Analysis Overview
Threat Level: Likely malicious
The file https://qemu.weilnetz.de/w64/ was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Executes dropped EXE
Loads dropped DLL
Checks installed software on the system
Drops file in Program Files directory
Subvert Trust Controls: Mark-of-the-Web Bypass
System Location Discovery: System Language Discovery
Browser Information Discovery
Enumerates physical storage devices
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Modifies data under HKEY_USERS
NTFS ADS
Checks processor information in registry
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-13 21:06
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-13 21:06
Reported
2024-11-13 21:18
Platform
win10ltsc2021-20241023-en
Max time kernel
704s
Max time network
578s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\qemu\share\doc\devel\modules.html | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\icons\AdwaitaLegacy\16x16\legacy\mail-send.png | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\icons\AdwaitaLegacy\22x22\legacy\preferences-desktop-display.png | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\icons\AdwaitaLegacy\24x24\places\user-desktop.png | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\icons\AdwaitaLegacy\48x48\legacy\face-uncertain.png | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\icons\AdwaitaLegacy\32x32\legacy\mail-message-new.png | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\icons\AdwaitaLegacy\48x48\mimetypes\video-x-generic.png | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\icons\Adwaita\symbolic\status\network-cellular-offline-symbolic-rtl.svg | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\icons\Adwaita\symbolic\status\network-wired-no-route-symbolic.svg | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\icons\AdwaitaLegacy\16x16\legacy\network-transmit-receive.png | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\icons\AdwaitaLegacy\22x22\status\user-trash-full.png | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\icons\AdwaitaLegacy\24x24\mimetypes\x-office-document-template.png | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\icons\Adwaita\symbolic\status\network-cellular-signal-none-symbolic.svg | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\icons\AdwaitaLegacy\22x22\legacy\applications-system.png | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\icons\AdwaitaLegacy\32x32\legacy\edit-redo.png | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\liblzo2-2.dll | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\doc\interop\index.html | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\doc\system\target-sparc64.html | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\icons\AdwaitaLegacy\16x16\legacy\edit-copy.png | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\icons\AdwaitaLegacy\24x24\legacy\format-text-underline.png | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\icons\Adwaita\symbolic\devices\drive-harddisk-usb-symbolic.svg | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\icons\Adwaita\symbolic\status\dialog-information-symbolic.svg | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\icons\AdwaitaLegacy\16x16\legacy\applications-engineering.png | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\doc\_static\fonts\Lato-Regular.woff2 | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\doc\system\arm\vexpress.html | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\doc\system\i386\amd-memory-encryption.html | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\doc\system\i386\cpu.html | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\icons\Adwaita\symbolic\categories\preferences-other-symbolic.svg | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\icons\AdwaitaLegacy\24x24\emblems\emblem-shared.png | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\icons\AdwaitaLegacy\24x24\legacy\task-past-due.png | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\icons\AdwaitaLegacy\48x48\legacy\edit-clear.png | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\icons\AdwaitaLegacy\22x22\mimetypes\application-x-firmware.png | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\doc\devel\submitting-a-patch.html | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\doc\system\arm\realview.html | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\keymaps\no | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\icons\Adwaita\symbolic\emotes\face-laugh-symbolic.svg | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\icons\AdwaitaLegacy\16x16\legacy\go-last-rtl.png | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\icons\AdwaitaLegacy\48x48\legacy\image-missing.png | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\icons\AdwaitaLegacy\48x48\legacy\zoom-original.png | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\qemu-system-riscv64w.exe | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\icons\AdwaitaLegacy\16x16\places\folder-documents.png | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\icons\AdwaitaLegacy\24x24\legacy\emblem-urgent.png | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\icons\AdwaitaLegacy\24x24\legacy\help-about.png | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\icons\AdwaitaLegacy\48x48\legacy\accessories-dictionary.png | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\icons\AdwaitaLegacy\32x32\devices\media-optical.png | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\icons\AdwaitaLegacy\22x22\legacy\document-page-setup.png | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\icons\AdwaitaLegacy\22x22\legacy\emblem-new.png | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\icons\AdwaitaLegacy\22x22\legacy\mail-message-new.png | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\icons\AdwaitaLegacy\22x22\legacy\security-low.png | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\icons\AdwaitaLegacy\24x24\legacy\help-browser.png | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\doc\devel\qapi-code-gen.html | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\icons\Adwaita\symbolic\devices\ac-adapter-symbolic.svg | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\icons\AdwaitaLegacy\24x24\legacy\face-sad.png | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\icons\AdwaitaLegacy\48x48\legacy\applications-games.png | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\icons\AdwaitaLegacy\48x48\legacy\preferences-system-sharing.png | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\icons\AdwaitaLegacy\48x48\legacy\user-offline.png | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\hppa-firmware.img | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\icons\Adwaita\scalable\places\user-bookmarks.svg | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\icons\AdwaitaLegacy\22x22\legacy\format-indent-more.png | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\icons\AdwaitaLegacy\32x32\legacy\face-worried.png | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\icons\AdwaitaLegacy\48x48\mimetypes\x-office-presentation.png | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\icons\AdwaitaLegacy\16x16\mimetypes\model.png | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\icons\AdwaitaLegacy\22x22\legacy\applications-graphics.png | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| File created | C:\Program Files\qemu\share\icons\AdwaitaLegacy\24x24\legacy\go-next-rtl.png | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTS\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9907 = "MIDI Sequence" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\@C:\Windows\system32\mstsc.exe,-4000 = "Remote Desktop Connection" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\@C:\Windows\system32\odbcint.dll,-1694 = "ODBC Data Sources (64-bit)" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-116 = "Microsoft Excel Template" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\@C:\Windows\System32\acppage.dll,-6002 = "Windows Batch File" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-121 = "Microsoft Word 97 - 2003 Template" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\@C:\Windows\regedit.exe,-16 = "Registry Editor" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\@%windir%\system32\iscsicpl.dll,-5002 = "Connect to remote iSCSI targets and configure connection settings." | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\@C:\Windows\System32\Windows.UI.Immersive.dll,-38304 = "Public Account Pictures" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\MPEG2Demultiplexer | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\@%windir%\ImmersiveControlPanel\systemsettings.exe,-651 = "Change settings and customize the functionality of your computer" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\@C:\Windows\system32\SnippingTool.exe,-15051 = "Snipping Tool" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\@%SystemRoot%\System32\SnippingTool.exe,-15052 = "Capture a portion of your screen so you can save, annotate, or share the image." | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\@%windir%\system32\miguiresource.dll,-202 = "Schedule computer tasks to run automatically." | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\@C:\Windows\system32\comres.dll,-3410 = "Component Services" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{AEB16279-B750-48F1-8586-97956060175A} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000005a598a341136db01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-140 = "Microsoft OneNote Section" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\Default MidiOut Device | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-126 = "Microsoft Word Macro-Enabled Template" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\@C:\Windows\System32\msxml3r.dll,-2 = "XSL Stylesheet" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\@C:\Windows\system32\zipfldr.dll,-10195 = "Compressed (zipped) Folder" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\@%systemroot%\system32\RecoveryDrive.exe,-600 = "Create a recovery drive" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-114 = "OpenDocument Spreadsheet" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\@%SystemRoot%\system32\quickassist.exe,-807 = "Connect to another user's computer to help troubleshoot problems" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-178 = "OpenDocument Presentation" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2T\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\@C:\Windows\system32\wdc.dll,-10030 = "Resource Monitor" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\@C:\Windows\system32\pmcsnap.dll,-700 = "Print Management" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{01BE4CFB-129A-452B-A209-F9D40B3B84A5} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000008d56c8341136db01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\@C:\Windows\System32\AuthFWGP.dll,-20 = "Windows Defender Firewall with Advanced Security" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\@%systemroot%\system32\comres.dll,-3411 = "Manage COM+ applications, COM and DCOM system configuration, and the Distributed Transaction Coordinator." | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DVR-MS | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-124 = "Microsoft Word Macro-Enabled Document" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\@%systemroot%\system32\msconfig.exe,-6001 = "Perform advanced troubleshooting and system configuration" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\@C:\Windows\system32\wsecedit.dll,-718 = "Local Security Policy" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\@C:\Windows\ImmersiveControlPanel\systemsettings.exe,-650 = "Settings" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\@C:\Windows\system32\windows.storage.dll,-10152 = "File folder" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\@C:\Windows\System32\ieframe.dll,-10046 = "Internet Shortcut" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\@C:\Windows\System32\ieframe.dll,-913 = "MHTML Document" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\@C:\Program Files\Common Files\Microsoft Shared\Ink\mip.exe,-291 = "Math Input Panel" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-142 = "Microsoft OneNote Table Of Contents" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\@C:\Windows\system32\dfrgui.exe,-103 = "Defragment and Optimize Drives" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\@C:\Windows\system32\notepad.exe,-469 = "Text Document" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-101 = "Microsoft Excel Worksheet" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{3DBEE9A1-C471-4B95-BBCA-F39310064458} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000ee6d24361136db01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E\@C:\Windows\system32\miguiresource.dll,-101 = "Event Viewer" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3785588363-1079601362-4184885025-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://qemu.weilnetz.de/w64/"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://qemu.weilnetz.de/w64/
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1900 -parentBuildID 20240401114208 -prefsHandle 1840 -prefMapHandle 1820 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {341143dd-3945-4d58-b608-94eb2b51cd41} 2984 "\\.\pipe\gecko-crash-server-pipe.2984" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2424 -parentBuildID 20240401114208 -prefsHandle 2260 -prefMapHandle 2264 -prefsLen 24601 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8538f8bd-b74f-48ff-a4cf-dae6e9ca84fa} 2984 "\\.\pipe\gecko-crash-server-pipe.2984" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3168 -childID 1 -isForBrowser -prefsHandle 2988 -prefMapHandle 1432 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e8ec16f6-f623-41d3-a72b-7df764a78543} 2984 "\\.\pipe\gecko-crash-server-pipe.2984" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3672 -childID 2 -isForBrowser -prefsHandle 3208 -prefMapHandle 3060 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {75b1a6f3-afc1-403d-a747-1784318cc97b} 2984 "\\.\pipe\gecko-crash-server-pipe.2984" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3740 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 3944 -prefMapHandle 3948 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1371e1c-b900-499f-be7a-31f8f950ca45} 2984 "\\.\pipe\gecko-crash-server-pipe.2984" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4532 -childID 3 -isForBrowser -prefsHandle 5244 -prefMapHandle 5284 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f322d334-5eab-428f-a9a2-4b2e50fb4153} 2984 "\\.\pipe\gecko-crash-server-pipe.2984" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5492 -childID 4 -isForBrowser -prefsHandle 5580 -prefMapHandle 5576 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {596bfc48-1a30-4e34-a427-f4a4ee2b364e} 2984 "\\.\pipe\gecko-crash-server-pipe.2984" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5612 -childID 5 -isForBrowser -prefsHandle 5700 -prefMapHandle 5704 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {53ae9c9f-2585-4db1-b992-0ef44eae4d06} 2984 "\\.\pipe\gecko-crash-server-pipe.2984" tab
C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe
"C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Program Files\qemu\share\doc\index.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ff83e4a46f8,0x7ff83e4a4708,0x7ff83e4a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,2930111870885909382,10421596061386108172,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,2930111870885909382,10421596061386108172,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,2930111870885909382,10421596061386108172,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2930111870885909382,10421596061386108172,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2930111870885909382,10421596061386108172,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,2930111870885909382,10421596061386108172,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x264,0x268,0x26c,0x240,0x270,0x7ff7e8c35460,0x7ff7e8c35470,0x7ff7e8c35480
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,2930111870885909382,10421596061386108172,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2930111870885909382,10421596061386108172,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2930111870885909382,10421596061386108172,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\qemu\README.rst
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\qemu\README.rst
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\SearchProtocolHost.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\Windows\system32\SearchFilterHost.exe
"C:\Windows\system32\SearchFilterHost.exe" 0 820 824 832 8192 828 804
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:49790 | tcp | |
| US | 8.8.8.8:53 | qemu.weilnetz.de | udp |
| DE | 188.68.58.204:443 | qemu.weilnetz.de | tcp |
| DE | 188.68.58.204:443 | qemu.weilnetz.de | tcp |
| US | 8.8.8.8:53 | qemu.weilnetz.de | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | qemu.weilnetz.de | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.58.68.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| DE | 188.68.58.204:443 | qemu.weilnetz.de | tcp |
| DE | 188.68.58.204:443 | qemu.weilnetz.de | tcp |
| DE | 188.68.58.204:443 | qemu.weilnetz.de | tcp |
| DE | 188.68.58.204:443 | qemu.weilnetz.de | tcp |
| US | 8.8.8.8:53 | www.netcup.de | udp |
| DE | 46.38.224.30:443 | www.netcup.de | tcp |
| US | 8.8.8.8:53 | www.netcup.de | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | www.netcup.com | udp |
| AT | 144.208.243.2:443 | www.netcup.com | tcp |
| US | 8.8.8.8:53 | 65.204.21.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.netcup.com | udp |
| US | 8.8.8.8:53 | 30.224.38.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.121.117.34.in-addr.arpa | udp |
| AT | 144.208.243.2:443 | www.netcup.com | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.243.208.144.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.netcup.com | udp |
| US | 8.8.8.8:53 | www.netcup.de | udp |
| N/A | 127.0.0.1:49798 | tcp | |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| DE | 188.68.58.204:443 | qemu.weilnetz.de | tcp |
| DE | 188.68.58.204:443 | qemu.weilnetz.de | tcp |
| DE | 46.38.224.30:443 | www.netcup.de | tcp |
| DE | 188.68.58.204:443 | qemu.weilnetz.de | tcp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 88.221.134.209:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| GB | 172.217.169.78:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.72.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.169.217.172.in-addr.arpa | udp |
| GB | 172.217.169.78:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r4---sn-aigzrnsz.gvt1.com | udp |
| GB | 74.125.175.169:443 | r4---sn-aigzrnsz.gvt1.com | tcp |
| US | 8.8.8.8:53 | r4.sn-aigzrnsz.gvt1.com | udp |
| US | 8.8.8.8:53 | r4.sn-aigzrnsz.gvt1.com | udp |
| GB | 74.125.175.169:443 | r4.sn-aigzrnsz.gvt1.com | udp |
| US | 8.8.8.8:53 | 169.175.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | 68.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | checkappexec.microsoft.com | udp |
| GB | 13.87.96.169:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | checkappexec.microsoft.com | tcp |
| US | 8.8.8.8:53 | 169.96.87.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.108.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | data-edge.smartscreen.microsoft.com | udp |
| GB | 51.11.108.188:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | data-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 203.197.79.204.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | cxcs.microsoft.net | udp |
| GB | 95.101.143.183:443 | www.bing.com | tcp |
| GB | 104.78.171.70:443 | cxcs.microsoft.net | tcp |
| US | 8.8.8.8:53 | 183.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.171.78.104.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\datareporting\glean\pending_pings\7913cd3d-0587-46cc-ae88-07ba3cc5149a
| MD5 | da0b4fe7e6da5db905d615e8875fb796 |
| SHA1 | d85ae20749d0d922053e292e053a13119efc45f0 |
| SHA256 | 9120098555f8cd6c529232beb76e18d2b9253f21af347c9c558763a6fefa1b1e |
| SHA512 | b3a30c3f0d8b94fe5cb063a910330e1271f3fb30b5b2bac91f8278fb870134b8d7881da11f374006f97d8cb45c5bbf0dc2427c6ace6a800c21b88cd0d2747c5f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\datareporting\glean\pending_pings\666b01c0-cad6-4c2f-9f99-26f0535268c6
| MD5 | 092a583c2cb82a6057599f13982df394 |
| SHA1 | 986bdb0a60a4d4616d29f6ed2dbea9feed88191b |
| SHA256 | e7727171483ee80df65cdb5ebd6f53e354809efac3059d64de7f049196357ba7 |
| SHA512 | 2e3c6e67aae2e57b10841ae00d7ff48d81577f801a29d7b39b7da52a5ce39d808cfa471943565eb79f1fa9f0e30048b5177ab2c7bd61bf88d7677b98f5dece14 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\datareporting\glean\pending_pings\5c762b53-6018-4ff7-99bc-3488154d0e3c
| MD5 | 07ca0c5658e62120eccfdcf4f3919b14 |
| SHA1 | b7a94b03c1d4f52b130a1495ae4af0fc1b89e8af |
| SHA256 | 27414ef1a54251498d8f707612b3abf82ecf94a0d489bc7971bfd42994d923c7 |
| SHA512 | f207ee0c40f47a09dfd32f34a27f6013f2a435dd3d21160798617d008c131d0a429f7245c22aabe7030167584f7d39f1bcfb9c6871906d48ce55b811caf6c109 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | b2c300995bbda16fda0a627a3d2ef6ee |
| SHA1 | 0722de9cf7785b02b592b8c24322095f2c6962aa |
| SHA256 | 149a940bef04d7b57075c12cf9317af76a7097961c3ee2cd57d566c83abc4f80 |
| SHA512 | 20577d91f0ac781fb9af7d717c2877870d388fa2a4feb2b5443fd7052e1f25d68cd95b814046312cbf481b93d054d56e1f9e8c229364f75215ab59ebe8a08ed0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 9642f3e9b2cc64e6a25967e9e2ac16c0 |
| SHA1 | 2551e90edb3b787415f43d4ce62dbb421c078a56 |
| SHA256 | a9635632e7be95a4ded63a2fdb32cbc8636ee07e926dadbb89c81e791506d144 |
| SHA512 | d05070b278a4e4a28ac9be600afa2f8c2befc16e6aca5f94b72561ff22c1d8bdc888648c4ac0738af7f72c4f3b1b0b6cc3e30b4875de2454006fa8e0c5f73a29 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 0348862daf9559e67d28c45562a4bd71 |
| SHA1 | c9b2f6edfe41fbfe202c5342ae7719780a3db61f |
| SHA256 | d13282659f699ab0f6a7c4dde73715135c85ba6d0cf56ceeb20bac8f9ade497b |
| SHA512 | e4e565ede6c3fddbbdff56248133ab9a0595b507e51517e3a9ed43f3406d9239cb614942067eb2f7b65fbc5c4ee7236643b26707233e5e1cc9c094b8942785c9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\prefs.js
| MD5 | 0771a7ab2fb6e9ef3dfeacaa2d04750a |
| SHA1 | 396befd019fd65eab245114389286cae0473c2b5 |
| SHA256 | 457730f4b12fe2bc9984e780823869e8f46a3736553a29039bf615a358349e03 |
| SHA512 | 49de2c77bd707643ce163a98f380d5b07d41ab9c7e4fda4472cf83687c87ec6261f4c5da6ebb43651b0b7dbac3807417f0a491423555ef737d54bfed074ff946 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\prefs-1.js
| MD5 | a24bead79b78bfc1a26b01a0d58cfae1 |
| SHA1 | 5efd856360a5f2e8c18def50c18fa7927f9b524f |
| SHA256 | 74376a6f2838b1fe6a99dc975eb7b43de5cbeebfb27505a52e0837d60e187694 |
| SHA512 | fa18c01d52f092ced6e3b3b71b9cb8eb2021316e3a8413a30e9037d25dddeacbaf8b5e8324334c998a078cbbdca25ddd4342f334d33c655cf7e13d91735163ea |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\AlternateServices.bin
| MD5 | 7e08ae83c891ade031bf4d76f147d2a8 |
| SHA1 | 9476f613ecf82b164055f4e843bbc2087823294f |
| SHA256 | 861342db1bee27a031a6ee199500e0a8be3d3ac21cbfe1f4a489f9517e0bec13 |
| SHA512 | ee35207f658f9a10f67d1aff8b49f546f9503798cc588bf5d6927494aa00b13be3e2d4136ca0ebe0e8064aa9b1b6ef4d3afaf712afd06b48c8bcef2706ce781e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 8ae0530ac073025cfa55406762cd148b |
| SHA1 | 92f465498b10529d119bfb5bebbe8aba8a4cf3ef |
| SHA256 | 65b8bf081340c28f28ab248da2439b6b1d2b44ebda06262314193842b784acb1 |
| SHA512 | bd57923b0b36b84688fe0a9c8d964696cf5425a6b2bda3203a85f1d14a4a493217417de0017c3db7090ab043282e3984534b397addf0a6638f1228c258338ab9 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\sessionstore-backups\recovery.baklz4
| MD5 | b5f6f5a3dd1b22695508bfb05bfcf199 |
| SHA1 | 002d95694101dc95ecb94b64abe33c1611769ac2 |
| SHA256 | 2f0d80f33a899c7e69f6a6901de420621ba8bfb22715c32dd3b3b37ed5905bcf |
| SHA512 | 6b5421bd270dd33e56fee80ad6afb1ec5c2ef3b36965821472ac397aafd382ada2f083d4eed6b83d4147d404305634d2fc67ff9e79af91bfc6e91a1701d7dc4e |
C:\Users\Admin\AppData\Local\Temp\nsg5D46.tmp\LangDLL.dll
| MD5 | 879fff417564b7e40ac155694554eeb0 |
| SHA1 | 14742d1436e485623c624ce143e23cecdd17cb89 |
| SHA256 | a77076ac3494e732a0e3171adeb21514c0cc7a7c9f447589c5048a6d4d08e035 |
| SHA512 | 7476086a4de0f6ee919e72d9e76729b63536fa98453ecdb8f282876b42f65a1470be1dd28da60764495cb824422c1cb83e2a06678c8bedadc38ff4c728c8efff |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\datareporting\glean\pending_pings\7c06eddf-57ef-4525-9a37-507de3d19602
| MD5 | 8a09d61ae2b323d5b65fc1eb3371e22c |
| SHA1 | 54e37e7cff34bb3e595a670cb7561f2f63e98a9a |
| SHA256 | c4220e60ba9b9d1f194396f14fde57c8c6adf6e843c231a45b7a17a89a2d624b |
| SHA512 | f4e166bd318052dac568b8a91b41adbbad4ff363318cbd1b7e79a1e0112cbc2fb2686c4ce960af7b39ec077c75feb39dadfcbe0fda32f3a46e7b9cd843100f0e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | b358b919533aaf4e6b3c39e0d810fb6b |
| SHA1 | ff38cdbfddee30c71048e5e2de1061120fcda884 |
| SHA256 | 586c8b70f38fa8de9dbc65f55bf78a11ac7f5ab6718213e3510777f42553d494 |
| SHA512 | 15e0882bdb26e73f455c18f831a03ed2b7cdffae650a97132a07a7ad2e4e7effee6d265426314616bf3641f3aacb7fff18e56c8c9fd4cc6195ec01b988b3e22e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 42f78cab87d4072dcb0f974c8b69c9de |
| SHA1 | 7811c4d494b718bc81328b8bfdae6d6513d0a788 |
| SHA256 | a7296cdcb449c7c7933fdc6b48d854e6bb2d338464c424f21cb0f92a1c8c5394 |
| SHA512 | 1d66c36330e59a0c77b4844a289b2826235bd963ac3359365002a991fa124078c20dae51d2043b79ab660aadd46ee4bf8e7b543d970f85626e79ff15bec9b772 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\prefs-1.js
| MD5 | f6445e9df50fdb57fa795f9ad191a31e |
| SHA1 | 36929d895e0be8a82dfc906233be7adcfe23afc6 |
| SHA256 | 3a75598d3c7cc0fa0baa4d11c658ad50ed13a4227a9fec932786d2b9670933ab |
| SHA512 | dfda346066b25f904a1708640dbdc242a967148a3fd0c00993a05c97773689645af7d14e018815b0c15d44e457fffe0247622824a3b323449eca17b5297ee412 |
C:\Users\Admin\AppData\Local\Temp\nsg5D46.tmp\nsDialogs.dll
| MD5 | e23b7a59bf4fc0953cd713b8c710ef4f |
| SHA1 | 22d168ac1e8c073b68fa86af28082ae45fdd122f |
| SHA256 | 2b32395df2fea42a3a79db54b29f01d82db71bc090255201e03a6db872942ee8 |
| SHA512 | 1b775c58cf50cc7b5fededd742d6f297be247f74907c16e21e5939ce7339f6dfdd88755e52690242f77413d33c252a2cf471871e0d39bebf4c7b4f007478539c |
C:\Users\Admin\AppData\Local\Temp\nsg5D46.tmp\System.dll
| MD5 | bca82a3fab6254d30b0fc51a75b3daa5 |
| SHA1 | f51b721a3970201b355a539ab7743e0cff73f345 |
| SHA256 | 46b364f13d089636b60c33d3f6a4b1d2cd32e6af8d9bc29339af0b7dadd21703 |
| SHA512 | 9aee67a05ef3239c3e728b212cecc389d74e0ae9ec08d07194d79b0dd6ba16f0cec637b848e4efaf541a12a6872e8f0814d06ffaed086aa351fc8ca1a1c27c13 |
memory/5360-592-0x0000000000400000-0x000000000046B000-memory.dmp
memory/5360-594-0x00000000746E0000-0x00000000746F0000-memory.dmp
memory/5360-593-0x0000000074D30000-0x0000000074D3C000-memory.dmp
memory/5360-1051-0x0000000000400000-0x000000000046B000-memory.dmp
memory/5360-1054-0x0000000000400000-0x000000000046B000-memory.dmp
C:\Program Files\qemu\share\icons\Adwaita\symbolic\devices\media-optical-symbolic.svg
| MD5 | 48281857472b1a6c0917cecbee2b39b8 |
| SHA1 | 0e45fb15f77bc37909e56fee9d807d5f96f60f53 |
| SHA256 | 400909b4e6008b6a90e83e5bac3338ca96b068a6e765b548ce8af87e090054b1 |
| SHA512 | 39cc48c2ec5af9bb7d51c02f3cfffdd1ca3a31c698ffc91c96ce86fad241f7aa0a5b3ccb9a205d7639fe5307dedcf9ea0d3518baebb17b5399ae93517a88ccfd |
memory/5360-3291-0x0000000000400000-0x000000000046B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsg5D46.tmp\modern-wizard.bmp
| MD5 | 81995a69c2e1df31497ae04182e664e4 |
| SHA1 | dcc84c1c05e71a09d1cbb6dd38c8f980b2cd19ed |
| SHA256 | 93f79a2b6e0f97bc7b7c75ded89a3c4c7657af37c087cf067470771e0affda9c |
| SHA512 | ee5c1642a38b46497cecdb8de7d338d5ea74c6be7705676ed3875ab4e3b22b09edf7fd77a2dd001f9e71ce5daa2c8091c271b497f15fb944cc1efbfce5f71794 |
memory/5360-3892-0x0000000000400000-0x000000000046B000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 557df060b24d910f788843324c70707a |
| SHA1 | e5d15be40f23484b3d9b77c19658adcb6e1da45c |
| SHA256 | 83cb7d7b4f4a9b084202fef8723df5c5b78f2af1a60e5a4c25a8ed407b5bf53b |
| SHA512 | 78df1a48eed7d2d297aa87b41540d64a94f5aa356b9fc5c97b32ab4d58a8bc3ba02ce829aed27d693f7ab01d31d5f2052c3ebf0129f27dd164416ea65edc911c |
\??\pipe\LOCAL\crashpad_1060_SFVMXTPXZXCURKWA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
| MD5 | e5e3377341056643b0494b6842c0b544 |
| SHA1 | d53fd8e256ec9d5cef8ef5387872e544a2df9108 |
| SHA256 | e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25 |
| SHA512 | 83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef |
C:\Program Files\qemu\share\doc\index.html
| MD5 | a0c35f3f598eb0d21d3854464e5e4b8d |
| SHA1 | 3bde2b0f842d5abfe7994f2908ac578a90b08938 |
| SHA256 | 4659ca0af5c6b7e911bb2c7b878377b5a23df91c641c23963cd4f9bd1e7fc841 |
| SHA512 | 26815c1420b122ca08b3b25747e9833d989c40be45871a4bfb9ebf98a9f5335f730872d7818bf6059a2e09eccff6afd89e3529fa64a7f397af0f875703953e01 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000001.dbtmp
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 278e5c6a2e80c8c25ec79f12e79429cd |
| SHA1 | 8d1aeb391c1f6c9e2dfda9be51cdf1e4d03699ca |
| SHA256 | 7b2e0dc9545e769de687e4ddee4930323556eb26da01e335555e5f48bb8e4f8e |
| SHA512 | 5826cc5ee5d0217a9786d0ab69405fbc35161842778381093dcb4b177ebdb046293b241cde5d7ca98a9a963d3a0f58d71a5c36c1d9a5ea310d156888dd86c873 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 952a6e3cbc50f011cf2f04c9470080ff |
| SHA1 | a0d6a2509af73e523c970f6e4351861bde63d6db |
| SHA256 | faa79ba7dfd140106187ab50f14aa7cca13650f94f796419bc0a44d7a2b79d5f |
| SHA512 | 7955092a6086f05268e4b0f88648d9275020b6cad83f81c90eac5a7cd994cc243b8dfab579d4335db62f3577fd2d8a7fbefcad6cc615e2bcf1d014115056cde4 |
C:\Program Files\qemu\share\doc\_static\qemu_128x128.png
| MD5 | d74988382b0431a21125bb4784f130e5 |
| SHA1 | c36dc91acd5a990bff29cc0c655d097fea4b873a |
| SHA256 | a5ea1ec84fd9e0391a7ccacc2cba10a83359c903a01e61a62fec4ea187c9f473 |
| SHA512 | 72c9ea205394834b3db443ebbe29e050222e8ecc4e8fe96e7ddff3c6f487d761f92374ff1375c7ab74034735ae2f4404f37597966a32c7ed5698b8e714f323bb |
C:\Program Files\qemu\share\doc\_static\js\theme.js
| MD5 | b98bcb474ac080830742d3152b787a8d |
| SHA1 | 93df75974a7fa841ff3a1c5fcb8cec470be2871e |
| SHA256 | 345bba8899b2cf4b086cf9a51cec5f8f1b8e643baf632d3b6a2755834c80d0fa |
| SHA512 | d892c359c4cb9b83d4c73d6bbf1046768448b17f183ade035a65fff69c74c8223411da611d4369aee0632dbf72dcab71c1382351a9e65d432b4fdc4bf69f4885 |
C:\Program Files\qemu\share\doc\_static\custom.js
| MD5 | 1b672db5f5929d68f9ec958ab170139c |
| SHA1 | ccb0ad9f1fb965de4efac12b921ce2033bdf3b6c |
| SHA256 | 1e6785b89ab5ec68c984c7f71eca869aeffa3f7fcb0b663ed318307ea0f981e0 |
| SHA512 | 7b45d8e5a3ae8d368ae8837d7ce8c2c81728bdaf4f1d384b6f88fca4aeec7a8c9a2660b365d3366b2cb2613d2cbfd296faa5925a5faa0029687a8ec93e25bc70 |
C:\Program Files\qemu\share\doc\_static\sphinx_highlight.js
| MD5 | b17ba55b1c6662b7e3fb36cf1047c432 |
| SHA1 | 4449e39aae7f28ccd8a9aeaee7c75f7fd060eab3 |
| SHA256 | 8ab48df3b3dec086f887666e14f9e789fcc3bf3e78d4e044771133272aded525 |
| SHA512 | dfef6f0d2d0cf77bd96466791891612a86007c00f4816a36033be4a271e33e6c1707c364299723244b346ba08ae615246b6b360b4657f7a940cde3dc7300103a |
C:\Program Files\qemu\share\doc\_static\doctools.js
| MD5 | da457e7ca514c268d4bc03b9d3d11abd |
| SHA1 | 7357aaaa9ba00845d81a4d0160926e0e84e126de |
| SHA256 | 2e887dc9a70efc8bc29783a50d3809c294ea023f1360ef5035f5aea372614d3f |
| SHA512 | eeb412d8da47a7ca302f80a0a2694f4c7b5b6ff7aeff9e830aac284a156b43783faa0f62351a08dfbd99fbb087fc23e8982ecc8156d54cf564d8621e39c774bb |
C:\Program Files\qemu\share\doc\_static\_sphinx_javascript_frameworks_compat.js
| MD5 | 2fc8167ed91f7556e5a9afba5660eba1 |
| SHA1 | c550cf510010493f19aeebb824da7933803e6d74 |
| SHA256 | 2f1e30341b31300bdc3af29ee4a64e0f40ed15492345387bb47542d9b9b4813c |
| SHA512 | 9614f093ba50dc32bccce3df6b737c36435afe3beae4cf090428cac6c09028a83ced2cf5e55b49bd7e30a5e58fa710ecc60cdf7c110993e2d95fd86e2397c352 |
C:\Program Files\qemu\share\doc\_static\underscore.js
| MD5 | c4cc420b3254d8c4818ab8878cd14c4a |
| SHA1 | 13eab7662cb069eecdfdad4790721c36a20277a1 |
| SHA256 | 03203363ad99fc8de92e0096e1419ff416909cb9e6d1d7e05e64905387d1949f |
| SHA512 | 0deca0d0c4ae058f75c740e44a51891073f9f8282f07b8cf12b1e121cacef0a6f752d3bc892d0f2c78ab8f864bed8161d5be83dee8885668d2d8f6d20fda4f97 |
C:\Program Files\qemu\share\doc\_static\jquery.js
| MD5 | 68978ee4eaee8b65b2ba1efbc7dc9c44 |
| SHA1 | 59c6d3ab57c35f63fb21871a449e2bc1e361025c |
| SHA256 | 6e2dac4996733bcf0175f3b52bd55284f383909e50b9da3e258c4aefa9910ab7 |
| SHA512 | 6b63d037c7350e745a3688aa0c551a34fb23e545699125b7c0f2b480efd10d6a073747fb010221275f5c6c50a46e03733aef10580aa1e481dfbd7f60b5035f04 |
C:\Program Files\qemu\share\doc\_static\fonts\fontawesome-webfont.woff2
| MD5 | af7ae505a9eed503f8b8e6982036873e |
| SHA1 | d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c |
| SHA256 | 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe |
| SHA512 | 838fefdbc14901f41edf995a78fdac55764cd4912ccb734b8bea4909194582904d8f2afdf2b6c428667912ce4d65681a1044d045d1bc6de2b14113f0315fc892 |
C:\Program Files\qemu\share\doc\_static\fonts\Lato-Regular.woff2
| MD5 | bf6596b738a634d61a83c465031e8cb3 |
| SHA1 | 97cdbdaf1d58dfe7ebf8b4569e9b76b6a48f84e1 |
| SHA256 | 7a11eb0da6b3e6e71d5b6cdcf12706a7884e14a3af8fd04c6feb447d2557b95f |
| SHA512 | 822ba21dae7cf5ac882b9ee40c0106b5282cc6118d1cb56354046d3fea24c9dfd4ce6311f8df2d7ea04880ce7e4e4fa711c88e704a9cc422bcb217fedae941f1 |
C:\Program Files\qemu\share\doc\_static\documentation_options.js
| MD5 | f4bed77bbb98ecdcf4b89de56a5522c0 |
| SHA1 | 0b19976e75fc2a90f63cdc6f5d7bfea8f83b8291 |
| SHA256 | 69469a5ef33dd8e81b801d81a98a2caeb2c267efde432160e2500a2ee34cb1e7 |
| SHA512 | a2e286e91b67364fe58de46b35565a8779df8c4d1e0fe0a33371a742dfdecc70405c9e2640218277bc1ab5e026068f950f29ecb5883740c69735a2a5169c562d |
C:\Program Files\qemu\share\doc\_static\theme_overrides.css
| MD5 | 18e0f374ffce2765903518327e852161 |
| SHA1 | 5521bc89d3324970a1803f991c6a6c9073fdac00 |
| SHA256 | eaed74d68a80bb22836ddd89c8bb3d8845e1a3d12bde683cf1991de195024801 |
| SHA512 | f53a2a27bd847a1be51d55031f6ff3ee74dbac63f5fde1bedd6ed8f5a56ba457da75994aec294933ab27fc0125cc42f6c69b9a98b3a68757c69fd50a6a9134fb |
C:\Program Files\qemu\share\doc\_static\css\theme.css
| MD5 | 494009d0a5f2b22ad76cb740458b091d |
| SHA1 | 6751b1f28132b47f58ed57181031911ca11a1d50 |
| SHA256 | 88dba9f880ebb4435bbe65cfff181952f4d891d8ceabf20aeb98bd861b35d930 |
| SHA512 | 8991f1f8458310ad4cd8870ef9c177149c190e2299ac06873b9acab6f1eb1fdf93298435b19392b28148d0e0903599dbcff1e9762a68499267252fbab40f341f |
C:\Program Files\qemu\share\doc\_static\pygments.css
| MD5 | 16acc1c7c720d4035192aa29995ce675 |
| SHA1 | b923d7b10b922879af854b9aef9cd0471b9ff2a1 |
| SHA256 | 1dae86fdcef1cf8c69a21c8e06d2bfd945a1a314e2ec7c0585913e2a36ae022c |
| SHA512 | a4d5357a9f8cd148228239254e7ffc614beafa381947c02f1d637a28a77179c16a1212a59e192605aa234b6e90fd5239954306942c78e1320e91c4f6a3318794 |
C:\Program Files\qemu\share\doc\_static\qemu_32x32.png
| MD5 | 96b0dbeb62e70113967cfffbe3f7f510 |
| SHA1 | a0d19a0773d6785a01b89b6a72dc2fc0ab056bb0 |
| SHA256 | 8b67cc8c79b815395bc255fc70638997df6d7b0fc23e0f05ebd00b3744ab89b7 |
| SHA512 | 75ab6731cf57a9564095a0f3a49feb5791b7504fc8bbbb94b8c69e9ffaa39031d2f77742ef6d75a32e90f1199911ebaf7d3cb5b7c40410f9169c185ba7e213ec |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | b496422a7193a521296430a222899832 |
| SHA1 | 34e49c6ac8d7eebab3141123b5bdd39f7f448b13 |
| SHA256 | a96a09ca69224486fe37ea27e60be56792683f572f17dae13fcc4f0639e9cd08 |
| SHA512 | 7a41f0f6021f540b04c6cd100d11f297c105f5747a1152b3beddaab09799d8132006cf7768a6aff5a2a3649846d8d25f4929ffa5c4806e19977d1347a717e26a |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 16f494123a5035ef4e1f8caf2df16574 |
| SHA1 | b726b6ebd401a75a0c73d7b77147f79c84d4a74a |
| SHA256 | 2dc10184820ee1e3fa8d558e531319961324788d3c323c746fec8c1c5d952f49 |
| SHA512 | 6912cd8cc01bc8dcf845e6891385fe93ff0b449df5cdd9ed2a4a8de67b549c1ff9ae52a390bf9d86dea2f2bc3b2f74a3c7bf1b1dc993d4369fc63ddbdd703b97 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 955eae4485edc09acdd3b2d6906fa95a |
| SHA1 | 853d834941044ce89d47e240c4e164308c03e9dc |
| SHA256 | c373320b4236c9031c29fb8ec02d09714e7a8ffb1a481ed0df60a4b76cc4e863 |
| SHA512 | 5d29fbb6fb686565a8adbbe45da46a01ef79dcf8a3b091474bdafd89d46e7b829ba12828220f11c797732865be74ee9da0782d35bc2748ce8f6d095c0ab5ba10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 7ec974d6450b1d66b1603b4d8ab6f311 |
| SHA1 | a69718ede5e64505d611081ce519c13bf1874c71 |
| SHA256 | c8f35daf396d3857417f59817d58bd0d546a726b6d8a00a8a1c2d158623a721c |
| SHA512 | 9a524e266bc6b297d510d791445a6c014684c7d583037e2e40c8ad5e886e49f843662afc3c39cc9c82ae9d165e0a9ef3345dc800eb0655ca70b0769bf207bd2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e3bbc498997b42171b4922ab1a4c4b9c |
| SHA1 | fd7603a5fadd3d744e39c60fdfe983f8e8dba601 |
| SHA256 | a99ed5950596baa774bac2ccd3633ceda98798d09cb4ca12378b48139ae0735e |
| SHA512 | 5b61962283692fbb7819b8838dac0b2bb7130638363f0abd02a6bf98c3b11b9fdc4d8ecfdf9c768f04d8b407c4b5e86d6098a6489f9541b6d3b459485c35587d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
| MD5 | dcae552634ab3490939cf5687a95d461 |
| SHA1 | b67ee5f04690a5569dc71337972981c9cefe82a1 |
| SHA256 | 80a3f2bba6fa1a001aea2b9ade1e9de1881a75888de1a0986ee7caf16ea84c16 |
| SHA512 | d903f0bf56b495688b7b7bfa68e53a9485285a3b1dd9df07efd59697c1283017b123399d812d897e3e76c0a0586e2386f46bbf1cfc96f40d57981544863a837f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Program Files\qemu\README.rst
| MD5 | 7e6fd6ef8d3642d2ca67861b828402b4 |
| SHA1 | d875c59244ed59b60a30e0a7550a19d02849387a |
| SHA256 | d9e0384f45d047137f74f38b32dec1f31488fdbe2557820c8934e1fbc8fc2efd |
| SHA512 | 9ec69678974e5ca8e5ebfaa8b2641c93348b3b5c876ff558db7ad59bf62f2209a355e1cc6482c679066cdcc919b431d1a6ae0a2d79a75688920c6a7b3ac001c1 |
memory/4500-4197-0x000001C3DC4D0000-0x000001C3DC4F2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_xsclomux.uzv.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/4500-4201-0x000001C3DC9D0000-0x000001C3DCA14000-memory.dmp
memory/4500-4202-0x000001C3DCAA0000-0x000001C3DCB16000-memory.dmp
memory/5420-4208-0x000001D0F20C0000-0x000001D0F20D0000-memory.dmp
memory/5420-4224-0x000001D0F21C0000-0x000001D0F21D0000-memory.dmp
memory/5420-4240-0x000001D0F6680000-0x000001D0F6688000-memory.dmp
memory/2916-4245-0x0000024E6F960000-0x0000024E6F970000-memory.dmp
memory/2916-4246-0x0000024E6F960000-0x0000024E6F970000-memory.dmp
memory/2916-4247-0x0000024E6F960000-0x0000024E6F970000-memory.dmp
memory/2916-4250-0x0000024E6F960000-0x0000024E6F970000-memory.dmp
memory/2916-4249-0x0000024E6F960000-0x0000024E6F970000-memory.dmp
memory/2916-4248-0x0000024E6F960000-0x0000024E6F970000-memory.dmp
memory/2916-4251-0x0000024E6F960000-0x0000024E6F970000-memory.dmp
memory/2916-4252-0x0000024E6F960000-0x0000024E6F970000-memory.dmp
memory/2916-4253-0x0000024E6F960000-0x0000024E6F970000-memory.dmp
memory/2916-4255-0x0000024E6F960000-0x0000024E6F970000-memory.dmp
memory/2916-4256-0x0000024E6F960000-0x0000024E6F970000-memory.dmp
memory/2916-4254-0x0000024E6F960000-0x0000024E6F970000-memory.dmp
memory/2916-4257-0x0000024E6F960000-0x0000024E6F970000-memory.dmp
memory/2916-4260-0x0000024E6F960000-0x0000024E6F970000-memory.dmp
memory/2916-4259-0x0000024E6F960000-0x0000024E6F970000-memory.dmp
memory/2916-4258-0x0000024E6F960000-0x0000024E6F970000-memory.dmp
memory/2916-4262-0x0000024E6F960000-0x0000024E6F970000-memory.dmp
memory/2916-4261-0x0000024E6F960000-0x0000024E6F970000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
| MD5 | 014ee9b9ea30550e5ae9b95bfc7d56e3 |
| SHA1 | 3efd2616b8fa34dab0ce7e13ed2a4cd32ff6a357 |
| SHA256 | fb4d8e88b6e4f323a6c447f93224a19106a93cead7aeb37cd06843007e5fde27 |
| SHA512 | 708d449b82a28773b97441a043e9681be01982760fe347e5d14c2b9784af20072bd8982e94999831f7308f66e8d7d105ec3b20980c6d748a0075a70fd3133256 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
| MD5 | 90c5ef552ed02e80393a4573f6702bef |
| SHA1 | 262eb1afaed1e176425abd99bb74b4179973895f |
| SHA256 | c1d4952733459eec62c9379944b9101af4db4532bf88d5056fe81946f135e913 |
| SHA512 | ea1d4bb364abf769057908338bd032b7a86eda6821cd6f2dc64f19b93bc9f90bfc644e39491542dc42a749640f38a776244889050d0dda5de8f57c74da945887 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | 6e8a22d25f5b76a8d6ec8aee6df8be5f |
| SHA1 | c587d7d3db3925a4a74782de196b7b05fb73e73e |
| SHA256 | c12f1de062291c115fd4af16fb0b5236d75e063d65841f5be33d35018812f5fc |
| SHA512 | 76b9e5729d65622b8c0e1e1292a92c6df3021cccf0516f9f19af0dac23514b593296d445111071912b2d5e7afa184707f3b189d955c9e77ba4226fc1be0aa7b2 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
| MD5 | 6deb8a7484748bfd2e1732c86e66cbc2 |
| SHA1 | eb15e5af491a941c9cca5d16b38e72a75cdc1fab |
| SHA256 | 03b8d5221d6f490ffedf3f3424077b4c7602b67dd663b1e7fe6e65997bf788e3 |
| SHA512 | 3bf256ba6dd85ca8ffc5a3a4b681ccd40b4e6818d9f096d31823a943ab581aa816c46882abea4a2b7c6355d9b4a678cfc320180f8dad02c69ebd1774c949110b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
| MD5 | 64ea3212957ce010203275267554ea2e |
| SHA1 | 54ca5f28f606c38e512ce106cf1ef47588ea658f |
| SHA256 | d8ed65bc104f97e7660719006854627cd7d25de445da5c322f0cb3fd5d6ab9d1 |
| SHA512 | b75ece1762e0a5ac2289e5967e50d8f85a3303d8332e351a1496b2edd58bf7b83e022612f1a817591b3b414231ff734c737c39299076ce5a91a66c419c25934c |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt
| MD5 | cefa55ff89f86b572c516e7f67e6b8c7 |
| SHA1 | 5c74527f0aa001e0acc1c4f60d8d91db9e764a38 |
| SHA256 | 937568214cc91d9b3c9bda0a6f026a212c85fdde2cd4100fb9de8a1cf1baf202 |
| SHA512 | 1ef67275e6da64982bdc01b3adf8fb207825e10e57f4125671e71e320ad64a78937861e07daee8dc0bca77e9918ac48ff3e2c3f850992c4d1f6790e2f2f82339 |