Analysis Overview
SHA256
f3c9ef7d1ea6177207e967c30d4cf44f13724bd91d26778875ac122d39fb5be5
Threat Level: Likely benign
The file 072024-16062-01.rar was found to be: Likely benign.
Malicious Activity Summary
Detected potential entity reuse from brand microsoft.
Enumerates physical storage devices
Browser Information Discovery
Suspicious use of SendNotifyMessage
Uses Task Scheduler COM API
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: AddClipboardFormatListener
Checks processor information in registry
Enumerates system info in registry
NTFS ADS
Suspicious use of WriteProcessMemory
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-07 17:18
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-07 17:18
Reported
2024-08-07 17:21
Platform
win11-20240802-en
Max time kernel
194s
Max time network
187s
Command Line
Signatures
Detected potential entity reuse from brand microsoft.
Browser Information Discovery
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\root\Office16\Winword.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\root\Office16\Winword.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\root\Office16\Winword.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\root\Office16\Winword.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\root\Office16\Winword.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\root\Office16\Winword.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\NodeSlot = "3" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Applications | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "5" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Applications\msedge.exe | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Applications\msedge.exe\shell | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Applications\msedge.exe\shell\open | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0 = 5600310000000000c552596110004d6f64756c657300400009000400efbec552596102590d7b2e000000e90300000000010000000000000000000000000000007cdaa9004d006f00640075006c0065007300000016000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe110000003d5b74abefe4da0139847d1af6e4da018de57f1af6e4da0114000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\MRUListEx = ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\MuiCache | C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstaller.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Applications\msedge.exe\shell\open\command\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" \"%1\"" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\NodeSlot = "2" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Windows\system32\OpenWith.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\windbg.appinstaller:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\root\Office16\Winword.exe | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\root\Office16\Winword.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\072024-16062-01.dmp
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1980 -parentBuildID 20240401114208 -prefsHandle 1908 -prefMapHandle 1900 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {48bb0f9e-17e6-46c9-b07d-017478c09934} 2148 "\\.\pipe\gecko-crash-server-pipe.2148" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2360 -parentBuildID 20240401114208 -prefsHandle 2340 -prefMapHandle 2336 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eff98b1b-61ed-4714-92c4-a783c36b5b9e} 2148 "\\.\pipe\gecko-crash-server-pipe.2148" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3064 -childID 1 -isForBrowser -prefsHandle 3068 -prefMapHandle 3020 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {79ce60ab-3e09-4592-8da0-ae26e7a31b86} 2148 "\\.\pipe\gecko-crash-server-pipe.2148" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3476 -childID 2 -isForBrowser -prefsHandle 2688 -prefMapHandle 3548 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {62b52803-022e-4817-a157-365fa93fa0ea} 2148 "\\.\pipe\gecko-crash-server-pipe.2148" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4228 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4276 -prefMapHandle 4256 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a56f311c-37ca-48da-aa50-e66c8f12c542} 2148 "\\.\pipe\gecko-crash-server-pipe.2148" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5260 -childID 3 -isForBrowser -prefsHandle 5252 -prefMapHandle 4244 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {66206fbf-f67b-4ca2-9ed5-f858efbf49d6} 2148 "\\.\pipe\gecko-crash-server-pipe.2148" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5288 -childID 4 -isForBrowser -prefsHandle 5420 -prefMapHandle 5424 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c2ca4f2-5be9-4f52-98be-ad9eddddc055} 2148 "\\.\pipe\gecko-crash-server-pipe.2148" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5600 -childID 5 -isForBrowser -prefsHandle 5608 -prefMapHandle 5616 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4b9789b-40eb-4216-90ca-9fdc075e3719} 2148 "\\.\pipe\gecko-crash-server-pipe.2148" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5488 -childID 6 -isForBrowser -prefsHandle 2784 -prefMapHandle 5784 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5efc1cbf-d090-4de0-9994-0b0e96b66c1e} 2148 "\\.\pipe\gecko-crash-server-pipe.2148" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3876 -childID 7 -isForBrowser -prefsHandle 440 -prefMapHandle 5188 -prefsLen 28059 -prefMapSize 244658 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {abbf4264-50cc-4c15-9bb9-ea626e697b6d} 2148 "\\.\pipe\gecko-crash-server-pipe.2148" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6420 -childID 8 -isForBrowser -prefsHandle 5336 -prefMapHandle 6404 -prefsLen 28059 -prefMapSize 244658 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e213dcf5-8d5d-4466-9ef1-de15a1e21503} 2148 "\\.\pipe\gecko-crash-server-pipe.2148" tab
C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstaller.exe
"C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstaller.exe" -ServerName:App.AppX9rwyqtrq9gw3wnmrap9a412nsc7145qh.mca
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "C:\Users\Admin\AppData\Local\Temp\072024-16062-01.dmp"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffb8d2b3cb8,0x7ffb8d2b3cc8,0x7ffb8d2b3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,5775578544236434113,11081152158573201650,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,5775578544236434113,11081152158573201650,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,5775578544236434113,11081152158573201650,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5775578544236434113,11081152158573201650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5775578544236434113,11081152158573201650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5775578544236434113,11081152158573201650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,5775578544236434113,11081152158573201650,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 /prefetch:8
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,5775578544236434113,11081152158573201650,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,5775578544236434113,11081152158573201650,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 /prefetch:8
C:\Program Files\Microsoft Office\root\Office16\Winword.exe
"C:\Program Files\Microsoft Office\root\Office16\Winword.exe" /n "C:\Users\Admin\Downloads\072024-16062-01.dmp"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5775578544236434113,11081152158573201650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5775578544236434113,11081152158573201650,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| N/A | 127.0.0.1:49800 | tcp | |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | udp |
| GB | 143.204.72.186:443 | www.mozilla.org | tcp |
| N/A | 127.0.0.1:49808 | tcp | |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | udp |
| NL | 142.250.179.174:443 | redirector.gvt1.com | tcp |
| NL | 2.18.121.73:80 | a19.dscg10.akamai.net | tcp |
| NL | 142.250.179.174:443 | redirector.gvt1.com | udp |
| GB | 74.125.175.38:443 | r1.sn-aigzrnsr.gvt1.com | tcp |
| GB | 74.125.175.38:443 | r1.sn-aigzrnsr.gvt1.com | udp |
| IE | 52.142.124.215:443 | duckduckgo.com | tcp |
| IE | 52.142.124.215:443 | duckduckgo.com | tcp |
| IE | 52.142.124.215:443 | duckduckgo.com | tcp |
| IE | 20.223.54.233:443 | links.duckduckgo.com | tcp |
| IE | 20.223.54.233:443 | links.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| IE | 52.142.124.215:443 | duckduckgo.com | tcp |
| IE | 52.142.124.215:443 | duckduckgo.com | tcp |
| IE | 52.142.124.215:443 | duckduckgo.com | tcp |
| IE | 52.142.124.215:443 | duckduckgo.com | tcp |
| IE | 52.142.124.215:443 | duckduckgo.com | tcp |
| IE | 52.142.124.215:443 | duckduckgo.com | tcp |
| FR | 23.40.113.186:443 | learn.microsoft.com | tcp |
| FR | 23.40.113.186:443 | learn.microsoft.com | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| IE | 99.81.249.111:443 | dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com | tcp |
| US | 52.182.141.63:443 | onedscolprdcus01.centralus.cloudapp.azure.com | tcp |
| US | 52.182.141.63:443 | onedscolprdcus01.centralus.cloudapp.azure.com | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| NL | 184.30.248.9:443 | e87.dspg.akamaiedge.net | tcp |
| NL | 184.30.248.9:443 | e87.dspg.akamaiedge.net | tcp |
| NL | 184.30.250.29:443 | store-images.microsoft.com | tcp |
| US | 152.199.19.161:443 | cs9.wpc.v0cdn.net | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| GB | 2.17.6.114:443 | aka.ms | tcp |
| GB | 2.17.6.114:443 | aka.ms | tcp |
| US | 199.232.214.172:443 | fg.microsoft.map.fastly.net | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | onedscolprdaus03.australiasoutheast.cloudapp.azure.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 240.76.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 3b47000d7f29464297e8205f4319b466 |
| SHA1 | 14d28e46333e235d26c493e52dba46c453e29d43 |
| SHA256 | 1772e8090a1f7a4d55ace89d43daaca932949c1dea05f539007a77aa5bdd9779 |
| SHA512 | 6fcf7e28062868d0bd9eed3a498e644bdc6df1b7095c3fac71273be1aae480ddb369538ace4ce717f77d669250e05ed6413565ae181f3f2a5a5a17e6ff54454f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\datareporting\glean\pending_pings\c4b97571-1c3a-4059-94b3-08840bdd83d4
| MD5 | 5a8c6671e26b84f2238f8227384112ec |
| SHA1 | a5e9b6a159fcf80e4b7125adb2d96b4f273a1351 |
| SHA256 | d80096c00c4f4ae0e99897322d6bb1b548f62af76719f36b9ba7bbe6dc957985 |
| SHA512 | 1e860d2238ae1a12289de103ee3594fe27cd05a7561ba93ea53f284d1b16dfb7a24ec2f3951240df6e14642014a8dceb08d5bc4617871402bb66946890c8f9f8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 86428554845b84a2e9c9605018a2c7fb |
| SHA1 | e17dca53ecb3919bdfeee2ba3c97443cf1b92dec |
| SHA256 | 4dec10876dc868e48ff8df1200a8f79c0a46a7847e634a3b26260f476fe74f29 |
| SHA512 | bba3bf637d595cc2469ac7d9fff496b425337aaf9a3eafc429d4fd9759a858a207a1cc8d2b15a30b9a48a73790f5adc32c19b12175ff1c217a282fa24623dd8e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\datareporting\glean\pending_pings\aa49e004-78a4-4164-95ae-8316bbcf6529
| MD5 | 0542ed61615e9f00aefae4d452016cb2 |
| SHA1 | f9c4e5037a757fa664fc3834bbf93de987f8c6c5 |
| SHA256 | 42059f032de932e1c985090d101cbfef0291489d2ab479275d8769fe41a269dc |
| SHA512 | 7593bfb47a15399140828146b1109942f2d8a6a58ce3353f1d384c333d09743e04019f7be7575ecbd5b8dd40fd05d47d610a150055fe8fa7c0592030ae3c43ee |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\datareporting\glean\pending_pings\1e5dd52b-ca1f-46a0-810c-7b9728574630
| MD5 | dae02d1cc95e3a5ca8780aef89efa92d |
| SHA1 | 499caa9e53d2575c22ddbc989be84c4ce52e8bc7 |
| SHA256 | 0263a667bd0eb9b2372bd1af86ca110a35dc00f3250e27233b43f90dd75b1263 |
| SHA512 | e119c5fc3181cf5f644b0cd2c8789b0ded4359e7624b63568c60107f6f602254f0bd41572e27392a29f6eb939095e9f4a1fb15f2e26acfb8a0337ec7e494347c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 95c90c9696efa9544bbc35057326cbe5 |
| SHA1 | 406bda1baaccf4eec45c80a2572107712d4c8ca7 |
| SHA256 | 535101f706135b953bddf2363d83db13c5e11008b3cc91ae77c5e82c4b01708f |
| SHA512 | 8aa1fef601d191cc21e7207c0d31f0c59a482c86d3690d57dfb2e926c3583c22234eacc3707d0f497c95c2b23b68f62cddef81cccff8401a3b62384b88082f05 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | bc539f1d99fefb86ba355a028379d503 |
| SHA1 | db9e742a6cb67df624ea602b000ba260f4416ae3 |
| SHA256 | f47fd977d0c08c6baf80f9deeb5f5c89ccd646cba67f00fb063acdfc0dc4c014 |
| SHA512 | e5493f6ae8f6e47c400d1c31ba509178e02c318d5d1fe4ff719d9d6cbb0c8b761f643acd19b698cf9237007dd4f90a8534be78f529a1a54a2448059e3624817c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\AlternateServices.bin
| MD5 | ada227e6fc584fa4262bbed44d95c358 |
| SHA1 | 96cc77e2220dc2fe82b4b90d88d32f1faccdf546 |
| SHA256 | 468a9f73acd4bede4e8c29d5efb1601149d2fc7f79b3ecbf4c903d5557ce4ac3 |
| SHA512 | a83d5ab90336d423bd1a85980cff832d740e54d9e294b63080aca41c5baa7267ff7dff687e503ceb07570efbdd567f26efdd9486642e9317e670924ccd23ca90 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\prefs.js
| MD5 | 8180356c9ccf056167e1f8575315c6df |
| SHA1 | 512246544e04d50f709e99bc1cd477a14697774f |
| SHA256 | 6727c73464f71cef4045dd085aefd8a5b76eff79ebc0cb9fbe59e3903a005ade |
| SHA512 | 9440e04370af1811a4575a7025bf5fe363577d7bf60ae963c51bb10a6ebfbe158abaf9b922550014583ab182736effe282983f27e709a4cb1921612e03570f28 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\AlternateServices.bin
| MD5 | fd412ddb96a62e0fef737a4546bdc3d3 |
| SHA1 | a8401cd9213ff1234dc2914aedca25f09adc8f14 |
| SHA256 | 572499d7bf7adcb1296f02ae21c8e718fa2c4380276b018109ee02c1c47bdefb |
| SHA512 | 540ae9fe282eea1ee39dbcd7286f17aaae6d5370c876f87b7b250edd9d8791fdec24e59ea44c7f46f432fa5e9ba0a4b6f8db45e480e70fe5c31fcfd462225c76 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | c174b8cd9f36483246a0eb0a94bef80d |
| SHA1 | 794fc1bfc2a9cc25b7b3bb1c06ce5201dacb75dc |
| SHA256 | b0b8301c52bb9005d2637f55431dfbeede9ed43788fcc9a5623b3b46af704603 |
| SHA512 | b36b8aa5ba0d0f65d6947a18063489fca90e443381cdeae622a5791e021473ee542e266f0d4324c45b164ae2bcabf00ebcb1c2f5387a30becded1f7f44443cfa |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 5ed538b150f99027258dbd061f97c615 |
| SHA1 | 2ef68ecbe19108902a78cbc7307f1322a27fc3b7 |
| SHA256 | b1c86313e5778fa0f047b1b22f6dc271ec4469a892c20b1d1aebee1d233eecce |
| SHA512 | 2783bdc799a1b898538d6d8d7b71cb15d6fe738c1a2e6d9b7501fc531f72707b350d1780dc1165239516fb3e542cd123088405316f30dfa21f03301c08ee8f29 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\prefs.js
| MD5 | 6e1c270e74a1794a7afba2c0d267e0cf |
| SHA1 | a2cfc54bc089a7d5ba3488afaafd527f9fff6715 |
| SHA256 | 93a96101378e64df0159ba0e733dcbdbdb47f224c3e6e0e3e7e0052e6e56b963 |
| SHA512 | 29fb6abb7a9643b848df9c4010854048659a93d96389395a8087502c27887ba2b2a72abe178e4e394799a3b0b676b9b684acc683972a92516b33c063b7591bf5 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\AlternateServices.bin
| MD5 | 9609dbe026a10c59f42378822618b859 |
| SHA1 | 61576563cd4e914feb6818936fcdd2282d35c88f |
| SHA256 | 6ba44b81f0fc3c39214f903a27e4dd0b3422119e2d5c9fb653d4b498795772e0 |
| SHA512 | a8d543c7fb6b2044d6bcb0e499e612fc6a6e7939bbbe3062633e0ed4afc26b6208bb304cea6524e86ecf547a9d5799d2a2f3af22172f8fba1ec1d69b8413aaab |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\prefs.js
| MD5 | 5dd9b68932b54bdeaa5cebea1a89e7f1 |
| SHA1 | 67c166300bf88a0ce4fa998f123e2f44b3d5b1a2 |
| SHA256 | 3f9b79d748d1b0db39fe2072a6f2dc3c0779b522010809590dee32d45e5b1650 |
| SHA512 | 1df5c0f3bd0c756b77701e3ec678d4555351ed4265d32f12d124f40a558a0c54386b3494c583c9dd756598e3dbb435ca8b1f5562e04c649b885cdaf737a53071 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\sessionstore-backups\recovery.baklz4
| MD5 | c0a0db135eafae8256ce9c773a733b41 |
| SHA1 | a0c9e82b1ab1613101063bcfa6458b9bf60cf28e |
| SHA256 | 1c0e516e6c487e2667031188631ffca17896ec381ebbb53478861d752e0446da |
| SHA512 | 4bff9f1f1187a1449de3629b947efad76095437158e9e86ba412ea23f7f57a002b6571bcc182b31bab53288fa5e4ced1b90bdd905d755d77eb5beebf26805951 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 6d52c401a7f947b823eef80c87cda911 |
| SHA1 | 312c9fa8c0bf093b1bbe87bc0cd64152df2eebdb |
| SHA256 | 72dffafa3f5c48d385e593648144ad96cacc8eb91cd6490676a5418f55dfcdf9 |
| SHA512 | c63dc86edf2c258561fcb6a79ef0472038efc58f7e972350399221def4cfc9f31a9ad9de2253e78cb49395a9d9ca74d27f7a5c51a821bca0b31070a0b1703427 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 4dddb3eae1a10a2535195eb3d8ab9aa1 |
| SHA1 | e9aa78b687fdddbb859a1d5d7bedbfc0b67f4f2a |
| SHA256 | 0494e2c8e95f1a3f1cd14ac67569d9d0aaee33444e1339b3acd36ad960360a28 |
| SHA512 | dc3758f21904486e724c8176f3fe23171103e23c3fa1806c9f6e02f47c2b1db8e311d7560cfa9af286096219a4b963eae63940fcf86816388752f38528356faa |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 4c4cd93d04cd5067e58ea54475df8957 |
| SHA1 | 828e099fd8e882771df346e78ffee4c73f6886bd |
| SHA256 | 6642e9bc85bd680146155e97c72b6b3a5d6b606973c910e6016d113e486f476b |
| SHA512 | 057d072b9d59233ad04c3cfffbac2c32fb5a4c810b8415730dccff86e31075650003e7b810b4459e84debc918ec5ef031c8860b6b0a993d94fa25177af591d33 |
C:\Users\Admin\Downloads\ZqymOodT.appinstaller.part
| MD5 | 980328ec53fcc012297b5c319127f18f |
| SHA1 | 395b2b8c2d23c7899424c492fbeecb47e6aa0dad |
| SHA256 | 9c28769af133e803a0eadeb5e4aea11175565b7683158d4eb0eae09e045d2366 |
| SHA512 | d7dd87541f353327176fea3d3b5537f218687eec71984a1f2b9e6a0731843cc15422ce0428daa6747d9770f145a1cb8b80cb71168a1b393345117e5229ddb488 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt
| MD5 | d3845f0c47b365ab22c51b61d9ac7a8c |
| SHA1 | 71ddcd1e028668dca6d0d8559b938357e27550b7 |
| SHA256 | 636664cd8513f4575030c305f4346c7cc38f13cd0ee208dc277d1f59b44c908f |
| SHA512 | e4b87271eda4381072f14a7e4df3ac7d22fc7045c7365d68a884f63aad8f211681f6b06648cdfaed0b5c430d5a616d79b20d181ade9d692c8d26e643f943fc3e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\cache2\entries\9E7B880506D3A55EF558F6C8E05E8499749209A1
| MD5 | bf36b3db308f3a036c3cc23bff77268f |
| SHA1 | 20ef86804d945eb74dd710254c6de8af88cc16d8 |
| SHA256 | 6abbbe3510b157b330d9cd1ff4aa4b0e146adeccaecd7a8560502dd9b04a4233 |
| SHA512 | 2ba6aa3481bff5f51f30bfb8c4c712e6b84f47bbc41f2833404b86ad0d516dbccc3a3ace9eaf4322af0e396fa23fcbe75db17d28c9df2cf53d495a33c2f5c5f2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 93c52e1b598b4a8687b978bf4bb182fd |
| SHA1 | 02d675357ac136676a1c29edf39b5fbcd70f66a6 |
| SHA256 | 9e82582238d7ee7c0deade27ffc67d70f21c0188c9677aad3dccd85a906db100 |
| SHA512 | 603b1903e227f27a661f379e315658b26f23709a2e366ce0c3491e9a6cb8a3a2b1e563b7c791b4c92a2964bbb657d422ef6568467983a50adfbd8772faad11bc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\prefs.js
| MD5 | 543a92bd4ba76027084459f9d87c11de |
| SHA1 | d54296b41f5bf0a0aef8c9fb34a297930d316b99 |
| SHA256 | e314e677ff4040830c65a77fde94034a1e845675fbfbf33b9f070e80613f700d |
| SHA512 | 5e095bcab5e0ea81fa0fcf700dcf6d6be6fc3cbde82191ba24bf5ddc1a17b40e8e3d1e63e7713101acb6452d8e21204feabf408dfefe93b243d6e77334137f6a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e8115549491cca16e7bfdfec9db7f89a |
| SHA1 | d1eb5c8263cbe146cd88953bb9886c3aeb262742 |
| SHA256 | dfa9a8b54936607a5250bec0ed3e2a24f96f4929ca550115a91d0d5d68e4d08e |
| SHA512 | 851207c15de3531bd230baf02a8a96550b81649ccbdd44ad74875d97a700271ef96e8be6e1c95b2a0119561aee24729cb55c29eb0b3455473688ef9132ed7f54 |
\??\pipe\LOCAL\crashpad_2948_ZSDICXRQNLCSWKFF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3e2612636cf368bc811fdc8db09e037d |
| SHA1 | d69e34379f97e35083f4c4ea1249e6f1a5f51d56 |
| SHA256 | 2eecaacf3f2582e202689a16b0ac1715c628d32f54261671cf67ba6abbf6c9f9 |
| SHA512 | b3cc3bf967d014f522e6811448c4792eed730e72547f83eb4974e832e958deb7e7f4c3ce8e0ed6f9c110525d0b12f7fe7ab80a914c2fe492e1f2d321ef47f96d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | aa0d6bdce9de858d0ad865cc924d6b16 |
| SHA1 | 2eb25b6533ef7139272e6f4db7257e84d654c0ea |
| SHA256 | 9bc7fc9baf01830782cebfa51057440fe9c3d2eb0dcb90ede3c422ca938e8ab2 |
| SHA512 | cb03539852bc37d308614f2f0cf6b524f708d012fa9ef0271d869da35b2db5156fa490cfcf5017d359f85da205f07bee1bc2e099fe83a8bd2e499bf5fbca9f35 |
C:\Users\Admin\Downloads\072024-16062-01.dmp
| MD5 | d6601f10232ed4d487c17e865db6862f |
| SHA1 | 2146142b11f111fa39d53a94073789e792407a68 |
| SHA256 | f8a694140fa6c898372decc3ae4465e6466658940db28070a52573cfae47174b |
| SHA512 | 81b9ad1cd84a5edbc41ce69c1c1df8ebc5a08e0b73ae18fca9b0936c453dc541fa60e84d30875ae3abcd8cc3569d77638b5070555c761345d2d99166ffa8d80e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
memory/3872-995-0x00007FFB5E750000-0x00007FFB5E760000-memory.dmp
memory/3872-994-0x00007FFB5E750000-0x00007FFB5E760000-memory.dmp
memory/3872-993-0x00007FFB5E750000-0x00007FFB5E760000-memory.dmp
memory/3872-992-0x00007FFB5E750000-0x00007FFB5E760000-memory.dmp
memory/3872-996-0x00007FFB5E750000-0x00007FFB5E760000-memory.dmp
memory/3872-997-0x00007FFB5BF30000-0x00007FFB5BF40000-memory.dmp
memory/3872-998-0x00007FFB5BF30000-0x00007FFB5BF40000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 49457829e458d37be3219a66e89b4363 |
| SHA1 | 58bf900598cbab15658124eae2cf71843c1c248d |
| SHA256 | a06c7f0ce72101f6cbe6ecd73271e77937e30f0e6fb9874dfe7cfc8cb95bec5b |
| SHA512 | da1d53e58386743486fd8136fd6fe7fca46e01ceb5f7a6ef322084e0b02b93705aad28e24369cf3b52134430e02d0d03fdaa2a95ca707ca4744d9836615c7cfd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 87481d32aa882e64cc94be539671eec6 |
| SHA1 | 42e6f75e6aac75af7c21ab9c9de08ee4113b03f4 |
| SHA256 | a46e47751c00be5e0f9bea2cb78de3e88b22bd491465e04e7fb7fadda962a2ac |
| SHA512 | f3c51377af1c8347313055693090446c4dcccddabb24922c502a55e5b8e8721c6fc9b16c3a874b7bc5da3038d5e1863ca8aa23373084f3f681ac815ac4580ff5 |
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
| MD5 | 2f67ccb99e7453874fd350a9b692c382 |
| SHA1 | 72c03cd804431663a09f64af2e3b6cf651e3f2c2 |
| SHA256 | 8d8b00fb608776604428732d5f567631dddfbd1e1bc797f69a349b1e5f0d055b |
| SHA512 | 58c4f4b2a3a0e14a377a49265cc71e5a76bb127d505dddf2d7df14af187e67fa4752d26b9be1ff2ca007b9c8b735d0799040010f6b129959a453042489120a3b |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
| MD5 | 1c2b1c2e69e5562c81b0a144844ea7ed |
| SHA1 | 874355bbfef04bfd2b4b1d00f5b99d6208192014 |
| SHA256 | b380f3f32622117115036445fa9007be55db81427e98775391860b66b1b150cf |
| SHA512 | 0cb5a0e9d1c87d99862ccb01567754e8fd71b1dd451da4c0b4a8842c5102df22f046e51d600b53424c2d20ef1950b5c316b80cc167b66b23c3667489114b0cf2 |