Windows Analysis Report
Shift Setup.exe

Overview

General Information

Sample name: Shift Setup.exe
Analysis ID: 1541415
MD5: 0f0da32e4bde27b239dc562c4cc2ad1e
SHA1: 872f2163447e8f73feb3d07cc09ead672b9f76b5
SHA256: 416924d36d3b81e047ded649f18bf11999968278b46931824be5ecc9170a30ba
Infos:

Detection

Score: 26
Range: 0 - 100
Whitelisted: false
Confidence: 0%

Compliance

Score: 35
Range: 0 - 100

Signatures

Query firmware table information (likely to detect VMs)
Tries to harvest and steal browser information (history, passwords, etc)
Uses schtasks.exe or at.exe to add and modify task schedules
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
EXE planting / hijacking vulnerabilities found
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file does not import any functions
Queries keyboard layouts
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Searches the installation path of Mozilla Firefox
Sigma detected: CurrentVersion Autorun Keys Modification
Stores files to the Windows start menu directory
Stores large binary data to the registry
Tries to disable installed Antivirus / HIPS / PFW
Uses 32bit PE files
Uses taskkill to terminate processes
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

EXE planting / hijacking vulnerabilities found
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe EXE: C:\Users\user\AppData\Local\Shift\chromium\new_shift.exe
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe EXE: C:\Users\user\AppData\Local\Shift\chromium\new_shift_proxy.exe
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe EXE: setup.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe EXE: C:\Users\user\AppData\Local\Shift\chromium\127.2.2.1372\Installer\setup.exe
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe EXE: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Jump to behavior

Compliance
barindex
EXE planting / hijacking vulnerabilities found
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe EXE: C:\Users\user\AppData\Local\Shift\chromium\new_shift.exe
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe EXE: C:\Users\user\AppData\Local\Shift\chromium\new_shift_proxy.exe
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe EXE: setup.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe EXE: C:\Users\user\AppData\Local\Shift\chromium\127.2.2.1372\Installer\setup.exe
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe EXE: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Jump to behavior
Uses 32bit PE files
Source: Shift Setup.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Directory created: C:\Program Files\chrome_BITS_9184_1433764606 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{95fcf903-63b1-44bd-ab77-358a5bd30aae}_is1 Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe File created: C:\Users\user\AppData\Local\Temp\chromium_installer.log
Source: Shift Setup.exe Static PE information: certificate valid
Source: Shift Setup.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: C:\_gha\shift-browser\shift-browser\release\base\src\out\Release\initialexe\shift.exe.pdb source: shift.exe, 00000007.00000000.5353689043.00007FF678F5C000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: C:\_gha\shift-browser\shift-browser\release\base\src\out\Release\shift_elf.dll.pdb source: Shift Setup.tmp, 00000001.00000003.5381387856.0000000003A80000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\_gha\shift-browser\shift-browser\release\base\src\out\Release\shift_pwa_launcher.exe.pdb source: Shift Setup.tmp, 00000001.00000003.5381387856.0000000003ED5000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\_gha\shift-browser\shift-browser\release\base\src\out\Release\shift_wer.dll.pdb source: Shift Setup.tmp, 00000001.00000003.5381387856.000000000401E000.00000004.00001000.00020000.00000000.sdmp
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp File opened: C:\Users\user\AppData\Local\Shift\chromium Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp File opened: C:\Users\user Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp File opened: C:\Users\user\AppData\Local Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp File opened: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp File opened: C:\Users\user\AppData Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp File opened: C:\Users\user\AppData\Local\Shift Jump to behavior
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 1.1.1.1 1.1.1.1
Source: Joe Sandbox View IP Address: 108.138.106.101 108.138.106.101
Source: shift.exe, 00000007.00000003.5556722163.00004AB801E0C000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: Easily find and share everything that matters.","id":"charli","imageUrl":"https://apps.tryshiftcdn.com/charli/image.svg","monochromeImageUrl":"https://apps.tryshiftcdn.com/charli/image-monochrome.svg","name":"Charli","urlOptions":{"allowCustomPath":false,"hasPrefix":false,"urls":["https://app.charli.ai/"]}},{"category":"Marketing and Analytics","colorImageUrl":"https://apps.tryshiftcdn.com/chartbeat/image-color.svg","description":"Chartbeat delivers real-time analytics, content intelligence, and transformative newsroom tools for digital media and publishing companies around the world.","id":"chartbeat","imageUrl":"https://apps.tryshiftcdn.com/chartbeat/image.svg","monochromeImageUrl":"https://apps.tryshiftcdn.com/chartbeat/image-monochrome.svg","name":"Chartbeat","urlOptions":{"allowCustomPath":false,"hasPrefix":false,"urls":["https://chartbeat.com"]}},{"category":"Marketing and Analytics","colorImageUrl":"https://apps.tryshiftcdn.com/chartmogul/image-color.svg","description":"The leading subscription analytics platform. The best teams in SaaS use ChartMogul to measure, understand, and grow their recurring revenue.","id":"chartmogul","imageUrl":"https://apps.tryshiftcdn.com/chartmogul/image.svg","monochromeImageUrl":"https://apps.tryshiftcdn.com/chartmogul/image-monochrome.svg","name":"ChartMogul","urlOptions":{"urls":["https://app.chartmogul.com/"]}},{"category":"Accounting and Finance","colorImageUrl":"https://apps.tryshiftcdn.com/chase-bank/image-color.svg","description":"A national bank headquartered in Manhattan, New York City.","id":"chase-bank","imageUrl":"https://apps.tryshiftcdn.com/chase-bank/image.svg","monochromeImageUrl":"https://apps.tryshiftcdn.com/chase-bank/image-monochrome.svg","name":"Chase Bank","urlOptions":{"allowCustomPath":false,"hasPrefix":false,"urls":["https://www.chase.com/"]}},{"category":"Social Media","colorImageUrl":"https://apps.tryshiftcdn.com/chatfuel/image-color.svg","description":"Chatfuel is the leading bot platform for creating AI chatbots for Facebook. Learn how to create a Facebook Messenger bot quickly and easily - no coding.","id":"chatfuel","imageUrl":"https://apps.tryshiftcdn.com/chatfuel/image.svg","monochromeImageUrl":"https://apps.tryshiftcdn.com/chatfuel/image-monochrome.svg","name":"Chatfuel","urlOptions":{"allowCustomPath":false,"hasPrefix":false,"urls":["https://chatfuel.com/"]}},{"category":"Communication and Messaging","colorImageUrl":"https://apps.tryshiftcdn.com/chatgpt/image-color.svg","description":"ChatGPT is a large language model developed by OpenAI that can be used for natural language processing tasks such as text generation.","id":"chatgpt","imageUrl":"https://apps.tryshiftcdn.com/chatgpt/image.svg","monochromeImageUrl":"https://apps.tryshiftcdn.com/chatgpt/image-monochrome.svg","name":"ChatGPT","urlOptions":{"urls":["https://chat.openai.com"]}},{"category":"Communication and Messaging","colorImageUrl":"https://apps.tryshiftcdn.com/chatwork/image-color.svg","description":"ChatWork i
Source: shift.exe, 00000007.00000003.5568725271.00004AB801BC0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: www.linkedin.com/ equals www.linkedin.com (Linkedin)
Source: shift.exe, 00000007.00000003.5568725271.00004AB801BC0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: www.linkedin.com/J equals www.linkedin.com (Linkedin)
Source: shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: ,$https://www.linkedin.com/sales/login equals www.linkedin.com (Linkedin)
Source: shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: /'https://www.linkedin.com/learning-login equals www.linkedin.com (Linkedin)
Source: shift.exe, 00000007.00000003.5566790561.00004AB801360000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: @www.youtube.com/ equals www.youtube.com (Youtube)
Source: shift.exe, 00000007.00000003.5566790561.00004AB801360000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: @www.youtube.com/J equals www.youtube.com (Youtube)
Source: shift.exe, 00000007.00000003.5564956392.00004AB802144000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: `www.facebook.com equals www.facebook.com (Facebook)
Source: shift.exe, 00000007.00000003.5564956392.00004AB802144000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: `www.facebook.comJ equals www.facebook.com (Facebook)
Source: shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5555913155.00004AB801318000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.facebook.com equals www.facebook.com (Facebook)
Source: shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5555913155.00004AB801318000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.linkedin.com/ equals www.linkedin.com (Linkedin)
Source: shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5555913155.00004AB801318000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.linkedin.com/learning-login equals www.linkedin.com (Linkedin)
Source: shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.linkedin.com/sales/login equals www.linkedin.com (Linkedin)
Source: shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: shift.exe, 00000007.00000003.5565947286.00004AB801A40000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5566014283.00004AB801A44000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: m`www.linkedin.com/sales/login equals www.linkedin.com (Linkedin)
Source: shift.exe, 00000007.00000003.5565947286.00004AB801A40000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5566014283.00004AB801A44000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: m`www.linkedin.com/sales/loginJ equals www.linkedin.com (Linkedin)
Source: shift.exe, 00000007.00000003.5555158660.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801EF0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5556722163.00004AB801E0C000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: s content operations platform unites revenue teams to speak in one voice across each customer journey.","id":"kapost","imageUrl":"https://apps.tryshiftcdn.com/kapost/image.svg","monochromeImageUrl":"https://apps.tryshiftcdn.com/kapost/image-monochrome.svg","name":"Kapost","urlOptions":{"allowCustomPath":false,"hasPrefix":false,"urls":["https://app.kapost.com/users/sign_in"]}},{"category":"Marketing and Analytics","colorImageUrl":"https://apps.tryshiftcdn.com/kaseya-bms/image-color.svg","description":"Kaseya BMS is a next-generation business management solution that was built specifically to help MSPs spend more time selling and delivering services.","id":"kaseya-bms","imageUrl":"https://apps.tryshiftcdn.com/kaseya-bms/image.svg","monochromeImageUrl":"https://apps.tryshiftcdn.com/kaseya-bms/image-monochrome.svg","name":"Kaseya BMS","urlOptions":{"urls":["https://bms.kaseya.com/"]}},{"category":"Communication and Messaging","colorImageUrl":"https://apps.tryshiftcdn.com/kaseya-vsa/image-color.svg","description":"Automate software patch management and vulnerability management to ensure that all systems are up to date.","id":"kaseya-vsa","imageUrl":"https://apps.tryshiftcdn.com/kaseya-vsa/image.svg","monochromeImageUrl":"https://apps.tryshiftcdn.com/kaseya-vsa/image-monochrome.svg","name":"Kaseya VSA","urlOptions":{"urls":["https://www.kaseya.com/products/vsa/"]}},{"category":"Miscellaneous","colorImageUrl":"https://apps.tryshiftcdn.com/kayak/image-color.svg","description":"Kayak searches hundreds of other travel sites at once to find the information you need to make the right decisions on flights, hotels & rental cars.","id":"kayak","imageUrl":"https://apps.tryshiftcdn.com/kayak/image.svg","monochromeImageUrl":"https://apps.tryshiftcdn.com/kayak/image-monochrome.svg","name":"Kayak","urlOptions":{"allowCustomPath":false,"hasPrefix":false,"urls":["https://www.kayak.com"]}},{"category":"Customer Support","colorImageUrl":"https://apps.tryshiftcdn.com/kayako/image-color.svg","description":"Kayako's help desk software allows companies of all sizes to provide excellent customer services across live chat, email, Facebook. and Twitter.","id":"kayako","imageUrl":"https://apps.tryshiftcdn.com/kayako/image.svg","monochromeImageUrl":"https://apps.tryshiftcdn.com/kayako/image-monochrome.svg","name":"Kayako","urlOptions":{"allowCustomPath":false,"hasPrefix":true,"urls":[".kayako.com/"]}},{"category":"CRM and Sales","colorImageUrl":"https://apps.tryshiftcdn.com/keap/image-color.svg","description":"Keap equals www.facebook.com (Facebook)
Source: shift.exe, 00000007.00000003.5555158660.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801EF0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5556722163.00004AB801E0C000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: s content operations platform unites revenue teams to speak in one voice across each customer journey.","id":"kapost","imageUrl":"https://apps.tryshiftcdn.com/kapost/image.svg","monochromeImageUrl":"https://apps.tryshiftcdn.com/kapost/image-monochrome.svg","name":"Kapost","urlOptions":{"allowCustomPath":false,"hasPrefix":false,"urls":["https://app.kapost.com/users/sign_in"]}},{"category":"Marketing and Analytics","colorImageUrl":"https://apps.tryshiftcdn.com/kaseya-bms/image-color.svg","description":"Kaseya BMS is a next-generation business management solution that was built specifically to help MSPs spend more time selling and delivering services.","id":"kaseya-bms","imageUrl":"https://apps.tryshiftcdn.com/kaseya-bms/image.svg","monochromeImageUrl":"https://apps.tryshiftcdn.com/kaseya-bms/image-monochrome.svg","name":"Kaseya BMS","urlOptions":{"urls":["https://bms.kaseya.com/"]}},{"category":"Communication and Messaging","colorImageUrl":"https://apps.tryshiftcdn.com/kaseya-vsa/image-color.svg","description":"Automate software patch management and vulnerability management to ensure that all systems are up to date.","id":"kaseya-vsa","imageUrl":"https://apps.tryshiftcdn.com/kaseya-vsa/image.svg","monochromeImageUrl":"https://apps.tryshiftcdn.com/kaseya-vsa/image-monochrome.svg","name":"Kaseya VSA","urlOptions":{"urls":["https://www.kaseya.com/products/vsa/"]}},{"category":"Miscellaneous","colorImageUrl":"https://apps.tryshiftcdn.com/kayak/image-color.svg","description":"Kayak searches hundreds of other travel sites at once to find the information you need to make the right decisions on flights, hotels & rental cars.","id":"kayak","imageUrl":"https://apps.tryshiftcdn.com/kayak/image.svg","monochromeImageUrl":"https://apps.tryshiftcdn.com/kayak/image-monochrome.svg","name":"Kayak","urlOptions":{"allowCustomPath":false,"hasPrefix":false,"urls":["https://www.kayak.com"]}},{"category":"Customer Support","colorImageUrl":"https://apps.tryshiftcdn.com/kayako/image-color.svg","description":"Kayako's help desk software allows companies of all sizes to provide excellent customer services across live chat, email, Facebook. and Twitter.","id":"kayako","imageUrl":"https://apps.tryshiftcdn.com/kayako/image.svg","monochromeImageUrl":"https://apps.tryshiftcdn.com/kayako/image-monochrome.svg","name":"Kayako","urlOptions":{"allowCustomPath":false,"hasPrefix":true,"urls":[".kayako.com/"]}},{"category":"CRM and Sales","colorImageUrl":"https://apps.tryshiftcdn.com/keap/image-color.svg","description":"Keap equals www.twitter.com (Twitter)
Source: shift.exe, 00000007.00000003.5555158660.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801EF0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: t need to be a Linux expert to build a website powered by DigitalOcean, AWS, or Google Cloud.","id":"runcloud","imageUrl":"https://apps.tryshiftcdn.com/runcloud/image.svg","monochromeImageUrl":"https://apps.tryshiftcdn.com/runcloud/image-monochrome.svg","name":"RunCloud","urlOptions":{"allowCustomPath":false,"hasPrefix":false,"urls":["https://manage.runcloud.io/"]}},{"category":"Accounting and Finance","colorImageUrl":"https://apps.tryshiftcdn.com/rydoo/image-color.svg","description":"Rydoo - corporate travel and expense management solution on-the-go in real time which will save you time and money.","id":"rydoo","imageUrl":"https://apps.tryshiftcdn.com/rydoo/image.svg","monochromeImageUrl":"https://apps.tryshiftcdn.com/rydoo/image-monochrome.svg","name":"Rydoo","urlOptions":{"allowCustomPath":false,"hasPrefix":false,"urls":["https://accounts.rydoo.com/login"]}},{"category":"Communication and Messaging","colorImageUrl":"https://apps.tryshiftcdn.com/ryver/image-color.svg","description":"Get more done and save money by collaborating with your team all in one app. Team chat + task management + workflow automation.","id":"ryver","imageUrl":"https://apps.tryshiftcdn.com/ryver/image.svg","monochromeImageUrl":"https://apps.tryshiftcdn.com/ryver/image-monochrome.svg","name":"Ryver","urlOptions":{"allowCustomPath":false,"hasPrefix":false,"urls":["https://signup.ryver.com/login"]}},{"category":"Legal and HR","colorImageUrl":"https://apps.tryshiftcdn.com/sagehr/image-color.svg","description":"An award-winning HR technology company that provides attendance, performance & recruitment management for customers worldwide.","id":"sagehr","imageUrl":"https://apps.tryshiftcdn.com/sagehr/image.svg","monochromeImageUrl":"https://apps.tryshiftcdn.com/sagehr/image-monochrome.svg","name":"SageHR","unreadExtractor":{"selectors":[".red-dot-notification"],"type":"boolean"},"urlOptions":{"allowCustomPath":false,"hasPrefix":false,"urls":["https://sage.hr/signin"]}},{"category":"CRM and Sales","colorImageUrl":"https://apps.tryshiftcdn.com/sales-navigator/image-color.svg","description":"LinkedIn Sales Navigator helps you find the right prospects faster with customized, sales-specific insights like lead recommendations, company updates, and more.","id":"sales-navigator","imageUrl":"https://apps.tryshiftcdn.com/sales-navigator/image.svg","monochromeImageUrl":"https://apps.tryshiftcdn.com/sales-navigator/image-monochrome.svg","name":"Sales Navigator","urlOptions":{"allowCustomPath":false,"hasPrefix":false,"urls":["https://www.linkedin.com/sales/login"]}},{"category":"CRM and Sales","colorImageUrl":"https://apps.tryshiftcdn.com/salesflare/image-color.svg","description":"Try Salesflare, the #1 simple CRM for small businesses selling B2B. Integrate with Google & Outlook. Be fully mobile. Automate your CRM from existing data.","id":"salesflare","imageUrl":"https://apps.tryshiftcdn.com/salesflare/image.svg","monochromeImageUrl":"https://apps.tryshiftcdn.com/salesflare/image-monochrome.
Source: shift.exe, 00000007.00000003.5569596892.00004AB801B5C000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5566601860.00004AB80132C000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5566520718.00004AB801328000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: shift.exe, 00000007.00000003.5569596892.00004AB801B5C000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5566601860.00004AB80132C000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5566520718.00004AB801328000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: www.facebook.comJ equals www.facebook.com (Facebook)
Source: shift.exe, 00000007.00000003.5554616808.00004AB801364000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5566601860.00004AB80132C000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5566520718.00004AB801328000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: www.linkedin.com/ equals www.linkedin.com (Linkedin)
Source: shift.exe, 00000007.00000003.5554616808.00004AB801364000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5566601860.00004AB80132C000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5566520718.00004AB801328000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: www.linkedin.com/J equals www.linkedin.com (Linkedin)
Source: shift.exe, 00000007.00000003.5554616808.00004AB801364000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5566601860.00004AB80132C000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5568669308.00004AB801BDC000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: www.linkedin.com/learning-login equals www.linkedin.com (Linkedin)
Source: shift.exe, 00000007.00000003.5554616808.00004AB801364000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5566601860.00004AB80132C000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5568669308.00004AB801BDC000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: www.linkedin.com/learning-loginJ equals www.linkedin.com (Linkedin)
Source: shift.exe, 00000007.00000003.5563798269.00004AB802244000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5553107905.00004AB801A34000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5568257919.00004AB801C70000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: www.linkedin.com/sales/login equals www.linkedin.com (Linkedin)
Source: shift.exe, 00000007.00000003.5563798269.00004AB802244000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5553107905.00004AB801A34000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5568257919.00004AB801C70000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: www.linkedin.com/sales/loginJ equals www.linkedin.com (Linkedin)
Source: shift.exe, 00000007.00000003.5567583466.00004AB801D24000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5552301527.00004AB801AB4000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: www.youtube.com/ equals www.youtube.com (Youtube)
Source: shift.exe, 00000007.00000003.5567583466.00004AB801D24000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5552301527.00004AB801AB4000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: www.youtube.com/J equals www.youtube.com (Youtube)
Source: shift.exe, 00000007.00000003.5376616336.00004AB800B40000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/1423136
Source: shift.exe, 00000007.00000003.5376616336.00004AB800B40000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/1452
Source: shift.exe, 00000007.00000003.5376616336.00004AB800B40000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2152
Source: shift.exe, 00000007.00000003.5376616336.00004AB800B40000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3246
Source: shift.exe, 00000007.00000003.5376616336.00004AB800B40000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3682
Source: shift.exe, 00000007.00000003.5376616336.00004AB800B40000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5007
Source: shift.exe, 00000007.00000003.5376616336.00004AB800B40000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5658
Source: shift.exe, 00000007.00000003.5376616336.00004AB800B40000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5750
Source: shift.exe, 00000007.00000003.5376616336.00004AB800B40000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6041
Source: shift.exe, 00000007.00000003.5376616336.00004AB800B40000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7036
Source: shift.exe, 00000007.00000003.5376616336.00004AB800B40000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7279
Source: shift.exe, 00000007.00000003.5376616336.00004AB800B40000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7724
Source: shift.exe, 00000007.00000003.5376616336.00004AB800B40000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7760
Source: shift.exe, 00000007.00000003.5376616336.00004AB800B40000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7761
Source: shift.exe, 00000007.00000003.5376616336.00004AB800B40000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8280
Source: shift.exe, 00000007.00000003.5376616336.00004AB800B40000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8297
Source: shift.exe, 00000007.00000003.5376616336.00004AB800B40000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8417
Source: Shift Setup.tmp, 00000001.00000003.5381387856.0000000003A80000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://cert.ssl.com/SSL.com-timeStamping-I-RSA-R1.cer0Q
Source: Shift Setup.tmp, 00000001.00000003.5381387856.0000000003A80000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://cert.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.cer0_
Source: shift.exe, 00000007.00000003.5376616336.00004AB800B40000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crbug.com/941620
Source: Shift Setup.tmp, 00000001.00000003.5048038532.00000000009F0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: Shift Setup.tmp, 00000001.00000003.5048038532.00000000009F0000.00000004.00000020.00020000.00000000.sdmp, Shift Setup.tmp, 00000001.00000003.5062480028.0000000000A1F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: Shift Setup.tmp, 00000001.00000003.5381387856.0000000003A80000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crls.ssl.com/SSL.com-timeStamping-I-RSA-R1.crl0
Source: Shift Setup.tmp, 00000001.00000003.5048038532.00000000009F0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crls.ssl.com/SSLcom-RootCA-EV
Source: Shift Setup.tmp, 00000001.00000003.5054837069.0000000000A0C000.00000004.00000020.00020000.00000000.sdmp, Shift Setup.tmp, 00000001.00000003.5048038532.00000000009F0000.00000004.00000020.00020000.00000000.sdmp, Shift Setup.tmp, 00000001.00000003.5062480028.0000000000A0D000.00000004.00000020.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5380788233.00000263AA468000.00000004.00000020.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5380788233.00000263AA481000.00000004.00000020.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5380788233.00000263AA47D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0
Source: Shift Setup.tmp, 00000001.00000003.5381387856.0000000003A80000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crls.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.crl0
Source: Shift Setup.tmp, 00000001.00000003.5381387856.0000000003A80000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crls.ssl.com/ssl.com-rsa-RootCA.crl0
Source: Shift Setup.tmp, 00000001.00000003.5054837069.0000000000A0C000.00000004.00000020.00020000.00000000.sdmp, Shift Setup.tmp, 00000001.00000003.5048038532.00000000009F0000.00000004.00000020.00020000.00000000.sdmp, Shift Setup.tmp, 00000001.00000003.5062480028.0000000000A0D000.00000004.00000020.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5380788233.00000263AA468000.00000004.00000020.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5380788233.00000263AA481000.00000004.00000020.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5380788233.00000263AA47D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsps.ssl.com0
Source: Shift Setup.tmp, 00000001.00000003.5381387856.0000000003A80000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://ocsps.ssl.com0?
Source: Shift Setup.tmp, 00000001.00000003.5048038532.00000000009F0000.00000004.00000020.00020000.00000000.sdmp, Shift Setup.tmp, 00000001.00000003.5054837069.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp, Shift Setup.tmp, 00000001.00000003.5062480028.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.quovadis.bm0
Source: Shift Setup.tmp, 00000001.00000003.5054837069.0000000000A0C000.00000004.00000020.00020000.00000000.sdmp, Shift Setup.tmp, 00000001.00000003.5048038532.00000000009F0000.00000004.00000020.00020000.00000000.sdmp, Shift Setup.tmp, 00000001.00000003.5062480028.0000000000A0D000.00000004.00000020.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5380788233.00000263AA468000.00000004.00000020.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5380788233.00000263AA481000.00000004.00000020.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5380788233.00000263AA47D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.ssl.com/repository/SSLcom-RootCA-EV-RSA-4096-R2.crt0
Source: Shift Setup.tmp, 00000001.00000003.5381387856.0000000003A80000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt0
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://4thewords.com/
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://99designs.com
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://actions.moleskinestudio.com/
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://acuityscheduling.com
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://acumbamail.com/
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5552640931.00004AB8008B8000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5559618804.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://admin.aftership.com/
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5552640931.00004AB8008B8000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5559618804.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://affinity.co/auth/login
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5559618804.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://airtable.com/login
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5559618804.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://alexa.amazon.com
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5565947286.00004AB801A40000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://amazon.ae
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5565947286.00004AB801A40000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://amazon.ca
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5565947286.00004AB801A40000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://amazon.cn
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5565947286.00004AB801A40000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://amazon.co.jp
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5565947286.00004AB801A40000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://amazon.co.uk
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5565947286.00004AB801A40000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://amazon.com
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5565947286.00004AB801A40000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://amazon.com.au
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://amazon.com.br
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5565947286.00004AB801A40000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://amazon.com.mx/
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5565947286.00004AB801A40000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://amazon.com.tr
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5565947286.00004AB801A40000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://amazon.de
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5565947286.00004AB801A40000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://amazon.es
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5565947286.00004AB801A40000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://amazon.fr
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5565947286.00004AB801A40000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://amazon.in
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5565947286.00004AB801A40000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://amazon.it
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5565947286.00004AB801A40000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://amazon.nl
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5565947286.00004AB801A40000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://amazon.sg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5559618804.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://analytics.amplitude.com/login
Source: shift.exe, 00000007.00000003.5376616336.00004AB800B40000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7246
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5559618804.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://animoto.com/log_in
Source: Shift Setup.exe, 00000000.00000003.5026371623.0000000002710000.00000004.00001000.00020000.00000000.sdmp, Shift Setup.tmp, 00000001.00000003.5033032832.00000000036E0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://api.mixpanel.com/engage/?data=
Source: Shift Setup.exe, 00000000.00000003.5026371623.0000000002710000.00000004.00001000.00020000.00000000.sdmp, Shift Setup.tmp, 00000001.00000003.5033032832.00000000036E0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://api.mixpanel.com/track/?data=
Source: Shift Setup.tmp, 00000001.00000003.5372209955.0000000004A05000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://api.mixpanel.com/track/?data=eyJldmVudCI6Imluc3RhbGwiLCJwcm9wZXJ0aWVzIjp7Imluc3RhbGxfdGltZSI
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://app.activecollab.com
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5559618804.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://app.adalo.com/login
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5559618804.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://app.adespresso.com
Source: shift.exe, 00000007.00000003.5553038629.00004AB800C68000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5556462212.00004AB8004A4000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5552640931.00004AB8008B8000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5559618804.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5555158660.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5553725309.00004AB800978000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://app.adroll.com
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5559618804.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://app.agantty.com/
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5559618804.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://app.agencyanalytics.com
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5559618804.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://app.agorapulse.com
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5559618804.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://app.amazingmarvin.com/
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5559618804.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://app.and.co/welcome
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5559618804.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://app.animaker.com/
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5556462212.00004AB8004A4000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5559618804.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5555158660.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5553725309.00004AB800978000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://app.apollo.io/
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://app.goabstract.com
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5556462212.00004AB8004A4000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5559618804.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5555158660.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5553725309.00004AB800978000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://appear.in/user/login
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5559618804.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://application.aligntoday.com/
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/15five/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/15five/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/15five/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/17hats/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/17hats/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/17hats/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/17track/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/17track/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/17track/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/17track/image.svgA9https://apps.tryshiftcdn.com/17track/image-monochrom
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/1crm/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/1crm/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/1crm/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/1password/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/1password/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/1password/image.svgC
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/1password/image.svgC;https://apps.tryshiftcdn.com/1password/image-monoc
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/3dcart/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/3dcart/image-color.svgRJBuild
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/3dcart/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/3dcart/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/4thewords/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/4thewords/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/4thewords/image.svgC
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/4thewords/image.svgC;https://apps.tryshiftcdn.com/4thewords/image-monoc
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/99designs/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/99designs/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/99designs/image.svgC
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/99designs/image.svgC;https://apps.tryshiftcdn.com/99designs/image-monoc
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/abstract/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/abstract/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/abstract/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/abstract/image.svgB:https://apps.tryshiftcdn.com/abstract/image-monochr
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/accelo/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/accelo/image-color.svgumAccelo
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/accelo/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/accelo/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/acorns/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/acorns/image-color.svgWOAcorns
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/acorns/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/acorns/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/actions/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/actions/image-color.svgjbActions
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/actions/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/actions/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/actions/image.svgA9https://apps.tryshiftcdn.com/actions/image-monochrom
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/activecampaign/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/activecampaign/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/activecampaign/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/activecampaign/image.svgH
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/activecollab/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/activecollab/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/activecollab/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/activecollab/image.svgF
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/acuity-scheduling/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/acuity-scheduling/image-color.svgzrOnline
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/acuity-scheduling/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/acuity-scheduling/image.svgK
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/acuity-scheduling/image.svgKChttps://apps.tryshiftcdn.com/acuity-schedu
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/acumatica/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/acumatica/image-color.svgtlAcumatica
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/acumatica/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/acumatica/image.svgC
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/acumatica/image.svgC;https://apps.tryshiftcdn.com/acumatica/image-monoc
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/acumbamail/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/acumbamail/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/acumbamail/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/acumbamail/image.svgD
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/adalo/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/adalo/image-color.svgwoAdalo
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/adalo/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/adalo/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/adalo/image.svg?7https://apps.tryshiftcdn.com/adalo/image-monochrome.sv
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/addthis/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/addthis/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/addthis/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/addthis/image.svgA9https://apps.tryshiftcdn.com/addthis/image-monochrom
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/adespresso/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/adespresso/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/adespresso/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/adespresso/image.svgD
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/adobe-acrobat-dc/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/adobe-acrobat-dc/image-color.svgLDMake
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/adobe-acrobat-dc/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/adobe-acrobat-dc/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/adobe-acrobat-dc/image.svgJBhttps://apps.tryshiftcdn.com/adobe-acrobat-
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/adobe-fonts/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/adobe-fonts/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/adobe-fonts/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/adobe-fonts/image.svgE=https://apps.tryshiftcdn.com/adobe-fonts/image-m
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/adobe-lightroom/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/adobe-lightroom/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/adobe-lightroom/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/adobe-lightroom/image.svgIAhttps://apps.tryshiftcdn.com/adobe-lightroom
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/adobe-portfolio/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/adobe-portfolio/image-color.svgldQuickly
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/adobe-portfolio/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/adobe-portfolio/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/adobe-portfolio/image.svgIAhttps://apps.tryshiftcdn.com/adobe-portfolio
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/adobe-spark/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/adobe-spark/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/adobe-spark/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/adobe-spark/image.svgE=https://apps.tryshiftcdn.com/adobe-spark/image-m
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/adobe-stock/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/adobe-stock/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/adobe-stock/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/adobe-stock/image.svgE=https://apps.tryshiftcdn.com/adobe-stock/image-m
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/adroll/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5556462212.00004AB8004A4000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5552640931.00004AB8008B8000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5555158660.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5553725309.00004AB800978000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/adroll/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5556462212.00004AB8004A4000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5552640931.00004AB8008B8000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5555158660.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5553725309.00004AB800978000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/adroll/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5556462212.00004AB8004A4000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5552640931.00004AB8008B8000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5555158660.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5553725309.00004AB800978000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/aeries/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5552640931.00004AB8008B8000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/aeries/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5552640931.00004AB8008B8000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/aeries/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5552640931.00004AB8008B8000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/affinity/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5552640931.00004AB8008B8000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/affinity/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5552640931.00004AB8008B8000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/affinity/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/affinity/image.svgB:https://apps.tryshiftcdn.com/affinity/image-monochr
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5552640931.00004AB8008B8000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/aftership/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5552640931.00004AB8008B8000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/aftership/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/aftership/image.svgC
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/aftership/image.svgC;https://apps.tryshiftcdn.com/aftership/image-monoc
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5552640931.00004AB8008B8000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/agantty/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/agantty/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/agantty/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/agantty/image.svgA9https://apps.tryshiftcdn.com/agantty/image-monochrom
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/agencyanalytics/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/agencyanalytics/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/agencyanalytics/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/agencyanalytics/image.svgIAhttps://apps.tryshiftcdn.com/agencyanalytics
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/agile-crm/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/agile-crm/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/agile-crm/image.svgC
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/agile-crm/image.svgC;https://apps.tryshiftcdn.com/agile-crm/image-monoc
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/agiled/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/agiled/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/agiled/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/agorapulse/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/agorapulse/image-color.svgzrAn
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/agorapulse/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/agorapulse/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/agorapulse/image.svgD
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/aha/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/aha/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/aha/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/aha/image.svg=5https://apps.tryshiftcdn.com/aha/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/airbnb/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/airbnb/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/airbnb/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/aircall/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/aircall/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/aircall/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/aircall/image.svgA9https://apps.tryshiftcdn.com/aircall/image-monochrom
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/airmessage/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/airmessage/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/airmessage/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/airmessage/image.svgD
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/airship/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/airship/image-color.svgmeAirship
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/airship/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/airship/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/airship/image.svgA9https://apps.tryshiftcdn.com/airship/image-monochrom
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/airslate/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/airslate/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/airslate/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/airslate/image.svgB:https://apps.tryshiftcdn.com/airslate/image-monochr
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/airtable/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/airtable/image-color.svge
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/airtable/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/airtable/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/airtable/image.svgB:https://apps.tryshiftcdn.com/airtable/image-monochr
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/aisle-planner/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/aisle-planner/image-color.svgd
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/aisle-planner/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/aisle-planner/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/aisle-planner/image.svgG?https://apps.tryshiftcdn.com/aisle-planner/ima
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/alchemer/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/alchemer/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/alchemer/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/alchemer/image.svgB:https://apps.tryshiftcdn.com/alchemer/image-monochr
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/algolia/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/algolia/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/algolia/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/algolia/image.svgA9https://apps.tryshiftcdn.com/algolia/image-monochrom
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/alibaba/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/alibaba/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/alibaba/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/alibaba/image.svgA9https://apps.tryshiftcdn.com/alibaba/image-monochrom
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/alienvault/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/alienvault/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/alienvault/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/alienvault/image.svgD
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/aliexpress/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/aliexpress/image-color.svgtlOnline
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/aliexpress/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/aliexpress/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/aliexpress/image.svgD
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/align-today/image-color.svgo
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/align-today/image-color.svgogAlign
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/align-today/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/align-today/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/align-today/image.svgE=https://apps.tryshiftcdn.com/align-today/image-m
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/alltrails/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/alltrails/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/alltrails/image.svgC
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/alltrails/image.svgC;https://apps.tryshiftcdn.com/alltrails/image-monoc
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/alpha/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/alpha/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/alpha/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/alpha/image.svg?7https://apps.tryshiftcdn.com/alpha/image-monochrome.sv
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/amazing-marvin/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/amazing-marvin/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/amazing-marvin/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/amazing-marvin/image.svgH
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/amazon-alexa/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/amazon-alexa/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/amazon-alexa/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/amazon-alexa/image.svgF
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/amazon-chime/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/amazon-chime/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/amazon-chime/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/amazon-chime/image.svgF
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/amazon-music/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/amazon-music/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/amazon-music/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/amazon-music/image.svgF
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/amazon-prime-video/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/amazon-prime-video/image-color.svgiaEnjoy
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/amazon-prime-video/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/amazon-prime-video/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/amazon-prime-video/image.svgLDhttps://apps.tryshiftcdn.com/amazon-prime
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/amazon-seller-central/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/amazon-seller-central/image-color.svg_WPut
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/amazon-seller-central/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/amazon-seller-central/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/amazon-seller-central/image.svgOGhttps://apps.tryshiftcdn.com/amazon-se
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/amazon-smile/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/amazon-smile/image-color.svgmeAmazonSmile
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/amazon-smile/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/amazon-smile/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/amazon-smile/image.svgF
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/amazon/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/amazon/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/amazon/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/american-express/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/american-express/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/american-express/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/american-express/image.svgJBhttps://apps.tryshiftcdn.com/american-expre
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/amplenote/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/amplenote/image-color.svgg_Try
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/amplenote/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/amplenote/image.svgC
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/amplenote/image.svgC;https://apps.tryshiftcdn.com/amplenote/image-monoc
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/amplitude/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/amplitude/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/amplitude/image.svgC
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/amplitude/image.svgC;https://apps.tryshiftcdn.com/amplitude/image-monoc
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/andco/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/andco/image-color.svgaYInvoicing
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/andco/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/andco/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/andco/image.svg?7https://apps.tryshiftcdn.com/andco/image-monochrome.sv
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/android-messages/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/android-messages/image-color.svgSKUse
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/android-messages/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/android-messages/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/android-messages/image.svgJBhttps://apps.tryshiftcdn.com/android-messag
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/anghami/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/anghami/image-color.svgogAnghami
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/anghami/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/anghami/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/anghami/image.svgA9https://apps.tryshiftcdn.com/anghami/image-monochrom
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/animaker/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/animaker/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/animaker/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/animaker/image.svgB:https://apps.tryshiftcdn.com/animaker/image-monochr
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/animoto/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/animoto/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/animoto/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/animoto/image.svgA9https://apps.tryshiftcdn.com/animoto/image-monochrom
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/answerforce/image-color.svgL
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/answerforce/image-color.svgLDAnswerForce
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/answerforce/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/answerforce/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/answerforce/image.svgE=https://apps.tryshiftcdn.com/answerforce/image-m
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5565625987.00004AB801AB4000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5551402772.00004AB801404000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/anteater/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5551402772.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574773067.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562870523.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571630260.00004AB801EF6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/anteater/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5565625987.00004AB801AB4000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5551402772.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574773067.00004AB802412000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/anteater/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5551402772.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574773067.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562870523.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571630260.00004AB801EF6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/anteater/image.svgB:https://apps.tryshiftcdn.com/anteater/image-monochr
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5565625987.00004AB801AB4000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5551402772.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574773067.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562870523.00004AB802412000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/anydo/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5551402772.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574773067.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562870523.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571630260.00004AB801EF6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/anydo/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5565625987.00004AB801AB4000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5551402772.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574773067.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562870523.00004AB802412000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/anydo/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5551402772.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574773067.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562870523.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571630260.00004AB801EF6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/anydo/image.svg?7https://apps.tryshiftcdn.com/anydo/image-monochrome.sv
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5551402772.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574773067.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562870523.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571630260.00004AB801EF6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/aol/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5556462212.00004AB8004A4000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5555158660.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5553725309.00004AB800978000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554036437.00004AB801D4C000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/aol/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5556462212.00004AB8004A4000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5555158660.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5553725309.00004AB800978000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554036437.00004AB801D4C000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/aol/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5551402772.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574773067.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562870523.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571630260.00004AB801EF6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/aol/image.svg=5https://apps.tryshiftcdn.com/aol/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5556462212.00004AB8004A4000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5555158660.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5553725309.00004AB800978000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554036437.00004AB801D4C000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/apollo/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5556462212.00004AB8004A4000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5555158660.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5553725309.00004AB800978000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554036437.00004AB801D4C000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/apollo/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5556462212.00004AB8004A4000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5555158660.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5553725309.00004AB800978000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554036437.00004AB801D4C000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/apollo/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5556462212.00004AB8004A4000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5555158660.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5553725309.00004AB800978000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554036437.00004AB801D4C000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/app-annie/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5556462212.00004AB8004A4000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5555158660.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5553725309.00004AB800978000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554036437.00004AB801D4C000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/app-annie/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5551402772.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574773067.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562870523.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571630260.00004AB801EF6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/app-annie/image.svgC
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5551402772.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574773067.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562870523.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571630260.00004AB801EF6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/app-annie/image.svgC;https://apps.tryshiftcdn.com/app-annie/image-monoc
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5556462212.00004AB8004A4000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5555158660.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5553725309.00004AB800978000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554036437.00004AB801D4C000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/app-store-connect/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5551402772.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574773067.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562870523.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571630260.00004AB801EF6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/app-store-connect/image-color.svgqiEasily
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5556462212.00004AB8004A4000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5555158660.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5553725309.00004AB800978000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554036437.00004AB801D4C000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/app-store-connect/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5551402772.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574773067.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562870523.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571630260.00004AB801EF6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/app-store-connect/image.svgK
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5551402772.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574773067.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562870523.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571630260.00004AB801EF6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/app-store-connect/image.svgKChttps://apps.tryshiftcdn.com/app-store-con
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5556462212.00004AB8004A4000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5555158660.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5553725309.00004AB800978000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554036437.00004AB801D4C000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/appcelerator/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5556462212.00004AB8004A4000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5555158660.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5553725309.00004AB800978000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554036437.00004AB801D4C000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/appcelerator/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5556462212.00004AB8004A4000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5555158660.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5553725309.00004AB800978000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554036437.00004AB801D4C000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/appcelerator/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5551402772.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574773067.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562870523.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571630260.00004AB801EF6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/appcelerator/image.svgF
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5556462212.00004AB8004A4000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5555158660.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5553725309.00004AB800978000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554036437.00004AB801D4C000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/appearin/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5551402772.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574773067.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562870523.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571630260.00004AB801EF6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/appearin/image-color.svg~vCollaborate
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5556462212.00004AB8004A4000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5555158660.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5553725309.00004AB800978000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554036437.00004AB801D4C000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/appearin/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5556462212.00004AB8004A4000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5555158660.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5553725309.00004AB800978000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554036437.00004AB801D4C000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/appearin/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5551402772.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574773067.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562870523.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571630260.00004AB801EF6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/appearin/image.svgB:https://apps.tryshiftcdn.com/appearin/image-monochr
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5556462212.00004AB8004A4000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5555158660.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5553725309.00004AB800978000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554036437.00004AB801D4C000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/apphi/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5551402772.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574773067.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562870523.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571630260.00004AB801EF6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/apphi/image-color.svgXPWorld
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5551402772.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574773067.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562870523.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571630260.00004AB801EF6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/apphi/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5551402772.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574773067.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562870523.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571630260.00004AB801EF6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/apphi/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5551402772.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574773067.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562870523.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571630260.00004AB801EF6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/apphi/image.svg?7https://apps.tryshiftcdn.com/apphi/image-monochrome.sv
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5551402772.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574773067.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562870523.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571630260.00004AB801EF6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/apple-calendar/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5551402772.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574773067.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562870523.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571630260.00004AB801EF6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/apple-calendar/image-color.svgg_You
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5551402772.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574773067.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562870523.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571630260.00004AB801EF6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/apple-calendar/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5551402772.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574773067.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562870523.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571630260.00004AB801EF6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/apple-calendar/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5551402772.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574773067.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562870523.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571630260.00004AB801EF6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/apple-calendar/image.svgH
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5551402772.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574773067.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562870523.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571630260.00004AB801EF6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/apple-contacts/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5551402772.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574773067.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562870523.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571630260.00004AB801EF6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/apple-contacts/image-color.svgJBManage
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5551402772.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574773067.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562870523.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571630260.00004AB801EF6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/apple-contacts/image-monochrome.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5551402772.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574773067.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562870523.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571630260.00004AB801EF6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/apple-contacts/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5551402772.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574773067.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562870523.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571630260.00004AB801EF6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/apple-contacts/image.svgH
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5551402772.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574773067.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562870523.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571630260.00004AB801EF6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/apple-developer/image-color.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5551402772.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574773067.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562870523.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571630260.00004AB801EF6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/apple-developer/image-color.svg6.A
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5551402772.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574773067.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562870523.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571630260.00004AB801EF6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://apps.tryshiftcdn.com/apple-developer/image.svg
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5556462212.00004AB8004A4000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5559618804.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5555158660.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5553725309.00004AB800978000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://appstoreconnect.apple.com/login
Source: Shift Setup.exe, 00000000.00000003.5026371623.0000000002710000.00000004.00001000.00020000.00000000.sdmp, Shift Setup.tmp, 00000001.00000003.5033032832.00000000036E0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://attribution.shiftapis.com/pdata/
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5559618804.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://aws.amazon.com/chime
Source: shift.exe, 00000007.00000003.5376616336.00004AB800B40000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/593024
Source: shift.exe, 00000007.00000003.5376616336.00004AB800B40000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/650547
Source: shift.exe, 00000007.00000003.5376616336.00004AB800B40000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/655534
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5559618804.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://dashboard-v2.aircall.io/login
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5559618804.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5575120316.00004AB801B14000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5551402772.00004AB801404000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://desktop.any.do/tasks/all
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5559618804.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5575120316.00004AB801B14000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5551402772.00004AB801404000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://desktop.apphi.com/#/
Source: Shift Setup.exe, 00000000.00000003.5026371623.0000000002710000.00000004.00001000.00020000.00000000.sdmp, Shift Setup.tmp, 00000001.00000003.5033032832.00000000036E0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://forms.gle/PZRfXfGKJs9YyqNs6
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5559618804.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://go.airship.com/accounts/login/
Source: shift.exe, 00000007.00000003.5376616336.00004AB800B40000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/220069903
Source: shift.exe, 00000007.00000003.5376616336.00004AB800B40000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/292285899
Source: Shift Setup.exe, 00000000.00000000.5025701034.0000000000401000.00000020.00000001.01000000.00000003.sdmp String found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5556462212.00004AB8004A4000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5559618804.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5555158660.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5553725309.00004AB800978000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://login.aol.com/?src=mail
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5559618804.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://messages.google.com/web
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5559618804.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://music.amazon.ca/
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://my.15five.com
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5559618804.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://my.agiled.app/
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://my.airslate.com
Source: Shift Setup.tmp, 00000001.00000003.5381387856.0000000003A80000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5364683714.000063E000244000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://o1334372.ingest.sentry.io/api/4506193009180672/minidump/?sentry_key=1c60a0cacdead91f905faa80
Source: Shift Setup.tmp, 00000001.00000003.5048038532.00000000009F0000.00000004.00000020.00020000.00000000.sdmp, Shift Setup.tmp, 00000001.00000003.5054837069.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp, Shift Setup.tmp, 00000001.00000003.5062480028.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ocsp.quovadisoffshore.com0
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5559618804.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://platform.alphahq.com
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5556462212.00004AB8004A4000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5559618804.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5555158660.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5553725309.00004AB800978000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://platform.axway.com/
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://portal.acumatica.com/
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5559618804.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://secure.aha.io/session/new
Source: shift.exe, 00000007.00000003.5554770847.00004AB8004EC000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410210101/pubads_impl.js
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5559618804.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://sellercentral.amazon.ae/
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://sellercentral.amazon.ca/(
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5559618804.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://sellercentral.amazon.co.jp/
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5559618804.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://sellercentral.amazon.co.uk/
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://sellercentral.amazon.co.uk/(
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5559618804.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://sellercentral.amazon.com.au/
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5559618804.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://sellercentral.amazon.com.mx/
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5559618804.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://sellercentral.amazon.com.tr/
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5559618804.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://sellercentral.amazon.com/
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://sellercentral.amazon.com/(
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://sellercentral.amazon.de/(
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://sellercentral.amazon.es/(
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://sellercentral.amazon.fr/(
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://sellercentral.amazon.in/(
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5559618804.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://sellercentral.amazon.it/
Source: shift.exe, 00000007.00000003.5554770847.00004AB8004EC000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5453436392.00004AB801060000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5551837376.00004AB800EE0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5458063150.00004AB8010EC000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5551425125.00004AB800654000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5551746296.00004AB8011A4000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5514851350.00004AB800654000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5453103456.00004AB8010A0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5507935767.00004AB800C8C000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://shiftntp.com/
Source: shift.exe, 00000007.00000003.5414403535.00004AB800F34000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5551837376.00004AB800EE0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570035673.00004AB800EE0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5551935041.00004AB8002A4000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5551746296.00004AB8011A4000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5453103456.00004AB8010A0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5563112636.00004AB800654000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5414081878.00004AB801010000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://shiftntp.com/g
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://signin.acorns.com
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5559618804.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://smile.amazon.com/
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://start.1password.com
Source: Shift Setup.exe, 00000000.00000003.5026371623.0000000002710000.00000004.00001000.00020000.00000000.sdmp, Shift Setup.tmp, 00000001.00000003.5033032832.00000000036E0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://tryshift.com
Source: Shift Setup.exe, 00000000.00000003.5026371623.0000000002710000.00000004.00001000.00020000.00000000.sdmp, Shift Setup.tmp, 00000001.00000003.5033032832.00000000036E0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://tryshift.com/eula
Source: Shift Setup.exe, 00000000.00000003.5026371623.0000000002710000.00000004.00001000.00020000.00000000.sdmp, Shift Setup.tmp, 00000001.00000003.5033032832.00000000036E0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://tryshift.com/privacy
Source: Shift Setup.tmp, 00000001.00000003.5062480028.00000000009D9000.00000004.00000020.00020000.00000000.sdmp, Shift Setup.tmp, 00000001.00000003.5054837069.0000000000A0C000.00000004.00000020.00020000.00000000.sdmp, Shift Setup.tmp, 00000001.00000003.5048038532.00000000009F0000.00000004.00000020.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5376330839.00000263A5CCE000.00000004.00000020.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5374689076.00000263A5CCE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://updates.shiftapis.com/
Source: Shift Setup.exe, 00000000.00000003.5026371623.0000000002710000.00000004.00001000.00020000.00000000.sdmp, Shift Setup.tmp, 00000001.00000003.5033032832.00000000036E0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://updates.shiftapis.com/ip/
Source: Shift Setup.exe, 00000000.00000003.5026371623.0000000002710000.00000004.00001000.00020000.00000000.sdmp, Shift Setup.tmp, 00000001.00000003.5048038532.00000000009F0000.00000004.00000020.00020000.00000000.sdmp, Shift Setup.tmp, 00000001.00000003.5033032832.00000000036E0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://updates.shiftapis.com/preflight
Source: Shift Setup.tmp, 00000001.00000003.5054837069.0000000000A3C000.00000004.00000020.00020000.00000000.sdmp, Shift Setup.tmp, 00000001.00000003.5048038532.00000000009F0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://updates.shiftapis.com/preflightE
Source: Shift Setup.tmp, 00000001.00000003.5048038532.00000000009F0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://updates.shiftapis.com/preflightq
Source: Shift Setup.exe, 00000000.00000003.5026371623.0000000002710000.00000004.00001000.00020000.00000000.sdmp, Shift Setup.tmp, 00000001.00000003.5033032832.00000000036E0000.00000004.00001000.00020000.00000000.sdmp, Shift Setup.tmp, 00000001.00000003.5062480028.0000000000A3C000.00000004.00000020.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5380109183.00000263A5CCE000.00000004.00000020.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5376330839.00000263A5CCE000.00000004.00000020.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5374689076.00000263A5CCE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://updates.shiftapis.com/settings
Source: Shift Setup.tmp, 00000001.00000003.5062480028.0000000000A3C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://updates.shiftapis.com/settings4
Source: Shift Setup.tmp, 00000001.00000003.5062480028.0000000000A16000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://updates.shiftapis.com/settingswserift_browser
Source: Shift Setup.exe, 00000000.00000003.5026371623.0000000002710000.00000004.00001000.00020000.00000000.sdmp, Shift Setup.tmp, 00000001.00000003.5054837069.0000000000A3C000.00000004.00000020.00020000.00000000.sdmp, Shift Setup.tmp, 00000001.00000003.5062480028.0000000000A28000.00000004.00000020.00020000.00000000.sdmp, Shift Setup.tmp, 00000001.00000003.5054837069.0000000000A28000.00000004.00000020.00020000.00000000.sdmp, Shift Setup.tmp, 00000001.00000003.5033032832.00000000036E0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5376330839.00000263A5CB6000.00000004.00000020.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5375446856.00000263A5CB6000.00000004.00000020.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5380109183.00000263A5CB6000.00000004.00000020.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5374689076.00000263A5CB6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://updates.shiftapis.com/splittests
Source: Shift Setup.tmp, 00000001.00000003.5054837069.0000000000A3C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://updates.shiftapis.com/splittestsWM1
Source: Shift Setup.tmp, 00000001.00000003.5054837069.00000000009F4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://updates.shiftapis.com/splittestsq
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://user.17track.net
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5559618804.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://web.airmessage.org/
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.17hats.com/
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.3dcart.com/
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570350933.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557493181.00004AB8022F6000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557648407.00004AB802306000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.addthis.com
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5552640931.00004AB8008B8000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5559618804.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.aeries.com/products/portals
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5559618804.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.airbnb.com
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5559618804.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.aisleplanner.com/
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.alchemer.com/account-logins/
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5559618804.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.algolia.com/users/sign_in
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5559618804.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.alibaba.com/
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570515748.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.alienvault.com/accounts/signin/
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5559618804.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.aliexpress.com/
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5559618804.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.alltrails.com/
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5559618804.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.americanexpress.com/
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5559618804.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.amplenote.com/
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5559618804.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.anghami.com/login
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5559618804.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.answerforce.com/
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5565625987.00004AB801AB4000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5551402772.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574773067.00004AB802412000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562870523.00004AB802412000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.anteateranalytics.com/dash/intro
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5556462212.00004AB8004A4000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5559618804.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5555158660.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5553725309.00004AB800978000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.appannie.com/account/login
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5559618804.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5575120316.00004AB801B14000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5551402772.00004AB801404000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.icloud.com/calendar/
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5559618804.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5560097657.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5575120316.00004AB801B14000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5551402772.00004AB801404000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.icloud.com/contacts/
Source: Shift Setup.exe, 00000000.00000003.5027372174.0000000002850000.00000004.00001000.00020000.00000000.sdmp, Shift Setup.exe, 00000000.00000003.5028085278.000000007FAF0000.00000004.00001000.00020000.00000000.sdmp, Shift Setup.tmp, 00000001.00000000.5030848129.0000000000401000.00000020.00000001.01000000.00000004.sdmp String found in binary or memory: https://www.innosetup.com/
Source: shift.exe, 00000007.00000003.5558469508.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574766445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571012820.00004AB800A82000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5559618804.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557988010.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557092482.00004AB801FC0000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571943864.00004AB801404000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558656758.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570829277.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5574178356.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5562504154.00004AB802604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571466154.00004AB80239A000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5557817327.00004AB800AFA000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5571140407.00004AB802332000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5570686988.00004AB802316000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5572302653.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561965445.00004AB801804000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5558160028.00004AB800AC2000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5561411792.00004AB801604000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5554616194.00004AB801804000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.primevideo.com/
Source: Shift Setup.exe, 00000000.00000003.5027372174.0000000002850000.00000004.00001000.00020000.00000000.sdmp, Shift Setup.exe, 00000000.00000003.5028085278.000000007FAF0000.00000004.00001000.00020000.00000000.sdmp, Shift Setup.tmp, 00000001.00000000.5030848129.0000000000401000.00000020.00000001.01000000.00000004.sdmp String found in binary or memory: https://www.remobjects.com/ps
Source: Shift Setup.tmp, 00000001.00000003.5381387856.0000000003A80000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.ssl.com/repository0
Detected potential crypto function
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 8_2_00007FF678DDA820 8_2_00007FF678DDA820
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 8_2_00007FF678DDBE32 8_2_00007FF678DDBE32
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 8_2_00007FF678DD3A00 8_2_00007FF678DD3A00
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 8_2_00007FF678DDBF00 8_2_00007FF678DDBF00
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 8_2_00007FF678DDAAE0 8_2_00007FF678DDAAE0
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 8_2_00007FF678DD3DF0 8_2_00007FF678DD3DF0
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 8_2_00007FF678DDBBC0 8_2_00007FF678DDBBC0
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 8_2_00007FF678DDB180 8_2_00007FF678DDB180
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 8_2_00007FF678DD3F90 8_2_00007FF678DD3F90
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 8_2_00007FF678DD275E 8_2_00007FF678DD275E
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 8_2_00007FF678DD5C60 8_2_00007FF678DD5C60
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 8_2_00007FF678DD1760 8_2_00007FF678DD1760
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 8_2_00007FF678DD3260 8_2_00007FF678DD3260
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 8_2_00007FF678DD3B60 8_2_00007FF678DD3B60
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 8_2_00007FFE3EB43A00 8_2_00007FFE3EB43A00
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 8_2_00007FFE3EB4BF00 8_2_00007FFE3EB4BF00
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 8_2_00007FFE3EB4A820 8_2_00007FFE3EB4A820
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 8_2_00007FFE3EB4BE32 8_2_00007FFE3EB4BE32
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 8_2_00007FFE3EB4BBC0 8_2_00007FFE3EB4BBC0
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 8_2_00007FFE3EB4AAE0 8_2_00007FFE3EB4AAE0
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 8_2_00007FFE3EB43DF0 8_2_00007FFE3EB43DF0
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 8_2_00007FFE3EB4B180 8_2_00007FFE3EB4B180
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 8_2_00007FFE3EB43F90 8_2_00007FFE3EB43F90
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 8_2_00007FFE3EB41760 8_2_00007FFE3EB41760
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 8_2_00007FFE3EB43260 8_2_00007FFE3EB43260
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 8_2_00007FFE3EB43B60 8_2_00007FFE3EB43B60
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 8_2_00007FFE3EB45C60 8_2_00007FFE3EB45C60
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 8_2_00007FFE3EB4275E 8_2_00007FFE3EB4275E
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 9_2_00007FF678DDA820 9_2_00007FF678DDA820
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 9_2_00007FF678DDBE32 9_2_00007FF678DDBE32
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 9_2_00007FF678DD3A00 9_2_00007FF678DD3A00
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 9_2_00007FF678DDBF00 9_2_00007FF678DDBF00
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 9_2_00007FF678DDAAE0 9_2_00007FF678DDAAE0
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 9_2_00007FF678DD3DF0 9_2_00007FF678DD3DF0
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 9_2_00007FF678DDBBC0 9_2_00007FF678DDBBC0
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 9_2_00007FF678DDB180 9_2_00007FF678DDB180
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 9_2_00007FF678DD3F90 9_2_00007FF678DD3F90
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 9_2_00007FF678DD275E 9_2_00007FF678DD275E
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 9_2_00007FF678DD5C60 9_2_00007FF678DD5C60
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 9_2_00007FF678DD1760 9_2_00007FF678DD1760
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 9_2_00007FF678DD3260 9_2_00007FF678DD3260
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 9_2_00007FF678DD3B60 9_2_00007FF678DD3B60
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 17_2_00007FF678DDA820 17_2_00007FF678DDA820
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 17_2_00007FF678DDBE32 17_2_00007FF678DDBE32
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 17_2_00007FF678DD3A00 17_2_00007FF678DD3A00
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 17_2_00007FF678DDBF00 17_2_00007FF678DDBF00
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 17_2_00007FF678DDAAE0 17_2_00007FF678DDAAE0
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 17_2_00007FF678DD3DF0 17_2_00007FF678DD3DF0
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 17_2_00007FF678DDBBC0 17_2_00007FF678DDBBC0
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 17_2_00007FF678DDB180 17_2_00007FF678DDB180
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 17_2_00007FF678DD3F90 17_2_00007FF678DD3F90
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 17_2_00007FF678DD275E 17_2_00007FF678DD275E
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 17_2_00007FF678DD5C60 17_2_00007FF678DD5C60
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 17_2_00007FF678DD1760 17_2_00007FF678DD1760
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 17_2_00007FF678DD3260 17_2_00007FF678DD3260
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 17_2_00007FF678DD3B60 17_2_00007FF678DD3B60
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 19_2_00007FF678DDA820 19_2_00007FF678DDA820
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 19_2_00007FF678DDBE32 19_2_00007FF678DDBE32
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 19_2_00007FF678DD3A00 19_2_00007FF678DD3A00
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 19_2_00007FF678DDBF00 19_2_00007FF678DDBF00
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 19_2_00007FF678DDAAE0 19_2_00007FF678DDAAE0
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 19_2_00007FF678DD3DF0 19_2_00007FF678DD3DF0
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 19_2_00007FF678DDBBC0 19_2_00007FF678DDBBC0
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 19_2_00007FF678DDB180 19_2_00007FF678DDB180
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 19_2_00007FF678DD3F90 19_2_00007FF678DD3F90
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 19_2_00007FF678DD275E 19_2_00007FF678DD275E
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 19_2_00007FF678DD5C60 19_2_00007FF678DD5C60
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 19_2_00007FF678DD1760 19_2_00007FF678DD1760
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 19_2_00007FF678DD3260 19_2_00007FF678DD3260
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 19_2_00007FF678DD3B60 19_2_00007FF678DD3B60
One or more processes crash
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 8548 -s 2700
PE file contains executable resources (Code or Archives)
Source: Shift Setup.tmp.0.dr Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-HTN68.tmp.1.dr Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
PE file contains more sections than normal
Source: setup.exe.7.dr Static PE information: Number of sections : 12 > 10
Source: is-7N7R4.tmp.1.dr Static PE information: Number of sections : 12 > 10
Source: shift.dll.33.dr Static PE information: Number of sections : 15 > 10
Source: notification_helper.exe.33.dr Static PE information: Number of sections : 11 > 10
Source: is-ACQJB.tmp.1.dr Static PE information: Number of sections : 11 > 10
Source: is-1QBQG.tmp.1.dr Static PE information: Number of sections : 11 > 10
Source: is-NH3GK.tmp.1.dr Static PE information: Number of sections : 11 > 10
Source: is-EISFN.tmp.1.dr Static PE information: Number of sections : 14 > 10
PE file does not import any functions
Source: eventlog_provider.dll.33.dr Static PE information: No import functions for PE file found
Sample file is different than original file name gathered from version info
Source: Shift Setup.exe, 00000000.00000003.5027372174.000000000293A000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFileName vs Shift Setup.exe
Source: Shift Setup.exe, 00000000.00000000.5026053812.00000000004C6000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFileName vs Shift Setup.exe
Source: Shift Setup.exe, 00000000.00000003.5028085278.000000007FDD6000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFileName vs Shift Setup.exe
Searches the installation path of Mozilla Firefox
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Registry key queried: HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\91.0.1 (x64 en-GB)\Main Install Directory Jump to behavior
Uses 32bit PE files
Source: Shift Setup.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: classification engine Classification label: sus26.spyw.evad.winEXE@54/762@0/28
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe File created: C:\Program Files\chrome_BITS_9184_1433764606 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp File created: C:\Users\user\AppData\Local\Programs Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Mutant created: \Sessions\1\BaseNamedObjects\ShiftSetup-1c730e63-6e5f-40e0-80ac-ea3d2e84e629
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Mutant created: \Sessions\1\BaseNamedObjects\Shift-841bfdc9-095f-4be3-9a77-bce0d18a78a8
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Mutant created: NULL
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:9112:304:WilStaging_02
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Mutant created: \Sessions\1\BaseNamedObjects\mfx_d3d_mutex
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8824:304:WilStaging_02
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Mutant created: \Sessions\1\BaseNamedObjects\Global\ChromeSetupMutex_15565684959804090210
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:9112:120:WilError_03
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Mutant created: \Sessions\1\BaseNamedObjects\Global\ChromeSetupExitEventMutex_15565684959804090210
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\ChromeProcessSingletonStartup!
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8824:120:WilError_03
Source: C:\Windows\SysWOW64\WerFault.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess8548
Source: C:\Users\user\Desktop\Shift Setup.exe File created: C:\Users\user\AppData\Local\Temp\is-163NS.tmp Jump to behavior
Source: C:\Users\user\Desktop\Shift Setup.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\Desktop\Shift Setup.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "shift.exe")
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Family,VirtualizationFirmwareEnabled FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp File read: C:\Users\user\Desktop\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\Shift Setup.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe File read: C:\Windows\System32\drivers\etc\hosts
Source: shift.exe, 00000007.00000003.5372085500.00004AB8007D8000.00000004.00001000.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5372369718.00004AB800794000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: C:\Users\user\Desktop\Shift Setup.exe File read: C:\Users\user\Desktop\Shift Setup.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\Shift Setup.exe "C:\Users\user\Desktop\Shift Setup.exe"
Source: C:\Users\user\Desktop\Shift Setup.exe Process created: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp "C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp" /SL5="$10468,95019598,1164800,C:\Users\user\Desktop\Shift Setup.exe"
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Process created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im shift.exe
Source: C:\Windows\SysWOW64\taskkill.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Process created: C:\Windows\System32\schtasks.exe "schtasks" /delete /tn ShiftLaunchTask /f
Source: C:\Windows\System32\schtasks.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "C:\Users\user\AppData\Local\Shift\chromium\shift.exe" --start-maximized
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe C:\Users\user\AppData\Local\Shift\chromium\shift.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\Shift\User Data" /prefetch:4 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\user\AppData\Local\Shift\User Data" --monitor-self-argument=/prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\Shift\User Data\Crashpad" --url=https://o1334372.ingest.sentry.io/api/4506193009180672/minidump/?sentry_key=1c60a0cacdead91f905faa80e9c82d03 --annotation=plat=Win64 --annotation=prod=Shift --annotation=ver=122.10.0.1101 --initial-client-data=0xf4,0xf8,0xfc,0xac,0x100,0x7ffe3ec55700,0x7ffe3ec5570c,0x7ffe3ec55718
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe C:\Users\user\AppData\Local\Shift\chromium\shift.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\Shift\User Data" /prefetch:4 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\Shift\User Data\Crashpad" --url=https://o1334372.ingest.sentry.io/api/4506193009180672/minidump/?sentry_key=1c60a0cacdead91f905faa80e9c82d03 --annotation=plat=Win64 --annotation=prod=Shift --annotation=ver=122.10.0.1101 --initial-client-data=0x154,0x158,0x15c,0x114,0x160,0x7ff678faf0b8,0x7ff678faf0c4,0x7ff678faf0d0
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "C:\Users\user\AppData\Local\Shift\chromium\shift.exe" --type=gpu-process --no-pre-read-main-dll --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2312 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:2
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "C:\Users\user\AppData\Local\Shift\chromium\shift.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --start-stack-profiler --mojo-platform-channel-handle=2864 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:3
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "C:\Users\user\AppData\Local\Shift\chromium\shift.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-pre-read-main-dll --mojo-platform-channel-handle=3184 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "C:\Users\user\AppData\Local\Shift\chromium\shift.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --mojo-platform-channel-handle=4328 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "C:\Users\user\AppData\Local\Shift\chromium\shift.exe" --type=renderer --extension-process --no-pre-read-main-dll --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --time-ticks-at-unix-epoch=-1729793908742888 --launch-time-ticks=538271629 --mojo-platform-channel-handle=4508 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:2
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "C:\Users\user\AppData\Local\Shift\chromium\shift.exe" --type=renderer --no-pre-read-main-dll --start-stack-profiler --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --time-ticks-at-unix-epoch=-1729793908742888 --launch-time-ticks=538611283 --mojo-platform-channel-handle=4884 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:1
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "C:\Users\user\AppData\Local\Shift\chromium\shift.exe" --type=renderer --instant-process --no-pre-read-main-dll --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --time-ticks-at-unix-epoch=-1729793908742888 --launch-time-ticks=538993971 --mojo-platform-channel-handle=5240 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:1
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "C:\Users\user\AppData\Local\Shift\chromium\shift.exe" --type=renderer --no-pre-read-main-dll --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --time-ticks-at-unix-epoch=-1729793908742888 --launch-time-ticks=539522401 --mojo-platform-channel-handle=5548 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:1
Source: unknown Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe C:\Users\user\AppData\Local\Shift\chromium\shift.exe --start-maximized --launch-source=sign-in
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 8548 -s 2700
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "C:\Users\user\AppData\Local\Shift\chromium\shift.exe" --type=renderer --no-pre-read-main-dll --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --time-ticks-at-unix-epoch=-1729793908742888 --launch-time-ticks=545806341 --mojo-platform-channel-handle=6208 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:1
Source: C:\Windows\explorer.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "C:\Users\user\AppData\Local\Shift\chromium\shift.exe" --launch-source=sign-in
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "C:\Users\user\AppData\Local\Shift\chromium\shift.exe" --type=renderer --no-pre-read-main-dll --start-stack-profiler --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --time-ticks-at-unix-epoch=-1729793908742888 --launch-time-ticks=553237658 --mojo-platform-channel-handle=6480 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:1
Source: C:\Windows\explorer.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "C:\Users\user\AppData\Local\Shift\chromium\shift.exe" --launch-source=sign-in
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "C:\Users\user\AppData\Local\Shift\chromium\shift.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --no-pre-read-main-dll --mojo-platform-channel-handle=6992 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 8548 -s 2444
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe setup.exe --do-not-launch-chrome
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\Shift\User Data\Crashpad" --url=https://o1334372.ingest.sentry.io/api/4506193009180672/minidump/?sentry_key=1c60a0cacdead91f905faa80e9c82d03 --annotation=plat=Win64 --annotation=prod=Shift --annotation=ver=127.2.2.1372 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff7e5908410,0x7ff7e590841c,0x7ff7e5908428
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe "C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe" --verbose-logging --create-shortcuts=0 --install-level=0
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\Shift\User Data\Crashpad" --url=https://o1334372.ingest.sentry.io/api/4506193009180672/minidump/?sentry_key=1c60a0cacdead91f905faa80e9c82d03 --annotation=plat=Win64 --annotation=prod=Shift --annotation=ver=127.2.2.1372 --initial-client-data=0x24c,0x250,0x254,0x208,0x258,0x7ff7e5908410,0x7ff7e590841c,0x7ff7e5908428
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "C:\Users\user\AppData\Local\Shift\chromium\shift.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=32902 --gpu-device-id=16024 --gpu-sub-system-id=1050155081 --gpu-revision=2 --gpu-driver-version=27.20.100.9415 --no-pre-read-main-dll --start-stack-profiler --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=464 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\Desktop\Shift Setup.exe Process created: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp "C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp" /SL5="$10468,95019598,1164800,C:\Users\user\Desktop\Shift Setup.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Process created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im shift.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Process created: C:\Windows\System32\schtasks.exe "schtasks" /delete /tn ShiftLaunchTask /f Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "C:\Users\user\AppData\Local\Shift\chromium\shift.exe" --start-maximized Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe C:\Users\user\AppData\Local\Shift\chromium\shift.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\Shift\User Data" /prefetch:4 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\user\AppData\Local\Shift\User Data" --monitor-self-argument=/prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\Shift\User Data\Crashpad" --url=https://o1334372.ingest.sentry.io/api/4506193009180672/minidump/?sentry_key=1c60a0cacdead91f905faa80e9c82d03 --annotation=plat=Win64 --annotation=prod=Shift --annotation=ver=122.10.0.1101 --initial-client-data=0xf4,0xf8,0xfc,0xac,0x100,0x7ffe3ec55700,0x7ffe3ec5570c,0x7ffe3ec55718 Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "C:\Users\user\AppData\Local\Shift\chromium\shift.exe" --type=gpu-process --no-pre-read-main-dll --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2312 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:2 Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "C:\Users\user\AppData\Local\Shift\chromium\shift.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --start-stack-profiler --mojo-platform-channel-handle=2864 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:3 Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "C:\Users\user\AppData\Local\Shift\chromium\shift.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-pre-read-main-dll --mojo-platform-channel-handle=3184 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:8 Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "C:\Users\user\AppData\Local\Shift\chromium\shift.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --mojo-platform-channel-handle=4328 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:8 Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "C:\Users\user\AppData\Local\Shift\chromium\shift.exe" --type=renderer --extension-process --no-pre-read-main-dll --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --time-ticks-at-unix-epoch=-1729793908742888 --launch-time-ticks=538271629 --mojo-platform-channel-handle=4508 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:2 Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "C:\Users\user\AppData\Local\Shift\chromium\shift.exe" --type=renderer --no-pre-read-main-dll --start-stack-profiler --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --time-ticks-at-unix-epoch=-1729793908742888 --launch-time-ticks=538611283 --mojo-platform-channel-handle=4884 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:1 Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "C:\Users\user\AppData\Local\Shift\chromium\shift.exe" --type=renderer --instant-process --no-pre-read-main-dll --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --time-ticks-at-unix-epoch=-1729793908742888 --launch-time-ticks=538993971 --mojo-platform-channel-handle=5240 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:1 Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "C:\Users\user\AppData\Local\Shift\chromium\shift.exe" --type=renderer --no-pre-read-main-dll --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --time-ticks-at-unix-epoch=-1729793908742888 --launch-time-ticks=539522401 --mojo-platform-channel-handle=5548 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:1 Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "C:\Users\user\AppData\Local\Shift\chromium\shift.exe" --type=renderer --no-pre-read-main-dll --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --time-ticks-at-unix-epoch=-1729793908742888 --launch-time-ticks=545806341 --mojo-platform-channel-handle=6208 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:1 Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "C:\Users\user\AppData\Local\Shift\chromium\shift.exe" --type=renderer --no-pre-read-main-dll --start-stack-profiler --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --time-ticks-at-unix-epoch=-1729793908742888 --launch-time-ticks=553237658 --mojo-platform-channel-handle=6480 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:1 Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "C:\Users\user\AppData\Local\Shift\chromium\shift.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --no-pre-read-main-dll --mojo-platform-channel-handle=6992 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:8 Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe setup.exe --do-not-launch-chrome Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "C:\Users\user\AppData\Local\Shift\chromium\shift.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=32902 --gpu-device-id=16024 --gpu-sub-system-id=1050155081 --gpu-revision=2 --gpu-driver-version=27.20.100.9415 --no-pre-read-main-dll --start-stack-profiler --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=464 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:8 Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe C:\Users\user\AppData\Local\Shift\chromium\shift.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\Shift\User Data" /prefetch:4 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\Shift\User Data\Crashpad" --url=https://o1334372.ingest.sentry.io/api/4506193009180672/minidump/?sentry_key=1c60a0cacdead91f905faa80e9c82d03 --annotation=plat=Win64 --annotation=prod=Shift --annotation=ver=122.10.0.1101 --initial-client-data=0x154,0x158,0x15c,0x114,0x160,0x7ff678faf0b8,0x7ff678faf0c4,0x7ff678faf0d0
Source: C:\Windows\explorer.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "C:\Users\user\AppData\Local\Shift\chromium\shift.exe" --launch-source=sign-in
Source: C:\Windows\explorer.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "C:\Users\user\AppData\Local\Shift\chromium\shift.exe" --launch-source=sign-in
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\Shift\User Data\Crashpad" --url=https://o1334372.ingest.sentry.io/api/4506193009180672/minidump/?sentry_key=1c60a0cacdead91f905faa80e9c82d03 --annotation=plat=Win64 --annotation=prod=Shift --annotation=ver=127.2.2.1372 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff7e5908410,0x7ff7e590841c,0x7ff7e5908428
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe "C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe" --verbose-logging --create-shortcuts=0 --install-level=0
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\Shift\User Data\Crashpad" --url=https://o1334372.ingest.sentry.io/api/4506193009180672/minidump/?sentry_key=1c60a0cacdead91f905faa80e9c82d03 --annotation=plat=Win64 --annotation=prod=Shift --annotation=ver=127.2.2.1372 --initial-client-data=0x24c,0x250,0x254,0x208,0x258,0x7ff7e5908410,0x7ff7e590841c,0x7ff7e5908428
Source: C:\Users\user\Desktop\Shift Setup.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\Shift Setup.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\Shift Setup.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\Shift Setup.exe Section loaded: edgegdi.dll Jump to behavior
Source: C:\Users\user\Desktop\Shift Setup.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\Shift Setup.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: netapi32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: edgegdi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: winsta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: winhttpcom.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: webio.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: schannel.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: msftedit.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: windows.globalization.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: bcp47mrm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: globinputhost.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: appresolver.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: slc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: sppc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: explorerframe.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: sfc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: sfc_os.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: linkinfo.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: ntshrui.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: cscapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: edgegdi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\schtasks.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\schtasks.exe Section loaded: taskschd.dll Jump to behavior
Source: C:\Windows\System32\schtasks.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: edgegdi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: kbdus.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: webio.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: twinapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: windows.ui.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: windowmanagementapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: inputhost.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: mdmregistration.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: mscms.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: coloradapterclient.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: mdmregistration.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: devobj.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: omadmapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: dmcmnutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: iri.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: mmdevapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: dsreg.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: wpnapps.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: rmclient.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: xmllite.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: usermgrcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: firewallapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: fwbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: wlanapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: taskschd.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: dataexchange.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: d3d11.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: dcomp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: windows.media.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: atlthunk.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: directmanipulation.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: linkinfo.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: wlanapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: pdh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: perfos.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: pcpksp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: tbs.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: ncryptprov.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: cryptowinrt.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: cryptngc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: ngcksp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: bitsproxy.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: edgegdi.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: edgegdi.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: edgegdi.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: resourcepolicyclient.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: mf.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: mfplat.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: rtworkq.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: d3d11.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: dcomp.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: dxcore.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: dxil.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: d3d12.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: winpixeventruntime.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: edgegdi.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: edgegdi.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: webio.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: dwritecore.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: dwritecore.dll
Source: C:\Windows\explorer.exe Section loaded: smartscreenps.dll
Source: C:\Windows\explorer.exe Section loaded: pcacli.dll
Source: C:\Windows\explorer.exe Section loaded: mpr.dll
Source: C:\Windows\explorer.exe Section loaded: sfc_os.dll
Source: C:\Windows\explorer.exe Section loaded: storageusage.dll
Source: C:\Windows\explorer.exe Section loaded: fhcfg.dll
Source: C:\Windows\explorer.exe Section loaded: efsutil.dll
Source: C:\Windows\explorer.exe Section loaded: dsrole.dll
Source: C:\Windows\explorer.exe Section loaded: windows.internal.system.userprofile.dll
Source: C:\Windows\explorer.exe Section loaded: cloudexperiencehostbroker.dll
Source: C:\Windows\explorer.exe Section loaded: credui.dll
Source: C:\Windows\explorer.exe Section loaded: dui70.dll
Source: C:\Windows\explorer.exe Section loaded: wdscore.dll
Source: C:\Windows\explorer.exe Section loaded: dbghelp.dll
Source: C:\Windows\explorer.exe Section loaded: dbgcore.dll
Source: C:\Windows\explorer.exe Section loaded: vcruntime140_1.dll
Source: C:\Windows\explorer.exe Section loaded: vcruntime140.dll
Source: C:\Windows\explorer.exe Section loaded: msvcp140.dll
Source: C:\Windows\explorer.exe Section loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: edgegdi.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Section loaded: edgegdi.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Section loaded: firewallapi.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Section loaded: fwbase.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Section loaded: fwpolicyiomgr.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Section loaded: edgegdi.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Section loaded: edgegdi.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Section loaded: linkinfo.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Section loaded: ntshrui.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Section loaded: cscapi.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Section loaded: slc.dll
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2087c2f4-2cef-4953-a8ab-66779b670495}\InProcServer32 Jump to behavior
Source: Shift Browser.lnk.1.dr LNK file: ..\AppData\Local\Shift\chromium\shift.exe
Source: Shift Browser.lnk0.1.dr LNK file: ..\..\..\..\..\..\Local\Shift\chromium\shift.exe
Source: Shift.lnk.36.dr LNK file: ..\AppData\Local\Shift\chromium\shift.exe
Source: Shift.lnk0.36.dr LNK file: ..\..\..\..\Local\Shift\chromium\shift.exe
Source: Shift.lnk1.36.dr LNK file: ..\..\..\..\..\Local\Shift\chromium\shift.exe
Source: Shift.lnk2.36.dr LNK file: ..\..\..\..\..\Local\Shift\chromium\shift.exe
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Window found: window name: TMainForm Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp File opened: C:\Windows\SysWOW64\MSFTEDIT.DLL Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Key opened: HKEY_LOCAL_MACHINE\Software\Microsoft\Office\16.0\Outlook\Capabilities\UrlAssociations
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Directory created: C:\Program Files\chrome_BITS_9184_1433764606 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{95fcf903-63b1-44bd-ab77-358a5bd30aae}_is1 Jump to behavior
Source: Shift Setup.exe Static PE information: certificate valid
Source: Shift Setup.exe Static file information: File size 96211664 > 1048576
Source: Shift Setup.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: C:\_gha\shift-browser\shift-browser\release\base\src\out\Release\initialexe\shift.exe.pdb source: shift.exe, 00000007.00000000.5353689043.00007FF678F5C000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: C:\_gha\shift-browser\shift-browser\release\base\src\out\Release\shift_elf.dll.pdb source: Shift Setup.tmp, 00000001.00000003.5381387856.0000000003A80000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\_gha\shift-browser\shift-browser\release\base\src\out\Release\shift_pwa_launcher.exe.pdb source: Shift Setup.tmp, 00000001.00000003.5381387856.0000000003ED5000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\_gha\shift-browser\shift-browser\release\base\src\out\Release\shift_wer.dll.pdb source: Shift Setup.tmp, 00000001.00000003.5381387856.000000000401E000.00000004.00001000.00020000.00000000.sdmp
Binary contains a suspicious time stamp
Source: is-EUCDG.tmp.1.dr Static PE information: 0x831FAD3B [Sat Sep 17 16:54:19 2039 UTC]
PE file contains sections with non-standard names
Source: Shift Setup.exe Static PE information: section name: .didata
Source: Shift Setup.tmp.0.dr Static PE information: section name: .didata
Source: is-HTN68.tmp.1.dr Static PE information: section name: .didata
Source: is-IU081.tmp.1.dr Static PE information: section name: .gxfg
Source: is-IU081.tmp.1.dr Static PE information: section name: .retplne
Source: is-IU081.tmp.1.dr Static PE information: section name: _RDATA
Source: is-31OF2.tmp.1.dr Static PE information: section name: .gxfg
Source: is-31OF2.tmp.1.dr Static PE information: section name: .retplne
Source: is-31OF2.tmp.1.dr Static PE information: section name: _RDATA
Source: is-KAIME.tmp.1.dr Static PE information: section name: .gxfg
Source: is-KAIME.tmp.1.dr Static PE information: section name: .retplne
Source: is-KAIME.tmp.1.dr Static PE information: section name: _RDATA
Source: is-NH3GK.tmp.1.dr Static PE information: section name: .gxfg
Source: is-NH3GK.tmp.1.dr Static PE information: section name: .retplne
Source: is-NH3GK.tmp.1.dr Static PE information: section name: CPADinfo
Source: is-NH3GK.tmp.1.dr Static PE information: section name: _RDATA
Source: is-MVLTH.tmp.1.dr Static PE information: section name: .gxfg
Source: is-MVLTH.tmp.1.dr Static PE information: section name: .retplne
Source: is-MVLTH.tmp.1.dr Static PE information: section name: _RDATA
Source: is-G1855.tmp.1.dr Static PE information: section name: .gxfg
Source: is-G1855.tmp.1.dr Static PE information: section name: .retplne
Source: is-G1855.tmp.1.dr Static PE information: section name: _RDATA
Source: is-1QBQG.tmp.1.dr Static PE information: section name: .gxfg
Source: is-1QBQG.tmp.1.dr Static PE information: section name: .retplne
Source: is-1QBQG.tmp.1.dr Static PE information: section name: CPADinfo
Source: is-1QBQG.tmp.1.dr Static PE information: section name: _RDATA
Source: is-HDHJ0.tmp.1.dr Static PE information: section name: .gxfg
Source: is-HDHJ0.tmp.1.dr Static PE information: section name: .retplne
Source: is-HDHJ0.tmp.1.dr Static PE information: section name: _RDATA
Source: is-EISFN.tmp.1.dr Static PE information: section name: .gxfg
Source: is-EISFN.tmp.1.dr Static PE information: section name: .retplne
Source: is-EISFN.tmp.1.dr Static PE information: section name: .rodata
Source: is-EISFN.tmp.1.dr Static PE information: section name: CPADinfo
Source: is-EISFN.tmp.1.dr Static PE information: section name: LZMADEC
Source: is-EISFN.tmp.1.dr Static PE information: section name: _RDATA
Source: is-EISFN.tmp.1.dr Static PE information: section name: malloc_h
Source: is-7N7R4.tmp.1.dr Static PE information: section name: .crthunk
Source: is-7N7R4.tmp.1.dr Static PE information: section name: .gxfg
Source: is-7N7R4.tmp.1.dr Static PE information: section name: .retplne
Source: is-7N7R4.tmp.1.dr Static PE information: section name: CPADinfo
Source: is-7N7R4.tmp.1.dr Static PE information: section name: _RDATA
Source: is-ACQJB.tmp.1.dr Static PE information: section name: .gxfg
Source: is-ACQJB.tmp.1.dr Static PE information: section name: .retplne
Source: is-ACQJB.tmp.1.dr Static PE information: section name: LZMADEC
Source: is-ACQJB.tmp.1.dr Static PE information: section name: _RDATA
Source: is-2V23J.tmp.1.dr Static PE information: section name: .gxfg
Source: is-2V23J.tmp.1.dr Static PE information: section name: .retplne
Source: is-2V23J.tmp.1.dr Static PE information: section name: _RDATA
Source: setup.exe.7.dr Static PE information: section name: .gxfg
Source: setup.exe.7.dr Static PE information: section name: .retplne
Source: setup.exe.7.dr Static PE information: section name: CPADinfo
Source: setup.exe.7.dr Static PE information: section name: LZMADEC
Source: setup.exe.7.dr Static PE information: section name: _RDATA
Source: mojo_core.dll.33.dr Static PE information: section name: .gxfg
Source: mojo_core.dll.33.dr Static PE information: section name: .retplne
Source: mojo_core.dll.33.dr Static PE information: section name: _RDATA
Source: notification_helper.exe.33.dr Static PE information: section name: .gxfg
Source: notification_helper.exe.33.dr Static PE information: section name: .retplne
Source: notification_helper.exe.33.dr Static PE information: section name: CPADinfo
Source: notification_helper.exe.33.dr Static PE information: section name: _RDATA
Source: shift.dll.33.dr Static PE information: section name: .gxfg
Source: shift.dll.33.dr Static PE information: section name: .retplne
Source: shift.dll.33.dr Static PE information: section name: .rodata
Source: shift.dll.33.dr Static PE information: section name: CPADinfo
Source: shift.dll.33.dr Static PE information: section name: LZMADEC
Source: shift.dll.33.dr Static PE information: section name: _RDATA
Source: shift.dll.33.dr Static PE information: section name: malloc_h
Source: shift.dll.33.dr Static PE information: section name: prot
Source: dxcompiler.dll.33.dr Static PE information: section name: .gxfg
Source: dxcompiler.dll.33.dr Static PE information: section name: .retplne
Source: dxcompiler.dll.33.dr Static PE information: section name: _RDATA
Source: dxil.dll.33.dr Static PE information: section name: _RDATA
Source: eventlog_provider.dll.33.dr Static PE information: section name: .retplne
Source: libEGL.dll.33.dr Static PE information: section name: .gxfg
Source: libEGL.dll.33.dr Static PE information: section name: .retplne
Source: libEGL.dll.33.dr Static PE information: section name: _RDATA
Source: libGLESv2.dll.33.dr Static PE information: section name: .gxfg
Source: libGLESv2.dll.33.dr Static PE information: section name: .retplne
Source: libGLESv2.dll.33.dr Static PE information: section name: _RDATA
Drops PE files
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp File created: C:\Users\user\AppData\Local\Shift\chromium\is-1QBQG.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe File created: C:\Users\user\AppData\Local\Shift\Temp\source3888_1437451139\Shift-bin\127.2.2.1372\d3dcompiler_47.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp File created: C:\Users\user\AppData\Local\Temp\is-AQF38.tmp\Win32Library.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp File created: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\d3dcompiler_47.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp File created: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\vk_swiftshader.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe File created: C:\Users\user\AppData\Local\Shift\Temp\source3888_1437451139\Shift-bin\127.2.2.1372\libGLESv2.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe File created: C:\Users\user\AppData\Local\Shift\Temp\source3888_1437451139\Shift-bin\127.2.2.1372\dxil.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp File created: C:\Users\user\AppData\Local\Shift\chromium\is-HDHJ0.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp File created: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\is-IU081.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp File created: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\is-NH3GK.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp File created: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\is-KAIME.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp File created: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\mojo_core.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp File created: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\shift_elf.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp File created: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\shift_wer.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp File created: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\vulkan-1.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp File created: C:\Users\user\AppData\Local\Temp\is-AQF38.tmp\_isetup\_setup64.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp File created: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\notification_helper.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe File created: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe File created: C:\Users\user\AppData\Local\Shift\Temp\source3888_1437451139\Shift-bin\127.2.2.1372\libEGL.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp File created: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\is-31OF2.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp File created: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\is-MVLTH.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp File created: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\is-G1855.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp File created: C:\Users\user\AppData\Local\Shift\is-HTN68.tmp Jump to dropped file
Source: C:\Users\user\Desktop\Shift Setup.exe File created: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe File created: C:\Users\user\AppData\Local\Shift\Temp\source3888_1437451139\Shift-bin\127.2.2.1372\dxcompiler.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe File created: C:\Users\user\AppData\Local\Shift\chromium\new_shift_proxy.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp File created: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\shift_pwa_launcher.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp File created: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\is-2V23J.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp File created: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\is-7N7R4.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp File created: C:\Users\user\AppData\Local\Shift\chromium\shift_proxy.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp File created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp File created: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\libEGL.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe File created: C:\Users\user\AppData\Local\Shift\Temp\source3888_1437451139\Shift-bin\127.2.2.1372\shift.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp File created: C:\Users\user\AppData\Local\Shift\unins000.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp File created: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\libGLESv2.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp File created: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\shift.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe File created: C:\Users\user\AppData\Local\Shift\Temp\source3888_1437451139\Shift-bin\127.2.2.1372\mojo_core.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe File created: C:\Users\user\AppData\Local\Shift\Temp\source3888_1437451139\Shift-bin\127.2.2.1372\eventlog_provider.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp File created: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\is-ACQJB.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe File created: C:\Users\user\AppData\Local\Shift\Temp\source3888_1437451139\Shift-bin\127.2.2.1372\notification_helper.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp File created: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\is-EUCDG.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp File created: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\is-EISFN.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe File created: C:\Users\user\AppData\Local\Temp\chromium_installer.log

Boot Survival
barindex
Uses schtasks.exe or at.exe to add and modify task schedules
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Process created: C:\Windows\System32\schtasks.exe "schtasks" /delete /tn ShiftLaunchTask /f
Stores files to the Windows start menu directory
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shift Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shift\Shift Browser.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shift.lnk
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ShiftAutoLaunch_53CF6764BCE293C804D7A1CE3A191AD0 Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ShiftAutoLaunch_53CF6764BCE293C804D7A1CE3A191AD0 Jump to behavior
Stores large binary data to the registry
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Key value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband FavoritesResolve
Source: C:\Users\user\Desktop\Shift Setup.exe Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

Malware Analysis System Evasion
barindex
Query firmware table information (likely to detect VMs)
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe System information queried: FirmwareTableInformation
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Memory allocated: 6570000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Memory allocated: 6830000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Memory allocated: 6570000 memory reserve | memory write watch Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Windows\explorer.exe Window / User API: foregroundWindowGot 740
Source: C:\Windows\explorer.exe Window / User API: foregroundWindowGot 714
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Shift\Temp\source3888_1437451139\Shift-bin\127.2.2.1372\d3dcompiler_47.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\d3dcompiler_47.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-AQF38.tmp\Win32Library.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\vk_swiftshader.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Shift\Temp\source3888_1437451139\Shift-bin\127.2.2.1372\libGLESv2.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Shift\chromium\is-HDHJ0.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\is-IU081.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\is-NH3GK.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\mojo_core.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\is-KAIME.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\shift_elf.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\vulkan-1.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-AQF38.tmp\_isetup\_setup64.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\notification_helper.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Shift\Temp\source3888_1437451139\Shift-bin\127.2.2.1372\libEGL.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\is-MVLTH.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\is-31OF2.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\is-G1855.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Shift\is-HTN68.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Shift\Temp\source3888_1437451139\Shift-bin\127.2.2.1372\dxcompiler.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\shift_pwa_launcher.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\is-2V23J.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\is-7N7R4.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Shift\chromium\shift_proxy.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\libEGL.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Shift\Temp\source3888_1437451139\Shift-bin\127.2.2.1372\shift.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Shift\unins000.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Shift\Temp\source3888_1437451139\Shift-bin\127.2.2.1372\mojo_core.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\libGLESv2.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\shift.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Shift\Temp\source3888_1437451139\Shift-bin\127.2.2.1372\eventlog_provider.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\is-ACQJB.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Shift\Temp\source3888_1437451139\Shift-bin\127.2.2.1372\notification_helper.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\is-EUCDG.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\is-EISFN.tmp Jump to dropped file
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp TID: 8620 Thread sleep time: -30000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp TID: 8600 Thread sleep time: -30000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp TID: 8620 Thread sleep time: -30000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe TID: 5832 Thread sleep time: -30000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe TID: 8796 Thread sleep time: -30000s >= -30000s
Queries keyboard layouts
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010409 Jump to behavior
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT HypervisorPresent FROM Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT HypervisorPresent FROM Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Family,VirtualizationFirmwareEnabled FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe File Volume queried: C:\Users\user\AppData\Local\Shift\User Data\Default\Code Cache\webui_js FullSizeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe File Volume queried: C:\Users\user\AppData\Local\Shift\User Data\Default\Code Cache\js FullSizeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe File Volume queried: C:\Users\user\AppData\Local\Shift\User Data\Default\Code Cache\wasm FullSizeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe File Volume queried: C:\Users\user\AppData\Local\Shift\User Data\Default\Storage\ext\mofjdkplmlofiadhjjcacadmghmaglna\def\Code Cache\wasm FullSizeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe File Volume queried: C:\Users\user\AppData\Local\Shift\User Data\Default\Storage\ext\mofjdkplmlofiadhjjcacadmghmaglna\def\Code Cache\webui_js FullSizeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe File Volume queried: C:\Users\user\AppData\Local\Shift\User Data\Default\Storage\ext\mofjdkplmlofiadhjjcacadmghmaglna\def\Code Cache\js FullSizeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe File Volume queried: C:\Users\user\AppData\Local\Shift\User Data\Default\Storage\ext\mofjdkplmlofiadhjjcacadmghmaglna\def FullSizeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe File Volume queried: C:\Users\user\AppData\Local\Shift\User Data\Default\Storage\ext\mofjdkplmlofiadhjjcacadmghmaglna\def FullSizeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe File Volume queried: C:\Users\user\AppData\Local\Shift\User Data\Default\Storage\ext\mofjdkplmlofiadhjjcacadmghmaglna\def FullSizeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe File Volume queried: C:\Users\user\AppData\Local\Shift\User Data FullSizeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe File Volume queried: C:\Users\user\AppData\Local\Shift\User Data FullSizeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe File Volume queried: C:\Users\user\AppData\Local\Shift\User Data FullSizeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe File Volume queried: C:\Users\user\AppData\Local\Shift\User Data\Default FullSizeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe File Volume queried: C:\Users\user\AppData\Local\Shift\User Data\Default FullSizeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe File Volume queried: C:\Users\user\AppData\Local\Shift\User Data\Default FullSizeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe File Volume queried: C:\Users\user\AppData\Local\Shift\User Data FullSizeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe File Volume queried: C:\Users\user\AppData\Local\Shift\User Data FullSizeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe File Volume queried: C:\Users\user\AppData\Local\Shift\User Data\Default\blob_storage\f4939d9c-1111-4ca7-bbea-6c299921280f FullSizeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe File Volume queried: C:\Users\user\AppData\Local\Shift\User Data\Default FullSizeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe File Volume queried: C:\Users\user\AppData\Local\Shift\User Data FullSizeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe File Volume queried: C:\Users\user\AppData\Local\Shift\User Data\Default\Storage\ext\mofjdkplmlofiadhjjcacadmghmaglna\def FullSizeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe File Volume queried: C:\Users\user\AppData\Local\Shift\User Data\Default\Cache\Cache_Data FullSizeInformation
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe File Volume queried: C:\Users\user\AppData\Local\Shift\User Data\Default\Storage\ext\mofjdkplmlofiadhjjcacadmghmaglna\def\Cache\Cache_Data FullSizeInformation
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe File Volume queried: C:\Users\user\AppData\Local\Shift\chromium FullSizeInformation
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe File Volume queried: C:\Users\user\AppData\Local\Shift\chromium FullSizeInformation
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe File Volume queried: C:\Users\user\AppData\Local\Temp FullSizeInformation
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe File Volume queried: C:\Users\user\AppData\Local\Temp FullSizeInformation
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe File Volume queried: C:\Users\user FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp File opened: C:\Users\user\AppData\Local\Shift\chromium Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp File opened: C:\Users\user Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp File opened: C:\Users\user\AppData\Local Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp File opened: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp File opened: C:\Users\user\AppData Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp File opened: C:\Users\user\AppData\Local\Shift Jump to behavior
Source: Shift Setup.tmp, 00000001.00000003.5062480028.00000000009FB000.00000004.00000020.00020000.00000000.sdmp, Shift Setup.tmp, 00000001.00000003.5048038532.00000000009F0000.00000004.00000020.00020000.00000000.sdmp, Shift Setup.tmp, 00000001.00000003.5054837069.00000000009FB000.00000004.00000020.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5374689076.00000263A5D07000.00000004.00000020.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5380109183.00000263A5D07000.00000004.00000020.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5371448021.00000263A95BA000.00000004.00000020.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5376330839.00000263A5D07000.00000004.00000020.00020000.00000000.sdmp, shift.exe, 00000007.00000003.5375446856.00000263A5D07000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process information queried: ProcessInformation
Checks if the current process is being debugged
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Process queried: DebugPort Jump to behavior
Enables debug privileges
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Memory allocated: page read and write | page guard Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Process created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im shift.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "C:\Users\user\AppData\Local\Shift\chromium\shift.exe" --start-maximized Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe C:\Users\user\AppData\Local\Shift\chromium\shift.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\Shift\User Data" /prefetch:4 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\user\AppData\Local\Shift\User Data" --monitor-self-argument=/prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\Shift\User Data\Crashpad" --url=https://o1334372.ingest.sentry.io/api/4506193009180672/minidump/?sentry_key=1c60a0cacdead91f905faa80e9c82d03 --annotation=plat=Win64 --annotation=prod=Shift --annotation=ver=122.10.0.1101 --initial-client-data=0xf4,0xf8,0xfc,0xac,0x100,0x7ffe3ec55700,0x7ffe3ec5570c,0x7ffe3ec55718 Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "C:\Users\user\AppData\Local\Shift\chromium\shift.exe" --type=gpu-process --no-pre-read-main-dll --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2312 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:2 Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "C:\Users\user\AppData\Local\Shift\chromium\shift.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --start-stack-profiler --mojo-platform-channel-handle=2864 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:3 Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "C:\Users\user\AppData\Local\Shift\chromium\shift.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-pre-read-main-dll --mojo-platform-channel-handle=3184 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:8 Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "C:\Users\user\AppData\Local\Shift\chromium\shift.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --mojo-platform-channel-handle=4328 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:8 Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "C:\Users\user\AppData\Local\Shift\chromium\shift.exe" --type=renderer --extension-process --no-pre-read-main-dll --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --time-ticks-at-unix-epoch=-1729793908742888 --launch-time-ticks=538271629 --mojo-platform-channel-handle=4508 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:2 Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "C:\Users\user\AppData\Local\Shift\chromium\shift.exe" --type=renderer --no-pre-read-main-dll --start-stack-profiler --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --time-ticks-at-unix-epoch=-1729793908742888 --launch-time-ticks=538611283 --mojo-platform-channel-handle=4884 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:1 Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "C:\Users\user\AppData\Local\Shift\chromium\shift.exe" --type=renderer --instant-process --no-pre-read-main-dll --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --time-ticks-at-unix-epoch=-1729793908742888 --launch-time-ticks=538993971 --mojo-platform-channel-handle=5240 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:1 Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "C:\Users\user\AppData\Local\Shift\chromium\shift.exe" --type=renderer --no-pre-read-main-dll --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --time-ticks-at-unix-epoch=-1729793908742888 --launch-time-ticks=539522401 --mojo-platform-channel-handle=5548 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:1 Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "C:\Users\user\AppData\Local\Shift\chromium\shift.exe" --type=renderer --no-pre-read-main-dll --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --time-ticks-at-unix-epoch=-1729793908742888 --launch-time-ticks=545806341 --mojo-platform-channel-handle=6208 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:1 Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "C:\Users\user\AppData\Local\Shift\chromium\shift.exe" --type=renderer --no-pre-read-main-dll --start-stack-profiler --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --time-ticks-at-unix-epoch=-1729793908742888 --launch-time-ticks=553237658 --mojo-platform-channel-handle=6480 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:1 Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "C:\Users\user\AppData\Local\Shift\chromium\shift.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --no-pre-read-main-dll --mojo-platform-channel-handle=6992 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:8 Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "C:\Users\user\AppData\Local\Shift\chromium\shift.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=32902 --gpu-device-id=16024 --gpu-sub-system-id=1050155081 --gpu-revision=2 --gpu-driver-version=27.20.100.9415 --no-pre-read-main-dll --start-stack-profiler --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=464 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:8 Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe C:\Users\user\AppData\Local\Shift\chromium\shift.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\Shift\User Data" /prefetch:4 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\Shift\User Data\Crashpad" --url=https://o1334372.ingest.sentry.io/api/4506193009180672/minidump/?sentry_key=1c60a0cacdead91f905faa80e9c82d03 --annotation=plat=Win64 --annotation=prod=Shift --annotation=ver=122.10.0.1101 --initial-client-data=0x154,0x158,0x15c,0x114,0x160,0x7ff678faf0b8,0x7ff678faf0c4,0x7ff678faf0d0
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\Shift\User Data\Crashpad" --url=https://o1334372.ingest.sentry.io/api/4506193009180672/minidump/?sentry_key=1c60a0cacdead91f905faa80e9c82d03 --annotation=plat=Win64 --annotation=prod=Shift --annotation=ver=127.2.2.1372 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff7e5908410,0x7ff7e590841c,0x7ff7e5908428
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\Shift\User Data\Crashpad" --url=https://o1334372.ingest.sentry.io/api/4506193009180672/minidump/?sentry_key=1c60a0cacdead91f905faa80e9c82d03 --annotation=plat=Win64 --annotation=prod=Shift --annotation=ver=127.2.2.1372 --initial-client-data=0x24c,0x250,0x254,0x208,0x258,0x7ff7e5908410,0x7ff7e590841c,0x7ff7e5908428
Tries to disable installed Antivirus / HIPS / PFW
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe File opened: Windows Firewall: C:\Windows\System32\FirewallAPI.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe File opened: Windows Firewall: C:\Windows\System32\FirewallAPI.dll
Uses taskkill to terminate processes
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Process created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im shift.exe Jump to behavior
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe c:\users\user\appdata\local\shift\chromium\shift.exe --type=crashpad-handler "--user-data-dir=c:\users\user\appdata\local\shift\user data" /prefetch:4 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=c:\users\user\appdata\local\shift\user data" --monitor-self-argument=/prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\shift\user data\crashpad" --url=https://o1334372.ingest.sentry.io/api/4506193009180672/minidump/?sentry_key=1c60a0cacdead91f905faa80e9c82d03 --annotation=plat=win64 --annotation=prod=shift --annotation=ver=122.10.0.1101 --initial-client-data=0xf4,0xf8,0xfc,0xac,0x100,0x7ffe3ec55700,0x7ffe3ec5570c,0x7ffe3ec55718
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe c:\users\user\appdata\local\shift\chromium\shift.exe --type=crashpad-handler "--user-data-dir=c:\users\user\appdata\local\shift\user data" /prefetch:4 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\shift\user data\crashpad" --url=https://o1334372.ingest.sentry.io/api/4506193009180672/minidump/?sentry_key=1c60a0cacdead91f905faa80e9c82d03 --annotation=plat=win64 --annotation=prod=shift --annotation=ver=122.10.0.1101 --initial-client-data=0x154,0x158,0x15c,0x114,0x160,0x7ff678faf0b8,0x7ff678faf0c4,0x7ff678faf0d0
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "c:\users\user\appdata\local\shift\chromium\shift.exe" --type=gpu-process --no-pre-read-main-dll --start-stack-profiler --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=2312 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:2
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "c:\users\user\appdata\local\shift\chromium\shift.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-us --service-sandbox-type=none --no-pre-read-main-dll --start-stack-profiler --mojo-platform-channel-handle=2864 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:3
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "c:\users\user\appdata\local\shift\chromium\shift.exe" --type=utility --utility-sub-type=storage.mojom.storageservice --lang=en-us --service-sandbox-type=service --no-pre-read-main-dll --mojo-platform-channel-handle=3184 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "c:\users\user\appdata\local\shift\chromium\shift.exe" --type=utility --utility-sub-type=chrome.mojom.profileimport --lang=en-us --service-sandbox-type=none --no-pre-read-main-dll --mojo-platform-channel-handle=4328 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "c:\users\user\appdata\local\shift\chromium\shift.exe" --type=renderer --extension-process --no-pre-read-main-dll --video-capture-use-gpu-memory-buffer --lang=en-us --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --time-ticks-at-unix-epoch=-1729793908742888 --launch-time-ticks=538271629 --mojo-platform-channel-handle=4508 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:2
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "c:\users\user\appdata\local\shift\chromium\shift.exe" --type=renderer --no-pre-read-main-dll --start-stack-profiler --video-capture-use-gpu-memory-buffer --lang=en-us --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --time-ticks-at-unix-epoch=-1729793908742888 --launch-time-ticks=538611283 --mojo-platform-channel-handle=4884 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:1
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "c:\users\user\appdata\local\shift\chromium\shift.exe" --type=renderer --instant-process --no-pre-read-main-dll --video-capture-use-gpu-memory-buffer --lang=en-us --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --time-ticks-at-unix-epoch=-1729793908742888 --launch-time-ticks=538993971 --mojo-platform-channel-handle=5240 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:1
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "c:\users\user\appdata\local\shift\chromium\shift.exe" --type=renderer --no-pre-read-main-dll --video-capture-use-gpu-memory-buffer --lang=en-us --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --time-ticks-at-unix-epoch=-1729793908742888 --launch-time-ticks=539522401 --mojo-platform-channel-handle=5548 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:1
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "c:\users\user\appdata\local\shift\chromium\shift.exe" --type=renderer --no-pre-read-main-dll --video-capture-use-gpu-memory-buffer --lang=en-us --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --time-ticks-at-unix-epoch=-1729793908742888 --launch-time-ticks=545806341 --mojo-platform-channel-handle=6208 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:1
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "c:\users\user\appdata\local\shift\chromium\shift.exe" --type=renderer --no-pre-read-main-dll --start-stack-profiler --video-capture-use-gpu-memory-buffer --lang=en-us --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --time-ticks-at-unix-epoch=-1729793908742888 --launch-time-ticks=553237658 --mojo-platform-channel-handle=6480 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:1
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "c:\users\user\appdata\local\shift\chromium\shift.exe" --type=utility --utility-sub-type=chrome.mojom.processormetrics --lang=en-us --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --no-pre-read-main-dll --mojo-platform-channel-handle=6992 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe c:\users\user\appdata\local\shift\chromium\122.10.0.1101\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\shift\user data\crashpad" --url=https://o1334372.ingest.sentry.io/api/4506193009180672/minidump/?sentry_key=1c60a0cacdead91f905faa80e9c82d03 --annotation=plat=win64 --annotation=prod=shift --annotation=ver=127.2.2.1372 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff7e5908410,0x7ff7e590841c,0x7ff7e5908428
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe c:\users\user\appdata\local\shift\chromium\122.10.0.1101\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\shift\user data\crashpad" --url=https://o1334372.ingest.sentry.io/api/4506193009180672/minidump/?sentry_key=1c60a0cacdead91f905faa80e9c82d03 --annotation=plat=win64 --annotation=prod=shift --annotation=ver=127.2.2.1372 --initial-client-data=0x24c,0x250,0x254,0x208,0x258,0x7ff7e5908410,0x7ff7e590841c,0x7ff7e5908428
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "c:\users\user\appdata\local\shift\chromium\shift.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=32902 --gpu-device-id=16024 --gpu-sub-system-id=1050155081 --gpu-revision=2 --gpu-driver-version=27.20.100.9415 --no-pre-read-main-dll --start-stack-profiler --gpu-preferences=waaaaaaaaadoaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaabeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=464 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe c:\users\user\appdata\local\shift\chromium\shift.exe --type=crashpad-handler "--user-data-dir=c:\users\user\appdata\local\shift\user data" /prefetch:4 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=c:\users\user\appdata\local\shift\user data" --monitor-self-argument=/prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\shift\user data\crashpad" --url=https://o1334372.ingest.sentry.io/api/4506193009180672/minidump/?sentry_key=1c60a0cacdead91f905faa80e9c82d03 --annotation=plat=win64 --annotation=prod=shift --annotation=ver=122.10.0.1101 --initial-client-data=0xf4,0xf8,0xfc,0xac,0x100,0x7ffe3ec55700,0x7ffe3ec5570c,0x7ffe3ec55718 Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "c:\users\user\appdata\local\shift\chromium\shift.exe" --type=gpu-process --no-pre-read-main-dll --start-stack-profiler --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=2312 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:2 Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "c:\users\user\appdata\local\shift\chromium\shift.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-us --service-sandbox-type=none --no-pre-read-main-dll --start-stack-profiler --mojo-platform-channel-handle=2864 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:3 Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "c:\users\user\appdata\local\shift\chromium\shift.exe" --type=utility --utility-sub-type=storage.mojom.storageservice --lang=en-us --service-sandbox-type=service --no-pre-read-main-dll --mojo-platform-channel-handle=3184 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:8 Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "c:\users\user\appdata\local\shift\chromium\shift.exe" --type=utility --utility-sub-type=chrome.mojom.profileimport --lang=en-us --service-sandbox-type=none --no-pre-read-main-dll --mojo-platform-channel-handle=4328 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:8 Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "c:\users\user\appdata\local\shift\chromium\shift.exe" --type=renderer --extension-process --no-pre-read-main-dll --video-capture-use-gpu-memory-buffer --lang=en-us --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --time-ticks-at-unix-epoch=-1729793908742888 --launch-time-ticks=538271629 --mojo-platform-channel-handle=4508 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:2 Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "c:\users\user\appdata\local\shift\chromium\shift.exe" --type=renderer --no-pre-read-main-dll --start-stack-profiler --video-capture-use-gpu-memory-buffer --lang=en-us --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --time-ticks-at-unix-epoch=-1729793908742888 --launch-time-ticks=538611283 --mojo-platform-channel-handle=4884 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:1 Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "c:\users\user\appdata\local\shift\chromium\shift.exe" --type=renderer --instant-process --no-pre-read-main-dll --video-capture-use-gpu-memory-buffer --lang=en-us --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --time-ticks-at-unix-epoch=-1729793908742888 --launch-time-ticks=538993971 --mojo-platform-channel-handle=5240 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:1 Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "c:\users\user\appdata\local\shift\chromium\shift.exe" --type=renderer --no-pre-read-main-dll --video-capture-use-gpu-memory-buffer --lang=en-us --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --time-ticks-at-unix-epoch=-1729793908742888 --launch-time-ticks=539522401 --mojo-platform-channel-handle=5548 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:1 Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "c:\users\user\appdata\local\shift\chromium\shift.exe" --type=renderer --no-pre-read-main-dll --video-capture-use-gpu-memory-buffer --lang=en-us --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --time-ticks-at-unix-epoch=-1729793908742888 --launch-time-ticks=545806341 --mojo-platform-channel-handle=6208 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:1 Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "c:\users\user\appdata\local\shift\chromium\shift.exe" --type=renderer --no-pre-read-main-dll --start-stack-profiler --video-capture-use-gpu-memory-buffer --lang=en-us --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --time-ticks-at-unix-epoch=-1729793908742888 --launch-time-ticks=553237658 --mojo-platform-channel-handle=6480 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:1 Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "c:\users\user\appdata\local\shift\chromium\shift.exe" --type=utility --utility-sub-type=chrome.mojom.processormetrics --lang=en-us --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --no-pre-read-main-dll --mojo-platform-channel-handle=6992 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:8 Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe "c:\users\user\appdata\local\shift\chromium\shift.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=32902 --gpu-device-id=16024 --gpu-sub-system-id=1050155081 --gpu-revision=2 --gpu-driver-version=27.20.100.9415 --no-pre-read-main-dll --start-stack-profiler --gpu-preferences=waaaaaaaaadoaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaabeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=464 --field-trial-handle=2316,i,1528229121420869287,13748701593454551628,262144 --variations-seed-version /prefetch:8 Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\shift.exe c:\users\user\appdata\local\shift\chromium\shift.exe --type=crashpad-handler "--user-data-dir=c:\users\user\appdata\local\shift\user data" /prefetch:4 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\shift\user data\crashpad" --url=https://o1334372.ingest.sentry.io/api/4506193009180672/minidump/?sentry_key=1c60a0cacdead91f905faa80e9c82d03 --annotation=plat=win64 --annotation=prod=shift --annotation=ver=122.10.0.1101 --initial-client-data=0x154,0x158,0x15c,0x114,0x160,0x7ff678faf0b8,0x7ff678faf0c4,0x7ff678faf0d0
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe c:\users\user\appdata\local\shift\chromium\122.10.0.1101\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\shift\user data\crashpad" --url=https://o1334372.ingest.sentry.io/api/4506193009180672/minidump/?sentry_key=1c60a0cacdead91f905faa80e9c82d03 --annotation=plat=win64 --annotation=prod=shift --annotation=ver=127.2.2.1372 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff7e5908410,0x7ff7e590841c,0x7ff7e5908428
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Process created: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe c:\users\user\appdata\local\shift\chromium\122.10.0.1101\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\shift\user data\crashpad" --url=https://o1334372.ingest.sentry.io/api/4506193009180672/minidump/?sentry_key=1c60a0cacdead91f905faa80e9c82d03 --annotation=plat=win64 --annotation=prod=shift --annotation=ver=127.2.2.1372 --initial-client-data=0x24c,0x250,0x254,0x208,0x258,0x7ff7e5908410,0x7ff7e590841c,0x7ff7e5908428
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Queries volume information: C:\Users\user\AppData\Local\Temp\is-AQF38.tmp\Win32Library.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Queries volume information: C:\Users\user\AppData\Local\Temp\is-AQF38.tmp\exit-10-light.png VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Queries volume information: C:\Users\user\AppData\Local\Temp\is-AQF38.tmp\min-10-light.png VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Queries volume information: C:\Users\user\AppData\Local\Temp\is-AQF38.tmp\shift.png VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Queries volume information: C:\Users\user\AppData\Local\Temp\is-AQF38.tmp\button-10-light.png VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Queries volume information: C:\Users\user\AppData\Local\Temp\is-AQF38.tmp\checkmark-10-light.png VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Queries volume information: C:\Users\user\AppData\Local\Temp\is-AQF38.tmp\button-cancel-10-light.png VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Queries volume information: C:\Users\user\AppData\Local\Shift\chromium\.configurations\split-tests.json VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Queries volume information: C:\Users\user\AppData\Local\Shift\chromium\.configurations\server-settings.json VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Queries volume information: C:\Users\user\AppData\Local\Shift\chromium\.configurations\install-info.json VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Queries volume information: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\MEIPreload\manifest.json VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Queries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Queries volume information: C:\Users\user\AppData\Local\Shift\chromium\.configurations\split-tests.json VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Queries volume information: C:\Users\user\AppData\Local\Shift\chromium\.configurations\server-settings.json VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Queries volume information: C:\Users\user\AppData\Local\Shift\User Data\Default\Code Cache\js\3db352a1dba26740_0 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Queries volume information: C:\Users\user\AppData\Local\Shift\User Data\Default\DNR Extension Rules\mofjdkplmlofiadhjjcacadmghmaglna\rules.fbs VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Queries volume information: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\MEIPreload\preloaded_data.pb VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Queries volume information: C:\Users\user\AppData\Local\Shift\User Data\Default\Code Cache\js\438df0bf0cadf176_0 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Queries volume information: C:\Users\user\AppData\Local\Shift\User Data\Default\Code Cache\js\dbeb473c1e234f08_0 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Queries volume information: C:\Users\user\AppData\Local\Shift\User Data\Default\Code Cache\js\067ebc3d83f706c1_0 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Queries volume information: C:\Users\user\AppData\Local\Shift\User Data\Default\Code Cache\js\9da5ee6eb934f719_0 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Queries volume information: C:\Users\user\AppData\Local\Shift\User Data\Default\Code Cache\js\4a439cb3f3eea072_0 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Queries volume information: C:\Users\user\AppData\Local\Shift\User Data\Default\Code Cache\js\d35c3e2a3ca098b6_0 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Queries volume information: C:\Users\user\AppData\Local\Shift\User Data\Default\Code Cache\js\15e4706dadbff920_0 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Queries volume information: C:\Users\user\AppData\Local\Shift\User Data\Default\Code Cache\js\4c7f7b1849963808_0 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Queries volume information: C:\Users\user\AppData\Local\Shift\User Data\Default\Code Cache\js\ac7d1e531e15eb97_0 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Queries volume information: C:\Users\user\AppData\Local\Shift\User Data\Default\Code Cache\js\ad3ce3c67c00ad4a_0 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Queries volume information: C:\Users\user\AppData\Local\Shift\User Data\Default\Code Cache\js\2b724b4a3325367a_0 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Queries volume information: C:\Users\user\AppData\Local\Shift\User Data\Default\Code Cache\js\239cceb8ac752bc0_0 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Queries volume information: C:\Users\user\AppData\Local\Shift\User Data\Default\Network\SCT Auditing Pending Reports VolumeInformation
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Queries volume information: C:\Users\user\AppData\Local\Shift\User Data\Default\Storage\ext\mofjdkplmlofiadhjjcacadmghmaglna\def\Network\SCT Auditing Pending Reports VolumeInformation
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Queries volume information: C:\Users\user\AppData\Local\Shift\chromium\.configurations\split-tests.json VolumeInformation
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Queries volume information: C:\Users\user\AppData\Local\Shift\chromium\.configurations\server-settings.json VolumeInformation
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Queries volume information: C:\Users\user\AppData\Local\Shift\chromium\.configurations\install-info.json VolumeInformation
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformation
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Queries volume information: C:\Users\user\AppData\Local\Shift\chromium\.configurations\server-settings.json VolumeInformation
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Shift\chromium\122.10.0.1101\setup.exe Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Queries volume information: C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_3ea756ac68d34d21\igdlh.cat VolumeInformation
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe Code function: 8_2_00007FF678F23034 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, 8_2_00007FF678F23034
Source: C:\Users\user\AppData\Local\Temp\is-163NS.tmp\Shift Setup.tmp Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior

Stealing of Sensitive Information
barindex
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini Jump to behavior
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Shift\chromium\shift.exe File opened: C:\Users\user\AppData\Local\Shift\User Data\Default\History Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1541415 Sample: Shift Setup.exe Startdate: 24/10/2024 Architecture: WINDOWS Score: 26 95 Uses schtasks.exe or at.exe to add and modify task schedules 2->95 10 Shift Setup.exe 2 2->10         started        13 shift.exe 2->13         started        process3 file4 77 C:\Users\user\AppData\...\Shift Setup.tmp, PE32 10->77 dropped 15 Shift Setup.tmp 57 218 10->15         started        process5 dnsIp6 91 35.186.241.51 GOOGLEUS United States 15->91 93 3.140.172.47 AMAZON-02US United States 15->93 57 C:\Users\user\AppData\...\shift.exe (copy), PE32+ 15->57 dropped 59 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 15->59 dropped 61 C:\Users\user\AppData\...\Win32Library.dll, PE32 15->61 dropped 63 27 other files (none is malicious) 15->63 dropped 19 shift.exe 32 404 15->19         started        24 taskkill.exe 1 15->24         started        26 schtasks.exe 1 15->26         started        28 2 other processes 15->28 file7 process8 dnsIp9 79 3.131.25.94 AMAZON-02US United States 19->79 81 239.255.255.250 unknown Reserved 19->81 73 C:\Users\user\AppData\Local\Shift\...\History, SQLite 19->73 dropped 75 C:\Users\user\AppData\Local\...\setup.exe, PE32+ 19->75 dropped 97 Tries to harvest and steal browser information (history, passwords, etc) 19->97 30 shift.exe 19->30         started        33 shift.exe 19->33         started        35 setup.exe 19->35         started        42 12 other processes 19->42 38 conhost.exe 24->38         started        40 conhost.exe 26->40         started        83 20.42.65.92 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 28->83 file10 signatures11 process12 dnsIp13 99 Tries to harvest and steal browser information (history, passwords, etc) 30->99 101 Query firmware table information (likely to detect VMs) 33->101 65 C:\Users\user\...\new_shift_proxy.exe (copy), PE32+ 35->65 dropped 67 C:\Users\user\AppData\Local\...\shift.dll, PE32+ 35->67 dropped 69 C:\Users\user\...\notification_helper.exe, PE32+ 35->69 dropped 71 7 other files (none is malicious) 35->71 dropped 45 setup.exe 35->45         started        47 setup.exe 35->47         started        85 18.164.96.46 MIT-GATEWAYSUS United States 42->85 87 18.173.132.52 MIT-GATEWAYSUS United States 42->87 89 21 other IPs or domains 42->89 49 shift.exe 42->49         started        51 shift.exe 42->51         started        53 shift.exe 42->53         started        file14 signatures15 process16 process17 55 setup.exe 45->55         started       
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
35.186.241.51
 unknown United States
15169 GOOGLEUS false
142.250.65.163
 unknown United States
15169 GOOGLEUS false
172.67.214.207
 unknown United States
13335 CLOUDFLARENETUS false
216.239.34.181
 unknown United States
15169 GOOGLEUS false
142.251.40.110
 unknown United States
15169 GOOGLEUS false
142.251.32.106
 unknown United States
15169 GOOGLEUS false
104.22.1.81
 unknown United States
13335 CLOUDFLARENETUS false
142.250.31.95
 unknown United States
15169 GOOGLEUS false
142.251.111.154
 unknown United States
15169 GOOGLEUS false
1.1.1.1
 unknown Australia
13335 CLOUDFLARENETUS false
142.250.72.106
 unknown United States
15169 GOOGLEUS false
3.140.172.47
 unknown United States
16509 AMAZON-02US false
108.138.106.101
 unknown United States
16509 AMAZON-02US false
20.42.65.92
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
18.173.132.52
 unknown United States
3 MIT-GATEWAYSUS false
142.250.64.106
 unknown United States
15169 GOOGLEUS false
65.108.134.244
 unknown United States
11022 ALABANZA-BALTUS false
3.131.25.94
 unknown United States
16509 AMAZON-02US false
142.250.81.226
 unknown United States
15169 GOOGLEUS false
142.250.80.10
 unknown United States
15169 GOOGLEUS false
142.250.80.34
 unknown United States
15169 GOOGLEUS false
239.255.255.250
 unknown Reserved
unknown unknown false
34.120.195.249
 unknown United States
15169 GOOGLEUS false
142.251.41.3
 unknown United States
15169 GOOGLEUS false
172.67.149.20
 unknown United States
13335 CLOUDFLARENETUS false
104.22.76.241
 unknown United States
13335 CLOUDFLARENETUS false
142.250.65.168
 unknown United States
15169 GOOGLEUS false
18.164.96.46
 unknown United States
3 MIT-GATEWAYSUS false