Analysis Overview
SHA256
e8e2deb0a83aebb1e2cc14846bc71715343372103f279d2d1622e383fb26d6ef
Threat Level: Known bad
The file builder.exe was found to be: Known bad.
Malicious Activity Summary
Lockbit family
Blackmatter family
Rule to detect Lockbit 3.0 ransomware Windows payload
Boot or Logon Autostart Execution: Active Setup
Downloads MZ/PE file
Executes dropped EXE
Event Triggered Execution: Component Object Model Hijacking
Checks installed software on the system
Installs/modifies Browser Helper Object
Drops file in System32 directory
Drops file in Program Files directory
Subvert Trust Controls: Mark-of-the-Web Bypass
System Network Configuration Discovery: Internet Connection Discovery
Enumerates physical storage devices
Unsigned PE
System Location Discovery: System Language Discovery
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Uses Task Scheduler COM API
Modifies registry class
Suspicious behavior: EnumeratesProcesses
System policy modification
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Modifies data under HKEY_USERS
Suspicious behavior: GetForegroundWindowSpam
Checks processor information in registry
NTFS ADS
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-02-14 19:55
Signatures
Blackmatter family
Lockbit family
Rule to detect Lockbit 3.0 ransomware Windows payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-02-14 19:55
Reported
2025-02-14 20:04
Platform
win10v2004-20250211-en
Max time kernel
568s
Max time network
572s
Command Line
Signatures
Boot or Logon Autostart Execution: Active Setup
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
Downloads MZ/PE file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Checks installed software on the system
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\tr.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Trust Protection Lists\Mu\Fingerprinting | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\vk_swiftshader_icd.json | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\gd.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\7-Zip\Lang\ext.txt | C:\Users\Admin\Downloads\7z2409.exe | N/A |
| File opened for modification | C:\Program Files (x86)\7-Zip\Lang\ro.txt | C:\Users\Admin\Downloads\7z2409.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\tr.txt | C:\Users\Admin\Downloads\7z2409.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\v8_context_snapshot.bin | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\vccorlib140.dll | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\edge_game_assist\EdgeGameAssist.msix | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\pt-PT.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\oneds.dll | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Trust Protection Lists\Sigma\Analytics | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files\MsEdgeCrashpad\metadata | C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\da.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sq.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\bn-IN.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\zh-TW.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\gl.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\BHO\ie_to_edge_bho.dll | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Trust Protection Lists\Sigma\Cryptomining | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Extensions\external_extensions.json | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\7-Zip\Lang\kaa.txt | C:\Users\Admin\Downloads\7z2409.exe | N/A |
| File opened for modification | C:\Program Files (x86)\7-Zip\Lang\zh-cn.txt | C:\Users\Admin\Downloads\7z2409.exe | N/A |
| File opened for modification | C:\Program Files (x86)\7-Zip\Lang\be.txt | C:\Users\Admin\Downloads\7z2409.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\prefs_enclave_x64.dll | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Locales\hu.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| File created | C:\Program Files\7-Zip\7-zip.dll | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Trust Protection Lists\Mu\TransparentAdvertisers | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Locales\sq.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\PdfPreview\PdfPreviewHandler.dll | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\identity_proxy\stable.identity_helper.exe.manifest | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\7-Zip\Lang\cy.txt | C:\Users\Admin\Downloads\7z2409.exe | N/A |
| File opened for modification | C:\Program Files (x86)\7-Zip\Lang\ja.txt | C:\Users\Admin\Downloads\7z2409.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\msedge.exe | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\sr-Latn-RS.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\co.txt | C:\Users\Admin\Downloads\7z2409.exe | N/A |
| File opened for modification | C:\Program Files (x86)\7-Zip\Lang\ms.txt | C:\Users\Admin\Downloads\7z2409.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\ta.txt | C:\Users\Admin\Downloads\7z2409.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Edge\Temp\source1128_2040635557\MSEDGE.7z | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\sr-Latn-RS.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\msedge.dll | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\sk.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\bg.txt | C:\Users\Admin\Downloads\7z2409.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7z.sfx | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\VisualElements\SmallLogoBeta.png | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\eu.txt | C:\Users\Admin\Downloads\7z2409.exe | N/A |
| File opened for modification | C:\Program Files (x86)\7-Zip\Lang\gl.txt | C:\Users\Admin\Downloads\7z2409.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\VisualElements\LogoDev.png | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Locales\km.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files\MsEdgeCrashpad\throttle_store.dat | C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\kk.txt | C:\Users\Admin\Downloads\7z2409.exe | N/A |
| File created | C:\Program Files (x86)\7-Zip\Lang\vi.txt | C:\Users\Admin\Downloads\7z2409.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ar.txt | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\VisualElements\SmallLogoDev.png | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Locales\bs.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Locales\ms.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\pwahelper.exe | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Trust Protection Lists\Sigma\Analytics | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Locales\nb.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\oneauth.dll | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Trust Protection Lists\Sigma\Other | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\VisualElements\LogoBeta.png | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\ga.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\7z2409.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\7z2409-x64.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\builder.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\7z2409.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2508704002-2325818048-3575902788-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2508704002-2325818048-3575902788-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge\InstallerPinned = "0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\Implemented Categories\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeMHT\Application\ApplicationIcon = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\msedge.exe,0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.pdf\OpenWithProgids | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2508704002-2325818048-3575902788-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftofficehub_8wekyb3d8bbwe\Internet Explorer\DOMStorage\office.com | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000} | C:\Users\Admin\Downloads\7z2409.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ie_to_edge_bho.IEToEdgeBHO\CLSID\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\CLASSES\MIME\Database | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\MSEdgePDF\shell\runas | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.html\OpenWithProgids | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2409.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\Implemented Categories\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\133.0.3065.59\\notification_click_helper.exe" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\text/html | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2409.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\MSEdgeHTM\shell\open\command | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.xht | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.xht\OpenWithProgIds\MSEdgeHTM | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2508704002-2325818048-3575902788-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftofficehub_8wekyb3d8bbwe\Internet Settings\Cache\History\CacheLimit = "1" | C:\Windows\system32\wwahost.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\microsoft-edge\shell\open | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{C9C2B807-7731-4F34-81B7-44FF7779522B}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\MSEdgeHTM\Application | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.xhtml | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2508704002-2325818048-3575902788-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftofficehub_8wekyb3d8bbwe\Internet Settings\Cache\Content | C:\Windows\system32\wwahost.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2508704002-2325818048-3575902788-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftofficehub_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\system32\wwahost.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2409-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\AppID = "{6d2b5079-2f0b-48dd-ab7f-97cec514d30b}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\microsoft-edge\shell\open\command | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\Implemented Categories | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{C9C2B807-7731-4F34-81B7-44FF7779522B} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Interface\{C9C2B807-7731-4F34-81B7-44FF7779522B}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ProgID\ = "ie_to_edge_bho.IEToEdgeBHO.1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\microsoft-edge\ = "URL:microsoft-edge" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\MSEdgeMHT | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\AppID\{1FCBE96C-1697-43AF-9140-2897C7C69767} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\CLASSES\MIME\Database\Content Type\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\image/svg+xml\Extension = ".svg" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\microsoft-edge | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\MSEdgeHTM\DefaultIcon | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeHTM\Application\ApplicationName = "Microsoft Edge" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9C2B807-7731-4F34-81B7-44FF7779522B}\ = "Interface {C9C2B807-7731-4F34-81B7-44FF7779522B}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2508704002-2325818048-3575902788-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftofficehub_8wekyb3d8bbwe\Internet Settings\Cache\Content\CacheLimit = "51200" | C:\Windows\system32\wwahost.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeMHT\ = "Microsoft Edge MHT Document" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ie_to_edge_bho.IEToEdgeBHO.1\CLSID\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/pdf\Extension = ".pdf" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\MSEdgePDF\Application | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.htm\OpenWithProgids | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2508704002-2325818048-3575902788-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftofficehub_8wekyb3d8bbwe\Internet Explorer\EdpDomStorage\office.com | C:\Windows\system32\wwahost.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640}\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{1FCBE96C-1697-43AF-9140-2897C7C69767} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9C2B807-7731-4F34-81B7-44FF7779522B}\TypeLib\ = "{C9C2B807-7731-4F34-81B7-44FF7779522B}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgePDF\Application\ApplicationCompany = "Microsoft Corporation" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2409.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\TypeLib\{C9C2B807-7731-4F34-81B7-44FF7779522B} | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}\InProcServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\Lockbit 3 Builder.7z:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\7z2409.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\7z2409-x64.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1" | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe | N/A |
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\builder.exe
"C:\Users\Admin\AppData\Local\Temp\builder.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2016 -parentBuildID 20240401114208 -prefsHandle 1924 -prefMapHandle 1916 -prefsLen 27345 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a7a4995-63bc-4011-a160-5f1a48bcfdd5} 3720 "\\.\pipe\gecko-crash-server-pipe.3720" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2444 -parentBuildID 20240401114208 -prefsHandle 2436 -prefMapHandle 2432 -prefsLen 27223 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {719dc5d2-e202-40c4-9256-c979da4d0cc7} 3720 "\\.\pipe\gecko-crash-server-pipe.3720" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3036 -childID 1 -isForBrowser -prefsHandle 3052 -prefMapHandle 3080 -prefsLen 22636 -prefMapSize 244628 -jsInitHandle 1148 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b65ede3-6a40-452f-b34b-8d12befb3203} 3720 "\\.\pipe\gecko-crash-server-pipe.3720" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4092 -childID 2 -isForBrowser -prefsHandle 2584 -prefMapHandle 2632 -prefsLen 32597 -prefMapSize 244628 -jsInitHandle 1148 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4fffbbb7-a902-4408-8d62-f80ddb8482ad} 3720 "\\.\pipe\gecko-crash-server-pipe.3720" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4728 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4716 -prefMapHandle 4712 -prefsLen 32597 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d771938-57ba-4393-a60c-3d2508b2a668} 3720 "\\.\pipe\gecko-crash-server-pipe.3720" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5296 -childID 3 -isForBrowser -prefsHandle 5324 -prefMapHandle 5320 -prefsLen 26928 -prefMapSize 244628 -jsInitHandle 1148 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d714054e-e29f-4a04-9ade-b120a9ce11d4} 3720 "\\.\pipe\gecko-crash-server-pipe.3720" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5496 -childID 4 -isForBrowser -prefsHandle 5164 -prefMapHandle 5200 -prefsLen 26928 -prefMapSize 244628 -jsInitHandle 1148 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3218fc81-0931-4fd5-86ec-9012f7083246} 3720 "\\.\pipe\gecko-crash-server-pipe.3720" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5664 -childID 5 -isForBrowser -prefsHandle 5164 -prefMapHandle 5672 -prefsLen 26928 -prefMapSize 244628 -jsInitHandle 1148 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9625a385-b1ca-48e0-8ef4-36f76ed617c7} 3720 "\\.\pipe\gecko-crash-server-pipe.3720" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6092 -childID 6 -isForBrowser -prefsHandle 2956 -prefMapHandle 3088 -prefsLen 27114 -prefMapSize 244628 -jsInitHandle 1148 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {be6d867e-8e3e-4423-b07c-8ec7ced705df} 3720 "\\.\pipe\gecko-crash-server-pipe.3720" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4344 -childID 7 -isForBrowser -prefsHandle 5244 -prefMapHandle 6100 -prefsLen 27114 -prefMapSize 244628 -jsInitHandle 1148 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {47e1cad0-dd2c-432f-a7b8-bfff105863c7} 3720 "\\.\pipe\gecko-crash-server-pipe.3720" tab
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MjE0NUMwNzEtNEFDQi00QkJCLThFODAtQkUxN0ZFMjg1MzQ2fSIgdXNlcmlkPSJ7RURDMUFBNzctNUVENS00QjU2LTlGMEEtMjRDNzdGQjcwNjQxfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7QTMyMUI0QzYtQjI5Ni00ODRGLTk5QjktMTZBRTQzQzE3OUIyfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIzIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MzkyODMyMzYiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4Mzc1NDI1MTE0ODAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1NDA2Njc4MzkzIi8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1740 -childID 8 -isForBrowser -prefsHandle 5980 -prefMapHandle 3756 -prefsLen 27941 -prefMapSize 244628 -jsInitHandle 1148 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed271f73-086e-479a-91e0-068b7a52fb20} 3720 "\\.\pipe\gecko-crash-server-pipe.3720" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5324 -childID 9 -isForBrowser -prefsHandle 5652 -prefMapHandle 5648 -prefsLen 27941 -prefMapSize 244628 -jsInitHandle 1148 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab97af52-8990-461f-80b8-b20f32db3186} 3720 "\\.\pipe\gecko-crash-server-pipe.3720" tab
C:\Users\Admin\Downloads\7z2409.exe
"C:\Users\Admin\Downloads\7z2409.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Users\Admin\Downloads\7z2409-x64.exe
"C:\Users\Admin\Downloads\7z2409-x64.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\MicrosoftEdge_X64_133.0.3065.59.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\MicrosoftEdge_X64_133.0.3065.59.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\MicrosoftEdge_X64_133.0.3065.59.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.59 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff735406a68,0x7ff735406a74,0x7ff735406a80
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.59 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff735406a68,0x7ff735406a74,0x7ff735406a80
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --msedge --channel=stable --register-package-identity --verbose-logging --system-level
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --msedge --channel=stable --remove-deprecated-packages --verbose-logging --system-level
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.59 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff6466b6a68,0x7ff6466b6a74,0x7ff6466b6a80
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --msedge --channel=stable --update-game-assist-package --verbose-logging --system-level
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.59 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff6466b6a68,0x7ff6466b6a74,0x7ff6466b6a80
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.59 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff6466b6a68,0x7ff6466b6a74,0x7ff6466b6a80
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k AppReadiness -p -s AppReadiness
C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe
"C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe" /InvokerPRAID: Microsoft.MicrosoftOfficeHub prelaunch
C:\Windows\system32\wwahost.exe
"C:\Windows\system32\wwahost.exe" -ServerName:Microsoft.MicrosoftOfficeHub.wwa
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| GB | 2.18.66.98:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | www.mozilla.org | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| N/A | 127.0.0.1:57622 | tcp | |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | www-mozilla.fastly-edge.com | udp |
| US | 151.101.131.19:443 | www-mozilla.fastly-edge.com | tcp |
| US | 151.101.131.19:443 | www-mozilla.fastly-edge.com | tcp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| N/A | 127.0.0.1:57630 | tcp | |
| US | 151.101.131.19:443 | www-mozilla.fastly-edge.com | tcp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | www-mozilla.fastly-edge.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.107.152.202:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| GB | 142.250.200.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| GB | 142.250.200.10:443 | ogads-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| GB | 142.250.187.209:443 | csp.withgoogle.com | tcp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| GB | 142.250.178.14:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| GB | 142.250.187.209:443 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 172.217.16.238:443 | consent.google.com | tcp |
| GB | 142.250.200.10:443 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| GB | 142.250.178.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | vx-underground.org | udp |
| US | 104.18.7.192:443 | vx-underground.org | tcp |
| US | 104.18.7.192:443 | vx-underground.org | tcp |
| US | 8.8.8.8:53 | vx-underground.org | udp |
| US | 8.8.8.8:53 | vx-underground.org | udp |
| US | 104.18.7.192:443 | vx-underground.org | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| NL | 2.18.121.72:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| GB | 142.250.187.238:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.187.238:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r2---sn-aigl6ns6.gvt1.com | udp |
| US | 8.8.8.8:53 | r2.sn-aigl6ns6.gvt1.com | udp |
| GB | 74.125.105.7:443 | r2.sn-aigl6ns6.gvt1.com | tcp |
| US | 8.8.8.8:53 | r2.sn-aigl6ns6.gvt1.com | udp |
| GB | 74.125.105.7:443 | r2.sn-aigl6ns6.gvt1.com | udp |
| US | 8.8.8.8:53 | msedge.api.cdp.microsoft.com | udp |
| NL | 4.175.87.113:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| GB | 104.77.160.86:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | mini-01-s3.vx-underground.org | udp |
| US | 104.18.7.192:443 | mini-01-s3.vx-underground.org | tcp |
| US | 8.8.8.8:53 | mini-01-s3.vx-underground.org | udp |
| US | 8.8.8.8:53 | mini-01-s3.vx-underground.org | udp |
| US | 104.18.7.192:443 | mini-01-s3.vx-underground.org | tcp |
| GB | 142.250.200.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| GB | 142.250.187.209:443 | csp.withgoogle.com | udp |
| AR | 216.58.202.99:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | id.google.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| GB | 142.250.200.10:443 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | www.7-zip.org | udp |
| DE | 49.12.202.237:443 | www.7-zip.org | tcp |
| US | 8.8.8.8:53 | www.7-zip.org | udp |
| DE | 49.12.202.237:443 | www.7-zip.org | tcp |
| US | 8.8.8.8:53 | www.7-zip.org | udp |
| GB | 142.250.178.14:443 | play.google.com | udp |
| GB | 142.250.178.14:443 | play.google.com | udp |
| GB | 142.250.178.14:443 | play.google.com | tcp |
| DE | 49.12.202.237:443 | www.7-zip.org | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.111.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | support.mozilla.org | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 104.18.7.192:443 | mini-01-s3.vx-underground.org | tcp |
| US | 104.18.7.192:443 | mini-01-s3.vx-underground.org | tcp |
| US | 8.8.8.8:53 | www.7-zip.org | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| FR | 95.100.133.70:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.office.com | udp |
| US | 13.107.6.156:443 | www.office.com | tcp |
| US | 8.8.8.8:53 | res.cdn.office.net | udp |
| FR | 95.100.133.92:443 | res.cdn.office.net | tcp |
| FR | 95.100.133.92:443 | res.cdn.office.net | tcp |
| FR | 95.100.133.92:443 | res.cdn.office.net | tcp |
| FR | 95.100.133.92:443 | res.cdn.office.net | tcp |
| FR | 95.100.133.92:443 | res.cdn.office.net | tcp |
| FR | 95.100.133.92:443 | res.cdn.office.net | tcp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| GB | 51.140.242.104:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 51.140.242.104:443 | nav.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | data-edge.smartscreen.microsoft.com | udp |
| GB | 51.11.108.188:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 104.77.160.86:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
Files
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 83254636f460265576da5c593629fd7d |
| SHA1 | 60e2db83f20228bc6fba80668ab92551f4337263 |
| SHA256 | aa18a62891b57c4e55627d2e56c1298bc83596a9815f338c01784589efc1f63d |
| SHA512 | 1a59b6e0c93ff6e5766a854603c58747886972b8d91537b890b3651059eb1a7c62caf4d073e3fbd376ab6d895f50243e39be7d6e79f5d5c87dfad260818e7b96 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\datareporting\glean\pending_pings\30944884-5750-47d9-adf8-4ea17fc53ff4
| MD5 | 0dc48cd3adf0c2a4281dd0d3eef00adc |
| SHA1 | 466e18ab4de561835bcd482ea63cdc353781cb01 |
| SHA256 | d61edc1f14f88204737477e652e815e61adfeecb6641177bc2b8e91834b92aaf |
| SHA512 | f53197c0b9afa56c012ca7fdd48b4cfe6ee9ece6505e3af84cdd91f8712f3048099afb1a02b557dcd21ae7a6548ae88a8ddfe32e59fd1c015062b8f6bd63fe00 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\datareporting\glean\pending_pings\e5a9cbdc-e09e-4060-ad5e-4edb657b61dd
| MD5 | 2165f32c17695589ffc6e4363c74508e |
| SHA1 | 7a3b5d3e22442f092d11b8000f8284679261bf2d |
| SHA256 | 11700e4ac8cb1519a3b85cc174ec467ec81eb76d987fd7213b3809b2fc420638 |
| SHA512 | 1293265d7a6f32a011412013f142c183f254c677209885e01ea3fcafd17ab4ed65afe1c64272a4bdf3f9dd83c775720e132f78597b6091384ac15bbb4994407c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\datareporting\glean\pending_pings\941e45d5-89be-40ea-b4a2-96ffc7c334a9
| MD5 | fb2374fa574d6f38854ebbf51aaf80a8 |
| SHA1 | febcf6a0ceae93ec873e7bcf47f5b345a1073527 |
| SHA256 | bde2641e148fd98a2accee5e61d6fefd1bac9c028206478f21020e9ff5c20643 |
| SHA512 | 685263ac01bb2d8d1650a3db9940768cf276bad11f83260955b79843a37ed5b9efdd1da83d12805b7b31a3fde82ae5b7d6a1acbb71a6b7ef69f4e3655b5447f6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 85dea57d8304e9e5e796b9180208b597 |
| SHA1 | 5bc158a15ad5c4c64a5666b18237b98443610cd6 |
| SHA256 | f25f7e1f0a2336f3bdc380d117db6caf879fce7faa43f75b28dc7dfd8a02f6b1 |
| SHA512 | 6dd42a7fc7243a2afc3fd18e38f193732d9fa50be783c5120e643afb49b7aca9baadbd07a87234ed73dbb33f21bc6752d7b34840af5e13756af7760621a267d5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\prefs.js
| MD5 | df261c75096a2635853f9f532df160ad |
| SHA1 | cf3905b3aca43b722f46643a28b3cd50ab3c96e5 |
| SHA256 | 04ddd43b9f1246c9a442647be32bbe64ebca824a90ddf0e7e599ae55cefb3127 |
| SHA512 | 78d39ba1cfa1ef44726f0c6cb575752c8e31a07303832a54881f2117c2367fd7b4fe68bcf3d413fa4149b1485feab1fd3a6a18a413a52a85d5eefbc953cba451 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\prefs-1.js
| MD5 | 3dc117c6e9de19142a1235e00b9ef81f |
| SHA1 | bc5a296d99990440ac73145b550bfd0de3df22e7 |
| SHA256 | 2423140917ea5b39111ae731b5ec3047b5e5dd0908795d2867c600c5a4a3480d |
| SHA512 | 6542cbe3400215e95d9f82d90e4304c592fbddad28082c538b27250adca4956c19396dfce1bd5a9a3fc9313ef69fb4a5d78e9cc8423e5321ce007bb1625f7545 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\activity-stream.discovery_stream.json
| MD5 | 368e146347db6b807558baad7436db9f |
| SHA1 | 0195fc5722c26f993a49e79289c0b713f9c49648 |
| SHA256 | 6317c5105a5bc9dd00df42f3f6093afc0b7c5d321b71a2c6ae68684e8987a952 |
| SHA512 | d47c939521bc162131c7bd7ea6d848ba539aba1978734168c90c5f14f946a0688e6a3f8de164c6ece854dd86f23c68fb2dd76d9dffc595faf2b71ac26e1f9358 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\prefs-1.js
| MD5 | aa13dab707e0898dd3169efca978b246 |
| SHA1 | eacd313d86b9836061236b7b2fad268bd448d19f |
| SHA256 | 6a36423e759387950e08d6ed6ea01ebeb9c214dbb60d277d3b06e0656a81d884 |
| SHA512 | dafd38b7d8afaf0a5fad99a1054b3acf2f83f7e4f58bf156bf80ee1d433aeab63b85edfdc1e7f10991640c6b706d825bb5d44b8706ad3f8fe00aa10908e8c748 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
| MD5 | 96c542dec016d9ec1ecc4dddfcbaac66 |
| SHA1 | 6199f7648bb744efa58acf7b96fee85d938389e4 |
| SHA256 | 7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798 |
| SHA512 | cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\AlternateServices.bin
| MD5 | c98d4e14ecca985d76784d03e2c8d839 |
| SHA1 | e6f800684ec2c5a22b92d2d985fced48a6ff8849 |
| SHA256 | c2779ffdd738820c9386cefa9f79e8686b7b7a92be2d622d4b9cb0c9b76560b8 |
| SHA512 | 76d46107fcaaa98e75aa7890467755c88a43b9b4f88ae9d7cf0fcddd7f74ca0dbdd20b123f88f16439f78c12aab77c56d7de4389a658ab2106784c0d3918c067 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 20f4737e1bcb774aff1f8a3f663c8c2b |
| SHA1 | ee51a46603329aa087395f8209523ad2cbfbc5ae |
| SHA256 | f05176135c4580e2597c688e9cdaf91ed6a64aa69f9873d036cae1be02faa296 |
| SHA512 | a96acd4661684861d6f3757b6ca53a9eec7b9357e262c6f4e2792e3d1d03d2fa4a4bc78ab2ce5a9e7b2a93fd59da7434b499158d0a740c485c5e446bc879ea7d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\prefs-1.js
| MD5 | 8ebcef0da807451eecc308929e65f2dc |
| SHA1 | 6c5817be49c4cfaee5943ba29af5b1f3fa11ffc5 |
| SHA256 | 007d7c969a4ab86f181c89c8459eb7b7f326be59c1c54d30d6aa4c0f4976fc92 |
| SHA512 | 24490c14eaf7d80dfc25f644781dac8ba08b51cbbfe5ba00f8b86cc1c718f7a9c54c1c3293151b565ed17ce56f868735fdb30efe68010eab19ef5383813038a2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\sessionstore-backups\recovery.baklz4
| MD5 | b5d3f782b7d735485565c769ef16c547 |
| SHA1 | 2ca8a84e9b3e697d48e0211d70fe66b98ffe9597 |
| SHA256 | 89fb2fded5cb3ede0bb2560b14914fa16902fab97763016fba2efafe356b8702 |
| SHA512 | 7456b4f28dd743cb148edafd20c2dd6346107529d47967f42c7d0d49e44055d7ff6fa795646331119189fbd0813d5403315317e4f566963e890fb06d788f3f0b |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\AlternateServices.bin
| MD5 | 92a07d6e50540cda31f9307071a0d2ca |
| SHA1 | 43421f691792163969d67c8ba40e07fe757cf5d3 |
| SHA256 | 1ca772b6aa6abddf1593cd572110e24ba97ed79cdc4fa03ec1227a268a729591 |
| SHA512 | 9925e6626b0a193a6fde8051216b1da61c376ce2c0f7c44940769153844dd1db75b3f9f95c01323a06b855d76ef06e1cb19afb8884976804cb0426ca61620a14 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\sessionstore-backups\recovery.baklz4
| MD5 | cf1b0a5733cbf282003be160bbb674a7 |
| SHA1 | 0dc5bec6db2f134d7c1689325789b74c45296285 |
| SHA256 | 1969fd690c460fda938f74e4698c47086de586870130e698f4086a1d7624ced0 |
| SHA512 | 11e7261890c0b71e4414272b1a452c8c4aced1d74016e29e8a03f9f903c76df9229bba37342241730d3f10a85df454b29e6a2ea665f449f6eec0215a882d29a8 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\Downloads\G9Md9ss3.7z.part
| MD5 | c9c2f3805f0012628e9d62e8f75af4dd |
| SHA1 | b6269b1fc8813b93c11ec6066dc33d9f99f2e431 |
| SHA256 | b2c3beda4b000a3d9af0a457d6d942ec81696f3ed485f7cf723b18008a5f3d10 |
| SHA512 | ed4cb425807bbef4da92fe9e17b78746e096612e6006521279162379b2fc65f8dec7647e9c5403c6a74e6eb9b61dce7ca1c74c65d77aafbd0719be79cb1d70ff |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 53cdde0c56713bd995cbc9d8b444ec99 |
| SHA1 | 4280adc6e9b19c3810e8ad4bd08d8181cd969247 |
| SHA256 | a51c60efb1ad3d356dbf29eec4adb9d04f96a3df3472e06fe828253276723218 |
| SHA512 | cff0dd59732e4b25bbcbc634cf19ef4ed6314fc682fca27af87a5504bd16b7e92f228f9e1f7e273ffcc1fb1ecced370306c3750fcf3ff7f9824e6bcb7ca43d5e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 7d3e6ab95352e9028918c45dc2c77e64 |
| SHA1 | b11ca005da3f36e3bc784910e9fd4e08f0d387d3 |
| SHA256 | f44dc2357d5ad259ec4b65de20eb7913bdfe4054afe2737b7d8ce8467c66f5f5 |
| SHA512 | b2e00b9ebebc01fcae44a04c2f0bca414d58a25f821307c7bb895816e464c4ae96eb3f5708b88e059acd91b95fdfe48ea4128ea572d529c096b49420aa0003ae |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 99d3e2ea02e3c5c333c5792f49d395bb |
| SHA1 | 7d7f060327303ae4c50d49fbe3d5a8e4ddbd2137 |
| SHA256 | c220cef860db8ba5fa3f500a988081bdbe2b8d05773a6535a30e88e6bd16762b |
| SHA512 | e14bef000995212d932767e4c6ef7b2dc0d6c27719857c199d857a9d9d9b3573b558ba268d531d006fb34f4b1a4b3d1fbcfecc9cc786b7ebc6c47d9cc6dd1e79 |
C:\Users\Admin\Downloads\7z2409.-918rtF8.exe.part
| MD5 | 00cbef9691efad7a56332fbcf51aa762 |
| SHA1 | 2135a90a9f6c3202c32a87b1c5cf805ce294a497 |
| SHA256 | e35e4374100b52e697e002859aefdd5533bcbf4118e5d2210fae6de318947c41 |
| SHA512 | a39a84b13b383ac5fca20eb6d92ec6b8bc85f1b6a545c441efdbe054d8d12c9ebe97d366235bdf1383bbdb2a9666d18d0145b10b6e589180502c0c2dfa26ef14 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\sessionstore-backups\recovery.baklz4
| MD5 | b32596c8e858655fe6973b6ccc0f296a |
| SHA1 | 3c3b5c5b6ec1add14e974b831a3125ed62ed0081 |
| SHA256 | a139e9ec5881b137926827e24cbac206ec314875fe125f9fdaa4212b05ae737b |
| SHA512 | cc4518be802906b9c076ad4815736832572836c3a63d672598897607c97af37f3238671e0e72b75ab3f4fb2f5decdfb6315196611425838c8d9b8de9173ec880 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 6e6bbbc2cab68d408b4126b0e18a274c |
| SHA1 | 263ba927d4003b2ff5f711d5961cec0cced5fdf8 |
| SHA256 | 4026acdbd71ee87f51b69f9e47fab9285f43a52180b126c171a38db854ff685c |
| SHA512 | a8f5a610950283955fd8773be232afcde1ec0befff48978d6125c681c8df3e2cdcdf237fee0c3f9f8e523df750245e5b32e0990a9c37f15d4817b4b40a4360d8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\sessionstore-backups\recovery.baklz4
| MD5 | e6182f50b7d80fb8dd16c6b0c13e1b45 |
| SHA1 | 7d2849973cd080b75766517592e01994e263c4d4 |
| SHA256 | f52f700af3e65188a62b7c848c7c162c3a8f25c46d3e8ef6148a15014e1e8a0c |
| SHA512 | 5b7764c36571c3afed30928b84e4c8ffde95afa33bbc0dea442df46a159d72105a2965e26782e2e80062c0dd19340a674076ba735796be5438ff71b32e5a3892 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 06e56b2415a62b6fadf79590971bd070 |
| SHA1 | 752428b31fbcd84ee88d0e1b4a60ba6b9805f86b |
| SHA256 | e0c733417c680845720b7e97aba4ff4fedecfbda80e3cb94bca438a6e82f96b9 |
| SHA512 | f352ce28a78d3dace64723db2a72bd4463a83d896f23eb41273190bc896587d8e356ea113deb84c9a4cef4eb2123847d79ca2568a4cb348938de78f5bca31f3c |
C:\Users\Admin\Downloads\7z2409-x64.vbPC7uqq.exe.part
| MD5 | 6c73cc4c494be8f4e680de1a20262c8a |
| SHA1 | 28b53835fe92c3fa6e0c422fc3b17c6bc1cb27e0 |
| SHA256 | bdd1a33de78618d16ee4ce148b849932c05d0015491c34887846d431d29f308e |
| SHA512 | 2e8b746c51132f933cc526db661c2cb8cee889f390e3ce19dabbad1a2e6e13bed7a60f08809282df8d43c1c528a8ce7ce28e9e39fea8c16fd3fcda5604ae0c85 |
C:\Program Files\7-Zip\7-zip.chm
| MD5 | a7ba50e8a23bf4a17f827c69bdb8f6ab |
| SHA1 | 17db88d7fa4bdb042897cf1b8a8d6620dc4f3b07 |
| SHA256 | 94561a6dd2e91b42d566846270b9d8915c30dd9200e7aab3a4e37547c0042491 |
| SHA512 | 16598f7fe5dbad5abac11bbf84fce5a26dd686c1786ddeea7b86ea239fd1fd06587755eee7d376f4ca01a0c61f8b8babf5928222009160949a332fe5e985964a |
\??\PIPE\srvsvc
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk
| MD5 | d4ffb365de9aa43a9cf776c20f79c0b4 |
| SHA1 | bafbc48e378f8e1047623e700325710a6d65eac9 |
| SHA256 | 5c18ccdf711c0bf3c73484cde8d194f14b8cd72aad1a64b7ce20e484149121f6 |
| SHA512 | f33f7c80366e127e16a5373916ba31bf6ebddf165f52b0cd338102e1cbb1485dead3eefe591213b3d65efa536233927e016af7b653d49f525d653746c8324fea |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk
| MD5 | 2e48bf510aa2313ba641150dce397bb7 |
| SHA1 | ea2ac921a65a4224ce05a89fd79ba137be194cf2 |
| SHA256 | 668e8fdac462fe002c36b0c9320aea1543f30d61b2db4c17d7fb928bd5934cf6 |
| SHA512 | 951d5ef054feef3cd60c31c688641f152cab5aa05189b3c6caa3c0534574567bb3dac800bf9f17922fc78073a236ccbd9bc2722c6d92c8db6cfca14ce967c6e1 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 569a25b81de2820dcd60f835db924292 |
| SHA1 | 7834947ab793a213fe7f85b34acb1021c89f2e53 |
| SHA256 | eb805d4c9d8c34da6382cd7aa1ffa3fd9c44300d1ab3401f3aee54ec9bcda24a |
| SHA512 | fc2151a7ffc9d85ef9ab5bbdab4583cb95ab15e3e30b93dd75f2ee76145a6c90aed8d2bd9b7fd1e00a692e0a9f17207dbe008af9a0c38df47afc1dc3a6ac150a |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | ccccb7c8b6fd49dfe1cccee5625d23c9 |
| SHA1 | a3dcbd9577061b42f3efd63cc6084d256fb08f24 |
| SHA256 | 2e3a7d8946f0bfe525da3ab4b28111b0ad977a7b6945e36d22149e9818ce9826 |
| SHA512 | 8553dab0d6ba8c570422ff488969e0810915f4ed4ad339f7ad70c207b5b79ed5bc9e09a9609a157b1bf255ab72a171213492f1584829d18257f3902ce14c2c89 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\prefs-1.js
| MD5 | d0a51f4ae4b4f2647ebd5d7aa5e6bb26 |
| SHA1 | 5d9a92eef23344182201abbc08142d458f0b57de |
| SHA256 | 343ea78ce014d2da36579cc9efffc6fe1f24e04ed77b4c99aee4d3d4d80ab591 |
| SHA512 | ead9ace5660fb6fa6c9cbbd5d76c54397eff7634cebbf930098db500f63d0df7fc1647c4f81a8ec9c5f7e56d349787c08eea10dfdcc630bbfa4fe899219733be |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 86dd7fce8b13cc830dfa9993a3e53530 |
| SHA1 | 61426675737cd9b991562169be3927b573755cf7 |
| SHA256 | 25648d4fbb4f0ca0cba2361cc7a55fed4ea682bbbcfd56b0c83e1928ca3d086e |
| SHA512 | 40e168a0d2a450fe29e9b70bc986d48743fdf1da10ea18eaed1bc29bb8bf22ca73a41d573804515eedba43ac02c572f40d3349a08a2170ba03d374b45896ee38 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | c51cf1af43c58fde39ca2533528f73f5 |
| SHA1 | b9c995a409cccc8cb47b5556699f26434e680680 |
| SHA256 | 532da8eab4b4ff148b0445d92c0df0f9a57a3aaaac449b48eaabf45fac88821e |
| SHA512 | ab607be9cfc26009ae69264db6e43826b6b9a2cf5c2d3a336f17c1c6c8e5a722cbf436d5bff7100fe711cc33f0674f86225b3b7299ac3bd2eb6fb174f26f5de4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 11fe783d7946f49c3b06a6896706ecc3 |
| SHA1 | 349c649d9a880757c7505cf5cfce41febe6fa0eb |
| SHA256 | 04986772843ce478096136b5199482cc0a346904b3b281c4cd6c3537bc243036 |
| SHA512 | 74a31c659644337642093e731a13d96b5353d42998e166618c7c68a0ba8009fdb3ae5567e7ce33a48a0bc5c39da0281d1f8889fdc52b1644d68d97abb4156f58 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i6u2lhv3.default-release\bookmarkbackups\bookmarks-2025-02-14_11_uSUNLp-ZeEHYXgarcqVU+Q==.jsonlz4
| MD5 | 87cca11c1ebf96a44c68a5dfc5786b58 |
| SHA1 | 753f80ca768d541b47046732de6c1ea2f9373053 |
| SHA256 | dc5ebf99efc5fc5d33d55819a1e6b0b529fb17866674dc205a3dc6021dc06843 |
| SHA512 | ff88d1bdee91e2af497796eaf6fbab40fcc9efdae93d378afb8aa49a67d440c6da7e09a494219e1fec7d99e243cb576cab687f835792ec999f1ec6897fafb468 |
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2B42E3B0-7E88-4937-82B2-3C5B9B72258E}\EDGEMITMP_B3BE9.tmp\setup.exe
| MD5 | 1b3e9c59f9c7a134ec630ada1eb76a39 |
| SHA1 | a7e831d392e99f3d37847dcc561dd2e017065439 |
| SHA256 | ce78ccfb0c9cdb06ea61116bc57e50690650b6b5cf37c1aebfb30c19458ee4ae |
| SHA512 | c0e50410dc92d80ff7bc854907774fc551564e078a8d38ca6421f15cea50282c25efac4f357b52b066c4371f9b8d4900fa8122dd80ab06ecbd851c6e049f7a3e |
C:\Program Files\msedge_installer.log
| MD5 | 1796983d64fcd5b7d45d151c0c3e529b |
| SHA1 | 1ef30fda1bc1b6e301a44ac75c16adfe29ec2486 |
| SHA256 | 022b74e24ecc8f5aed938a0ab11b8dd7af9875d489d8e68e9c7ece7895d46e16 |
| SHA512 | bf8eccff8d4f62d82f0d192924b42646b0bd8e0e094d10c5d07459195fb1693edaa238a146bc00512b5450623316ba7c06206ba7e7d0283f90abe895184a7539 |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
| MD5 | ad5f7dc7ca3e67dce70c0a89c04519e0 |
| SHA1 | a10b03234627ca8f3f8034cd5637cda1b8246d83 |
| SHA256 | 663fe0f4e090583e6aa5204b9a80b7a76f677259066e56a7345aebc6bc3e7d31 |
| SHA512 | ad5490e9865caa454c47ec2e96364b9c566b553e64801da60c295acd570017747be1aff6f22ca6c20c6eee6f6d05a058af72569fd6e656f66e48010978c7fd51 |
C:\Program Files\msedge_installer.log
| MD5 | 93d2f682a4a6c06ce557c215931983a0 |
| SHA1 | d139bfb07b25d603e05106938f012a671be5a7db |
| SHA256 | 52e1fa6f2d9bece29298e4ddb1e69b213e2e76ed31f2a5392382bab3794dc2b7 |
| SHA512 | 20eb1bb4f8105cb2dca9c2e60dba4e6c6b3ec53dfd3e0eaa4ab790cb3c92c9c6e6f95ac95f172e56abf8bbac317cd6916a795f3e1d51c50ddeb54cc2834d1ba9 |
C:\Program Files\msedge_installer.log
| MD5 | 9d7787ef62ea6d7c8a804a359f2dcaf7 |
| SHA1 | dae1c4077c6de9a93d01e37b5a9d2ddfee2815f9 |
| SHA256 | 0c8ea40246187d31f1e8349bda0de3d8eb2455b6a69832a872481b5251046007 |
| SHA512 | 56aefd325e205098f38c31d9b2e5b55ba3aa795998a53cf270f2d375c4302d505f343e17a23c41b596c2aaa9979ea4eeb0b05d39f7542e4b6e59ab1d5b7dd7d5 |
memory/4704-1599-0x000002AB69D80000-0x000002AB69D8E000-memory.dmp
memory/4704-1600-0x000002AB6BF50000-0x000002AB6BF5A000-memory.dmp
memory/4704-1601-0x000002AB6BF80000-0x000002AB6BF88000-memory.dmp
memory/4704-1602-0x000002AB6D600000-0x000002AB6D849000-memory.dmp