Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1199s -
max time network
1201s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system -
submitted
10/10/2024, 15:43
Static task
static1
Behavioral task
behavioral1
Sample
Screenshot 2024-09-17 10.38.45 AM.png
Resource
win11-20241007-en
General
-
Target
Screenshot 2024-09-17 10.38.45 AM.png
-
Size
6KB
-
MD5
a77a3b7802e4fb4d6a9d75fd0b6acf25
-
SHA1
fbf1982714c7442ed7d2395261ea619f8da537ac
-
SHA256
a155e817214f1d637cdfb006c8cd83d82df6c2f6afccbf604e3d3e4cf344576c
-
SHA512
44e31dc578f2b90dfd12aa6d0e0e8670c2a8afa65985bcf352d4c2f582e0c85388051daff76f3024e57e7b6845d66743d1d6833107c09afbeefc20feee8e84f6
-
SSDEEP
192:eea/tFLQgnTAk94wcSL7UUkDxOvnX8APfLF/lx:EAuYSXU2vphtx
Malware Config
Signatures
-
Downloads MZ/PE file
-
Executes dropped EXE 6 IoCs
pid Process 5768 Memz Clean.exe 5312 Monoxidex86.harmless.exe 5952 Memz Clean.exe 4616 Monoxidex86.harmless.exe 1556 Monoxidex86.harmless.exe 5776 Monoxidex86.harmless.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
flow ioc 129 raw.githubusercontent.com 130 raw.githubusercontent.com 131 raw.githubusercontent.com 132 raw.githubusercontent.com -
Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
description ioc Process File created C:\Users\Admin\Downloads\Monoxidex86.harmless.exe:Zone.Identifier firefox.exe File created C:\Users\Admin\Downloads\Memz Clean.exe:Zone.Identifier firefox.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 5 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Memz Clean.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Monoxidex86.harmless.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Memz Clean.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Monoxidex86.harmless.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Monoxidex86.harmless.exe -
Checks processor information in registry 2 TTPs 12 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe -
Enumerates system info in registry 2 TTPs 12 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 10 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix BackgroundTransferHost.exe Set value (str) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix BackgroundTransferHost.exe Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\MuiCache BackgroundTransferHost.exe Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\MuiCache MiniSearchHost.exe Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings firefox.exe Set value (str) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" BackgroundTransferHost.exe Set value (str) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" BackgroundTransferHost.exe Set value (str) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" BackgroundTransferHost.exe Set value (str) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" BackgroundTransferHost.exe -
NTFS ADS 2 IoCs
description ioc Process File created C:\Users\Admin\Downloads\Monoxidex86.harmless.exe:Zone.Identifier firefox.exe File created C:\Users\Admin\Downloads\Memz Clean.exe:Zone.Identifier firefox.exe -
Suspicious behavior: EnumeratesProcesses 28 IoCs
pid Process 720 msedge.exe 720 msedge.exe 6132 msedge.exe 6132 msedge.exe 2220 msedge.exe 2220 msedge.exe 3000 msedge.exe 3000 msedge.exe 4308 identity_helper.exe 4308 identity_helper.exe 3056 msedge.exe 3056 msedge.exe 568 msedge.exe 568 msedge.exe 5836 msedge.exe 5836 msedge.exe 3540 identity_helper.exe 3540 identity_helper.exe 776 msedge.exe 776 msedge.exe 6544 msedge.exe 6544 msedge.exe 4908 msedge.exe 4908 msedge.exe 560 msedge.exe 560 msedge.exe 5600 identity_helper.exe 5600 identity_helper.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 5952 Memz Clean.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 39 IoCs
pid Process 6132 msedge.exe 6132 msedge.exe 6132 msedge.exe 3000 msedge.exe 3000 msedge.exe 3000 msedge.exe 3000 msedge.exe 3000 msedge.exe 3000 msedge.exe 3000 msedge.exe 3000 msedge.exe 3000 msedge.exe 3000 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe -
Suspicious use of AdjustPrivilegeToken 7 IoCs
description pid Process Token: SeDebugPrivilege 1260 firefox.exe Token: SeDebugPrivilege 1260 firefox.exe Token: SeDebugPrivilege 1260 firefox.exe Token: SeDebugPrivilege 1260 firefox.exe Token: SeDebugPrivilege 1260 firefox.exe Token: 33 5888 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 5888 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 1260 firefox.exe 1260 firefox.exe 1260 firefox.exe 1260 firefox.exe 1260 firefox.exe 1260 firefox.exe 1260 firefox.exe 1260 firefox.exe 1260 firefox.exe 1260 firefox.exe 1260 firefox.exe 1260 firefox.exe 1260 firefox.exe 1260 firefox.exe 1260 firefox.exe 1260 firefox.exe 1260 firefox.exe 1260 firefox.exe 1260 firefox.exe 1260 firefox.exe 1260 firefox.exe 6132 msedge.exe 6132 msedge.exe 6132 msedge.exe 6132 msedge.exe 6132 msedge.exe 6132 msedge.exe 6132 msedge.exe 6132 msedge.exe 6132 msedge.exe 6132 msedge.exe 6132 msedge.exe 6132 msedge.exe 6132 msedge.exe 6132 msedge.exe 6132 msedge.exe 6132 msedge.exe 6132 msedge.exe 6132 msedge.exe 6132 msedge.exe 6132 msedge.exe 6132 msedge.exe 6132 msedge.exe 6132 msedge.exe 6132 msedge.exe 6132 msedge.exe 6132 msedge.exe 3000 msedge.exe 3000 msedge.exe 3000 msedge.exe 3000 msedge.exe 3000 msedge.exe 3000 msedge.exe 3000 msedge.exe 3000 msedge.exe 3000 msedge.exe 3000 msedge.exe 3000 msedge.exe 3000 msedge.exe 3000 msedge.exe 3000 msedge.exe 3000 msedge.exe 3000 msedge.exe 3000 msedge.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 6132 msedge.exe 6132 msedge.exe 6132 msedge.exe 6132 msedge.exe 6132 msedge.exe 6132 msedge.exe 6132 msedge.exe 6132 msedge.exe 6132 msedge.exe 6132 msedge.exe 6132 msedge.exe 6132 msedge.exe 3000 msedge.exe 3000 msedge.exe 3000 msedge.exe 3000 msedge.exe 3000 msedge.exe 3000 msedge.exe 3000 msedge.exe 3000 msedge.exe 3000 msedge.exe 3000 msedge.exe 3000 msedge.exe 3000 msedge.exe 3000 msedge.exe 3000 msedge.exe 3000 msedge.exe 3000 msedge.exe 3000 msedge.exe 3000 msedge.exe 3000 msedge.exe 3000 msedge.exe 3000 msedge.exe 3000 msedge.exe 3000 msedge.exe 3000 msedge.exe 3000 msedge.exe 3000 msedge.exe 3000 msedge.exe 3000 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 5836 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe 4908 msedge.exe -
Suspicious use of SetWindowsHookEx 64 IoCs
pid Process 1260 firefox.exe 1260 firefox.exe 1260 firefox.exe 1260 firefox.exe 1260 firefox.exe 1260 firefox.exe 1260 firefox.exe 1260 firefox.exe 1260 firefox.exe 1260 firefox.exe 1260 firefox.exe 1260 firefox.exe 1260 firefox.exe 1260 firefox.exe 1260 firefox.exe 1260 firefox.exe 1260 firefox.exe 1260 firefox.exe 1260 firefox.exe 1260 firefox.exe 1260 firefox.exe 1260 firefox.exe 5768 Memz Clean.exe 1260 firefox.exe 1260 firefox.exe 1260 firefox.exe 5768 Memz Clean.exe 5768 Memz Clean.exe 5768 Memz Clean.exe 5768 Memz Clean.exe 5768 Memz Clean.exe 5768 Memz Clean.exe 5768 Memz Clean.exe 5768 Memz Clean.exe 5952 Memz Clean.exe 5952 Memz Clean.exe 5952 Memz Clean.exe 5952 Memz Clean.exe 5952 Memz Clean.exe 5952 Memz Clean.exe 2192 OpenWith.exe 5952 Memz Clean.exe 5952 Memz Clean.exe 1252 MiniSearchHost.exe 5952 Memz Clean.exe 5952 Memz Clean.exe 5952 Memz Clean.exe 5952 Memz Clean.exe 5952 Memz Clean.exe 5952 Memz Clean.exe 5952 Memz Clean.exe 5952 Memz Clean.exe 5952 Memz Clean.exe 5952 Memz Clean.exe 5952 Memz Clean.exe 5952 Memz Clean.exe 5952 Memz Clean.exe 5952 Memz Clean.exe 5952 Memz Clean.exe 5952 Memz Clean.exe 5952 Memz Clean.exe 5952 Memz Clean.exe 5952 Memz Clean.exe 5952 Memz Clean.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3460 wrote to memory of 1260 3460 firefox.exe 89 PID 3460 wrote to memory of 1260 3460 firefox.exe 89 PID 3460 wrote to memory of 1260 3460 firefox.exe 89 PID 3460 wrote to memory of 1260 3460 firefox.exe 89 PID 3460 wrote to memory of 1260 3460 firefox.exe 89 PID 3460 wrote to memory of 1260 3460 firefox.exe 89 PID 3460 wrote to memory of 1260 3460 firefox.exe 89 PID 3460 wrote to memory of 1260 3460 firefox.exe 89 PID 3460 wrote to memory of 1260 3460 firefox.exe 89 PID 3460 wrote to memory of 1260 3460 firefox.exe 89 PID 3460 wrote to memory of 1260 3460 firefox.exe 89 PID 1260 wrote to memory of 4532 1260 firefox.exe 90 PID 1260 wrote to memory of 4532 1260 firefox.exe 90 PID 1260 wrote to memory of 4532 1260 firefox.exe 90 PID 1260 wrote to memory of 4532 1260 firefox.exe 90 PID 1260 wrote to memory of 4532 1260 firefox.exe 90 PID 1260 wrote to memory of 4532 1260 firefox.exe 90 PID 1260 wrote to memory of 4532 1260 firefox.exe 90 PID 1260 wrote to memory of 4532 1260 firefox.exe 90 PID 1260 wrote to memory of 4532 1260 firefox.exe 90 PID 1260 wrote to memory of 4532 1260 firefox.exe 90 PID 1260 wrote to memory of 4532 1260 firefox.exe 90 PID 1260 wrote to memory of 4532 1260 firefox.exe 90 PID 1260 wrote to memory of 4532 1260 firefox.exe 90 PID 1260 wrote to memory of 4532 1260 firefox.exe 90 PID 1260 wrote to memory of 4532 1260 firefox.exe 90 PID 1260 wrote to memory of 4532 1260 firefox.exe 90 PID 1260 wrote to memory of 4532 1260 firefox.exe 90 PID 1260 wrote to memory of 4532 1260 firefox.exe 90 PID 1260 wrote to memory of 4532 1260 firefox.exe 90 PID 1260 wrote to memory of 4532 1260 firefox.exe 90 PID 1260 wrote to memory of 4532 1260 firefox.exe 90 PID 1260 wrote to memory of 4532 1260 firefox.exe 90 PID 1260 wrote to memory of 4532 1260 firefox.exe 90 PID 1260 wrote to memory of 4532 1260 firefox.exe 90 PID 1260 wrote to memory of 4532 1260 firefox.exe 90 PID 1260 wrote to memory of 4532 1260 firefox.exe 90 PID 1260 wrote to memory of 4532 1260 firefox.exe 90 PID 1260 wrote to memory of 4532 1260 firefox.exe 90 PID 1260 wrote to memory of 4532 1260 firefox.exe 90 PID 1260 wrote to memory of 4532 1260 firefox.exe 90 PID 1260 wrote to memory of 4532 1260 firefox.exe 90 PID 1260 wrote to memory of 4532 1260 firefox.exe 90 PID 1260 wrote to memory of 4532 1260 firefox.exe 90 PID 1260 wrote to memory of 4532 1260 firefox.exe 90 PID 1260 wrote to memory of 4532 1260 firefox.exe 90 PID 1260 wrote to memory of 4532 1260 firefox.exe 90 PID 1260 wrote to memory of 4532 1260 firefox.exe 90 PID 1260 wrote to memory of 4532 1260 firefox.exe 90 PID 1260 wrote to memory of 4532 1260 firefox.exe 90 PID 1260 wrote to memory of 4532 1260 firefox.exe 90 PID 1260 wrote to memory of 4532 1260 firefox.exe 90 PID 1260 wrote to memory of 4532 1260 firefox.exe 90 PID 1260 wrote to memory of 4532 1260 firefox.exe 90 PID 1260 wrote to memory of 4532 1260 firefox.exe 90 PID 1260 wrote to memory of 4532 1260 firefox.exe 90 PID 1260 wrote to memory of 4680 1260 firefox.exe 91 PID 1260 wrote to memory of 4680 1260 firefox.exe 91 PID 1260 wrote to memory of 4680 1260 firefox.exe 91 PID 1260 wrote to memory of 4680 1260 firefox.exe 91 PID 1260 wrote to memory of 4680 1260 firefox.exe 91 PID 1260 wrote to memory of 4680 1260 firefox.exe 91 PID 1260 wrote to memory of 4680 1260 firefox.exe 91 PID 1260 wrote to memory of 4680 1260 firefox.exe 91 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot 2024-09-17 10.38.45 AM.png"1⤵PID:3424
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc1⤵PID:988
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3460 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1260 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1960 -parentBuildID 20240401114208 -prefsHandle 1888 -prefMapHandle 1872 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b9e918a-059e-4f50-a8b0-270a04780b09} 1260 "\\.\pipe\gecko-crash-server-pipe.1260" gpu3⤵PID:4532
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2360 -parentBuildID 20240401114208 -prefsHandle 2336 -prefMapHandle 2284 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3bce7db2-52da-413b-883a-29c22327f566} 1260 "\\.\pipe\gecko-crash-server-pipe.1260" socket3⤵
- Checks processor information in registry
PID:4680
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3032 -childID 1 -isForBrowser -prefsHandle 3076 -prefMapHandle 2844 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {16f0d660-0276-4a15-8a99-d54b15935466} 1260 "\\.\pipe\gecko-crash-server-pipe.1260" tab3⤵PID:4828
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3164 -childID 2 -isForBrowser -prefsHandle 3500 -prefMapHandle 3496 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e657528-3589-4ccc-b083-804bf987a493} 1260 "\\.\pipe\gecko-crash-server-pipe.1260" tab3⤵PID:2720
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4284 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 3848 -prefMapHandle 3852 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3e01e34-3b43-4765-bf30-5b32025995ea} 1260 "\\.\pipe\gecko-crash-server-pipe.1260" utility3⤵
- Checks processor information in registry
PID:3652
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5432 -childID 3 -isForBrowser -prefsHandle 5404 -prefMapHandle 5400 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b666e6ca-a1a8-44cd-9d52-b3b1d8760e80} 1260 "\\.\pipe\gecko-crash-server-pipe.1260" tab3⤵PID:5508
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5444 -childID 4 -isForBrowser -prefsHandle 5412 -prefMapHandle 5408 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b0aaf671-0ae5-4e62-8967-e679e8940164} 1260 "\\.\pipe\gecko-crash-server-pipe.1260" tab3⤵PID:5516
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5772 -childID 5 -isForBrowser -prefsHandle 5604 -prefMapHandle 5600 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5f7b093-9678-41d0-9090-4df971d47151} 1260 "\\.\pipe\gecko-crash-server-pipe.1260" tab3⤵PID:5532
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3172 -childID 6 -isForBrowser -prefsHandle 3152 -prefMapHandle 3132 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {613b7d58-ee27-4de4-b951-1c60675eb420} 1260 "\\.\pipe\gecko-crash-server-pipe.1260" tab3⤵PID:1560
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5316 -childID 7 -isForBrowser -prefsHandle 6672 -prefMapHandle 6676 -prefsLen 28425 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f760e3c-791d-40b9-8147-4e1a0a042472} 1260 "\\.\pipe\gecko-crash-server-pipe.1260" tab3⤵PID:1500
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6244 -childID 8 -isForBrowser -prefsHandle 4112 -prefMapHandle 6732 -prefsLen 28425 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eeefacb7-9c5a-4b41-83da-e988e51a7265} 1260 "\\.\pipe\gecko-crash-server-pipe.1260" tab3⤵PID:3304
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7276 -childID 9 -isForBrowser -prefsHandle 7180 -prefMapHandle 7236 -prefsLen 28465 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {832b1d0d-a313-4680-af0b-c57f6227f0a7} 1260 "\\.\pipe\gecko-crash-server-pipe.1260" tab3⤵PID:348
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5964 -childID 10 -isForBrowser -prefsHandle 5784 -prefMapHandle 5820 -prefsLen 28465 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {50e8fb23-e4ce-473d-b13b-2b519ba9f5ad} 1260 "\\.\pipe\gecko-crash-server-pipe.1260" tab3⤵PID:6104
-
-
C:\Users\Admin\Downloads\Memz Clean.exe"C:\Users\Admin\Downloads\Memz Clean.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5768 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus4⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:6132 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffde2b93cb8,0x7ffde2b93cc8,0x7ffde2b93cd85⤵PID:6136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,3711227007042060237,4336737516717304173,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:25⤵PID:2176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,3711227007042060237,4336737516717304173,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:35⤵
- Suspicious behavior: EnumeratesProcesses
PID:720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,3711227007042060237,4336737516717304173,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2564 /prefetch:85⤵PID:1236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3711227007042060237,4336737516717304173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:15⤵PID:5588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3711227007042060237,4336737516717304173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:15⤵PID:5668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3711227007042060237,4336737516717304173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:15⤵PID:3004
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic4⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3000 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffde2b93cb8,0x7ffde2b93cc8,0x7ffde2b93cd85⤵PID:5692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,10667890892516579867,17340128332416756943,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2096 /prefetch:25⤵PID:6024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,10667890892516579867,17340128332416756943,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:35⤵
- Suspicious behavior: EnumeratesProcesses
PID:2220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,10667890892516579867,17340128332416756943,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:85⤵PID:4144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10667890892516579867,17340128332416756943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:15⤵PID:5744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10667890892516579867,17340128332416756943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:15⤵PID:5724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10667890892516579867,17340128332416756943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:15⤵PID:4716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10667890892516579867,17340128332416756943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:15⤵PID:4744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,10667890892516579867,17340128332416756943,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 /prefetch:85⤵
- Suspicious behavior: EnumeratesProcesses
PID:4308
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2084,10667890892516579867,17340128332416756943,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4304 /prefetch:85⤵
- Suspicious behavior: EnumeratesProcesses
PID:3056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10667890892516579867,17340128332416756943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:15⤵PID:2800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10667890892516579867,17340128332416756943,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:15⤵PID:2816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10667890892516579867,17340128332416756943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3756 /prefetch:15⤵PID:4788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10667890892516579867,17340128332416756943,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:15⤵PID:1348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10667890892516579867,17340128332416756943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:15⤵PID:6552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10667890892516579867,17340128332416756943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:15⤵PID:6772
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed4⤵PID:6476
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffde2b93cb8,0x7ffde2b93cc8,0x7ffde2b93cd85⤵PID:6492
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/4⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:5836 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffde2b93cb8,0x7ffde2b93cc8,0x7ffde2b93cd85⤵PID:3372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,16046663452684313479,9838139504435913722,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2096 /prefetch:25⤵PID:3996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,16046663452684313479,9838139504435913722,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:35⤵
- Suspicious behavior: EnumeratesProcesses
PID:568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,16046663452684313479,9838139504435913722,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:85⤵PID:5028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16046663452684313479,9838139504435913722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:15⤵PID:5144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16046663452684313479,9838139504435913722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:15⤵PID:5156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16046663452684313479,9838139504435913722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:15⤵PID:5220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,16046663452684313479,9838139504435913722,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 /prefetch:85⤵
- Suspicious behavior: EnumeratesProcesses
PID:3540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2028,16046663452684313479,9838139504435913722,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3244 /prefetch:85⤵
- Suspicious behavior: EnumeratesProcesses
PID:776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16046663452684313479,9838139504435913722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4408 /prefetch:15⤵PID:5284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16046663452684313479,9838139504435913722,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:15⤵PID:2620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16046663452684313479,9838139504435913722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4464 /prefetch:15⤵PID:2052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16046663452684313479,9838139504435913722,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:15⤵PID:2504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16046663452684313479,9838139504435913722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:15⤵PID:7032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16046663452684313479,9838139504435913722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:15⤵PID:5300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,16046663452684313479,9838139504435913722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:15⤵PID:2792
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download4⤵PID:2076
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffde2b93cb8,0x7ffde2b93cc8,0x7ffde2b93cd85⤵PID:5948
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic4⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:4908 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffde2b93cb8,0x7ffde2b93cc8,0x7ffde2b93cd85⤵PID:4688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,14059210444084063104,5121122381715212009,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2096 /prefetch:25⤵PID:6432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,14059210444084063104,5121122381715212009,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:35⤵
- Suspicious behavior: EnumeratesProcesses
PID:6544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,14059210444084063104,5121122381715212009,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:85⤵PID:3728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14059210444084063104,5121122381715212009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:15⤵PID:5176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14059210444084063104,5121122381715212009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:15⤵PID:2124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14059210444084063104,5121122381715212009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4372 /prefetch:15⤵PID:5404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14059210444084063104,5121122381715212009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:15⤵PID:5576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2084,14059210444084063104,5121122381715212009,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3644 /prefetch:85⤵
- Suspicious behavior: EnumeratesProcesses
PID:560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,14059210444084063104,5121122381715212009,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 /prefetch:85⤵
- Suspicious behavior: EnumeratesProcesses
PID:5600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14059210444084063104,5121122381715212009,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:15⤵PID:6312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14059210444084063104,5121122381715212009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:15⤵PID:3052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14059210444084063104,5121122381715212009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:15⤵PID:3708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14059210444084063104,5121122381715212009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:15⤵PID:3356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14059210444084063104,5121122381715212009,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:15⤵PID:6932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14059210444084063104,5121122381715212009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:15⤵PID:2136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14059210444084063104,5121122381715212009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:15⤵PID:956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14059210444084063104,5121122381715212009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3068 /prefetch:15⤵PID:6896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14059210444084063104,5121122381715212009,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:15⤵PID:1260
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14059210444084063104,5121122381715212009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:15⤵PID:4280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14059210444084063104,5121122381715212009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1352 /prefetch:15⤵PID:7008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14059210444084063104,5121122381715212009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:15⤵PID:4784
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton4⤵PID:5384
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffde2b93cb8,0x7ffde2b93cc8,0x7ffde2b93cd85⤵PID:6044
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real4⤵PID:7100
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffde2b93cb8,0x7ffde2b93cc8,0x7ffde2b93cd85⤵PID:6204
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real4⤵PID:3140
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0x100,0x12c,0x7ffde2b93cb8,0x7ffde2b93cc8,0x7ffde2b93cd85⤵PID:488
-
-
-
-
C:\Users\Admin\Downloads\Monoxidex86.harmless.exe"C:\Users\Admin\Downloads\Monoxidex86.harmless.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5312
-
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004EC 0x00000000000004E41⤵
- Suspicious use of AdjustPrivilegeToken
PID:5888
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2004
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1572
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1464
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3768
-
C:\Windows\system32\BackgroundTransferHost.exe"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.131⤵
- Modifies registry class
PID:6704
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:6976
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:744
-
C:\Windows\system32\BackgroundTransferHost.exe"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.131⤵
- Modifies registry class
PID:5236
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1828
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:6900
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:772
-
C:\Users\Admin\Downloads\Memz Clean.exe"C:\Users\Admin\Downloads\Memz Clean.exe"1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5952
-
C:\Users\Admin\Downloads\Monoxidex86.harmless.exe"C:\Users\Admin\Downloads\Monoxidex86.harmless.exe"1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4616
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2192
-
C:\Users\Admin\Downloads\Monoxidex86.harmless.exe"C:\Users\Admin\Downloads\Monoxidex86.harmless.exe"1⤵
- Executes dropped EXE
PID:1556
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1252
-
C:\Users\Admin\Downloads\Monoxidex86.harmless.exe"C:\Users\Admin\Downloads\Monoxidex86.harmless.exe"1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5776
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f1d2c7fd2ca29bb77a5da2d1847fbb92
SHA1840de2cf36c22ba10ac96f90890b6a12a56526c6
SHA25658d0f80310f4a84f687c5ce0adaa982eb42fe4480510399fa2ae975d40bb8bc5
SHA512ede1fafea2404f16948fe0b5ea5161ccee3ee6e40c55ff98c337eac981a6776b9c73dc030a5c59e4347aec91259f497539206e71949c33adcecbf2c846709e14
-
Filesize
152B
MD54c1a24fa898d2a98b540b20272c8e47b
SHA13218bff9ce95b52842fa1b8bd00be073177141ef
SHA256bbcc378fcbf64580e7a48b4e7ca9be57fa0a1f2e747f488325685bdb18d73a95
SHA512e61f196e7f1c9a5fe249abe9b11eea770fb2f4babc61f60b12c71f43e6fe9354cf14869daf46abc2c2655bce180252acd43c10562a2dcd31fa7d90d33253820e
-
Filesize
152B
MD56ad5f8331daca9be3c0a4bf484de0cf9
SHA1b5cec0c50544855840e59f284fc4eca21b091c15
SHA25611e00137c81eee1679525f917b6c408c2c350617b0f18e87bfb71772dd91bf2c
SHA5127cc4a6c66f1d28d2f8be0e386fc46515807ae91a6b369eea094cc8c4d5fd3c828c215a0198f521f23efe017cb05fc2e32f054ac552c6c009b7b93ab6750a32e2
-
Filesize
152B
MD560c2c834856f243556012fcf2e68c259
SHA1a0b157664cba4487d4903ed42d61cdb4f08a698e
SHA256f2200dcf666700ce8ffe792b4712be9a8c979f12e045394bfeb049f966d20a98
SHA5121edac554b7e32c60b17e27e5efdf52b712f275546ee59041740d9cd2faf665af0c135797edf1894e90cefcc98bb76190dd7f1519143a5f4ccca644d5e5dce7c8
-
Filesize
152B
MD50c70bc10e48066831a0cf02f11206e8e
SHA1d025704a6b6a65c0db979d09a6bf99320f91573b
SHA256e9a18029e0a0067e49e5bfda3bbdfd9babc220492c219dcddbd52f5911697e60
SHA51231d8464e1db36b6c248251bdc9d751001292dece82dfe2f3a8ecc84f7a5e8d23d6e1d53114885ceba752809dd6a2076e9e10ce0c809fa9e32ced45f800b170c8
-
Filesize
152B
MD5c023b5cd37bec15dbd7bf45accd08a76
SHA156ae3b5496c1b56b49f1b71e0a58c152b88f824c
SHA256ff0d5e2bde6dda134f0019b3387f26b5ad5355efdadbb522beac144419516cdb
SHA512995466d91328ba44a18c5a4ea629619ae1a00b3b95b330ef61794302d22ca0decf9dc967c2e75a35446f970aaf4631555238acd62e42d65b693656ab22abfb77
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4086ffbd-6096-4198-8b6f-be57a0a388a0.tmp
Filesize1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
44KB
MD5feac5bbaba4084763cf3c0bcb5950574
SHA157f98238507031626c4f325b3ec3cd418ea2bc01
SHA256a8b2fe9dcb67ff245e37cc850fb333e8dbf0cbdc780f744a90fada94591b143c
SHA51212fc5817c30899de1cf10d580323ba491275968fc9d72fd5c37a77b10d1734601866edc9a2228fe9cad6a1d0d969d035b3dcc18edaa1ee1b2dcf6b9929c4d844
-
Filesize
264KB
MD5f4c42d6461350474eee9a3e1a905e2ac
SHA155a3880c01b801307c29e8911cef17292cc90173
SHA2560dfe01442672652cbfe43aacbdc7399873e66fdc539450286589f87a7d026787
SHA5125acfb2a7c6aa1b7a61c6523faf1afdeaed5b17efe9731846c19458e5548f45329826844e3d40efa825e9bb47840005621909cd2c2e55e6cb0061d40aa3247aea
-
Filesize
4.0MB
MD5f336cef39fb04a9041551e6b5e84e5ff
SHA117bb3d2383c57876fb2e77c6d9ade942d7df28d2
SHA256c6713fd9824f78440bf19f7f8fb60b883f4cadbf4ef35e01732ca8634b7e73a6
SHA5124fcbf4b90bf131d8f677c1a61ecb7bafb8374c9d3748ceda02f39a73551f7136139e4dccfbbdf6f0d69f3ec66ba345f6f82619ca931d76a01f5265afe9240c72
-
Filesize
213KB
MD5f942900ff0a10f251d338c612c456948
SHA14a283d3c8f3dc491e43c430d97c3489ee7a3d320
SHA25638b76a54655aff71271a9ad376ac17f20187abd581bf5aced69ccde0fe6e2fd6
SHA5129b393ce73598ed1997d28ceeddb23491a4d986c337984878ebb0ae06019e30ea77448d375d3d6563c774856d6bc98ee3ca0e0ba88ea5769a451a5e814f6ddb41
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize432B
MD550d9245164543fa39500ac5ffcba67bc
SHA1394cebd4ce1a7878e67bee016ce4a6683fd549d6
SHA2567bb692e5c4277eaf42469f29bc158b753fa33a8098d0f0805975c6e2c2694132
SHA5125db40c2b4acada4eaa4b1213e527bbb92691fd1b808a196c3bc9386fc3c4ddcca6432b93ac13816c46bedbf080627dab841175e53499186065e17157040c05fb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD5abf494863ce8a6bd7afe8592169d2763
SHA1b4d8a46e39c018fb0f6833bf2e010068c6491ebe
SHA256a95c859c497a4e84516af036840706a5856aa99af9c42a854a98338fa37829c5
SHA512faee12e5f8fcb70e1ee3cd7dacebd546f9b558774642473836a3dd03231a6b133d2cf34d61dde9cb7ecc096ddd13cc1815d624d14327da10e0114f703df954dd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize432B
MD5b781e6b33a930e99719e74fa1e245e4b
SHA10295de6b6e3b1a616e0a4659b9621e678dc2543f
SHA256108eecc9ad8b7352e9faf29a63ecd01bac993f3b1357de32476cc08d882f5702
SHA5125a34c3af8f877bcc1c3220795754600698e92409a0e35b3d3c09578a6475e83ad6f2e37dc6c40bc4eff26950fbf7ee5a3aa7de51bb08540cc9511dbc4323fe19
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize168B
MD5b8f6ba3def3141f090aef7ecce5bd286
SHA1df978628601183511823030f4bc4092895f161d8
SHA256a5ccc8c932b5673d390492e10a17853cc4b9234d0b84b0ec506468128832fe4a
SHA5126e936ce736c4f21340397a500018964f35cb133b0b21b0aafd38e0b7cfc42a93f3c18111939d28b581b9239e89511c396aa7511a8aefd68616b505581b5d6100
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize432B
MD583fd54d9828be90553a61164f4b71c0f
SHA1e57d92ba481d48b4b90528d6571960be6ac4cf12
SHA256addb30dfb299e749d1868e864db9fc9c1db082320cc64480a160fb55cca148b4
SHA5121db3ac8d8329d3b8dfc4eea0073f04c6dd01930b1bf2ee57229f704a85428ead3d281ff9d815cc5143f6401b4d5b600fe9af1952b18e8af1fd3411c305068217
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize432B
MD53e600570fd3e276302b13a6ce8f5f59c
SHA14ef27afaeb229cdae0fb6a1c77ab805a19f9c5c2
SHA2561007896f991ac579254ddc779b2a4ab19ed4a278105e8f886273c3efdc95f7be
SHA5120d425f09f7c01455833b57374d5c6f53ea2c5fc26cfa18d0af0c52926a76a8b0f7829463d898c7d930962e4ece7ce62726ee690786cf63b72908a648a360db07
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize432B
MD53ae44c7f8927a14e21b44ea8d3e4d5bc
SHA14862d38215c9b9813cc62458b0f0d14cd62bad1e
SHA25614b07fb24a9877fd44c1adc55d5ce6ec5710079646c04d26207109db7d9aa316
SHA512dd6a485a3865d7e9886dcbbcd45007fb5d68d03f7645ad2dda56994661d1c1240fed6de7eb7593e1426ed6fd5e5e520b77027c64e69bd2bebf5a33e8757a9758
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
116KB
MD5f51cb8be6bbde84057d8fca9cc8dd60f
SHA176cdefd8aa25dea2d31a31937d0feeafab05e1da
SHA256385313dd9d5c1ee11b79ba910f060a14de9202dff4c4b513334448e394a16197
SHA5127566f05b9a889ffd3b0ca4f47e81c32a83075fd31eb060bc188f32462938cd6cc5a30157e237a177d26e42fc1a6536cc80f342c587d97bcf9775d88aa6893dee
-
Filesize
116KB
MD5cc4e936d9d95db81cb50761c0dcf3370
SHA19b8ce9eab6d0b6e5a6c8caeff6bb2086f0654e14
SHA256127983463da47af2da4311bd9f05b1ec614644922b6f1a1d85c7caed2c7e20fa
SHA512bc221d6e4361ae70b87ce8bbebe7eaeeddf560bd7ec90a1980098dfc91a3c6afdc140c3e69e2fc48d65121a5e9a2c861f503bfceea5a43abfb28d8acc112463c
-
Filesize
6B
MD5a9851aa4c3c8af2d1bd8834201b2ba51
SHA1fa95986f7ebfac4aab3b261d3ed0a21b142e91fc
SHA256e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191
SHA51241a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818
-
Filesize
28KB
MD5266aee886619070f24f6bc32f1e6c355
SHA148653b73aba7c12b48e2f134f96b2d1fc22a1505
SHA2568d29738ca60522bf86fb39b56c395d2bd7b9dc7241432a2e6c645a3563adc03f
SHA512a6536c722501d76a3d548af2efa0d3c8db3c86af2785555cf6df20b4d915d3331b68de492f8125a405a3b6f628e32ccacdc3f601525b38d99b140e7f3d84622e
-
Filesize
331B
MD5761a971f310061b278400b812c42a31c
SHA183bd763fc004b37bcee73dcbea035bfafa8b4836
SHA2568cee202cb8969b1858bcfc817796b4d24146d8aa31eb45e944e530d9e01f9b0c
SHA51262e534071e4357f0c4575289f8d35eb11a71469d2aac3fe91cc32c8a4afceb62d309533eeaa48ff09d93e9a2dad90ac0e163511838cc3019089211f010594a81
-
Filesize
964B
MD5e9d61523a2c7d935907ce8ee5c5a9239
SHA1be7c53c35f20a538068ceba7aa1a8583762b4a05
SHA256f7081d8d904127e7b438bdec0b70b72be5dfe863ae4e74722b3813c6403a6da9
SHA51270ff7eeb749d4f4885312ef75cc90594abfc7e2f8466028df2e6cb8969e3aab67928879afc94da58bdccc83c462c77b776327c6afd79ff2c4030c34b8a8d1408
-
Filesize
303B
MD59be0d290e3484a0888773847548d5bf3
SHA19f92ecedfcf3a93592c58e06df6e93eb40ddfc7e
SHA2561f58446a0bdee57120eefd1e62cdefa83d237d8d3e0435ebda37eba185dd3a21
SHA512e1c41212f15a0d276bd8909c831df801a0b38d5e39542fcbb6bfae3658cbf9d1919c029806418323c52b8a0da96f81f4e25c241898a4296985e11d3a8a8462fa
-
Filesize
964B
MD5974964be44492d15cd7fa6819af8d3c2
SHA1ec13d6620269b44c84c32a5967666b25db096840
SHA256eabcc314f1be5a866ad2a03844b1ff9ba1997d599abe0b13a5c6101809dfc3f6
SHA5126f4df0297fc52874fc21e2379e107397b89c6f3878274adf76509011d108b589b17adc7c6ee0a9b2f8be2cabeea2b3f48b578f7bfff7a93a55ba51f62e9f1251
-
Filesize
303B
MD5f17bfa2d5027d14d3419b7a5eaba8c13
SHA1ca9fd1e0615793d64fddea00fe85448fed66e794
SHA256004872824dc8e3c171d4771842cd5d31c2b3c97245177df3e9c07d1518d35215
SHA512ad2b9330db0ad662035f97699fa12aadd18279b777253e3b42148af1ce34c4d223d0d1f91a8843fb339f18ea3adfa8b88afe317ea11f6157cd89d4cfacaf82b1
-
Filesize
2KB
MD53069f6fc66bfebca18acf17c8e191a9d
SHA1750397c86a7d3feb5bcbd3065932f3ef11f2c3d1
SHA2569a8a9cc6b053f7162964d1f4a447993f7e41b916665d18187269c69d547ceb68
SHA512aa14bc0f17ec1c6db712c9c4cff9c283b1d6a475c71e5160b8df51c1ddcf27fd3640540ccaf4d035bc92f9d044581e9ddf685852d575f57a73f95e4ece1ec7ff
-
Filesize
2KB
MD564f0dc08c301470eed81503bab7efb98
SHA1c90dd55e40a4e2e4e9de194b7ee5c097004a43df
SHA256f8195c22560fba187a0be04811637bcf95df624253963dbc906518b9b4d3a291
SHA512b17431bb288d27cedfce553cd5af2c306f6205a66f4988e30f2d23513eaf589c198dc7918ffc58806b79d0e79a4a150edde64744cf753383d07d8188a07f51c1
-
Filesize
2KB
MD524767fb6c754f0b03c4fdd1af16bf4d9
SHA1b91cec4e642fb06e1a775a0a33dff6b1d4209ae3
SHA25687856a4fb2722da3c5342ec9174ad268b1be2765c195f9e11995a3620104851c
SHA512b437f776b277c67cbed92b49e3e97d639b1650a3ced41333e4393dea4e8aa5cc6f9ec7855f57ea5c5161ac67adc4928e99e296b0a56601d95cb2e556c914a1ef
-
Filesize
7KB
MD5421a09486f4797871cb8e92664d01bc8
SHA1a31d3564d281d51a01a5ab9181d9fd55e3e70890
SHA2565598981515f4049282819b2833ca4cbf58eeb5c22014cabd45c639586b0e7add
SHA512561d5c8817c759b32d561d374473245f2da01853e06378838f15074570c233ea9f00942f80b38f92ff7b879ed7f34fa4a78699792563445477f725a9f35db429
-
Filesize
6KB
MD5386cffdaf6fd9059da2cbcb8da8db17e
SHA1c96c1702f4dc548d8e09d585920b4d4b2d88c50d
SHA256b527b57527f93dcd646cb76a465474b8c982aa7287c151b24e1ee2580730b644
SHA51276527863d14c380396ab1c74e27dd6ecccf4e31a4590f698af87cd0e4e8a87c38121a06224dead28612369cb74f67cd1f718b8d38c10b2c4a58c43e393ad4a4b
-
Filesize
5KB
MD58b99d1300449be21a621596335068355
SHA1acce2985a56b59139675baa2b207d4e61758ca2c
SHA256f40a53ce49df1164a750cd827c3f456934285b17b0f3f4d7f19454be7cc21fb7
SHA512b33cc26a85a861cd82b2875d14b77e4ba49e6f0bdb46c9e1966ed45aaf11607e25405d308b481b1b935bf1d9671d769d1561738fcd035a0baddb3f00221154df
-
Filesize
7KB
MD5eb53dca9b66e2e8c35e9d821550eac0e
SHA11e094477a7723a393fcb4f8226c134fa60032c8b
SHA25604f070a7122565d5a5253aaa3c56af9978e8c111c2ad2f3ca2ba8eada025d353
SHA512fd8afe389e492da1c1d879386a31440eefd060ff8f4cbcfb2444fd066d79f6b431164af930bffaee1e32f268845981076387fae0d042d181e7eafdf4533b7057
-
Filesize
6KB
MD5397c9e7de46b04fb94a26d49bbcd1108
SHA156debfdd5bb3b817f4680f6f9816c1f8400735f2
SHA256930ea04eae2979c59fa288fdb75765eb140bb8e04f05aeba899cc3cc0e9a1a9f
SHA512675837eb4c83f084992a1f0875acb26d68e79ef05798a8b5aaa55763b9b829b35f11a799abd9dfe56aa3c2431d742ead3a9141faf1e151ef57db150e8b456a57
-
Filesize
7KB
MD518738157b5474d00c31e1a27c88f8015
SHA18da6c952ec3fd07790d1ae27c738006eb5300b75
SHA256f72e8e0f3e860a864843d247c2098cf716f27633d38fe7184f346a7008645b07
SHA512549f0adf6179998b38625e86fafeb31cdbd051e4ea4af8b89e549761b1899d2769d80984e9030133b8f14c7c2e98f9c18681688474f1b96880592abbd76507a9
-
Filesize
7KB
MD56b9793514253f2768eacaf784d02cc77
SHA1ca822a6cb7623471279784ae4cb9b14e607eb80a
SHA2568d9cd9f96bba1d027fd3e2050d0b254b2357d60775071e69d170642916c56ba4
SHA5126f1efda4793bcab950020c0895fec81df6458bd6d07e601fe5137215ed555a3c0acdd5f666bacd05cfd1e61c4b95af979195785f525da50aaa80b12041317d3a
-
Filesize
6KB
MD5fcd0b488d534691f5b3983eb519cbece
SHA167c7a9ee006d45a3a1aa22e03aae75c87be7e6b7
SHA256e8d590e5f314ef8f9d6512812e71ea44d5dd9b57689e7f06c45b16863f7e0144
SHA512f7b14cf606d9bc7c54e0a352e84e055efb7e1ba833cc7f6d093e48558384b661b67f7f0fa494841d12a45960dedebd56f284b999a5c625f753c4ce97c33c8061
-
Filesize
7KB
MD52b685bf0dd033461821f9caf1c7e3518
SHA135a02b7abc979b0173fb4bfab5a0eecff7c83914
SHA256638cd233f48a7a1b187a290d35c61cf6af9ab143a326ffa02d99ec5904d4eeab
SHA512c964650f18291875b1e81c7a10e5313f6ec05fe677b687385fad2585f43c4d477dabb95ecd275fd7fb57895d3f5408113ba13207b9bce46705073767f0204244
-
Filesize
7KB
MD5949f096c129e24dc52b876efab97a255
SHA159ac77fcb38292e13b1e2cc03b93383560adaead
SHA256d563875f730082da3336826fc459a5c2ad9225f01e64c636ac3bbf1a7eb8680b
SHA51210c8831c7810433943fa0f8882230a0cd17fdcc326f49c10885c4da1abc7b545d9446ded5639454cc200e9683f8080a955c199c0f177af5074566735d418fe78
-
Filesize
7KB
MD5f95344bd0ddd96d6c409e56ff0ff4c5f
SHA194545848b622a4bb2f89c0aa5400a6900aab4698
SHA256c87985375a860ea6f392551c8fe0abd2111021ec02709572293476daed0b4dda
SHA51233e9b6d56c146d7797957866e7df902c6737699a7ee08fb9131e54007de5f0b55f7536bd136ca3af31bf19a6fbe6dff43c99ad5abd80a16d73744b61bc4b631c
-
Filesize
7KB
MD552e99a88e305fae33b48ed8d24c05fac
SHA18b39926cbad380a8c2cf324078d70055a636fe69
SHA2566b409a994da673734cb63145001d05433a9be5cd68f73a976e8c40607e283753
SHA512af269903a319fb3f46cf0b888ad55f4dedc5b560b0894d2f1a351cfc4db309f9a55ad0b42e216d3cf64e9fbe94412a1cfc91d712a9582bbd4652bce565dfb6d9
-
Filesize
6KB
MD5cc7be5a1a87087feadb51ccaac7b7ad6
SHA18289eaff4782356ce0d0d22aebdaf5ad75f048f9
SHA256909f1c0c8a9381b7224127c7b427a0df62ee436041693d6699354c9ff7567303
SHA512837804e8228f67dfea10fcd586ff348bcb375d78dba27d57dc36bbf76391c7f4d372a246f03d00a4ba9cc311da5613d2828a0d3db712c3cf03ac39bd0a03b4ba
-
Filesize
7KB
MD594c9b2243e74aac4d7c7ef1fe2fd4f40
SHA164713b430de3550a48c71bd225bb09751c716d8e
SHA2565d5d48c19e5dc3c334e3efb734d81e60605c1e889e884a414d3ea9d48c00eec1
SHA512e9710ca3af56eb8fd7709b764e9c55d778f8182ea8515055f16ff49ab5160d13b28cace360d2aaf2ef755ec161247b9bc662df3f167c22f9a061a68be00a9a55
-
Filesize
36KB
MD50e40e62165bd5b4ae5cc0c0a4f0ec7f6
SHA1ec2f85dc9170745971963ac17448b14ee4744be5
SHA256800295c007151794e0c2d7ae932b56167eb7660877254abafbdd81764aded7c5
SHA512bafd2d0d49c1ffc80829a3b5efb1bdb9ec49495b9b2f437b78bce113af169723f411f6040a72d1de3bad91d517e98aa7d3e7d49e28c99037537fe30648305ef6
-
Filesize
137B
MD5a62d3a19ae8455b16223d3ead5300936
SHA1c0c3083c7f5f7a6b41f440244a8226f96b300343
SHA256c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e
SHA512f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f
-
Filesize
319B
MD5ab0f046522a4a13c6e52ca7c326af922
SHA15db90b3f3b9c0d760933127e0aad41b0bc9996f9
SHA256f29ce0b30bb7885c535e9d4675c9ea11d7335833e431d7942d762e557c84f4b0
SHA512d62984169565ddfa2d5e0ed939d548715cbe9cf224853d760fc13633e14f50443ae8de24dc47a151adfdcbb801d31e0e58dcaa72f6017379abc67a95832335e7
-
Filesize
1KB
MD5ce89b96e11a88b4140aaee7193709934
SHA1cf7e17d37dadd3fe25466bd0892d8a610ca331b3
SHA256c1bd32240bc151534432ea194bd111ff83386f80f7d7056766c504c2865752e4
SHA51277cbda9be711496da867d2b1f3da0d322ad5ed5908ab4c9d627e1c9709766fd5cad4f75d0f6f218a2d78ecff497741f87ae19fd0165b2edbeb06abf0bb6bab9b
-
Filesize
1KB
MD52066c53d4c00964ebd3bf167cb3ecb51
SHA1582afab7d501f321220af756766005fadac67253
SHA2561a896e2967d1b7810733e7912258a05e34320e4aa47ae46941113939ef4bfc90
SHA5127c2572c1ea7e1f8a05fe88e9af0ba8302c036b0a2ea1b10b623921919b639586cafe08ae86d8ae71e12ed8e8c7888900c77a6a927de5a89198e8e664d2736b55
-
Filesize
347B
MD56acf65495c128f7495486c83c9acee8f
SHA13b972a5f8fe3d879faae1d9db96b09e04d1f9baa
SHA2569d2aa4f29b113411c8f53bdc01e3e687a45264c758e9cc57bb7962f02571fae3
SHA51224206d07a8f060440e2ebb31a8bf1cb16c657050407769a881430994edc9b2b1297628c06593f245014f0d3e1554dd733f88a3be9289c4d1919f9a42643351f7
-
Filesize
323B
MD515b6ed1a3f15901273c90f1041afba84
SHA175876bc2554dccfca2443295dddb8de59e64b003
SHA2560449f315f8e501f42cf5d4a56dff3a7a3b1fcd2d0847e5abc4e2ed75da8c4278
SHA5124bb4c238b065f5e5217f8e9e22fff054342288c8369a909abd7847e33e983981e98e98f6ce0aac354196aa21bead5ee2a35f0b3d6cbb0fcc2e839b5de6fcad3c
-
Filesize
326B
MD5efa95e6f0a82648215afbef463dc8ef3
SHA19349aac831b0dcd426033b04807c9e8851269eb3
SHA256675dfc075c7b8f8294b813ea2d3ff198f3e95c26c6cf0875713d9385a2e1813a
SHA5122db9f5d1d5b7c57e8ba9f0b187e8ee5c7e92c28212f65d70acf0e62aa5d721badc4937a11447faf1034a4d8fec375760b951d6ba1d54f67afa84892164dfbfa8
-
Filesize
128KB
MD5e1ab396339835f6a2fcbc509a162785f
SHA1d6d20d657945994af02fc0f567751cbb3a426d77
SHA256a62017932d4ece745b81992ee1af6280be76b5089e4215a089e21ba575cf3448
SHA512bf5c7158f0995fd13ae852c31759ba16f8e732cb2d29fa19ae817c222427d43739a9a57152079279285b2eaa6e0f16b9f6a458a0f1df843eb10f9f9de35d1716
-
Filesize
16B
MD5aefd77f47fb84fae5ea194496b44c67a
SHA1dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA2564166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
64KB
MD5064f465bed91bfc48f0de7bfd5533c3b
SHA1f700298530e5fdd33b9d23bce7c9bed45bce0f21
SHA256db9b5b8f0025be13054f998e070fa8524f6e63e4f41b71dde1c225edce599a97
SHA5126203d61333279c4e766c92dc12ffe47bf028637bbe52a803ad52a3b6e82c5c6daf5464f85352c3db569d8b334f5b65bec51010455b036a7771e6b9d3c265ed95
-
Filesize
319B
MD56557cfef203f4f5d8999b1bfb94e39b3
SHA142cd382873395d6e342dd2ed827593f5c9deefbc
SHA2562a197890c055003b630ac365d5fee7f27b11491c0a39ac3a2c42a07ed059d9a7
SHA512b0633f0af3dd1ea96e1e7571a7a1f5cbe6eb7bcb01b7dadf78f45877fc7da7725b760078938e10776758db21838940308fcea4b4af42a426f236323f38fb2649
-
Filesize
337B
MD544491f52d92d9c1db7d7384b0f515ae2
SHA138560deb7515a38d6c0e216fc9f71573fa4a955a
SHA2563ea2a702e35e4641a0ffd50c70b4fa72bad2885581de2c1471aa357f1fefbc4a
SHA5127aa9570d25d2eeaac5fd460818ce945b4b32d0fe82b2749dfe9bb91b20d93ab0ba493e9c41131a6d41054aea7efc3619ab0cccbdc7170b8f90ad604242c2f87c
-
Filesize
44KB
MD53c0b3d758147e7bde3ef5870d43782f9
SHA1ee62c4c06ff94d8019284ab203ec1785ae0a73ee
SHA256a18930bd9d188bcd9c3691075cfff783639528ea07c84a36c0b8a305d046f9cf
SHA512845c6d29c3700140d183cea57d3b0957730ed9da9b98efb5e7ce4f718db8efa26d3d50df30bc25066d2562e6a5fe4a6d925e26942009ee2f186621f3d7f68948
-
Filesize
264KB
MD5fc4d5fd9fc8f70d9c492b10d8159384c
SHA1a58fa73307a060087e550288e57404c5c3259d05
SHA25644f5dfd8f2c0f20e3f883167d6824364b13e6a3170707992f20340b5bdc4a22c
SHA512a1525050a9727310b87b5a434aa6fdb8e81b548cab87e30d65909a7ef021b0f1637a9845b675ff1a5f7d23d4f07ea0741cbeedbaf70d232d07595b493de438b8
-
Filesize
4.0MB
MD5cba157d17692f95e7f5c3e5a7ea2dcd3
SHA1b1c5742e5cbe66caf8c0b5cc43ea07f477ac751a
SHA25615c8ae8f82824b04cdceb2d0a5a5abb5402a2508d5ff01c68da4f53437bb3837
SHA51274f9fd1c3047b3a5890a00542d8c7bdeda8224f558fc3bead8a9da2b60c173e0b1640ab0a7c1dc36b11ebb16f5e2d291e8763c90a7f6e0dc985dd3f3cc309aa5
-
Filesize
11B
MD5b29bcf9cd0e55f93000b4bb265a9810b
SHA1e662b8c98bd5eced29495dbe2a8f1930e3f714b8
SHA256f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4
SHA512e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011
-
Filesize
10KB
MD57ec4d631b4cd217fe118d0eae87f42cd
SHA1f71000d9c26db0594a4908239a460af6d8d348cc
SHA256e4a7c2d03dde7c28a6e7c6bcdfe2bff44fed2599a8fbd17e56c5df2c8ab26561
SHA5121562dd0d601e1427c72500c547a243656afb175fb52501bf612e01e898147066c249eb70349240edb8c2465710a6e523d084133dc9b821abde4cb3949dd688da
-
Filesize
10KB
MD55efaa3299be5cbc621cf6e41f10f30aa
SHA1b92f757c19735460daed00810f9d6e1415bce5ae
SHA25608f31dbb3868dca631276ba65e448053ffef575157f62ebb0e52e8307b9600d4
SHA5125b132bc62f0ee53b4e8c717dde5452b4c34ab49f0f03fe6ba6fac6a48d368bac7df41dc1dc5a8faf46997ecab74a3d217f04a7ecd23661b148e25fe7cd581417
-
Filesize
10KB
MD52728b39185b9a06f7747a7384820c6a1
SHA18c3e16280f0cd72a4de78c97b02e0f994c68cd64
SHA2563453e10d2c3058c5d837b08bb4b02de409ce58880f9a992c819227ef95d9bbd3
SHA512fbe080ef4a78ed7effc9708dffdc2696a4eb89865b923f62a85c4ccb92fd15b36b60a62c69f0c015d6870965de98b6ecee5493c3edb88aab3b06d79b265845dd
-
Filesize
11KB
MD5f1f17293399a90b179f798bb0a622872
SHA1f6882c8ded2282715e228b158004ff7fc5cd1cf7
SHA25680b4be42082d10d6e5d799686b27836a6e43ce484d514c0edaa437bc24f94b13
SHA512e7fda6b22a6a6ddc9147af240291222979a4f58779d27afd94a7175c8640e135e84b113f4d7bb0cbbcf738d7284112ca6f40d110b8b39f426e992330c126e252
-
Filesize
10KB
MD582e6062733b96d7a317a729771b9a7b1
SHA1cc91f1eea94836ee993d10ac38998e657b0dad2f
SHA2565cbd011e4a37b45eb75f1d6f16cff33b58a4005a0e298f78b5b09cbfbd5cf2fb
SHA512dde4e3f4dd65a0eb8e124a00c6735619fc29c3ce6ee695cedbc13d81b168b8ae656cdbe1bd386f04b63a517c76581c149837c905da1fbcf3a81721148f260220
-
Filesize
10KB
MD54cd7262244796cf484cb63dd85f82fa7
SHA155a6420736051a4686d6409c9def9191cd449df1
SHA256cf08fa1d5d67c4b7f33dc3a581a2938d1e468045b57c809dcf92566cb48a959c
SHA51285c7561a47c22dcf493b15da7a1e4d6ee37113e37d20d572022e51e1e152c40cf09b672d544369e41b51ecff6114f24656336bee6c5f55ab8c7619fdf9ce3e60
-
Filesize
10KB
MD5c8b665ab5f9391bfee2b6fda821143be
SHA1a65501a962aba04f72a3f1ec139079cf96aff7e7
SHA2561e626cbcaa65a8af74158702ae0c822b18737b456078789143704bb09a1083a7
SHA512ca86190f62811f8b6f77558b7e42d484179d212013faffeb18fc196044d95cd455eb881cd9cc852965cb611d7530e405a3e37dabce1cb5cda787f0ecda6ba972
-
Filesize
264KB
MD5dcc195e0f5ff13fe6b191db8f41548d5
SHA1b1afb7f59ebd0fdd1daebbe4ec6704e00cb9e7d2
SHA2566250b18d90fc38bd2b4bd35f352b203a7b82e79a977270c96a1e3e6a9ad02234
SHA512abd8482f76abe85c9ef43438f9659f5c57185ab8c30fade5d7eea85a15704f893511fa891406a872a40d11deb2761521a8f737a1abb1a5d33332b4826f0db464
-
Filesize
4B
MD525fd5c861e2e36c58f25b68ac0f691ca
SHA174fab253eda31308f77af668de7c3de54f8261ad
SHA256660b2c13981f04841bab60ee5964e2bd0826a0e28b1f9d41bf515a9eaf6f7ff7
SHA512056d1fe11b0952f3c598800b3634b466e7841db5019d38c62fc5d336fe304877fb2c13344f3b4405c5dcdd7fdf189e17671b6ac2eecd06a10c4a907647f32506
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\activity-stream.discovery_stream.json.tmp
Filesize22KB
MD5ce730e0ef4c9af887f53e2ddd46ba27e
SHA160f874153f54a70e49f9fae90daae4aeea2f4fcb
SHA256b5f52a055176907d275700688d1824cf6b0e9cf3e834ad469de0db9cf03aa8a5
SHA5125f6cbafe351cecc46d75d0e4a19e706678076a122b4aa8446c302474b7294ec83c45a84d8d44da1b6b107ddcac7e4488c4c4861689185f9df3358d68eb9fc583
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\2492994A253B970917AF5CDF605580B1C2DC16A0
Filesize63KB
MD5fce6e0b7684e64c23a484f8ccda59528
SHA10986ee0a384ef75f33099060e99553bcc41f5e6f
SHA256f73877b19c866a02ca968a554131b0936484abaecbada7aa41f4adcfc3df4ccd
SHA512823128041aaea8a32b91a6c01740e1eff8d7e2f4d7a4957087b6af45435fcf20bbc9be3fb3d24dbc97b318fdc4fd5b54b8234d65f7adf05e9abeb13e125f0136
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\73A861CDE699EE431D74FE52208FA22781309C1D
Filesize109KB
MD532bc19d51392109381581a2db36e7c50
SHA1cbf33818abb017682739be15cef4af000bf9ed01
SHA256e928949822a2412132dac10dff0d7d3be31030abe550e81833b918e83b21997e
SHA5127ba65c120d5281e2d63b25b95ae141cf040db9f8787b247438e77cba762a4d7b4f754e237ed959804964731451c5574d2684bb77e7e003d89c46a4b7b3dd61dd
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\79679B23E6BBEB689E1C79E27C32C20C5EC9DF47
Filesize156KB
MD5f09f749abad1da103bceda3df6798151
SHA11bfa197bd9859dc95e8e42e9249ffe5f7a16ab30
SHA2560aa6221aea46fce1181e121e07d26fc47388c5c75aee807335252fdd074a04b5
SHA51241a4760c35de5e1994f5539ae3efabdb4035629f81a027ccdc4f770250845fca9e4a478127461e6b7ba631988fa3d90831fac4803d3b1475ad3496ad857e370b
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\E6387E62BBEDE663AFDA764B4C29EB34763CADD0
Filesize630KB
MD56dbc814be6a0b3032446598dd7d77a05
SHA1662c46b0de2fa87d5db389a57f9bd3a200470432
SHA256e8b1c0803f51531853a8960c6149f401bf9995230fcc8b81f69a87f489d5eeb0
SHA5129670f2fabd4efe5d31cbbbfa19cd5909cd3c57584143ba01513a87d7708882763fdcb66149108494254bd08fb449609c042f06735fe85d7e9cb8e96039107452
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\98672b41-5b57-4b9f-ab6c-bac4c0f30d99.down_data
Filesize555KB
MD55683c0028832cae4ef93ca39c8ac5029
SHA1248755e4e1db552e0b6f8651b04ca6d1b31a86fb
SHA256855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e
SHA512aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize10KB
MD5785073822344ae3813284ebc92bb596a
SHA196e2a933b38352ed2c8e6e34e94756b70c143214
SHA25636ef4cbbc494deacf81f364b546281223a39bea01a32b0c4b0e2324f984d6817
SHA51228b21e17fdf026a025503a2ae1014ea4e8ce5385e42396007a7a23aba3aecb591d225e2a90d47f6f9e02d34792d74b89547715d66899265dbf8372258ccf4498
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize10KB
MD5327975ba2c226434c0009085b3702a06
SHA1b7b8b25656b3caefad9c5a657f101f06e2024bbd
SHA2566fa9064f304b70d6dcebee643ca017c2417ff325106917058f6e11341678583c
SHA512150a57c143fc5ff2462f496f5a9451310b8d99e32c4d570641204c8062a78590f14bed438ac981e8b0609a0c87b859a1f8502a78687bc36c3a9529d633a58e51
-
Filesize
479KB
MD509372174e83dbbf696ee732fd2e875bb
SHA1ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1
-
Filesize
13.8MB
MD50a8747a2ac9ac08ae9508f36c6d75692
SHA1b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA25632d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA51259521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\AlternateServices.bin
Filesize8KB
MD5f1032164e35877922ec4290860daa2d9
SHA18a9f840a77da23474a89d09cc4fe06de7ce8aaff
SHA25670e401da198eb8938e2f0d57d4947b5e9a45003ee3dca9873731eefe55900490
SHA5129bdbab6b46bcf34dc93d35b78732410d4e898fba0accb3d65cd968b30ccd131d74b151d51416f89dd00b654ac4ee03a138a41fb3d386958c25fefce10582be1a
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\AlternateServices.bin
Filesize12KB
MD547225380afe553f168cf3e85009aabfd
SHA14259fc278c052f7929f345b118fd88fb6764fe58
SHA2567a6cf076a4b4816abb490381aa4dbbfa246f7dc1d9067d85f6d225cc9f13425d
SHA512de4c540f44cd0f8a776330c3156e729baf31f1f975da0870242c12f4661a618b353bc1107bdb76f095d83793f20a45e28c72f085c4b663c4b35b2db1661fce43
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\db\data.safe.tmp
Filesize13KB
MD52119d55d02afa54758f2a9276bea3663
SHA14a1e22b07eec0623cc7433d92866b0b26c2db4c7
SHA2564edd7aa23beb6699091cdaed895c8ec4018ea468153793f9d9e98dd3210d713e
SHA512d7d9f35d79c6073e9b26de4384adc061f8147a1904b637339dfa011d76469a9c3882c204b068b02ee4d83f513cb8dd9cc9dbff979250fc5e6a7e2044aeeddba0
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\db\data.safe.tmp
Filesize85KB
MD5c155c4b24e1069faca9f2b1048107df1
SHA1a55510dfd60babe735a66221170ba8171453b1a3
SHA256f8d11b16ac7335cca5085e4d38c1d4cf125860ad8091ea32b890c2cb1a313c1b
SHA51282599955dd8920b74a71f8de48f0f72d2514d4a6d262417353d0bf4ad2909c43d709b6cb5832200534ee061d4cfeecdcad0a831857ae865cd6b855d8433a069c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\db\data.safe.tmp
Filesize5KB
MD5a00893d7a2c3a1621d3d87f126349cf3
SHA125c0006987ccc813f6642d3a986429a347a49cb8
SHA2567b67e075891bed8bb70218749d5f926eed39f1222b6d7ab311c62efdd36539c1
SHA512af21d7e319b879393f74d013f9940b929da33cbd24c44e0aaf46e22fd3fd65543b5e6a95f85fe6b740f9b9ef81c924aa8aa07108e8515ab0470e8906764a6fb6
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\db\data.safe.tmp
Filesize6KB
MD58b90cbe25ada8cd25452f85ccc43024f
SHA100e272d81e581442a5e6b3a8cd5f3842c569b831
SHA256b4e61d824789ab9f7219bfce07ff6e9615d86c6047bfee574a585253d50d463a
SHA512038c8f73108db812576cffd6bccc4f9d761a7648d73e971b4b73a7b7dd44f63cec6c1ae204dfb4be7a3c68fc6a65d44ec4b6453032d06b609b251f95a89e99bb
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\db\data.safe.tmp
Filesize13KB
MD52e348118efe6ea5333202c5fffbb2a97
SHA16e959e132173ca72e6c233c9f28abce17bd3fe56
SHA25640f459ab78856e2344087535be6f466d2b7c4ed04b9f6cc0dbbd0a81c99f5ecc
SHA512254cdb6c5a269af1839bae260d366ffc04d6e856b6be30cf45273cb6fba5894425ecc7830c41eb4d81b8fee3e96cf7f1b483384ce96ff7f9ff80055960bb0eb7
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\pending_pings\21551636-6e2d-4983-9446-428109e5e69b
Filesize5KB
MD50f42897fdde6cb61fb9e80e5dc316a65
SHA185ebd33b387410b1271a0c48e78153b42673baba
SHA256ef4374673e96daf18d8bff621966885e352e2e85d640feb839782c9643d3823e
SHA5123d3179968e1f76f9d5dfa1c382ae14bc90ee92c6b52cb446ae2ebb257b3d7afa3925ff64301156b0c67c955f4f03731f8477680293cf1c465afdef75e96c97ea
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\pending_pings\30f84169-dd01-45c4-9d3f-aa54d3f35a83
Filesize982B
MD5cbddbaf8f99e88f2a0883fe44fbd178c
SHA18dc3cf13d540f96de5b0471ab5cce34193a6cae5
SHA25600981e6d6f839680cce1ff46d51232be66a245e980b2dcfc18b2156aff8778f5
SHA512746ed914176181c59cc31b6fac4de7cfcd9b69e01ed7b64063cd62a681621104d1173cd5ff08bb29c844d531da265ebb92f39eb857c7f3756783bb7321277368
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\pending_pings\68c84638-ad8a-48c3-bf46-632b8bd4097c
Filesize671B
MD5d9aee158684e6167d864ac83c68e1eff
SHA15f5a33a103e3a77366d9ab103aaf848e012c3fde
SHA2564d34938c460646ac081aa4fbd1b9047a5002b6c72d910130fd8aa4b5a74eb7cf
SHA512c8c1cd86d82b890ef1a951128a2e01a080f85fdcb5de9d74edfdb6fd3e7284766e473b0533b320bb02e0e10ce0a717dbbde455246f97a3217551d5be2589e526
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\pending_pings\815462d6-c27b-47cc-b685-46f743f10b8d
Filesize26KB
MD528c568f5abf080e14434e4fe78cdce3c
SHA1918e10343b699c0d39cf35e2b99aac7abe148257
SHA256f953d09f78ab75e8743e3efedf7bedf00d4eb4c4eeb337a8246514f31b93ef5f
SHA51221127a360e6288734bed06acbe14d4c68050e0404fcfb7fa3ce49f7bc4fe82bfefba911bda4c99f3794a5efeb3287fcee7e7d1d52ba4d0316e3ddfd3723635ee
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\pending_pings\c4d2bab6-93ff-4d10-9e84-a1435139c0f8
Filesize847B
MD52b6c2f3707ffc8780ca621a1ae5b3531
SHA1bf3f5f01bcd6c212647fdf58148458df995e1983
SHA2568f9031e3df3912f9136e496ef1c80393117945e50f3eb0fa8f11e05092d93876
SHA512ab4ed28687f1acbb12e43e3bc314b7cc4573d658d4eae4266dec1e3a9d46418a1e0ce2609efda629021c3c1839488ed700e811ade9e7ba41a6046e860059856c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
Filesize1.1MB
MD5842039753bf41fa5e11b3a1383061a87
SHA13e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
Filesize116B
MD52a461e9eb87fd1955cea740a3444ee7a
SHA1b10755914c713f5a4677494dbe8a686ed458c3c5
SHA2564107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA51234f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
Filesize372B
MD5bf957ad58b55f64219ab3f793e374316
SHA1a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA51279c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
Filesize17.8MB
MD5daf7ef3acccab478aaa7d6dc1c60f865
SHA1f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA5125840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75
-
Filesize
13KB
MD550e24411c3051f0f6bb0bcd07fee7fc2
SHA15bc5b8dc5fc31ebb9e40d39bbdd6ac91a4d14e21
SHA2562487309673f1e41977ee2504bbbc518b56131f74cb9573d27cbb4ec518210715
SHA51220b9c5f4c28109c0b472d1b1f5e9bfad7c3f48aa113442002becf0db608ddb6c9d9c769b56d20ffd8ed436838f7e87f4fca10dc1564a581bbfcdd04cc6855259
-
Filesize
11KB
MD5c33c41ea58fcb66d853d50372a1e8892
SHA1c7d7f10b4919bb69ba95a68596c0a3aff5c4dd05
SHA2566052e7529a09bd8248554a7da92e3bf565b845f6f7d70b48e0cd0ff73ec3e2b7
SHA512570c852c4ff191e2a0c9ed032ce0a27642b200eb41d68ace3503ceb43f6afe5f194f98080fb3d3a4d895255aabd12ea400801b0d8f414a74ba0d5c33d1229be8
-
Filesize
12KB
MD5c4c80728bb1d3c038eeb26f88dc90299
SHA1ec7641b4953bc2f6aca152980cf9e3d57673ac06
SHA2566cb3d6da37f869fb9f279be81b7c16929019bc5952b66fa2323b570e37b33f98
SHA51268030988f3e6529cbf9bc3a3b062901d401bdb9cfa90ab9636da6984491207db08607ef91735c75fe6f5f225fed9cb2342b8d8105dafb60c4e4a8936b7c2c460
-
Filesize
11KB
MD559e87f0a3dc28218cfb1a4e53f4966e6
SHA1a33e594df32e799c6b0fd5b89a87b922b7641c26
SHA2566e612ddc47bc49b27713d9e3731e12dcb6dc56bfea4976f2fa67f151305cff09
SHA5125c143df564e547aa9d7b98b7e64303a0d141df1297949c4280f835bc91bc7ef6ba13e24e36d9284161ea656e1d4c6b2fa2885495a8c6f5d80d5373a40928a2b6
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionCheckpoints.json.tmp
Filesize259B
MD5c8dc58eff0c029d381a67f5dca34a913
SHA13576807e793473bcbd3cf7d664b83948e3ec8f2d
SHA2564c22e8a42797f14510228f9f4de8eea45c526228a869837bd43c0540092e5f17
SHA512b8f7c4150326f617b63d6bc72953160804a3749f6dec0492779f6c72b3b09c8d1bd58f47d499205c9a0e716f55fe5f1503d7676a4c85d31d1c1e456898af77b4
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
Filesize5KB
MD5e60c8846da398be4b8e5b1201934afe4
SHA1c943a9324726da1606b6ce27f8990102bb75a3b8
SHA25695f60124220dab4d5e2f8650eab66b149c73211e6539c63db14f80c26a6592c5
SHA5127071a33b2ea34d145e54edd54e8226bd3149bf0d8b5fe51cc95490219726d71fe50ee08245ff0afce1034ca86d1a93acdbbb008cc540fe7faea66faca348873e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
Filesize3KB
MD52c5ef2973b539d097fee7baa39472916
SHA10c27b866cb1af60d327895a8ffd4543c3a3c0b5f
SHA256ed795c0fa2624036b99db108ad6461bda5c30c18bb3a13cd8db55023f9cbb328
SHA512769c4c01d22934689508c00102a12221aecf37b9b1a03f990f38c241735d37df7ae2b675ef168becd6d8a61a1ae5b8e567ff60943ac42e8ee8164270907e90b4
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
Filesize5KB
MD5971403b5ca413d858da5b4662cf5d9f3
SHA1b70c18c7f8946cd990e3595c6156fed4321cef8d
SHA2564bb8fcb805248124ee9b4adf50df8eb6817735a0637f1f26be5a4a7f2ef2509e
SHA51230a96ebe759c86257befaef3780dc5d5f4662c836296c2c08addacd01fa941c4c7b70573d29adb97c27cb7732376748d0ae43ee265c61dbc2bc742625503da4f
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
Filesize6KB
MD59fd3ec4da438ccece8312dcd691f7328
SHA1e6311589efa79af23d4d6a693855b486c5031174
SHA256e8a2e71d28d4d77cb7d5db737b771dfb9770604b22437d3980c3fac12345072f
SHA51251952cd79fd44c5a5cbdff61d74730f4038016223fd81c1d52ee8c456bb3e7d390db4d3cb250e7d9a88600e2bb050f66d6869e763ac2c36af73b08392fbe63d2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
Filesize5KB
MD5916803b97ff86fbc867fb3a837a01147
SHA10f68994ace559b06f8331eb7800264ec145733e1
SHA2562bc7a2325356189c20637cc81ace9fc8a23167bc025ed327dc18cc8d46869c8a
SHA512e453f045daf222793298105c5ea15880da96b08ab01e19560b5919267ccd972319c71d56a98f674db5db0064ac4ccf6b55209340f24f0456bc43eeb71068e1fd
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
Filesize10KB
MD5c90f4d414beaead89b7f2d144d6b6c03
SHA1f58c5c784ca9039d19a59ad4ea7435ff1257a7f7
SHA2563c147bdb426e75f1c8babe2758dfee73d060b6a15b67ee1f9583a11df7241115
SHA512dc9cde80aeed9349e4d9d049cbad4493b29af18de88c26b29317d531fcc51a6bdeb6ac5e11fd72f7a12b3d70c87228dd35fd2f2dc60b09aebe0a07b8e2ca764b
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
Filesize6KB
MD525c2c56bb862488c726b7b130147d24b
SHA14b23312ccee352d469a8c6a8abd18b1a41fd5b3c
SHA256f6eead507c4be5dbe85635b5850cfc81e61e8fff0b9f9fb7db745e254c04e0d8
SHA5126bd55905097a37889c1c73a321dd036dd955f94cb6ceec8e06a5bcf50bdfbce3dbec06b2341104a794946e76ce40569055c16dd978d112219cb14d996d87bcc6
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
Filesize9KB
MD54987d2f4000d57c0c7dcdf12bd408954
SHA1f0a6812c33734002edd50c0a02abbc179b136198
SHA2567d6e460afeb61c5e82b0058e59db00267788569f0e92b6799df58306f7a27c41
SHA5123650c754d6ffb5d54c5d24f63d66dd69c56cf3ffb20cb8739d58d2d583559f03ff0511187098b497113e1b6afb4f8e49e93a91e7cce322cc7336f4c481b0f22c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
Filesize4KB
MD5cf3ad0fab6d852f49a9fb69519b5a3f2
SHA113ea03088afaee41dd3b3d2330c00e29ea15a349
SHA256463d12ede7be27a8055f88b0c6a5b2d901e51a55e01d036fd945fbd5fd2173fa
SHA5121277ec9c89527789b1750571f92c2d1c7e1dc605cf185143a813a9523d4ac60ea469540ca5a54dc32637cf55cdb0098af7dc72899145c6d4e0cb9fa6d1abd3f6
-
Filesize
12KB
MD59c642c5b111ee85a6bccffc7af896a51
SHA1eca8571b994fd40e2018f48c214fab6472a98bab
SHA2564bbf7589615ebdb6c769d6d2e7bdcb26072bac0cda6e225a4133ba8819e688d5
SHA51223cc74b5a7bdf70ba789d1730a0009414cfb9c780544e3d8d841be58782b9a9a089969c4295a0da25d07285505992386486d6ff0524e75605b96bb99cd3aaa1c
-
Filesize
50B
MD5dce5191790621b5e424478ca69c47f55
SHA1ae356a67d337afa5933e3e679e84854deeace048
SHA25686a3e68762720abe870d1396794850220935115d3ccc8bb134ffa521244e3ef8
SHA512a669e10b173fce667d5b369d230d5b1e89e366b05ba4e65919a7e67545dd0b1eca8bcb927f67b12fe47cbe22b0c54c54f1e03beed06379240b05b7b990c5a641
-
Filesize
131KB
MD5bd65d387482def1fe00b50406f731763
SHA1d06a2ba2e29228f443f97d1dd3a8da5dd7df5903
SHA2561ab7375550516d7445c47fd9b551ed864f227401a14ff3f1ff0d70caca3bd997
SHA512351ecd109c4d49bc822e8ade73a9516c4a531ebcda63546c155e677dcff19708068dc588b2fcf30cad086238e8b206fc5f349d37dda02d3c3a8d9b570d92e4d9
-
Filesize
625B
MD5893429bb8bf1f4db199991db4f429a08
SHA13fb217b244bf71f1e6dffb00bb3961f37c8d7687
SHA25647d366c2b88a1473d0021412ba923601680611cdb7326e9bfbef6770297a014f
SHA512b296e6740a7d269a2599859033fe7ba3cdcdd9f820b32f2bcc3b28cc749990d1b2384a8a1cccd407b7473b9b4775f0253ba2e9dfc7e01a1921df090d26433882