Malware Analysis Report

2025-08-11 01:13

Sample ID 241015-ymst6ayajl
Target Rensenware.exe
SHA256 7bf5623f0a10dfa148a35bebd899b7758612f1693d2a9910f716cf15a921a76a
Tags
discovery spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

7bf5623f0a10dfa148a35bebd899b7758612f1693d2a9910f716cf15a921a76a

Threat Level: Shows suspicious behavior

The file Rensenware.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery spyware stealer

Reads user/profile data of web browsers

System Location Discovery: System Language Discovery

Unsigned PE

Browser Information Discovery

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Uses Task Scheduler COM API

Suspicious use of WriteProcessMemory

Checks processor information in registry

Enumerates system info in registry

Modifies Internet Explorer settings

Modifies registry class

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-15 19:54

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-15 19:54

Reported

2024-10-15 19:57

Platform

win7-20240903-en

Max time kernel

117s

Max time network

117s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Rensenware.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Browser Information Discovery

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\mshta.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000078a0cc6b0b830b4fbbc12dd3fac6f54200000000020000000000106600000001000020000000e507f032b478219751575dc09871724a746ed716e1153e392168a674f6cee5c8000000000e80000000020000200000000132b839b608906de2596570df8a213bb8402284c22c8372eddca1d35cacd8949000000038a514c779bf2ce341c058aa9fbd7c28c9340fe853b0cf6cfec1ee996051e25f264d7a7f828e5f21efa9175949fef9b572aaa47ecb1630647980fb2c0ead806525a5a74b7db54e8917cf502f077190f7a7d51503f6cfbf7efbf1126cc632c8d53aa7af25ca671e9058cc80bf78b0c1d941323173ff27ee206e48ea0913937e95c64e570058350fff57c5082186abd18240000000ebb694afc7dfcf305b50b7ce2fe67a7202138c2564efaebca0d406c64e205f9665d30b50f8277804c17b904de6b74b56b7e87947fc976d5bef8b91be4470820c C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6C202341-8B2F-11EF-8250-E62D5E492327} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000078a0cc6b0b830b4fbbc12dd3fac6f54200000000020000000000106600000001000020000000ee072a3e73ecd42eb3db200b0f9798fd14a86c94fd1ca7b0e336a113c368190b000000000e800000000200002000000010ceba6efc21b6f49a6d9c95776a2e4de1c990e5141c835b88c6c938198fe9fd20000000586e29e46583f62ccf67b302a7ebe548f16a44d03a465ca6e1308a65359632b740000000390184d88c539fff03a0508c7eb5f3c3a4556bde71d869745f69eb544c90b288e55f20a8883a6bf29764793e0268ed44b58cb8c52a4ca36e14399e91933980f7 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SysWOW64\mshta.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 109db6403c1fdb01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2348 wrote to memory of 352 N/A C:\Users\Admin\AppData\Local\Temp\Rensenware.exe C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
PID 2348 wrote to memory of 352 N/A C:\Users\Admin\AppData\Local\Temp\Rensenware.exe C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
PID 2348 wrote to memory of 352 N/A C:\Users\Admin\AppData\Local\Temp\Rensenware.exe C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
PID 2496 wrote to memory of 2888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 2888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 2888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 1628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 1628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 1628 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 1808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 1808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 1808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 1808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 1808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 1808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 1808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 1808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 1808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 1808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 1808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 1808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 1808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 1808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 1808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2496 wrote to memory of 1808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\Rensenware.exe

"C:\Users\Admin\AppData\Local\Temp\Rensenware.exe"

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe

dw20.exe -x -s 416

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\ExportRegister.hta"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef68b9758,0x7fef68b9768,0x7fef68b9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1256,i,9430719992213072231,1212310840080485934,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1532 --field-trial-handle=1256,i,9430719992213072231,1212310840080485934,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1632 --field-trial-handle=1256,i,9430719992213072231,1212310840080485934,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2120 --field-trial-handle=1256,i,9430719992213072231,1212310840080485934,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2180 --field-trial-handle=1256,i,9430719992213072231,1212310840080485934,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1492 --field-trial-handle=1256,i,9430719992213072231,1212310840080485934,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2904 --field-trial-handle=1256,i,9430719992213072231,1212310840080485934,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3448 --field-trial-handle=1256,i,9430719992213072231,1212310840080485934,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3444 --field-trial-handle=1256,i,9430719992213072231,1212310840080485934,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2920.0.510283587\1237442315" -parentBuildID 20221007134813 -prefsHandle 1216 -prefMapHandle 1208 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {622ed73c-f5b7-4385-8fa2-3e9e3d65b9b3} 2920 "\\.\pipe\gecko-crash-server-pipe.2920" 1292 125f5b58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2920.1.581387175\202849938" -parentBuildID 20221007134813 -prefsHandle 1472 -prefMapHandle 1468 -prefsLen 20928 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {03cbe176-1a51-4e0d-9193-15c08f3797a2} 2920 "\\.\pipe\gecko-crash-server-pipe.2920" 1484 e6fe58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2920.2.1001236367\1382439874" -childID 1 -isForBrowser -prefsHandle 2056 -prefMapHandle 2052 -prefsLen 20966 -prefMapSize 233444 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {98605513-be65-4e0b-be03-aa0eb839d817} 2920 "\\.\pipe\gecko-crash-server-pipe.2920" 2068 1a57e358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2920.3.738298015\1282876837" -childID 2 -isForBrowser -prefsHandle 2844 -prefMapHandle 2840 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a3a6007-89db-42d6-b60d-db7b4b335acd} 2920 "\\.\pipe\gecko-crash-server-pipe.2920" 2856 1c571e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2920.4.83986225\1511631436" -childID 3 -isForBrowser -prefsHandle 2980 -prefMapHandle 2976 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d454f2f-0918-44af-84a2-98053dfd3727} 2920 "\\.\pipe\gecko-crash-server-pipe.2920" 2992 1c572d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2920.5.1562752627\1360629244" -childID 4 -isForBrowser -prefsHandle 3724 -prefMapHandle 3776 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d64c9567-5f0c-4a26-a73d-d184c694c07b} 2920 "\\.\pipe\gecko-crash-server-pipe.2920" 3784 e67e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2920.6.1808011261\886275644" -childID 5 -isForBrowser -prefsHandle 3896 -prefMapHandle 3900 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0545a741-6580-464a-a652-4924e51c5c5a} 2920 "\\.\pipe\gecko-crash-server-pipe.2920" 3884 1f1feb58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2920.7.1706755894\108593315" -childID 6 -isForBrowser -prefsHandle 4088 -prefMapHandle 4092 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e42133ff-453b-4fbe-9306-3b83a6f25927} 2920 "\\.\pipe\gecko-crash-server-pipe.2920" 4076 1f1fb558 tab

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\RequestComplete.mht

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:892 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.4:443 www.google.com tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.204.74:443 ogads-pa.googleapis.com tcp
GB 142.250.179.238:443 apis.google.com tcp
GB 216.58.204.74:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.212.238:443 play.google.com tcp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
N/A 127.0.0.1:49388 tcp
N/A 127.0.0.1:49394 tcp

Files

memory/2348-0-0x000007FEF56BE000-0x000007FEF56BF000-memory.dmp

memory/2348-8-0x000007FEF5400000-0x000007FEF5D9D000-memory.dmp

memory/2348-12-0x000007FEF5400000-0x000007FEF5D9D000-memory.dmp

memory/352-23-0x00000000005F0000-0x00000000005F1000-memory.dmp

memory/2348-24-0x000007FEF56BE000-0x000007FEF56BF000-memory.dmp

memory/2348-25-0x000007FEF5400000-0x000007FEF5D9D000-memory.dmp

memory/2348-26-0x000007FEF5400000-0x000007FEF5D9D000-memory.dmp

C:\Users\Admin\Desktop\CheckpointCompress.cfg

MD5 aa9ca635b02b898317f9d7665e78ee07
SHA1 8f97e73ad1bce276c4bc3a575827d18b710b18de
SHA256 518efbcad8e00f29153f9081a6fc8cf3236a60673471a50ab421e7b3185b44e2
SHA512 808cf4a2ab1361556e9fea3fcc1b0c798e28f00e05908a7dac2fab2e60c02e2d39d2862c05e100a445d62c6ea5063d3a22a9e0bf64558b8689b42387d8a11f54

\??\pipe\crashpad_2496_INRLWELQJQUQUIDM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\68136518-182e-4312-a95b-2869fe689c18.tmp

MD5 7dfe6818db822ebfa299f53acafea717
SHA1 c5c459689fef5d8f8fdc587f346c87ce6a803517
SHA256 53202f535ffb7c673e40f443861a4ad5f5852b66a09da7ee33c3e556d1726cb8
SHA512 8fa7851090bca2da9ff57a0b48ad24773dd51f9188e17c3a97e0155ded731e4e1ee4dc908914b9fad688804174b30bb3630e3dc0cf45c388d94cc0320ed5fee8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\datareporting\glean\pending_pings\ddac637f-2755-4757-8b3c-e51ff7a67016

MD5 d36a07cd34f22c6d322b1e65cd3b74f3
SHA1 d638460d119e2d6a3c8055f909053573eab6665b
SHA256 e7f6316b90dd5d75dc55f901c6f01a7f9aa3c6e5e9c19f2e9e30fabc42af619d
SHA512 02697e0f5ba2cc854c31b653c46d3930a956f71d1e8c2c5e4c02308e5c4a353d772d8245be8d0d1b5b02570dc0aa6ed473ef63c41525853f05694f0f3e5b61a4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\datareporting\glean\pending_pings\b774f617-eeff-4de4-87e0-5e2cfbf8a084

MD5 c7912cd1307e93b95e98a5beccc82e80
SHA1 8fa06af12b3b5ceca3b40dba55d7e1a2e527a4a3
SHA256 001fff757383db86ab63c2391ba49d784b7c546c1d8095010ba8a0cf2ad079ed
SHA512 66a6e910cc72eb8b770575d2f2e14fa6542ed52e6bb2d692afd629c4b5261d96291d91964108daf4dfdf174002f4a4d3e53377d13229fb961a66d2434ce275b8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\datareporting\glean\db\data.safe.bin

MD5 a07e87e8bc2f798fac2112be790486e8
SHA1 5e3b476654a17c6d73d8bac607384f751ba059e5
SHA256 74701446ee9c87bcd49e66b8594a7cbb4b33fffc14899bf39d6884a099c8438a
SHA512 09100c1ab79f7748402ef34deefd2b91ce13d474d96507296b8cddfb6eb580991adb9ea39c7ab5526f39a2b9c9a1034a59e601f9ac36ed453ec66c42d9750f02

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1009pdhg.default-release\activity-stream.discovery_stream.json.tmp

MD5 dec04a7f2774d92e21734e65bf7366db
SHA1 69e90f5c5a206f3959996890d3e86b3f3c9e98bb
SHA256 0be172bac8829bceef014718865332cf8b2bf8e66e59d9eb1517b1be4f378000
SHA512 324fa3ca39cdff2694d0cf2252e4dcc793d3e0c3ea1be7461bc1f7c9b844bdba8512b34dba037f50dec6329ec1dcd52308c8605c3237456b898126b54009b835

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\prefs-1.js

MD5 ace46823e6e49c3b1148c167235074ce
SHA1 12e648760e96edb50e140ed8cf3c546dde74fccc
SHA256 bcc2e901b3fd9160836ccdd90e014b3d88de8700740939e00bf294ac14b4bd3f
SHA512 a53f3aef894c2953474b3c43b6d3c3e9b16152f25b83a33d4ceffc5cc6e8714b5a95b194ca147d1bc0b5dbdedb4f90655978bbeb075b085af4c0b679f36ae6e3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\sessionstore.jsonlz4

MD5 efdb2fd165aa1a3816e640dceef782df
SHA1 b96baca51c586908a13bce977087224e59e94ab4
SHA256 49de012e359db3762da510413cbe61e969eae6b10f9323135a0e4ae0f7e05e25
SHA512 df0c70d2d528a828b666ccb7de65bdda7c3cad71649863ed1e0185a2a0e2400f0951ce2e16ee1638da8d65d4438aebf68e60c15136608b8d648783da590351d9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\sessionCheckpoints.json

MD5 700fe59d2eb10b8cd28525fcc46bc0cc
SHA1 339badf0e1eba5332bff317d7cf8a41d5860390d
SHA256 4f5d849bdf4a5eeeb5da8836589e064e31c8e94129d4e55b1c69a6f98fb9f9ea
SHA512 3fa1b3fd4277d5900140e013b1035cb4c72065afcc6b6a8595b43101cfe7d09e75554a877e4a01bb80b0d7a58cdcfe553c4a9ef308c5695c5e77cb0ea99bada4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 6a7e2803a02dbe0e8300bf3763327a5d
SHA1 d7fe9269f9da086391a5d8dd6c9091a86a5afc3d
SHA256 5de402247656ff3aa96503fe6f107e1f54efd2d7794dd79d308a18e0073ca746
SHA512 f5f74e567b88925d92a72dfbe6a38bf1db46c3909dc5cfe0867e4f74733bd86e24173028b94b1b7415bb9af01ab7db6ac890c0183bb0323c8151d51a82ea7861

C:\Users\Admin\AppData\Local\Temp\Cab7BE7.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar7C38.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 50a117376d60edff1ec4ace57ccb6ac5
SHA1 06fe4c49fa4a7b704fde7ce8bc67b05ff8457dfc
SHA256 a15988e09e044fe567bc1ab14aac77bc0c7c2c34824bf4145fb31187e0f2ad10
SHA512 95cc3528ceb97870570f3e45a8a7e3e5fae5ec77ce6fbf5b40b3c8372bde033ae2c6df1a0d74af66ed390b4c406a33decb8570d5b4522d97db181a39fe5ed111

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e99fd98a9a9d35f9e820d5d8ea0a6917
SHA1 7b6de5c9f6d99103eadee58a379d4569c45bc7ad
SHA256 46a2cad669ba1bb2a6321fbb023029631ba84e376a50b036bc803fc4472c0450
SHA512 b4b48ca7c0f5e94e25d8005775443245636b686323654ea1c4a33f133ea7738fd794dc6fb3eda62a9027c12e576f7fea8709356fb788ccb3b4517a3bdff92954

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5fac7f657f4a10ba2b80c4636b5d75f3
SHA1 b54c881a6b052507cd5ab3344a9f454128579605
SHA256 0f4b97322883770b5d14b372af9872e49e873e1fe97f06a3c7a47d3a899ee3fd
SHA512 23a2ffa15f9cff6e8316cd3d5db5c4cc0c608296761757e366db24fb97c003d9c4cf0104cc1a3d9e96a59ac26ef4dfc35e052ee2d393be974341505c55c0ac81

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 51f5c1374f36008a5f042a567eaab73d
SHA1 dee4563c6d12c50296a897d3e763c5ba1a4d4a49
SHA256 9bd975a37818e161f8c48eb52540e9ddbabec727c82fb12dffa96de9567c0313
SHA512 c57661b141774e4dee8dd79a671942c29e9bde786298bcd01af4dbeb88b55db34d80257dadeed6ee22d60f4c249e6b7e904e610aa4549deff174f775bf4f4276

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5f9ade0d99cbc69e0b90b6aa34a46f99
SHA1 47062e22f4715308b999440b1188d7423c9ed9cf
SHA256 7ffb0e8354426eeca7ae3df16d19c9e411539f9c26d6c5cbebc34aad4557f086
SHA512 6322fba44e92898e28347e75426072106c48691101fa26ecd4f018dccca0f7beedff6e71c1c5d880dd637869596cb61cbe63ecffee3d1cdaa86797cf74fb0a68

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c59d916b06d2126689cd6d84607ad715
SHA1 989c158597c1ca44799060be5614957416458363
SHA256 111f7d2bfea0cf3ba6577c29f2759a9b96ccd49358cebe0e53ea6edc75b92c0a
SHA512 224fc321275298617dc37c5cc3429be090cfe9215d133e12516dcc06eed8c9678acd185e7c4b2228d5befe8bb38e88717ba6aca7f1d41431f2896e996b45e6b9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7c169649b1ae04b11de3974c182c4c91
SHA1 cb72800963534bc0c8e1478424af34292c7777c9
SHA256 918f87ab87b6a87cf16503a4b75e4a955d4a9055ef9d7ebde45b434743aaec4e
SHA512 c0a6e5f3bfa4826d734e0719319b8aa16802bbfb2be0cb19f9f74a39d9f094fa14db1bafab768110504920fa002b7788b93d063a0f7cf0e8ac2c79092c0121cd