Analysis Overview
SHA256
f0640d8f08579e40d072e5bc685136ac37a3b2cbca120314480a40fd3ecb16c8
Threat Level: Likely malicious
The file GbzzvH9bwAI8gEC.jpg was found to be: Likely malicious.
Malicious Activity Summary
Possible privilege escalation attempt
Modifies file permissions
Legitimate hosting services abused for malware hosting/C2
Enumerates physical storage devices
Browser Information Discovery
Uses Task Scheduler COM API
Checks processor information in registry
Suspicious use of WriteProcessMemory
Runs net.exe
Suspicious use of AdjustPrivilegeToken
Modifies registry class
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Enumerates system info in registry
NTFS ADS
Opens file in notepad (likely ransom note)
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-08 23:43
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-08 23:43
Reported
2024-11-08 23:51
Platform
win11-20241007-en
Max time kernel
406s
Max time network
469s
Command Line
Signatures
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Browser Information Discovery
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 606051.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\delete.bat:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 194848.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\death.bat:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\GbzzvH9bwAI8gEC.jpg
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\delsys32.txt
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\delsys32.bat" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\delsys32.bat" "
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Downloads\delsys32.bat"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\delsys32.txt
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\delsys32.bat" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\delsys32.bat" "
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Downloads\delsys32.bat"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1996 -parentBuildID 20240401114208 -prefsHandle 1924 -prefMapHandle 1916 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9a39d2e-e0b6-47ad-960f-28e99d09f48a} 4384 "\\.\pipe\gecko-crash-server-pipe.4384" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2380 -prefMapHandle 2304 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b0d71576-cfd3-4caa-95c2-cb676404fab0} 4384 "\\.\pipe\gecko-crash-server-pipe.4384" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3224 -childID 1 -isForBrowser -prefsHandle 1460 -prefMapHandle 1352 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bcfbec87-a2db-41f0-aa3d-7645ab861b9c} 4384 "\\.\pipe\gecko-crash-server-pipe.4384" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3884 -childID 2 -isForBrowser -prefsHandle 3876 -prefMapHandle 3872 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ad2ea58-bf88-48b5-82bf-c7a4343aa96e} 4384 "\\.\pipe\gecko-crash-server-pipe.4384" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4892 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4856 -prefMapHandle 4900 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c77ac1c2-96aa-449c-99e5-20472b0fc681} 4384 "\\.\pipe\gecko-crash-server-pipe.4384" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5316 -childID 3 -isForBrowser -prefsHandle 5288 -prefMapHandle 5252 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2319e067-b376-4e58-9bff-8283da2987e5} 4384 "\\.\pipe\gecko-crash-server-pipe.4384" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5504 -childID 4 -isForBrowser -prefsHandle 5552 -prefMapHandle 5548 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {28d0a5aa-a432-4db1-ba1c-7dca2c4f0c90} 4384 "\\.\pipe\gecko-crash-server-pipe.4384" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5720 -childID 5 -isForBrowser -prefsHandle 5640 -prefMapHandle 5648 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1cf06db-11aa-4eed-a464-142d32da0e85} 4384 "\\.\pipe\gecko-crash-server-pipe.4384" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6132 -childID 6 -isForBrowser -prefsHandle 6128 -prefMapHandle 6072 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {35b05a95-6a03-4260-b234-7c41267d129e} 4384 "\\.\pipe\gecko-crash-server-pipe.4384" tab
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8df5c3cb8,0x7ff8df5c3cc8,0x7ff8df5c3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,13414942040238935522,1956879103818144507,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1980 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1964,13414942040238935522,1956879103818144507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1964,13414942040238935522,1956879103818144507,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,13414942040238935522,1956879103818144507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,13414942040238935522,1956879103818144507,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,13414942040238935522,1956879103818144507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,13414942040238935522,1956879103818144507,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1964,13414942040238935522,1956879103818144507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,13414942040238935522,1956879103818144507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,13414942040238935522,1956879103818144507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,13414942040238935522,1956879103818144507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,13414942040238935522,1956879103818144507,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,13414942040238935522,1956879103818144507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,13414942040238935522,1956879103818144507,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1964,13414942040238935522,1956879103818144507,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5284 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,13414942040238935522,1956879103818144507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5864 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,13414942040238935522,1956879103818144507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1964,13414942040238935522,1956879103818144507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6396 /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\delete.bat" "
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Downloads\delete.bat"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,13414942040238935522,1956879103818144507,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6212 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,13414942040238935522,1956879103818144507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1964,13414942040238935522,1956879103818144507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3220 /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\death.bat" "
C:\Windows\system32\net.exe
net session
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 session
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32 /r /d y
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32 /grant administrators:F /t
C:\Windows\explorer.exe
explorer.exe
Network
| Country | Destination | Domain | Proto |
| GB | 2.18.66.43:443 | tcp | |
| US | 20.42.65.94:443 | browser.pipe.aria.microsoft.com | tcp |
| GB | 92.123.128.192:443 | r.bing.com | tcp |
| GB | 92.123.128.192:443 | r.bing.com | tcp |
| GB | 92.123.128.192:443 | r.bing.com | tcp |
| GB | 92.123.128.192:443 | r.bing.com | tcp |
| GB | 92.123.128.192:443 | r.bing.com | tcp |
| GB | 92.123.128.192:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 94.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| N/A | 127.0.0.1:49753 | tcp | |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | tcp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| N/A | 127.0.0.1:49760 | tcp | |
| GB | 20.26.156.215:80 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.133:443 | avatars.githubusercontent.com | tcp |
| GB | 92.123.128.145:443 | www.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 20.26.156.215:80 | github.com | tcp |
| GB | 20.26.156.215:80 | github.com | tcp |
| GB | 20.26.156.215:80 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.110.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.111.199.185.in-addr.arpa | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | tcp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| DE | 23.55.161.185:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | 22.112.82.140.in-addr.arpa | udp |
| GB | 173.194.183.71:443 | r2---sn-aigl6ned.gvt1.com | tcp |
| GB | 173.194.183.71:443 | r2---sn-aigl6ned.gvt1.com | udp |
| US | 8.8.8.8:53 | 71.183.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 2.18.66.43:443 | tcp | |
| US | 150.171.70.254:443 | mcr-ring.msedge.net | tcp |
| US | 13.107.3.254:443 | s-ring.msedge.net | tcp |
| US | 52.108.8.254:443 | wac-ring.msedge.net | tcp |
| US | 52.123.129.254:443 | dual-s-ring.msedge.net | tcp |
| US | 172.202.65.254:443 | arc-ring.msedge.net | tcp |
| US | 8.8.8.8:53 | ax-ring.msedge.net | udp |
| US | 150.171.27.254:443 | ax-ring.msedge.net | tcp |
| US | 4.150.240.254:443 | arm-ring.msedge.net | tcp |
| GB | 92.123.128.192:443 | r.bing.com | tcp |
| GB | 92.123.128.192:443 | r.bing.com | tcp |
Files
C:\Users\Admin\Downloads\delsys32.bat
| MD5 | fae862d57f8907e997642377fe7156fa |
| SHA1 | 9cbd0dfe12003f1fba088f88e86cee7083be0b15 |
| SHA256 | 8d217d80b841b6c28a3bfc7ffbbb3b85e336f7ef71e79c5c41175eaf172ba839 |
| SHA512 | 6641bbd7fae441831f8efcf4d721e4d444c4ab640110d1bf68180b4b9c689ce4f5809cc299a4f7742f7451a33598bdc80113abc81182f682a269b42bc47e0fe4 |
C:\Users\Admin\Downloads\delsys32.bat
| MD5 | fff79d7820e583ae0f34a18833ef999c |
| SHA1 | 0b69a6741f9bc5d42014f260a1ce2aa3571be3ac |
| SHA256 | a8453086caaa2c8873cec23fa224f6a7aaa8af425b8bbf1a2dd629ed27084da9 |
| SHA512 | 29014498a595a2ee7292d547211704d3054688b163bf448ebad8780e18f755bbb3080927bd02787ae726f1b7f61e8c99eb26aeccb093f732dfbdd074ef8c35e1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\AlternateServices.bin
| MD5 | f02b06929ac5a56adc6bd0d779937de4 |
| SHA1 | 8fca3f85efd3e60a53c9b545f2c9ef6345607bca |
| SHA256 | f17078e122bcb5e66d5760c331d2bf0d6879825e204a4c23776fee3c3da3c944 |
| SHA512 | 27b40c5b689d4b8d29b59a61f2d8cbb9e51d5dadfa43a32d0f46eef9faa03fd490d2f2522b107d2f8f9fb4089df614decf73ab4e864a8cabe5bea8dbb14240ca |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | adfa57e6de27b062e95c7e97a0257eaa |
| SHA1 | 003691610af59c9736732682052fcd5e43d800aa |
| SHA256 | 41406ab281cc74f3e9a0601b649432406c1e406c0953c36f5a2adcd596c1907b |
| SHA512 | 4e157968d005a2aa8c05ffaf6dd4b0f0fc181bc1fef9b4c6f87d09c589fe05812c4c5d36a0229b81a8976d795c4d3936b04a389f9c67ed8aa5563c3cd2af8362 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\pending_pings\0e01d9ff-4a14-45ed-bf59-632532de59b3
| MD5 | f69c285f481f83a6efd372612509f4fd |
| SHA1 | ac65d6b89e5de0efdf330620751ba4769278e73a |
| SHA256 | 05e7b2ab2b5f813c5667b16581a3e5f82b9c70c0cf651cff01c17394925caae4 |
| SHA512 | a1931ae40c6c459ee4ac7d0e4bfd461d9e0e74b90ecbffc3e3d09e0bd654aa08bcb99976ec60ea4d735fef9bd0f0926227c763d4c03042feb03e61f6d47e36dd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\pending_pings\c3fb2572-79b1-4950-b961-3c01b30e12d9
| MD5 | 867e60544d0bf3706672770f2ce8486a |
| SHA1 | 9d093600c5ebd30cca55652d3bbbf3eb750ecc99 |
| SHA256 | 025df9718f6aa8802e01173727dd0c98e0fb64910952eaca8be4a300be23c8db |
| SHA512 | a9887aebbfcd13cc59c003f8fe9c10e68f26391b6efd9d76734f678fb17f83575a015f42753857438d6a2af614888839415afefbe545e0238f1e0b5bf45da3b5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | c7faaae94c3ad070b644554c33b68aaf |
| SHA1 | ba2c3a082c8490197f9d84aa6212ae9f80e9503b |
| SHA256 | 3f61fe26eb76012fb4ff1b31936d7fb883b2c69136b6a6f4b5d4bc14c0f755a2 |
| SHA512 | 1c28dc454ab3c234818301d6c559b28cfb76bf7652bd38c0421080abd8fd7661c04b9b504787333dc30b9c2975ddbe44329f90a2e4db6f55a4243d74035858a3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\activity-stream.discovery_stream.json
| MD5 | 90131dd5b76dbf8494044ee174ca2108 |
| SHA1 | 73a933a929fd35f5cf3ac7425d1bba143ccbd153 |
| SHA256 | 12d440326e7b3adadc51b7fa54fb3b808082ce22931031ee3e6e274a4e432a73 |
| SHA512 | 6de14fc2f4e32ca6ecfa46d6d3d9b503035426d3af7b6fbb1f74df5fdbef76f6b45306113376a4f8b50b088af27906b9352ea859581f1fc9b311114d8da81b60 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\pending_pings\44bbea4f-422c-4d03-b58a-87d04deff60a
| MD5 | 652233cbd4dc0443aac8738c1d363836 |
| SHA1 | 88d275f3df5a85dbd098442e11bc2246df2eac2a |
| SHA256 | 3e1cb7c146d92ad88f68d0a5df8e39601daa6a2a3fa0af3cceecf4c662bd821d |
| SHA512 | ba1a9b9b87e1ff884fee646369a9924de3d95baa2fa43b596870d0a16a5b317e32bf5ccce358014c6a3cb42baa623a20298b138e7cd3b65d7681af230d7f035e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\AlternateServices.bin
| MD5 | 6ec5e4f464d129f213b0c5ad308c897e |
| SHA1 | af81af64c26facb0523be660c48e5f892455303f |
| SHA256 | 0ae2c05e76819182e9bec78b62cc6c1b081743e4f35b4f871e44e95e52daebe4 |
| SHA512 | 40ae3d7a2b38eb39d6d2ede97505175b663a6f5757676ea859e9b0c3a4520f9d99b768046140ae2622f84cae41aee916169ece6073422a29880a21479fafd058 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e11c77d0fa99af6b1b282a22dcb1cf4a |
| SHA1 | 2593a41a6a63143d837700d01aa27b1817d17a4d |
| SHA256 | d96f9bfcc81ba66db49a3385266a631899a919ed802835e6fb6b9f7759476ea0 |
| SHA512 | c8f69f503ab070a758e8e3ae57945c0172ead1894fdbfa2d853e5bb976ed3817ecc8f188eefd5092481effd4ef650788c8ff9a8d9a5ee4526f090952d7c859f3 |
\??\pipe\LOCAL\crashpad_4184_IHYPEVBZHFWQDXXV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c0a1774f8079fe496e694f35dfdcf8bc |
| SHA1 | da3b4b9fca9a3f81b6be5b0cd6dd700603d448d3 |
| SHA256 | c041da0b90a5343ede7364ccf0428852103832c4efa8065a0cd1e8ce1ff181cb |
| SHA512 | 60d9e87f8383fe3afa2c8935f0e5a842624bb24b03b2d8057e0da342b08df18cf70bf55e41fa3ae54f73bc40a274cf6393d79ae01f6a1784273a25fa2761728b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2f60386ec960a66edad732cf6c3eee0e |
| SHA1 | b579a17d9c3cb019de211416d375c922b6599269 |
| SHA256 | 3718094746d72dec92bf60dee27e05516f58c7a8d93fc4a7326c8a474c1f616f |
| SHA512 | d104d1b5e1155d903f78a1e4626ec0cc31eb489f99ae5b8877d5c7ccefef17e22a49d0049b11e094a68d36ee76dccfb754f717adb86d67d82ec6fdc513008a36 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 19791bb3ddb91c6d35aba9442dd4109a |
| SHA1 | 9f167af95fa17348d7ae150df15e2e21764afcc5 |
| SHA256 | 2264847d204c4cf4890863c55572850be3ab0c9a7db3c80c8a268b2abcd30209 |
| SHA512 | 51530a64124ffee09d2ac43d5fc7800f1907c5a5a5092f0d9f4f299318bffe2098bd194c5f33d3a8881e1c25c3cdf7ca61e328e2d1baf29878105ddadd19319f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 49f17e38843b2139dbea6a920237efdc |
| SHA1 | e0a1c8abc01a4136ed19cb5a38392e3fb1edec8d |
| SHA256 | 458a00c34b4e1129261a525a8149fefba7960c2037c37e52d9bc93f671994e0f |
| SHA512 | 217efbcebad25dd796a0c9dd065465fa31c0bc52bdbca8878e6eb4ba95eccf1f08cc1ae97ecb2da8c24b102558d236e0f0497263260f24a169f007c61bd85f7e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 590945ad2bb545bbafe090017af599f5 |
| SHA1 | 122dd23734a78595d99a8d38d238cb7bb67574e3 |
| SHA256 | 30fb6bee860cf1dcd43f04ab2cc90b31d65d5427ee0c2cd8ac8e9d84227fba76 |
| SHA512 | 5cd3ec58b40fe160039aaaf75b26d597f647be9c2ceb84d7c16f423b801e777c7722a79d4a85f1d0ac6b6b6233e1c9760abe912c678dd5fc6ab219c914929d93 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 1e1934db26eeb14c19ebb54dc4331727 |
| SHA1 | f0470884997b377de69526ccfb284f3f56539691 |
| SHA256 | af57bd768e8828da3929191576cce810f174b63157bfe97ec912c5cae989ad7d |
| SHA512 | 4367cd772f7c8f621e3d30104bb9845ef168475c0e9d4b3b53f109ad42af2c7667620483ee5ef7be03990fe77febf426c4ea33517aaf323ff18e5db571a1c0a4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\prefs.js
| MD5 | 78402a03f6e0a7f00284ecf895ba5bbd |
| SHA1 | d4dcd6c9e74faaa675c2c7d4ad3d4d7b154abbea |
| SHA256 | 2887646df91f56d6b114a5ccf0591a3a326c29a3e93b0a631856b56d11032cbc |
| SHA512 | 552438ec89fbad3396147aa416252e9bd5945b6b80a5e3bbf38d4a2175a2a4666f36afcb2054422e0a577fb0093192d160879c276004609d82a2a1b0c5dc75e6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\prefs-1.js
| MD5 | bfff1fcb5c7ec22dea8515042449a5b7 |
| SHA1 | 2c6205317a6b30a2ead3e0a7582209d76d2449e8 |
| SHA256 | aec27c9dd4cc0e961217ec42baa1e0ce361b8a35018360ea1b65fec371d1aafc |
| SHA512 | 0e0b2c67ed55c510e505e4b204a110b7ab57b296268ecadbae6920977387ff3383812541a102bebe02f32d9df052b4ce3ad53a7bca5ae7de13c0968920b8e973 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\AlternateServices.bin
| MD5 | a1a1107b985476501289d61804eef11a |
| SHA1 | a35a7c692fbca618f0f469a79f4dc4df404052a3 |
| SHA256 | 73475da721b296a3fe31bae7728582a54c37c1a7923b30fa326510d29c849ebe |
| SHA512 | b0855a5a405ce002b75a65a98231d28eec706c91a760b4a569764adb55765744e5141e2b749282dad8aa8711fa0118f0ad3350fa8b09a73ce923cf116f46e85c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 56ff35ba3f2d32e1a9d35a892db04e9e |
| SHA1 | 5f9601a3486182d7b05c5d95bb6e8c243cada385 |
| SHA256 | 4d384a1551fb1db4f5274868c9ffae09924e13bede161e0b05e5af7e63a7355c |
| SHA512 | 7ff11f79016e3c818bc508788e226568de49543d2eb05ae7ce2ac15bf9b4078f24b0a7786e49ae77739d7152928d4f37c587aa0ab9a22f7b83713994698a80ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 197beb9c97eb9622dd27e216988eadd6 |
| SHA1 | d8829d36da308e76521b4122d559b554953318da |
| SHA256 | 7d9fc44736a9970e6f8d4e0bf1ea0fffd54d0488979e80ab995d079050909bc8 |
| SHA512 | 07b2d8ab0b8034777eea3731c9f2c7ba632bb6f9e00f2a2f24cb4a2a3081190ae78d69e8b8732205a12f4d3d9f23a03c282eaa191dc4dff9ea8def2992589413 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | 084a7c45c750134bc52120929e4adfa2 |
| SHA1 | 7caa207a66cb97095da77cb26bc03c05e3e3e3ef |
| SHA256 | d897e13540624694573d596496a442f317069973a8bd8f9464b2ee91406fb990 |
| SHA512 | 6aac3796f0435096a86e81ef9bdcd0186ecf74d35a38dbcd9d5c08662fe707c50d015453bf7eef1cbdbade8fca2779aded56bf3a2407a5ae97fb2a6eb1092f2f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | 4e786ef6de6d058a7ee21d714b5878f8 |
| SHA1 | a25cf3a4ef2c4208064a295fc00bf84be1557e8d |
| SHA256 | fd7a0097dcdb4360e99e3131665aaf1cdddb65f638323d8dcd86832ac1c65b57 |
| SHA512 | 79f32a2fe5204c324bcdfd5b11b3d7423cb8961e61350ef8b1a40390212bb1f2125be11aa9a8761edb2fd4c760a39c9f18394a8bd8bc55148ff2937b4ea67bac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | 908677684413f5278249c1b08127d6a0 |
| SHA1 | df54a142c7eb47537509a54a8519f1c6c82d0965 |
| SHA256 | 49910739da15aef97cf1b1fab8a1c6817991542d296c3fe6619248258626330b |
| SHA512 | d6458614c8cf209da33129d5672f4eee9923bb56e91692c87a0f82a0e00c0ed0c03bad913e3ebfae7dab32f76465e58289e15e579bc5f8af37845ab250301773 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2d3f1c10cba1f8c3bf3ee67d53b026bb |
| SHA1 | 8f1c348cdedd6841ce650b6e135143bec71f7883 |
| SHA256 | 5de7b50966b79695da78d0732080b735cf28d6b3c81ee2f8148a9f09d1549cb3 |
| SHA512 | 0bd72362d8f56703401f440b97deafdc5707049860f2189f40342d97cec96b1983869e551ed71a35d90c71b70c0719453ed610fdb51c5e4c7db3dd751b693c92 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5bcd30.TMP
| MD5 | a1902faf5a176d6e8057460c17f7e835 |
| SHA1 | 3b2546c7aec8ef5aa549e572873045bdc5c0e33d |
| SHA256 | daa78e7ac0ee93c06fd834995912b11f9ddbacd521e4c5221b62c7e82663dd4f |
| SHA512 | 36e5c1297186ce5f6ee309992af7875b23fdc96412481a55101d9de999e54df954f47064ea3b2297e85254cc1639b2b12695ff1d65de8cf875a024ca980f6386 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
| MD5 | 46c65c348f90aa174bfc5f9dbacbc3a1 |
| SHA1 | f3f1cb408e89e48b14532730632dba27858d2676 |
| SHA256 | 0b36587fac66193c3e84fc32c4edfecf3b9a8717aafea51178f5480239bfa008 |
| SHA512 | e18be3c74e039ff4297313b12abae8719e26eb852724a46f119121d008a7165e249bc17d17b3275a108e6de14b1bc443a7827589bc4fd46d616de699b8294ada |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 35e1bf2683b41aae43ced71bc9187d37 |
| SHA1 | d68ac97edf57adbef39d7f3c25c9a53288da38bf |
| SHA256 | fbbd8fad3d8f77efac0042334da2f3f32eea42e929a9c077f1c0bab8cac6efb7 |
| SHA512 | 83b192016dfc1f0e202182b5f9d513e6c401cee2d1bbc3aa1f29a0d73e4936c8e59cba44725ffb5ccfd64049c3cc1cc50c0ae2314e8f1143a827594aa627c051 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 34869d1b8bb1f9c87eb2cb64a43cfc91 |
| SHA1 | f779087a5904c9ff6ab6f0f2783b22ba0157a3ca |
| SHA256 | d2882a082567020a670ddc95ab28ea64a0cde9d57d84a5f41258873786ea3f2d |
| SHA512 | c3428d1cb88936c5050b69cead6568424ecb66b3444556c77010e5028311fc4f4fcc2757944e4eaea420e5e06d7de3747e82bbae7204aa486ad4a8edb7e57176 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036
| MD5 | 17a3b62be9665b1d0e411a8d87565ecc |
| SHA1 | be09b90a1a121126dab9689f156c51f77bee1ac9 |
| SHA256 | 038deabc8e304a2d574cfd4ed4aa515f8f174f7b3f8b80b416a4354d60b4f311 |
| SHA512 | 6de650c1d46b2d19c14f1b8d21c8589ee276caa2a30654436176295dccea7f619c450ff1cbd01fe94d174cb032eebffed18036fbae4e10dcb17fa228d23850fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | eb05c433e3ad41ae3a1cf5999c7b9e80 |
| SHA1 | a89f318aec16b950381f05d6e53331067b399a89 |
| SHA256 | cad81cd2840074dd5961e9d8d7fc04cb10ef0468c373f4398f5f648f4355720c |
| SHA512 | 1562e2b31231a864291a602805898046c62ac9f526477ca8302851b50c1addde84e21df8f3966f028b29d05df5e022099041dc4ad0aa91101c230369c2c6be20 |
C:\Users\Admin\Downloads\Unconfirmed 606051.crdownload
| MD5 | 29e02aa5d8ad5248c24f2ca22632e911 |
| SHA1 | 2fc3f7b5e390e858d3f633c49656ad91abce2f42 |
| SHA256 | 7165fb9ffb5e283af11952690b8b74956027723103d49690b0df27b317bc824e |
| SHA512 | 4e13f787209d203b1ca81dc1493802eedfafa8c4f26cbf9060d9ab366bccb485b7a54b37d5d6ee9b5a68d3492806f9fe4f9fee7b65680fe237b40e8667afcae8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a05a9ee1f847471da0cf386b3869078f |
| SHA1 | 62e4b88eb7336e604d6cc4201942defa9f5dc7b9 |
| SHA256 | 5d4a20f86d4a190075eb97bec6c65a7732ae07f328f78512ac90d37108a8a10b |
| SHA512 | 22e78bf39b8e2fcd8a9b5376aa79ba01146322624737e948d207fb54609cd6da32d415cd411f16c0afaa7c19082265fa6fdf0dc9c30f357b1fd47d85d0ee8102 |
C:\Users\Admin\Downloads\delete.bat:Zone.Identifier
| MD5 | 0f98a5550abe0fb880568b1480c96a1c |
| SHA1 | d2ce9f7057b201d31f79f3aee2225d89f36be07d |
| SHA256 | 2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1 |
| SHA512 | dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 17e30a39b00093b5aeb67be507f778a2 |
| SHA1 | b43b016dce1a308103df49815bc2836095897d29 |
| SHA256 | 19bbfdf986f1888c066b3b64b9eb58036b51238affe25aec9da92f6f96ca0036 |
| SHA512 | 5ff8ba54b2b34959b44dad811946308bf0aebc5d142b05e5362568ead9413637d2a351485182ce30cf7f2851ade5cc7e5fa287fdf15355987f9dcbe9f7f5fcd3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 8a1277dd0a75abfd6885cb9f4f7a1a97 |
| SHA1 | 7db995f8453103fc37c6ee4da7f9396aa364c242 |
| SHA256 | a59d87897b3a2b50dc012edf8c4a13d84e7ca64a205d32ceb83de9c2099e37f5 |
| SHA512 | 9a9d8806b7308cfd40e8f4a39cc64cc2bc42ffee78db58adf44295fea00ff76de55af5f1e80ae82596d1c774efd1ca224febb5cabfae4e272a59b8357e244c72 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a27b31cdd95fb6acd455800502c50d7f |
| SHA1 | cdabace314d335ae762ca0d3e6726751662515b9 |
| SHA256 | a98ee8a86704bf4c2affbf0da534bb9229755625841712679b84c7e93d74d354 |
| SHA512 | 1f46a6190e4ec7f62720c2edb79ff38f7f63a17b8f4f55ec7230d8badd0b51920619f6407a247684377136709a4710911dbccdc85a17f164c00728457ff6e3ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\79904d0900a83e0a_0
| MD5 | b1939c393246d97c909b2fec0a55b3da |
| SHA1 | 0c7f01bec122ad76fb4f959605b2b4fa13a8dd24 |
| SHA256 | 79d5926d5e5c873e9e182bd85aa070990b68ec76a375f8820b432a7bc5a3f7ab |
| SHA512 | 530ff756b9fd41481f29011d309220cf6abf78f10d634e7506e6d884a390f91518313edba2bffcb00d99cc7b7fe13ba5037bb92f47bb17f45aeef9ec9d0fa9f8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f3228217b39896be_0
| MD5 | ff21b732b9170c12fc34e52e152aafd3 |
| SHA1 | 47e38e60669391afde31f90561cfe1da8b71739f |
| SHA256 | b308244bdac3cb95c18d8de962a49479016c48fa357e2d51d4c9da2ecd146770 |
| SHA512 | 929bf64ec6a10ac22bbbf18b0325c955a064151aa1f442bac15f0d9deb1ee22d352892b0e7be025bb42fb9055bdda643f97e14d29b366844d1317386d6f3c26d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f299668f7f337ff0_0
| MD5 | 8495d0a3b5bfe3671baf5b7320702b68 |
| SHA1 | a69398b809a87db7cea5bfa4f7792ee5e9bd9516 |
| SHA256 | b7f9b17a917eba56b9da40cbc2164a8d5c39207673a82a7fe772bbc126639827 |
| SHA512 | 627d51e75f3e660855a60ac2a19e85863ffd57e59bb10caf52791f4881cc9b0349428fc6beb0ebaf65fdb358140034e33d0235f34e59baeae322ec5e598b0f32 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9459ea7df768bff9ec59705fe986fcf1 |
| SHA1 | f64428fb1ab04837e581e7420a0d76bb42a4abe4 |
| SHA256 | 606e6558e276017fa8251f50b94b8c662f0537e787d24a352d4758c8d259028a |
| SHA512 | a23fc615d8666f816e6b792a49b559589fa834044b85756f17b4a35b1f7b5ba757e626e9c11f4169b6552eff27536748dbfa8e253d4a66ed38f912afc4ff7463 |
C:\Users\Admin\Downloads\Unconfirmed 194848.crdownload
| MD5 | 79458fa61b7e5a1d43260d43f1cf6bfd |
| SHA1 | ce6311f4d199ebcaac0d6caba34cded115b04461 |
| SHA256 | 91d9ddc3ca1de34c47304c6e5490ffcbb8253ab32ba4a1c0c4784bfeed326b50 |
| SHA512 | a7d5217aa589d32efb627345005897fd5cc22d80d8953138b79e6c03f7aea683e031b0e24ca160910149720e51a02ee30a9efdb66ac14f6d6870dfeefcfcbf2a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1b89f06e499853587a2792b500588e41 |
| SHA1 | a85980f9f92e2b959916b72bad20256b6e9add60 |
| SHA256 | 9beb3192f4ac38011ef42d1c08c7f537887c03dd0004e66edbc14c839ea5ca84 |
| SHA512 | 7071d4ac5a1d1a148eee3e84b06a409d9b5fc034368afd1e3e1247b765d2fd2a548948f697f6887942d16d34514fc38b0fed48313b216d1f3a0cb7a8e5d0c167 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f279f6b1b298e562eb9a4183037bfe50 |
| SHA1 | 5d4fd6accfe0db822aaa1429855385039facbd99 |
| SHA256 | 8fb308c3435fa5ecad1e07f335f8228d2bfb99253bd51b2ea190ed84fb14f253 |
| SHA512 | c5d3e6f7b102b7bf775264a925fe354d7b8ca9daa130b5e87439ebb6617780314e440cfcc400b2f32912db98270c24fd69b4e9494721260ebe5aad5671aa60fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ba35f5e6399e48b7ab4c512dc76d3241 |
| SHA1 | 6209bca509c613de78805bb7006bc9a18e6f5998 |
| SHA256 | a157a16794d0071972029c4f0d96a9431532a6c754422afae30d169123694412 |
| SHA512 | ee21af545522fe870034b709580947454c5913ea08dfc3de4bbabe65fcfbaa0e14451ef3308937942f9099a8cb8c49bd946e8f918ef0d54f0a86ccad7eadf76c |
memory/3416-1296-0x00007FF70C500000-0x00007FF70C56C000-memory.dmp
memory/3416-1297-0x00007FF902FE0000-0x00007FF9031E9000-memory.dmp
memory/3416-1298-0x00007FF901BE0000-0x00007FF901C9D000-memory.dmp
memory/3416-1300-0x00007FF901CA0000-0x00007FF901D43000-memory.dmp
memory/3416-1304-0x00007FF8F3980000-0x00007FF8F3991000-memory.dmp
memory/3416-1301-0x00007FF900F30000-0x00007FF9012A8000-memory.dmp
memory/3416-1306-0x00007FF901790000-0x00007FF90182E000-memory.dmp
memory/3416-1305-0x00007FF901B30000-0x00007FF901BDE000-memory.dmp
memory/3416-1303-0x00007FF901500000-0x00007FF901620000-memory.dmp
memory/3416-1302-0x00007FF900A20000-0x00007FF900B31000-memory.dmp
memory/3416-1299-0x00007FF900590000-0x00007FF900904000-memory.dmp
memory/3416-1311-0x00007FF901CA0000-0x00007FF901D43000-memory.dmp
memory/3416-1308-0x00007FF902FE0000-0x00007FF9031E9000-memory.dmp
memory/3416-1307-0x00007FF70C500000-0x00007FF70C56C000-memory.dmp
memory/3416-1321-0x00007FF900590000-0x00007FF900904000-memory.dmp
memory/3416-1328-0x00007FF901790000-0x00007FF90182E000-memory.dmp
memory/3416-1326-0x00007FF8F3980000-0x00007FF8F3991000-memory.dmp
memory/3416-1323-0x00007FF900F30000-0x00007FF9012A8000-memory.dmp
memory/3416-1324-0x00007FF900A20000-0x00007FF900B31000-memory.dmp
memory/3416-1322-0x00007FF901CA0000-0x00007FF901D43000-memory.dmp
memory/3416-1319-0x00007FF902FE0000-0x00007FF9031E9000-memory.dmp
memory/3416-1318-0x00007FF70C500000-0x00007FF70C56C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 456053aa23ca115ffd3fd092e9479ad9 |
| SHA1 | a6bcc38959e16ba89207c3e3cd72a0ebcff1fcd7 |
| SHA256 | b50087f870ef973af6f736c83be9c0da4f5b1019ac52a53bfd12089feed97154 |
| SHA512 | 266758316ea92e93100d81b85e2b594ebf562ddc347eae05f74be71722c21869fe0ab7660907a02153c2a51749b9c9af2e6f393fe71526a528af34e53260a223 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0306bcd0daa8466e42d2adb33c4c03b2 |
| SHA1 | ab708ebf6bdc238b317e3602beff1893a5413a85 |
| SHA256 | f887efe6fdbeee5d7b0a2bf1187061218d1d23a8b69518812410e62640e13145 |
| SHA512 | 5cd1fe7ac5feed6fe4f54492296e01e07eb166e065da9ed4d2a4aee0e39ec4127d51317e8f57e9f6d7735489a377cc31f8ed498d98f08aaeefeeb795c12d1a7f |
memory/1732-1354-0x00007FF900A20000-0x00007FF900B31000-memory.dmp
memory/1732-1365-0x00007FF901320000-0x00007FF901349000-memory.dmp
memory/1732-1366-0x00007FF900D30000-0x00007FF900E42000-memory.dmp
memory/1732-1363-0x00007FF9029F0000-0x00007FF902B9C000-memory.dmp
memory/1732-1364-0x00007FF900E50000-0x00007FF900E76000-memory.dmp
memory/1732-1367-0x00007FF902240000-0x00007FF9029EE000-memory.dmp
memory/1732-1361-0x00007FF901790000-0x00007FF90182E000-memory.dmp
memory/1732-1362-0x00007FF902E40000-0x00007FF902E9D000-memory.dmp
memory/1732-1360-0x00007FF901CA0000-0x00007FF901D43000-memory.dmp
memory/1732-1355-0x00007FF900F30000-0x00007FF9012A8000-memory.dmp
memory/1732-1359-0x00007FF901B30000-0x00007FF901BDE000-memory.dmp
memory/1732-1358-0x00007FF9016A0000-0x00007FF90178A000-memory.dmp
memory/1732-1357-0x00007FF901420000-0x00007FF9014F6000-memory.dmp
memory/1732-1356-0x00007FF901500000-0x00007FF901620000-memory.dmp
memory/1732-1352-0x00007FF900590000-0x00007FF900904000-memory.dmp
memory/1732-1353-0x00007FF900910000-0x00007FF9009AD000-memory.dmp
memory/1732-1351-0x00007FF901BE0000-0x00007FF901C9D000-memory.dmp
memory/1732-1350-0x00007FF902FE0000-0x00007FF9031E9000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\4DCB4SHXUOSOAN2JOZO3.temp
| MD5 | 5fcc5111b4480fc62c459a4cfa3d7cb8 |
| SHA1 | b987894b7d252f28ec836697d3de9e3014307563 |
| SHA256 | 62d194637e4dd6f3ef32196bf5066d2e6dce7d533f3d9f99845379a62d6f3b28 |
| SHA512 | 842f88d820173e44a28159b7a16885fbe1bcc7cb529175d3fcfbf8c51e9b8a97eab1b9435be9be87f42846b5e4c8ea4e73ebe08769aed96dbf80228fd8c20764 |