | a1bf6973668b762a53f664888b8af681d5bd86dd |
| SHA256 | 812799769090a9e763c798678638af529ddd7fdf9b233f399b0f3d95eb665c54 |
| SHA512 | fadd8e9830646e49a2ec8d1c4d082258bffd2794adb0be49c1fa867f4aeb699d8d220a37d40e8238bf14a66809690e5732532c910bc3f3fe32159dfec881770a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\cache2\entries\80E40493E66F98650D12C73CDEFE29BBACA89328
| MD5 | ef8cca55b40b9d8a14e8018c50e2f7bf |
| SHA1 | 16847c2a515f874dd265339cca18c5052a916a94 |
| SHA256 | 053fc2d241d3393a72cc08df8ecdda781f4b6f84f59b49a666816e6d9fe23906 |
| SHA512 | b19a51fb3e2c055eb6fb1b51bda130c51c89171011a8dd73c630b7ab3ee553ca0c0fd8990390039e5cd73ee92cc19951f2ea41dc0f92d7bde68d034075182397 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 296cbd6988f5335a84d51dc203a79c6c |
| SHA1 | b973ecd66c456aa18b950ccd38aa8c00471b848a |
| SHA256 | 41ca7a8b5324e4d9d937309f368afa83bb9af99c351d3afc0e0705eb76143960 |
| SHA512 | 5c4e82a9c92120c627326893a4825de7b147c32fa6b17322ebda7536d0766d3839856393c84635ea89eaba796b5e47a3aeb72e9d4167e5dd096cfacb35cfeec1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 9e42eddbbdcd9331365e3d2fa2c8d524 |
| SHA1 | ddfe82d5702ccb9650595c70f6283deed6e5976b |
| SHA256 | 5fae68f16718f11b70612177f6da303aa73f40379eea245cd7256a21bae20fa3 |
| SHA512 | 4eae74ec867a7d630adbd7a8322ea4a59d3ee6e4453aa48ec7b0730c52f699fc62a7487eb013fcdd78257ec7db9e60daf22d84a511e8460beef51305b8ce4e61 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 8988c2a0b6b954067b905ed3bd2ef8d4 |
| SHA1 | 841a32c2bd943fa7fbc8a73cb694202eb3040aab |
| SHA256 | 1d34e989d1420c6bc5ed9cc234188cabdbc27dbbf26bd56d08f8c21735a25197 |
| SHA512 | 09fb6ce0038c7c7b495361f78df8e744862f5b51a69fad793a48cab4a2c12986d131e0fba4cb5a4730a27d4100d0a41909106d108c7ab5e75b352fa308c06c0e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | cdab6a57529d3a18dacb273e82af52c9 |
| SHA1 | 36c9a03039e9ae6c9f82e93ced6ee9899e583d96 |
| SHA256 | a8bf3d527b8f29de9dae5c6af540fe23704e48e35f9738bcab843b8426ead1e8 |
| SHA512 | e8254a9d37f6c2fdaeb6beb810e24c0517f16399c39b16c52645646b865112855282d6f5b14bfdc9f9826b21899ded7e2e9fe03a744b7d61dec4cbf5720a49a8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\pending_pings\fcc65fd8-32f9-4a1b-a4ae-ede72ec36927
| MD5 | 29892f088ebc825e200a6d5a09dd8057 |
| SHA1 | b4470c1bb6c913bf1ca3bc286c7124de81bf4b55 |
| SHA256 | 27fefeea9425c644beb89aaa702624042199c04c8e943cda25bd3569f3377bf6 |
| SHA512 | 4fafe2d4a6f4bda82dcc0ce657d140fbef1fffe5f1f38f765d82576c1585d3d5e63c5d017863be7e203e7ff7166ab92ef84dc0c0361fcf948db247e4bf041b38 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\pending_pings\28820b2f-3a97-4e40-b954-2ac024f4e9e8
| MD5 | 7957f3a1e7d93628c1179088f91301f5 |
| SHA1 | 16dd86f309322fee4011d3c1a3fa94eb997c288a |
| SHA256 | d384b657d283366751471efa49561bcd980e915304752c2b2f93c2823c79cb67 |
| SHA512 | 8fce14118259290c7ee9820693e70ab5c16d606c6741d27fcc8882f2451586dfd559464c0374534b334639a7830cf2d90541a0009e7f6c5c98dbccd3628adebd |
C:\Users\Admin\Desktop\windows-malware-master\MEMZ\x
| MD5 | 1c604b4fef887029e9a3fa342fa908fa |
| SHA1 | 27bd3753c25ea4ea49c7c7b564a1fd641bd0eb23 |
| SHA256 | d6a4b048b5f28963aeac2e56db9ceeb4607c068cbe06c041631b9c878964330e |
| SHA512 | ff804c5b76e5aeb6efbd6a7650d5614e922ab605a45873aaeec0ae898e1a7275dc4ec862cd0bef20998e1b741b2add2846e4cfa9c0fcaaf197c4c50aa934cdf8 |
C:\Users\Admin\Desktop\windows-malware-master\MEMZ\x.js
| MD5 | 8eec8704d2a7bc80b95b7460c06f4854 |
| SHA1 | 1b34585c1fa7ec0bd0505478ac9dbb8b8d19f326 |
| SHA256 | aa01b8864b43e92077a106ed3d4656a511f3ba1910fba40c78a32ee6a621d596 |
| SHA512 | e274b92810e9a30627a65f87448d784967a2fcfbf49858cbe6ccb841f09e0f53fde253ecc1ea0c7de491d8cc56a6cf8c79d1b7c657e72928cfb0479d11035210 |
C:\Users\Admin\Desktop\windows-malware-master\MEMZ\x
| MD5 | 1882f3dd051e401349f1af58d55b0a37 |
| SHA1 | 6b0875f9e3164f3a9f21c1ec36748a7243515b47 |
| SHA256 | 3c8cea1a86f07b018e637a1ea2649d907573f78c7e4025ef7e514362d09ff6c0 |
| SHA512 | fec96d873997b5c6c82a94f8796c88fc2dd38739277c517b8129277dcbda02576851f1e27bdb2fbb7255281077d5b9ba867f6dfe66bedfc859c59fdd3bbffacf |
C:\Users\Admin\Desktop\windows-malware-master\MEMZ\z.zip
| MD5 | 63ee4412b95d7ad64c54b4ba673470a7 |
| SHA1 | 1cf423c6c2c6299e68e1927305a3057af9b3ce06 |
| SHA256 | 44c1857b1c4894b3dfbaccbe04905652e634283dcf6b06c25a74b17021e2a268 |
| SHA512 | 7ff153826bd5fed0a410f6d15a54787b79eba927d5b573c8a7f23f4ecef7bb223d79fd29fe8c2754fbf5b4c77ab7c41598f2989b6f4c7b2aa2f579ef4af06ee7 |
C:\Users\Admin\AppData\Roaming\MEMZ.exe
| MD5 | 19dbec50735b5f2a72d4199c4e184960 |
| SHA1 | 6fed7732f7cb6f59743795b2ab154a3676f4c822 |
| SHA256 | a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d |
| SHA512 | aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d |
C:\Users\Admin\AppData\Local\Temp\87A6.tmp\87A7.tmp\87A8.vbs
| MD5 | 3b8696ecbb737aad2a763c4eaf62c247 |
| SHA1 | 4a2d7a2d61d3f4c414b4e5d2933cd404b8f126e5 |
| SHA256 | ce95f7eea8b303bc23cfd6e41748ad4e7b5e0f0f1d3bdf390eadb1e354915569 |
| SHA512 | 713d9697b892b9dd892537e8a01eab8d0265ebf64867c8beecf7a744321257c2a5c11d4de18fcb486bb69f199422ce3cab8b6afdbe880481c47b06ba8f335beb |
C:\Users\Admin\AppData\Local\Temp\87A6.tmp\eulascr.exe
| MD5 | 8b1c352450e480d9320fce5e6f2c8713 |
| SHA1 | d6bd88bf33de7c5d4e68b233c37cc1540c97bd3a |
| SHA256 | 2c343174231b55e463ca044d19d47bd5842793c15954583eb340bfd95628516e |
| SHA512 | 2d8e43b1021da08ed1bf5aff110159e6bc10478102c024371302ccfce595e77fd76794658617b5b52f9a50190db250c1ba486d247d9cd69e4732a768edbb4cbc |
memory/3552-1234-0x0000000000300000-0x000000000032A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\5a530dfd-bc51-4992-a05d-f09d41a331d4\AgileDotNetRT64.dll
| MD5 | 42b2c266e49a3acd346b91e3b0e638c0 |
| SHA1 | 2bc52134f03fcc51cb4e0f6c7cf70646b4df7dd1 |
| SHA256 | adeed015f06efa363d504a18acb671b1db4b20b23664a55c9bc28aef3283ca29 |
| SHA512 | 770822fd681a1d98afe03f6fbe5f116321b54c8e2989fb07491811fd29fca5b666f1adf4c6900823af1271e342cacc9293e9db307c4eef852d1a253b00347a81 |
memory/3552-1241-0x00007FF9D08B0000-0x00007FF9D09FE000-memory.dmp
memory/3552-1242-0x000000001CF10000-0x000000001D0D2000-memory.dmp
memory/3552-1243-0x000000001D610000-0x000000001DB38000-memory.dmp
C:\note.txt
| MD5 | afa6955439b8d516721231029fb9ca1b |
| SHA1 | 087a043cc123c0c0df2ffadcf8e71e3ac86bbae9 |
| SHA256 | 8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270 |
| SHA512 | 5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf |
C:\Users\Admin\AppData\Local\Temp\87A6.tmp\winfool.exe
| MD5 | 0ec335d4024b8bce257fe324b2897212 |
| SHA1 | 2065f4c48dbf38685cfb5696cd3d631c89144ec0 |
| SHA256 | 1d979a5e213a301d157e4b93efe520552c7112d87549e0f02f79c080d38b4189 |
| SHA512 | ad9f16fb795c9d5d004639ba9c5c0d0f264232d596d1101b1182e8ef9408b05447bac27968f9bc0ebc57f9a765f45ba51bb06a0945b6b93483eef1919c7efd57 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 719923124ee00fb57378e0ebcbe894f7 |
| SHA1 | cc356a7d27b8b27dc33f21bd4990f286ee13a9f9 |
| SHA256 | aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808 |
| SHA512 | a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc |
\??\pipe\LOCAL\crashpad_4020_MKHEMATJOETMIVWA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d7114a6cd851f9bf56cf771c37d664a2 |
| SHA1 | 769c5d04fd83e583f15ab1ef659de8f883ecab8a |
| SHA256 | d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e |
| SHA512 | 33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b728e017c1df69a262a4ddc78e037697 |
| SHA1 | d3456c91b162b838fc6295af63b93bcf1d485997 |
| SHA256 | 9b40094219860781518f0a023314efa25ed7e7fbcc3c203c183184c36b6b2a59 |
| SHA512 | 932be42a3f884d1d3e9ec517d9674c62177ab582ccf4c56ec22f7c477f4385933003be24c8dbb15b5b875538404bb8765b2b7c42a36831ec307cea8a8f151eb5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9fd436ddf6f7ffdc89d9b1477cb7e031 |
| SHA1 | bd37792f42512179a885c40d1bcedbd0f6330568 |
| SHA256 | cb589c6a62d0dec617bfc01d316af5c28d4b9ce19ba9b84ad8801be75b5eb790 |
| SHA512 | 348981bd3e91ff28c4e771a9960d56fdd9331d51ae2af682fdafea07f632224c2b10304f653c7dd4a48bb42aa9db71132cab0bb349b14acd76cb331962baafd1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 649b8dac1ebfceeb17a0f2016e43e300 |
| SHA1 | 4725ccbf22b352c2a6b1001bf6eca426282f9882 |
| SHA256 | 8d204fc15dfd9999606694e40d5e31eade37646ef8c1113d5c2210195264904d |
| SHA512 | af1e663c577aec1d060fd2ef477f77af0dad96355b4316a2c201adffb1a56e0fdcde7826d1e07c330461c0a67dc27212e05c5ecff13a680ffef21770bb1ba2fa |
memory/5212-1335-0x0000000000400000-0x000000000040E000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 004672e2ec1c05cdfe76955a436487a4 |
| SHA1 | e45d60502635f4da2d4b639799f4c9c9b2745046 |
| SHA256 | 295976749f8a9811c4cf4a678d9375d7824836066fab537fbc780b6fd5c78756 |
| SHA512 | bec6a31c7a159e51b3e2cab77fbe403463915f9b5000a53b1acf181553b0e11864f554191dec490b8547540e0d3661a5d77b9b2cd73e71605c081a134ffe3644 |