Analysis Overview
SHA256
fd7af6283feed5a93d769d404bfc3a6f1f8361823cbb51d12a9ee9a5640ae654
Threat Level: Likely malicious
The file M_Centers_8th_Edition_8.0.1.3_x64.zip was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Possible privilege escalation attempt
Modifies file permissions
Legitimate hosting services abused for malware hosting/C2
Drops file in System32 directory
Unsigned PE
Browser Information Discovery
Checks SCSI registry key(s)
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies registry class
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
NTFS ADS
Uses Task Scheduler COM API
Enumerates system info in registry
Checks processor information in registry
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-06 09:50
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-06 09:50
Reported
2024-10-06 09:58
Platform
win10v2004-20240802-en
Max time kernel
452s
Max time network
461s
Command Line
Signatures
Downloads MZ/PE file
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\Windows.ApplicationModel.Store.dll | C:\Users\Admin\Downloads\M_Centers_8th_Edition_8.0.1.3_x64\M Centers.exe | N/A |
| File opened for modification | C:\Windows\System32\Windows.ApplicationModel.Store.dll | C:\Users\Admin\Downloads\M_Centers_8th_Edition_8.0.1.3_x64\M Centers.exe | N/A |
| File created | C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll | C:\Users\Admin\Downloads\M_Centers_8th_Edition_8.0.1.3_x64\M Centers.exe | N/A |
Browser Information Discovery
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\M_Centers_8th_Edition_8.0.1.3_x64.zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\M_Centers_8th_Edition_8.0.1.3_x86.zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\M_Centers_8th_Edition_8.0.1.3_x64.zip
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1944 -parentBuildID 20240401114208 -prefsHandle 1872 -prefMapHandle 1864 -prefsLen 23602 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e9366d38-19f6-43ab-ba7e-b7c886c43f0e} 5036 "\\.\pipe\gecko-crash-server-pipe.5036" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2384 -prefsLen 23638 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb507814-f716-4e3b-b51d-05bb77d5e185} 5036 "\\.\pipe\gecko-crash-server-pipe.5036" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3044 -childID 1 -isForBrowser -prefsHandle 2996 -prefMapHandle 3004 -prefsLen 23779 -prefMapSize 244628 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9da81b0-159f-4463-b645-abaa5a526ee4} 5036 "\\.\pipe\gecko-crash-server-pipe.5036" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4160 -childID 2 -isForBrowser -prefsHandle 4152 -prefMapHandle 1228 -prefsLen 29012 -prefMapSize 244628 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c30c6478-866a-481d-ac39-5287c29be07e} 5036 "\\.\pipe\gecko-crash-server-pipe.5036" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4776 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 3628 -prefMapHandle 4828 -prefsLen 29012 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b68647dc-d66c-4a38-8ed0-ca2ec8b92c3e} 5036 "\\.\pipe\gecko-crash-server-pipe.5036" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5168 -childID 3 -isForBrowser -prefsHandle 5160 -prefMapHandle 5132 -prefsLen 26882 -prefMapSize 244628 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7269606b-66bf-47fd-a193-c9b0d9b6d688} 5036 "\\.\pipe\gecko-crash-server-pipe.5036" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5304 -childID 4 -isForBrowser -prefsHandle 5384 -prefMapHandle 5380 -prefsLen 26882 -prefMapSize 244628 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {42672dbb-0183-4a65-a71c-7249131c765c} 5036 "\\.\pipe\gecko-crash-server-pipe.5036" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5400 -childID 5 -isForBrowser -prefsHandle 5536 -prefMapHandle 5540 -prefsLen 26882 -prefMapSize 244628 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {60a7beb5-c908-4f5d-99d1-cc709a64acb9} 5036 "\\.\pipe\gecko-crash-server-pipe.5036" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6032 -childID 6 -isForBrowser -prefsHandle 6024 -prefMapHandle 6020 -prefsLen 27855 -prefMapSize 244628 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {481f3e75-3639-4cbf-b052-d1c14cb7a105} 5036 "\\.\pipe\gecko-crash-server-pipe.5036" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6208 -childID 7 -isForBrowser -prefsHandle 6200 -prefMapHandle 6188 -prefsLen 27855 -prefMapSize 244628 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {473039c2-6209-4644-a35e-f30a6784d87a} 5036 "\\.\pipe\gecko-crash-server-pipe.5036" tab
C:\Users\Admin\Downloads\M_Centers_8th_Edition_8.0.1.3_x64\M Centers.exe
"C:\Users\Admin\Downloads\M_Centers_8th_Edition_8.0.1.3_x64\M Centers.exe"
C:\Windows\SYSTEM32\takeown.exe
"takeown.exe" /f C:\Windows\System32\Windows.ApplicationModel.Store.dll /A
C:\Windows\SYSTEM32\icacls.exe
"icacls.exe" C:\Windows\System32\Windows.ApplicationModel.Store.dll /grant *S-1-5-32-544:F
C:\Windows\SYSTEM32\takeown.exe
"takeown.exe" /f C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll /A
C:\Windows\SYSTEM32\icacls.exe
"icacls.exe" C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll /grant *S-1-5-32-544:F
C:\Windows\SYSTEM32\takeown.exe
"takeown.exe" /f C:\Windows\System32\Windows.ApplicationModel.Store.dll /A
C:\Windows\SYSTEM32\icacls.exe
"icacls.exe" C:\Windows\System32\Windows.ApplicationModel.Store.dll /grant *S-1-5-32-544:F
C:\Windows\SYSTEM32\takeown.exe
"takeown.exe" /f C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll /A
C:\Windows\SYSTEM32\icacls.exe
"icacls.exe" C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll /grant *S-1-5-32-544:F
C:\Windows\SYSTEM32\takeown.exe
"takeown.exe" /f C:\Windows\System32\Windows.ApplicationModel.Store.dll /A
C:\Windows\SYSTEM32\icacls.exe
"icacls.exe" C:\Windows\System32\Windows.ApplicationModel.Store.dll /grant *S-1-5-32-544:F
C:\Windows\SYSTEM32\takeown.exe
"takeown.exe" /f C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll /A
C:\Windows\SYSTEM32\icacls.exe
"icacls.exe" C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll /grant *S-1-5-32-544:F
C:\Windows\System32\DataExchangeHost.exe
C:\Windows\System32\DataExchangeHost.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffea1d946f8,0x7ffea1d94708,0x7ffea1d94718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,1759019311713560251,11241309853069522607,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2020 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,1759019311713560251,11241309853069522607,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,1759019311713560251,11241309853069522607,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,1759019311713560251,11241309853069522607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,1759019311713560251,11241309853069522607,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,1759019311713560251,11241309853069522607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,1759019311713560251,11241309853069522607,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,1759019311713560251,11241309853069522607,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4196 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,1759019311713560251,11241309853069522607,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4196 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,1759019311713560251,11241309853069522607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,1759019311713560251,11241309853069522607,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,1759019311713560251,11241309853069522607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,1759019311713560251,11241309853069522607,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3172 /prefetch:2
C:\Windows\SYSTEM32\takeown.exe
"takeown.exe" /f C:\Windows\System32\Windows.ApplicationModel.Store.dll /A
C:\Windows\SYSTEM32\icacls.exe
"icacls.exe" C:\Windows\System32\Windows.ApplicationModel.Store.dll /grant *S-1-5-32-544:F
C:\Windows\SYSTEM32\takeown.exe
"takeown.exe" /f C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll /A
C:\Windows\SYSTEM32\icacls.exe
"icacls.exe" C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll /grant *S-1-5-32-544:F
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:53872 | tcp | |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| N/A | 127.0.0.1:53880 | tcp | |
| US | 8.8.8.8:53 | 43.88.12.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | 101.132.235.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.mozilla.org | udp |
| GB | 13.224.77.115:443 | www.mozilla.org | tcp |
| US | 8.8.8.8:53 | www.mozorg.moz.works | udp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | www.mozorg.moz.works | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | 115.77.224.13.in-addr.arpa | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.72.190.35.in-addr.arpa | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| DE | 23.55.161.185:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| DE | 23.55.161.185:80 | a19.dscg10.akamai.net | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.178.14:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.178.14:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r4---sn-aigl6ner.gvt1.com | udp |
| GB | 173.194.183.137:443 | r4---sn-aigl6ner.gvt1.com | tcp |
| US | 8.8.8.8:53 | r4.sn-aigl6ner.gvt1.com | udp |
| GB | 173.194.183.137:443 | r4.sn-aigl6ner.gvt1.com | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | 185.161.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.183.194.173.in-addr.arpa | udp |
| GB | 173.194.183.137:443 | r4.sn-aigl6ner.gvt1.com | udp |
| US | 8.8.8.8:53 | r4.sn-aigl6ner.gvt1.com | udp |
| US | 8.8.8.8:53 | qwant.com | udp |
| FR | 141.94.211.182:80 | qwant.com | tcp |
| US | 8.8.8.8:53 | qwant.com | udp |
| US | 8.8.8.8:53 | 182.211.94.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.qwant.com | udp |
| US | 8.8.8.8:53 | qwant.com | udp |
| US | 8.8.8.8:53 | www.qwant.com | udp |
| FR | 54.38.0.163:443 | www.qwant.com | tcp |
| US | 8.8.8.8:53 | www.qwant.com | udp |
| US | 8.8.8.8:53 | www.qwant.com | udp |
| US | 8.8.8.8:53 | mn.qwant.com | udp |
| US | 8.8.8.8:53 | api.qwant.com | udp |
| FR | 141.95.150.143:443 | api.qwant.com | tcp |
| US | 8.8.8.8:53 | mn.qwant.com | udp |
| FR | 141.94.211.182:443 | mn.qwant.com | tcp |
| US | 8.8.8.8:53 | api.qwant.com | udp |
| US | 8.8.8.8:53 | mn.qwant.com | udp |
| US | 8.8.8.8:53 | api.qwant.com | udp |
| US | 8.8.8.8:53 | 163.0.38.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.150.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | k.qwant.com | udp |
| FR | 54.38.0.163:443 | k.qwant.com | tcp |
| US | 8.8.8.8:53 | k.qwant.com | udp |
| US | 8.8.8.8:53 | k.qwant.com | udp |
| US | 8.8.8.8:53 | f.qwant.com | udp |
| FR | 141.94.211.182:443 | f.qwant.com | tcp |
| FR | 141.94.211.182:443 | f.qwant.com | tcp |
| FR | 141.94.211.182:443 | f.qwant.com | tcp |
| FR | 141.94.211.182:443 | f.qwant.com | tcp |
| FR | 141.94.211.182:443 | f.qwant.com | tcp |
| FR | 141.94.211.182:443 | f.qwant.com | tcp |
| US | 8.8.8.8:53 | f.qwant.com | udp |
| US | 8.8.8.8:53 | f.qwant.com | udp |
| US | 8.8.8.8:53 | apm.qwant.com | udp |
| FR | 141.95.150.143:443 | apm.qwant.com | tcp |
| FR | 141.95.150.143:443 | apm.qwant.com | tcp |
| US | 8.8.8.8:53 | apm.qwant.com | udp |
| US | 8.8.8.8:53 | apm.qwant.com | udp |
| US | 8.8.8.8:53 | s.qwant.com | udp |
| US | 8.8.8.8:53 | s1.qwant.com | udp |
| US | 8.8.8.8:53 | s2.qwant.com | udp |
| FR | 54.38.0.163:443 | s2.qwant.com | tcp |
| FR | 54.38.0.163:443 | s2.qwant.com | tcp |
| FR | 54.38.0.163:443 | s2.qwant.com | tcp |
| FR | 54.38.0.163:443 | s2.qwant.com | tcp |
| FR | 54.38.0.163:443 | s2.qwant.com | tcp |
| FR | 54.38.0.163:443 | s2.qwant.com | tcp |
| US | 8.8.8.8:53 | s.qwant.com | udp |
| FR | 141.94.211.182:443 | s.qwant.com | tcp |
| FR | 141.94.211.182:443 | s.qwant.com | tcp |
| FR | 141.94.211.182:443 | s.qwant.com | tcp |
| FR | 141.94.211.182:443 | s.qwant.com | tcp |
| FR | 141.94.211.182:443 | s.qwant.com | tcp |
| FR | 141.94.211.182:443 | s.qwant.com | tcp |
| US | 8.8.8.8:53 | s1.qwant.com | udp |
| FR | 141.94.211.182:443 | s1.qwant.com | tcp |
| FR | 141.94.211.182:443 | s1.qwant.com | tcp |
| FR | 141.94.211.182:443 | s1.qwant.com | tcp |
| FR | 141.94.211.182:443 | s1.qwant.com | tcp |
| FR | 141.94.211.182:443 | s1.qwant.com | tcp |
| FR | 141.94.211.182:443 | s1.qwant.com | tcp |
| US | 8.8.8.8:53 | s2.qwant.com | udp |
| US | 8.8.8.8:53 | s.qwant.com | udp |
| US | 8.8.8.8:53 | s1.qwant.com | udp |
| US | 8.8.8.8:53 | s2.qwant.com | udp |
| FR | 141.94.211.182:443 | s2.qwant.com | tcp |
| FR | 141.94.211.182:443 | s2.qwant.com | tcp |
| FR | 141.94.211.182:443 | s2.qwant.com | tcp |
| FR | 141.94.211.182:443 | s2.qwant.com | tcp |
| FR | 141.94.211.182:443 | s2.qwant.com | tcp |
| FR | 141.94.211.182:443 | s2.qwant.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.110.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.110.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 21.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 185.199.110.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.110.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 200.79.70.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 154.109.199.185.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\pending_pings\b89264a9-6402-4490-8821-dbe43c0f906f
| MD5 | 8fca52f6623841ee246f6994cdcd87e2 |
| SHA1 | 501b67cd29a16d4c1eb37644ba6ce52f31fbfc64 |
| SHA256 | f9173c43f9a48891527aff0e8d3ce5f77ac38d7433a32ae7296430709d5dee72 |
| SHA512 | 7b6361c5eb8d6445111bc5a62146c61ba2d8ad9ffe8c33e75ecb1ccf52ca1a8be152e4b9655e1e93180cca74bbc7e78483862f40b546b7ac483bdaa42cc2769a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\pending_pings\bea4c234-08f7-4312-96d4-e1c033e24268
| MD5 | f8ecf46928dc8f26ee5e99e58ea3a1b7 |
| SHA1 | e24d4ad1a8946dee8c65da6469b537f12b08d34a |
| SHA256 | ea87190ee399822ec9f44cb24d67b856c74edaffe185bcf19458fb0655ef27cb |
| SHA512 | a84847c262d75b5d1e0d45ba49f639509998a6032e03646f27e8d4db78a3d21c88c7ba276f8e4e7166a83fe1a2ae6ace60c4f26ba7639c7bc7670a3e2dbb16a8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\pending_pings\2db8fd0b-8a0c-4e7b-82aa-7aa5e0240add
| MD5 | 4ec7f70bbce3e1b508cd07f0bbac0c9a |
| SHA1 | f86f56582d40f6055891a31a34c5758165b7df5e |
| SHA256 | ab1460f941013e2d1576642e94f922b0e0e453db59caaab906facb070eb270d3 |
| SHA512 | 076228d12fee1e61b05a2c1656c49373e065cb04d9c9218d2a43db25751bf68b74f55d2384aba6b9a688597d3df5a6434bb15537d11942142c9592eabcd1de16 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 119e3d97a71a75710093d1f7c454bb44 |
| SHA1 | 2d4636daab207b3c2c93b5ec16000563e68367af |
| SHA256 | bbfc85c24e1372afc9f7fb37536b9181370790c8a3cb3a44c36f6153e95b136f |
| SHA512 | 9cbc0c82e5924d0dfcdcda0a53152384a62102abd8dd267b53fd325af3a23302060b39f7a37a72b7e420e49d0c1bc517eeac24c2db0e55afd93631df5fc56f44 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\prefs.js
| MD5 | 7b0da8a001df899c45e9b55aef1db269 |
| SHA1 | 22026d6dcbc18d91245e4d1005e10262a54b3249 |
| SHA256 | 90af799da7afe122bb55148d682829473726bd1db99928e80f7c193052cbdc5b |
| SHA512 | ad5e7f5d887559108de6a32f9fdd3ca564458956d3321effe31968f74980bdf92cff10cecbba7e4cd8f8062f27078a781a1b0aa98e2c98abd06e851948cc0ed1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\prefs-1.js
| MD5 | dd2effbeaba6120fc23ec5e90bb707ef |
| SHA1 | c729319a872a7a8eca8d23d784e7701a5e1eac8b |
| SHA256 | 171741877e074679191cd5b0ed763d6af618e7d639bff61933b47deda2eac031 |
| SHA512 | 6235e3d56b9fb5f2cfcd6ca16d279e93994c18e4f0a42237e711af89f827271f4286a89a914f839f6e8d4deb7527874d70c347763cd1385395042adb15744b5c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\prefs-1.js
| MD5 | 6b842b43797a2bc8d82ea3f669ce9b0a |
| SHA1 | af37503a4dc4ab2f285dcc8c37c8583f796eb286 |
| SHA256 | 15cc34f3fd59742593627e06e4e5ad02116951347e025bcd8c3175a343519401 |
| SHA512 | 97eb389370325e489621d6d4739d7fe27a9ec79f26a63820455def4f444613fdbc5d6e6b7ab270f33a332b85e0a7e3367f7c9b35be10947efc2a84437424d94c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\prefs-1.js
| MD5 | 7955b92722d94c7a2ff00b1801bd5a73 |
| SHA1 | 915e2daa770190703d393b027c9ad51e97c11832 |
| SHA256 | 914eb3bf4ac422634f8498eb78ba904d1d1c86d395af9ecb795a7bf0f6ef80ad |
| SHA512 | aa0b67a8815bebf8959249ee4bd36ce5fb2afe164f5a57c9328214e9b26ebbeeb9d19b0243d6221f0e23c1dda7720276eaee06601c4f79f01a57af7e90e6cd54 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\AlternateServices.bin
| MD5 | 914e6bbb043c290bce0b5e194c1f37c3 |
| SHA1 | b55b169f346cf03d1d3c9098292c1cde43dd58a1 |
| SHA256 | 3f1d34063d050e066a70e68b30371826382487c6eb5488fede0579c44832b0d1 |
| SHA512 | cc16cca1ac28e37c3877fd95457d7a2dcfecd5f3dc16dabf7c6895b9e57d9c6b81a6e98a919748a4f6c98c87906794e312fe368763780f2cbde03c263d8719e6 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 8d3c6d1f96d00b10062dd81143727d8b |
| SHA1 | bfcc73a14d1681dc2d39ddfa5ad932ca97ff549e |
| SHA256 | acac813ebfb8fe17c968391eab0dda3db75bd085b53ece09c227513c5a011418 |
| SHA512 | 3e8e4f628f32bfeddcdeecb5717e56ed903a8db052aa027c408d50a9a495cd0f84d4e1b1732abc4b4e823e8ba6d0d42719cece6ea35c79ddd59238aa96d4054e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\sessionstore-backups\recovery.baklz4
| MD5 | aebe58f47da94b0082f5f703c64a2b06 |
| SHA1 | 84908ed58d9898899d3f3a30bc0752b14e0208be |
| SHA256 | 34de3a1a05408e0d43317fd926589ea3c6c43499e7316205752c9303446244d7 |
| SHA512 | 630fe846a9a0518926e5c268b73df35fe24c27fccb7026d65fc48070f23a257cffcf740d485ff92ea07af29a9dc8e8ca47be7960a558e88048449dfa1b1aefda |
C:\Users\Admin\Downloads\M_Centers_8th_Edition_8.WTI70hvl.0.1.3_x64.zip.part
| MD5 | 45e79c6885617d804b3cd32374b73c35 |
| SHA1 | 4fdbff28617c4a42df7584767bb55970cc071411 |
| SHA256 | fd7af6283feed5a93d769d404bfc3a6f1f8361823cbb51d12a9ee9a5640ae654 |
| SHA512 | 36ab5eb3f2feade7bc8245c9e02ab2885d89d1016667b296f1fb7c0b55ba8448a82a42a6ebe7bb19154e9f27008f1b1fb48d9571572f218714400c582489a772 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\prefs-1.js
| MD5 | 7ad9d89c9d8a956d899ec3e0a3c24775 |
| SHA1 | 0063f01a7ee0a7b20fd54c9c59432c847594a046 |
| SHA256 | 3581d2d5bbab957bc816be79411452274033b1efe038af1b470cb6fbbeb5563e |
| SHA512 | a556cf44330e8a37b0cfde683bdbff666537a325ead51d6d3d9b1e1c85554d6ffcbb46f649428f50d994470c6d24acbad5be4ce7b86a5d9fed07133b2683b929 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\sessionstore-backups\recovery.baklz4
| MD5 | db28da13d8a35239276583a27a308a30 |
| SHA1 | ed8bb7962bfcd633f30ec40786cef4700c55e2f3 |
| SHA256 | ff3f3074ea76bd7c17b139b730749fee7284c38b337175aedaa14f2a05d9c5b6 |
| SHA512 | 11824895aa92f54d2c1753262056c81360d66c0f57283fdca20b8965cbf42e3e527f78f3646fea9390ca4333d30fffe6a12a480cba7aa5e4d0918fa1994b15dc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 9990cba22623e8c16b8bbcb429148dae |
| SHA1 | 4e3dc70bbff799d53912b1752064105c9a88176f |
| SHA256 | cf4a4bac97bdbdd58d90bf5909e4c6a6ee6a34d538e44be4dbff103efd3ef954 |
| SHA512 | d7658d3ca61ae469fb863fdbcbf290f459f469ce2a5f19cf80d266f3d57b31647e6592838f87e59013e87097ae93673e1f63abd9f7a811b249624456f5d5a988 |
memory/5024-849-0x00007FFEA58C3000-0x00007FFEA58C5000-memory.dmp
memory/5024-850-0x000002A49C560000-0x000002A49C704000-memory.dmp
memory/5024-851-0x000002A4B6C70000-0x000002A4B6CAE000-memory.dmp
memory/5024-852-0x00007FFEA58C0000-0x00007FFEA6381000-memory.dmp
memory/5024-853-0x000002A4B7780000-0x000002A4B80F4000-memory.dmp
memory/5024-854-0x000002A4B6E60000-0x000002A4B6EB4000-memory.dmp
memory/5024-855-0x000002A4B7080000-0x000002A4B713A000-memory.dmp
memory/5024-856-0x000002A4BA6A0000-0x000002A4BA6A8000-memory.dmp
memory/5024-857-0x000002A4BA740000-0x000002A4BA778000-memory.dmp
memory/5024-858-0x000002A4BA710000-0x000002A4BA71E000-memory.dmp
memory/5024-859-0x00007FFEA58C3000-0x00007FFEA58C5000-memory.dmp
memory/5024-863-0x00007FFEA58C0000-0x00007FFEA6381000-memory.dmp
C:\ProgramData\MCenters\Methods\Dll\19041.906\x64\Windows.ApplicationModel.Store.dll
| MD5 | 3e9f96520731308adbf87172614ced92 |
| SHA1 | 31ee1629f8431fc1101bfcb8167abbd3e4fb98f3 |
| SHA256 | 5fc5b78a3d9d6e80748004e43bf11a2be14b355290180475a5b4fad9259dc8d2 |
| SHA512 | 850baa06de00533592ba34bbe4e2749d2475b8998b75c8a5d583b7f0363d9f612bc761b9476dfb39c7502a5d054e2ecf829169e379d21ff29566b20c66cf67ec |
C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
| MD5 | 55360b68d64d4083ed457711c40b4601 |
| SHA1 | 2555c516ccc1dcc1defec8a1e290eca537cbc2bc |
| SHA256 | ba6267883f24d964e83f96ed65a2e8079b1d7558ffc5f196f0f60f497b9ccb98 |
| SHA512 | 0fdf8b527894e9e8c0d56e794ca5e2040cba237097d6a1f9b6d3a3006e4a82b93ecf76bae6352b6d73074bf3ad86eda3e1e54478157557ed96d614b574a08525 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 2dc1a9f2f3f8c3cfe51bb29b078166c5 |
| SHA1 | eaf3c3dad3c8dc6f18dc3e055b415da78b704402 |
| SHA256 | dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa |
| SHA512 | 682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25 |
\??\pipe\LOCAL\crashpad_4792_NFXHPBSNHFGKMGSP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e4f80e7950cbd3bb11257d2000cb885e |
| SHA1 | 10ac643904d539042d8f7aa4a312b13ec2106035 |
| SHA256 | 1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124 |
| SHA512 | 2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 07751a1315cf32c50a88d07802d576f0 |
| SHA1 | 339228428cba0644ccedd4777c8996f6a85601a6 |
| SHA256 | d2a99d3a532eeb5657f217ca0b8511267612c12522a1ec41b7244a4e8cb226f5 |
| SHA512 | d029abdd09a2d8a3504148604a25a9e6db637e9fa2794aefc0faa46a92201d67c2c572c7e7bd1f814dc41dff4314c5569d92e41b1571eb62ea98b470e8484649 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3e3a8e15b2cdeaf27201ac87b51d83c8 |
| SHA1 | 1ae7414508ed0accdd6294205006a1474a763120 |
| SHA256 | d3696cbd3dbfb63b31c9ccb984bbc482bd611c2ab07c2fe7015484cc6662c4d3 |
| SHA512 | f7305820f9f4b048323306bb96e7ddc155fd0ae7c7721a00f383982df9afebd9be3951f7414e6b869cb3263a052f7e26f415ee8d3455966e5a3fcd77ae1b8395 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8dc92563db02a96f26b4072ee5fda3a7 |
| SHA1 | a696fcb5ec8558f332fe4fc5e77c4d7f0c708154 |
| SHA256 | 5ae2bbdd4f1ea7eeee9f0f5bba13629f0fc80bcf7f15c38ab8617e7932f42562 |
| SHA512 | 336514912a76c02ba461334f26064c8fd5ddbb0815fa5ed0f8d9245bc47b91b14b579da6c08d926858ece3df695bcd257b7bff149d392d4f7be7b459478f6c30 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | bf1b3319a26f86f1646b80334a2f5b43 |
| SHA1 | 5212801daa251ec39f869eac28fe73880f188be0 |
| SHA256 | 1a2adb9ff27cac6bdc58fd13ed932ca19db46cf0761e67f0d135f7fe1dfc7427 |
| SHA512 | fa17b5b700b31557788f763bdd5e164f46f200a7aef61b3d7ca8ea575771fbc4eaeca567b423a64b3cc325dd8194c41570672a135867990990d749f5bae59482 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\DKAG3VK4EZ3WG4OQ4345.temp
| MD5 | 01be92ece581f6fb49b0b0614e0bb3fa |
| SHA1 | 3bedeaa10a3bea3c25024a708cc75127b3bdb3fd |
| SHA256 | 8cace2d0a0e9e389422227f560fc9e3483d8814a024a2624a0f2b971f06126ee |
| SHA512 | f124092872b4e9112a1da13560991e5b5997137fc9db2ca14d350d75326b7af4919a693963ea6a330412578a6c7d3b83b04e9405225ab3cbf8568201fbb4d148 |
memory/4848-1022-0x0000024DDB500000-0x0000024DDB501000-memory.dmp
memory/4848-1021-0x0000024DDB500000-0x0000024DDB501000-memory.dmp
memory/4848-1020-0x0000024DDB500000-0x0000024DDB501000-memory.dmp
memory/4848-1032-0x0000024DDB500000-0x0000024DDB501000-memory.dmp
memory/4848-1031-0x0000024DDB500000-0x0000024DDB501000-memory.dmp
memory/4848-1030-0x0000024DDB500000-0x0000024DDB501000-memory.dmp
memory/4848-1029-0x0000024DDB500000-0x0000024DDB501000-memory.dmp
memory/4848-1028-0x0000024DDB500000-0x0000024DDB501000-memory.dmp
memory/4848-1027-0x0000024DDB500000-0x0000024DDB501000-memory.dmp
memory/4848-1026-0x0000024DDB500000-0x0000024DDB501000-memory.dmp
memory/5024-1038-0x000002A4BE870000-0x000002A4BE905000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F
| MD5 | cc371575e1560f5a254c4fde65ed1651 |
| SHA1 | ae4cc435cab7089599ffeee5e23e862c295de4ae |
| SHA256 | f600d227ecbfc6623b31edbd02c6f71c0646ddf8bdd9b4aefeeeda334957a420 |
| SHA512 | adfdb5bf4493aa3f56a32e85456398fb048b56c24bc49dab05f3a4cf6e61c75874ccd3fc742ab1c7a1324973b4096d92a01133007ce5d7df6ffe0d4b885cf08d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\prefs-1.js
| MD5 | fdc9d545d4e51d2a14288a986c635de6 |
| SHA1 | 5f5768b7de336fbe6a01df53051cbfc8c942d0af |
| SHA256 | dad1b74a5cc4a3c53dc5da2dd3e63418b7712faa1948b84b10cfdd39ae00ea63 |
| SHA512 | e0f32589f004d1cc8e1f000968d871e23ca86a572648e5c941b2c97d45e096aa141544a60bf1c64eda7a0fa8112b083ab633a71622375638feb73b37dc1e10c7 |