locky | 0537fa38b88755f39df1cd774b907ec759dacab2388dc0109f4db9f0e9d191a0

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
15-09-2024 22:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Locky.exe
Size

180KB
MD5

b06d9dd17c69ed2ae75d9e40b2631b42
SHA1

b606aaa402bfe4a15ef80165e964d384f25564e4
SHA256

bc98c8b22461a2c2631b2feec399208fdc4ecd1cd2229066c2f385caa958daa3
SHA512

8e54aca4feb51611142c1f2bf303200113604013c2603eea22d72d00297cb1cb40a2ef11f5129989cd14f90e495db79bffd15bd6282ff564c4af7975b1610c1c
SSDEEP

3072:gzWgfLlUc7CIJ1tkZaQyjhOosc8MKi6KDXnLCtyAR0u1cZ86:gdLl4wkZa/UDiD7ukst1H6

Score

10^/10

locky discovery ransomware

Malware Config

Signatures

Locky
Ransomware strain released in 2016, with advanced features like anti-analysis.
ransomware locky
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

Locky.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Locky.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Locky.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 22 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exefirefox.exefirefox.exetaskmgr.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 15 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exemsedge.exemsedge.exemsedge.exechrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133709120422881768"	chrome.exe

Modifies registry class 3 IoCs

Processes:

msedge.exefirefox.exefirefox.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2392887640-1187051047-2909758433-1000\{18935434-53DE-464C-AE4E-B16FA17F3434}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 47 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exechrome.exeidentity_helper.exemsedge.exetaskmgr.exemsedge.exemsedge.exechrome.exe

pid	process
208	msedge.exe
208	msedge.exe
920	msedge.exe
920	msedge.exe
8	identity_helper.exe
8	identity_helper.exe
4388	msedge.exe
4388	msedge.exe
4012	msedge.exe
4012	msedge.exe
4328	chrome.exe
4328	chrome.exe
5576	identity_helper.exe
5576	identity_helper.exe
7056	msedge.exe
7056	msedge.exe
5620	taskmgr.exe
5620	taskmgr.exe
5620	taskmgr.exe
5620	taskmgr.exe
5620	taskmgr.exe
5620	taskmgr.exe
5620	taskmgr.exe
5620	taskmgr.exe
5620	taskmgr.exe
5620	taskmgr.exe
5620	taskmgr.exe
5620	taskmgr.exe
5620	taskmgr.exe
5620	taskmgr.exe
5620	taskmgr.exe
5620	taskmgr.exe
5620	taskmgr.exe
5620	taskmgr.exe
5620	taskmgr.exe
5620	taskmgr.exe
5620	taskmgr.exe
5620	taskmgr.exe
5620	taskmgr.exe
5620	taskmgr.exe
5620	taskmgr.exe
3320	msedge.exe
3320	msedge.exe
6380	msedge.exe
6380	msedge.exe
5908	chrome.exe
5908	chrome.exe

Suspicious behavior: LoadsDriver 6 IoCs

Processes:

pid

4
4
4
4
4
656

pid
4
4
4
4
4
656

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs

Processes:

msedge.exemsedge.exechrome.exemsedge.exechrome.exe

pid	process
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
4012	msedge.exe
4012	msedge.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
6380	msedge.exe
6380	msedge.exe
5908	chrome.exe
5908	chrome.exe
5908	chrome.exe
6380	msedge.exe
6380	msedge.exe
5908	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exetaskmgr.exe

description	pid	process
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeDebugPrivilege	5620	taskmgr.exe
Token: SeSystemProfilePrivilege	5620	taskmgr.exe
Token: SeCreateGlobalPrivilege	5620	taskmgr.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe
Token: SeCreatePagefilePrivilege	4328	chrome.exe
Token: SeShutdownPrivilege	4328	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exemsedge.exechrome.exe

pid	process
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

msedge.exemsedge.exechrome.exe

pid	process
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe
4328	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

firefox.exefirefox.exe

pid process

5296 firefox.exe
5992 firefox.exe

pid	process
5296	firefox.exe
5992	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 920 wrote to memory of 2732	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 2732	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 5008	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 5008	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 5008	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 5008	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 5008	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 5008	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 5008	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 5008	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 5008	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 5008	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 5008	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 5008	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 5008	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 5008	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 5008	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 5008	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 5008	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 5008	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 5008	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 5008	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 5008	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 5008	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 5008	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 5008	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 5008	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 5008	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 5008	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 5008	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 5008	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 5008	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 5008	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 5008	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 5008	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 5008	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 5008	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 5008	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 5008	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 5008	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 5008	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 5008	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 208	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 208	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 1516	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 1516	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 1516	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 1516	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 1516	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 1516	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 1516	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 1516	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 1516	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 1516	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 1516	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 1516	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 1516	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 1516	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 1516	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 1516	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 1516	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 1516	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 1516	920	msedge.exe	msedge.exe
PID 920 wrote to memory of 1516	920	msedge.exe	msedge.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Locky.exe
"C:\Users\Admin\AppData\Local\Temp\Locky.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7fff545a46f8,0x7fff545a4708,0x7fff545a4718
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,12335622656998278032,7636266281885826617,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,12335622656998278032,7636266281885826617,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,12335622656998278032,7636266281885826617,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12335622656998278032,7636266281885826617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12335622656998278032,7636266281885826617,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12335622656998278032,7636266281885826617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12335622656998278032,7636266281885826617,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,12335622656998278032,7636266281885826617,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4724 /prefetch:8
  2⤵
  PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,12335622656998278032,7636266281885826617,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4724 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:8

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff545a46f8,0x7fff545a4708,0x7fff545a4718
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,18385633281909584701,16057270249340601445,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,18385633281909584701,16057270249340601445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,18385633281909584701,16057270249340601445,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
  2⤵
  PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18385633281909584701,16057270249340601445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18385633281909584701,16057270249340601445,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18385633281909584701,16057270249340601445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:5580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18385633281909584701,16057270249340601445,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:5592
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,18385633281909584701,16057270249340601445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4156 /prefetch:8
  2⤵
  PID:5268
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,18385633281909584701,16057270249340601445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4156 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18385633281909584701,16057270249340601445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3892 /prefetch:1
  2⤵
  PID:6484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18385633281909584701,16057270249340601445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1
  2⤵
  PID:6792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2120,18385633281909584701,16057270249340601445,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5552 /prefetch:8
  2⤵
  PID:7048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2120,18385633281909584701,16057270249340601445,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5564 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:7056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18385633281909584701,16057270249340601445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:1
  2⤵
  PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18385633281909584701,16057270249340601445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2708 /prefetch:1
  2⤵
  PID:6956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18385633281909584701,16057270249340601445,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2064 /prefetch:1
  2⤵
  PID:6952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18385633281909584701,16057270249340601445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:6748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18385633281909584701,16057270249340601445,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3804 /prefetch:1
  2⤵
  PID:7144

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4588

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff528ecc40,0x7fff528ecc4c,0x7fff528ecc58
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1900,i,12650205066509029700,7146887701164395399,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1968,i,12650205066509029700,7146887701164395399,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1984 /prefetch:3
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2304,i,12650205066509029700,7146887701164395399,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1748 /prefetch:8
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,12650205066509029700,7146887701164395399,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3276,i,12650205066509029700,7146887701164395399,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4480,i,12650205066509029700,7146887701164395399,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:5316

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5208

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5268
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:5296
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2012 -parentBuildID 20240401114208 -prefsHandle 1928 -prefMapHandle 1920 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {205e137f-a9bf-43c1-a1a1-fa750d7cf33a} 5296 "\\.\pipe\gecko-crash-server-pipe.5296" gpu
    3⤵
    PID:5532
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2424 -parentBuildID 20240401114208 -prefsHandle 2400 -prefMapHandle 2396 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b2fb9f1-4873-439e-ad0c-6d37655c836f} 5296 "\\.\pipe\gecko-crash-server-pipe.5296" socket
    3⤵
    - Checks processor information in registry
    PID:5712
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3376 -childID 1 -isForBrowser -prefsHandle 3368 -prefMapHandle 3124 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {36ead001-24b9-4fde-a8fe-b532e43e40da} 5296 "\\.\pipe\gecko-crash-server-pipe.5296" tab
    3⤵
    PID:6044
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3536 -childID 2 -isForBrowser -prefsHandle 3552 -prefMapHandle 3560 -prefsLen 21809 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4bf5418c-590f-4c60-82be-9b16f6bd965a} 5296 "\\.\pipe\gecko-crash-server-pipe.5296" tab
    3⤵
    PID:6012
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3716 -childID 3 -isForBrowser -prefsHandle 3216 -prefMapHandle 3220 -prefsLen 21809 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {423824d1-d708-42a9-bba4-a01fc3a55489} 5296 "\\.\pipe\gecko-crash-server-pipe.5296" tab
    3⤵
    PID:6128
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3244 -childID 4 -isForBrowser -prefsHandle 3852 -prefMapHandle 3856 -prefsLen 21809 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c0a97158-4ea4-4e7d-9130-ec2f6a67717a} 5296 "\\.\pipe\gecko-crash-server-pipe.5296" tab
    3⤵
    PID:5332
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5052 -childID 5 -isForBrowser -prefsHandle 5004 -prefMapHandle 4996 -prefsLen 30256 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e916803-5a04-4b65-a1e2-66ce98b3cfb3} 5296 "\\.\pipe\gecko-crash-server-pipe.5296" tab
    3⤵
    PID:1604
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5380 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 5584 -prefMapHandle 5580 -prefsLen 30256 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b862943-492c-4dfa-ba9c-33b484cd5b1b} 5296 "\\.\pipe\gecko-crash-server-pipe.5296" utility
    3⤵
    - Checks processor information in registry
    PID:4944

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
1⤵
PID:6184

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5620

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x320 0x304
1⤵
PID:4560

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
PID:5448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:6380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff545a46f8,0x7fff545a4708,0x7fff545a4718
  2⤵
  PID:6652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,12756573220302470426,6603526218885488250,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,12756573220302470426,6603526218885488250,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,12756573220302470426,6603526218885488250,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3012 /prefetch:8
  2⤵
  PID:6428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12756573220302470426,6603526218885488250,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:7036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12756573220302470426,6603526218885488250,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:5508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12756573220302470426,6603526218885488250,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12756573220302470426,6603526218885488250,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:1316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5584

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:5908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff528ecc40,0x7fff528ecc4c,0x7fff528ecc58
  2⤵
  PID:5912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2004,i,17340581774853276782,4546052022128659697,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2000 /prefetch:2
  2⤵
  PID:5132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1828,i,17340581774853276782,4546052022128659697,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2120 /prefetch:3
  2⤵
  PID:7128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,17340581774853276782,4546052022128659697,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2332 /prefetch:8
  2⤵
  PID:5608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,17340581774853276782,4546052022128659697,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:6960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3188,i,17340581774853276782,4546052022128659697,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:6976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4420,i,17340581774853276782,4546052022128659697,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4404 /prefetch:1
  2⤵
  PID:5220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4736,i,17340581774853276782,4546052022128659697,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4744 /prefetch:8
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4792,i,17340581774853276782,4546052022128659697,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4744 /prefetch:8
  2⤵
  PID:1456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5052,i,17340581774853276782,4546052022128659697,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:5408

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5184

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3620

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:7048
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:5992
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2036 -parentBuildID 20240401114208 -prefsHandle 1964 -prefMapHandle 1956 -prefsLen 24521 -prefMapSize 244938 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e24521ef-cef5-41aa-b57e-7a11370c2b54} 5992 "\\.\pipe\gecko-crash-server-pipe.5992" gpu
    3⤵
    PID:5904
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2444 -parentBuildID 20240401114208 -prefsHandle 2436 -prefMapHandle 2432 -prefsLen 24557 -prefMapSize 244938 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3d2f502-9d2b-4021-aa4c-d6e11825e386} 5992 "\\.\pipe\gecko-crash-server-pipe.5992" socket
    3⤵
    PID:6056
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2992 -childID 1 -isForBrowser -prefsHandle 3184 -prefMapHandle 3200 -prefsLen 24698 -prefMapSize 244938 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {36487424-b6a3-4238-acb1-958a08b4d99e} 5992 "\\.\pipe\gecko-crash-server-pipe.5992" tab
    3⤵
    PID:2444
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4004 -childID 2 -isForBrowser -prefsHandle 3996 -prefMapHandle 3980 -prefsLen 29931 -prefMapSize 244938 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ffe3d23-5831-42f5-9b84-24697a9d0cfe} 5992 "\\.\pipe\gecko-crash-server-pipe.5992" tab
    3⤵
    PID:2884
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4708 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4672 -prefMapHandle 4688 -prefsLen 29985 -prefMapSize 244938 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d8dd92f-a2ba-46b9-b971-44b914de36da} 5992 "\\.\pipe\gecko-crash-server-pipe.5992" utility
    3⤵
    - Checks processor information in registry
    PID:4692
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5136 -childID 3 -isForBrowser -prefsHandle 5132 -prefMapHandle 5128 -prefsLen 27460 -prefMapSize 244938 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eec804c5-9458-4f68-9602-1966b195339f} 5992 "\\.\pipe\gecko-crash-server-pipe.5992" tab
    3⤵
    PID:5656
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5272 -childID 4 -isForBrowser -prefsHandle 5276 -prefMapHandle 5280 -prefsLen 27460 -prefMapSize 244938 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6bfa16f8-c159-46a9-8f83-a1b1a3a40a44} 5992 "\\.\pipe\gecko-crash-server-pipe.5992" tab
    3⤵
    PID:3292
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5456 -childID 5 -isForBrowser -prefsHandle 5464 -prefMapHandle 5468 -prefsLen 27460 -prefMapSize 244938 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {78789caa-0dc9-4228-87ac-eefd24618e60} 5992 "\\.\pipe\gecko-crash-server-pipe.5992" tab
    3⤵
    PID:5180
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5908 -childID 6 -isForBrowser -prefsHandle 5900 -prefMapHandle 5896 -prefsLen 27460 -prefMapSize 244938 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {88e5dac4-0b9a-4e43-90c2-13795a6354a9} 5992 "\\.\pipe\gecko-crash-server-pipe.5992" tab
    3⤵
    PID:3148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
4b1b9a525f813b0b50fb768a91122eb0

SHA1
57a0788d952a0f50652f836ea7a687d3d6956b7f

SHA256
25c3fa80556d205f3e16606118b663d7a465dea6ec1f0e80d11146fa174a1617

SHA512
4973fd4728896dbdddff55f07ba80c038f0af11fc1e6e373272d291a079aea5dda09b17731d9a935c30544e65e2a9a92bcdcf457162e311399864bf185a2d0ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\7affdbc0-fa30-4bb3-a86c-68f203fbf587.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
374c099f583ef02fef6398f857d5db98

SHA1
b65fcf0a727befb2e30600d420bff90cf53d9b7a

SHA256
b3193ec066fc341330399f3aa5077f7c3f599408e8c80169b086f9e0e983cc52

SHA512
53f2ef3fa5b3a6d71875287c793637c8f630edef59b29c0a2e8ef2abc7a83f357283c92b762f59395f4a91a1f9f2ebac5e09a1cd91c5a3dbaa85487679946092

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
907b42a63ea5aa24ede3ab42f5e675db

SHA1
005570440cbc46c66cb9e22a36d514381d4e1785

SHA256
b5884e664f714fba0c40c1cde09ceb0bae3c2557a6affcfa42f4bc208b8c563f

SHA512
e94b08f5a81fa6597f09096b079186e7969e23c72dfe1f7f67d3d6ae4d7d78f4c3b2a1c4e14fc1d0035c60229b399a035bdc4b8649abb537c1bfe0584a111001

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
6c121b47a41bd180e773b9b6c7f6092e

SHA1
97c9c4c5aa0e9bffc41f26bf1a81d84d2b796b43

SHA256
698bad59c5913d74b480dd8f7a013a07eb225e33edbaa29c3110605988552ce0

SHA512
a89d83781d94a5876c3a19ed621cbb6c9958e57cc7ceb97d9232b380acdf1a881e42ea7318a4fb7dc216d4cdeb2068ce17237471a1bdf0b2d18496e61f6634d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
a42e3942d2112156146ef0813ae79307

SHA1
eb3699dc8306a4706061d56a96227da7eb008438

SHA256
0065e936d6d406c09e09dd6fd4c1d5a1b30bb4cc74f82b00a746f8cb0649218a

SHA512
2229cd07aed12f36077c11a01cfc51573554c35302f2f8ad312cb80d07ecc375a2ebe04dd9f6edbcbc28b137bd9999576a32590a6c723fed3c5d2e84959c4828

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
b80773768ad5bcc60d0fc660798f68c1

SHA1
1937964cd26092e28c98d8dba2cbb112d45e50b6

SHA256
7d089cee054372f8982de374643f6333c2fc7694018833c6f4e4a75530d1679a

SHA512
a2f6951d2eb2dc77c2a73432f0e79a2b81dd9be4ca876831a9910103f7ce02d8b45358113e9ef94aa116cba1f8202aa372773cceb37225cedcfe247b0ff92f2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
de4e98ecc9b802279806b9af0836680e

SHA1
30934ffc5e694f25f33cce5c1d8945ea73382ac1

SHA256
5877b89c4e338d5ef3a652971c733471509b29c4b030568c09c557fe2551eedf

SHA512
624661c1dc5985ff685657a2c106698415b99767ec0b06dd454fe938b38aff7064621120c83a6bca901af2cca2a42c7173d33510ae2461c92884ae7f8b30de84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b9806463a061308aaf5b0c4d6616214d

SHA1
6976750c04564c6f859b5b34517a048107be954e

SHA256
705edbb89078e0aecbda6f1a4504fdcd0cca789ff5a10feef0d45ddc37003483

SHA512
a3c4ef61ab8aa9d1547c46671c62fa0ef0ef85f7a9073d75249bfa24920f11e4e0c6842e32107930b718cece4a153f233a420d4af91be53510e9b68d32ca4378

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
166413b1ff75cd70bf857aff342f4fac

SHA1
52ee4833749efa3159530922d9c0b5bbba175948

SHA256
c0978e46afa655fc52a7ac22d2a792fc7f997424db20ea31e013dc2d42b2d79a

SHA512
fe127cca6f95b2e681b802cee2883a64f1674e6d2931cd46f5fcfccbcbe012f05cfa5767fb4949042077d5363046d994b821fa1546e2089b9dd9d3878536fc1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
773648188298bef5b00cade859bf919c

SHA1
8e1ad3833b9819ebac31f18088f8815ed80fbfa9

SHA256
ec875b23918e64fad91f8cbf4bebe4bb78b11e842f497c42d1c460c9a0c70c35

SHA512
2e04c5aabd4c1d555823ac3858816c067b93d44119b76f6ea50d13fba16a3db2e90fbbc49b2d0b1e225d47c3da6eecbe91ea68e6cfeb6b989f23c6b58aaaf82a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f3e330eaf1d8d306e1e3f7a9d4ec51ab

SHA1
4bd8471c8187954674e32ca5b5ebd5cf42ca564a

SHA256
468c469b357bc5478348353467a9c3b1f2dad71ec76b1a6c21983639f6a749e9

SHA512
68296d31eed455b26acc47fb6ce1bad4fe39f286b8b4a10337ba007c36c608208cecd4c3b3bb940063dec04c129bf072e1e8e0db54511469da32d20bbebfa6d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
720ed80a5ccfac7d3e3a5892f0b4e616

SHA1
b0bcff439ebadfcba600ee338268737c0de8e7fd

SHA256
d054bc6fe4b772e46a0f06d973279878744fc3f8c3ef3c469591e3ee75149955

SHA512
0f3f6544db2223409579993a688b776181c49f2718535e988e482d5ee5edfcc4cfe63966b170c50afb84731a2e447d4c140704adc8964357c5215439aef97aa5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1b2f8cfdff748bed11ae40c3a489069a

SHA1
1ea20687642a5e7cdbc6c664c2ed44096061a500

SHA256
13ae11e19f05e154767a4952ce88c8c530a7e93cb4679dd4f329be04fb149d7f

SHA512
05ff7bb1ed3454fddf721a54d2780d8b505fff61f3fc550837473fb12b4f18f05c60b4f1651d4d3674509d3e6ffaf04330e9df7b9bd6165be81f644d0fbc9270

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
68b74d67c783980be4df6250c5e1ede4

SHA1
291629e700f3455c909b2427596e79a935b8f78b

SHA256
26c5cfed62dd5b47ad0ea410228ede99d3fcaeeb4666a6da2312a2031b4368e2

SHA512
b52f0d745bb040ab4003dbaabe20cf42d71ab15389913abc8f3d9fa542d83206ce6606a6e4d617f928bf925d45a70fea03da331acb7e84f7331d13801c89ec62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
eb6954eb0bbf29d529fd121ff5bb9acc

SHA1
dfa7c6920b8148cbeb7455ea770c804221b80217

SHA256
fb624d66cf7954c972866687ae56f9a199a640ab0c27a01bf86bd59f22d692b9

SHA512
fb479c2f256b11c3a6bf66f4e4c84d2281ef0bd41746e633fc6fb81b8cbc668fc3e818aa9ef2426ca4720181fc85f6901420d9ded733095385b82e2a8cc07dea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
208KB

MD5
7308d6be025ef341da795af1455e989b

SHA1
21a519e3fd76f3553c2a4089fda918af0c245b2c

SHA256
072aa223e4b9bff79bacf4c5cd9dc1c9e6affbd9e40b68b60d11e5cc6dfb07b3

SHA512
642fbebc00df5064b965b59c6e0b812323f7c6bbe88ae197da55f250b8feda646babe6692609052d4db25a3001e708eacbc0a7adacfde31eaaf86ad99a72c34c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
d6e63ffa9e3f77b915fd6aef38ad449e

SHA1
ccaafdd0c10a3c95089ad22e4c892a87ff0f34e3

SHA256
591c56e8b4e2eb8a1e70fcf35262e22fb08968ffedd0852e9c5ed0d62067668d

SHA512
257e6f05322c21d6308436783d92aadba205f60896646d473cc678c592c677665cf07c6ffb3cacf20085a8b4708adea688ec88bc4b937dc4001f3a9ea0754bca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
209b0eab288444256d39a576dbfcbf74

SHA1
499c095a7a04fcd51f868be143ca6f0f5bbf4ef1

SHA256
0bb75dbefa4b374da4892ed3a5234206ac2c68417622f5a737f7df17b7e82d62

SHA512
6c5f42d23f0dfa65c8f9f258aa23fbb0a79ff357e4a181ab498eca2a7e747b7822343d100c398f71509748d08d54f68d5593daf3861565c6b296dc70073f087e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e64ebc63ce59ca9ba41a767c4a36cf6e

SHA1
6688cbc503ea39e3a268c96b078feaf622e5a10c

SHA256
9efa0dd8c3e4aaad558325bfdb715d3b9b9b7ad203580a10c7234c61979e632f

SHA512
61545c1e1359a97bbd9fbb16709651ec2777c396e5de51885bdb52612e4d9116f66b81e3c671fb195c965f9b67f7d395afc2cb9aef54a70585cec053b8463c9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8c3ea8a2ac6384035eccf9cc032025a1

SHA1
2a16f6ca3d4862601cd3166cfa96a52ec224ef04

SHA256
68cac89c14cf429fe5f248ea7326b824b37836f0746017c20cc0d60f69c295e2

SHA512
b9abde9ffd977f40fde9903e34347d5ecec8736078d751926f4809451ce66774f478688b6e06325ac182950768ee001763a22e1f5cb287d478f8b73ae1db3fed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
4cb5d8a81d8991d92f280211c8ba2053

SHA1
9634d0eb0383604b21f7a3df5f38687c4c3c83b3

SHA256
c7d60167367de24c67ef37fa875e7b2e78f3a423ca43d653b95b4b85e773be73

SHA512
307268f5b8a5f87f294c84582fc904d4c42f304fbb5807164b3bc783150c4edfc632fd37309aed1c953a50dad10fd1d686b45ff7e4a2d144ae161242c95a6918

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
1182701eb41ca9ea75cfe9ee1ef8b062

SHA1
39fb158cbb09473fa917f59038d8b9b18fe37f6b

SHA256
789b3bedba18990bd856515dd0795b0c87f698967a736480cf25b5e58b625d95

SHA512
f08cabdf3f8c01670d127fae5481c4002f0e0f2a7d22e50f88c00efa42f12b1f87012318be160db6e5c1de549577357002c0780626b202bfbe1dffa4a1d519cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
c538355716a2fbabef74c5399d62007e

SHA1
6e3107a8dc51ba4acfc31ae65b231c17a5107054

SHA256
8a5ce5d6e82d0422a0fa1b6dc49add95d1b35862eb2b8dd781fa9ff0ce40b1a5

SHA512
e29fcc44c4d171b69b1b319fede6deb60744941fd9b298932b5aedb6f5cf5fcd6ae3820592e965824c3a37ea055191f428a696d6f9a99e2ff249bd732bce8a69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
01a254087811e0baa2626ed127459230

SHA1
c33e6a7307534bb651d985411fa609117c7c1a98

SHA256
6caf04db0a23e24c312838f3b20aa7a90b2b4fdfdef14567be93b9aefd7accfe

SHA512
5635faa727ac572911ae98bb1d126b3ec262110e3d255e31e1e79fb2b2bed87cf2dfca5ed0a50988c735db48aab9a2b67cab632aed02af9568318536b7b8a8d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c97eda18f3f971ba2063e4b7699e53ab

SHA1
c77360af2afe0f3e13ccef4329e820f53cca2eaf

SHA256
8940dc244158fdc1b6697c971ea616590a1b292023020236d95ac0dfc04bc6f7

SHA512
d901878d54fcdc28aa3071cc7f139143c393b3ce1c7f917431612f719ae91589b60af913c84172417aff299b4ef84c0539ca8e5247331880c7c93c192068109b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
c715778b908c9552f952718e823aed63

SHA1
fa2976476828b4c7f04e41d0fa769bbd5b985fe6

SHA256
50b1d272020f5119a3ad8c343a445bda7e4667f4601a8705abe828f5e0b6ff81

SHA512
b9a85fc89d7cf82601ded16ab8edad3d0244774b2b3052defb47958a4fa53f3f05e6042dff551130c98e3746f8cc624d2dc75b57df0ae24c78b053289e7d140c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
3c632dbbfc6b9e471ed98759900726af

SHA1
bb18cafb7c4c3a3bc341966a35761144bfe54419

SHA256
ab5242f2bcace255d8c3760a50c0b9c1e22ee417ebf29bf8835b3a874cc48fc2

SHA512
e90faf60ae92879bd72091ed95071ba7060084ebab6564cd039e366945574a8bec71a6ce5ab935b7e893bd4afb344cea92253e439a05d5c268c44aaf33826669

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
873e8447f103c8ab59a4048737848087

SHA1
f6e1156cfb64b53dcb69c055bdf7a6126462ea61

SHA256
38e513350a9374616eed839eeeaa7a48694555a2a7a9ab656e91a3a9f8d08c82

SHA512
e85585457c501f5ae64e692b86c4325ecb21caf5f3e9cfc17fc14bb2efdaf31c331eaab0390baa2e416f83759b262b54632eac3e412588a23e0619ab3270f6e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
953B

MD5
719db8c9a180649d2e0a1d14f9b96a1d

SHA1
3df1ea4d1fe70187c609d1f291e551296dfa9e93

SHA256
7245d017397f17830b14cfa63e2cca5e0d96fd91892fa1a32431b404363b8d7c

SHA512
2bd5233e2b473ac95f69107db227eca00302048f1b1915fb7614283f0421f2749b1c1e1c383b781948d8f935e7b45feb41768bbe66b21a9e0b0469fa1d98564d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
180B

MD5
00a455d9d155394bfb4b52258c97c5e5

SHA1
2761d0c955353e1982a588a3df78f2744cfaa9df

SHA256
45a13c77403533b12fbeeeb580e1c32400ca17a32e15caa8c8e6a180ece27fed

SHA512
9553f8553332afbb1b4d5229bbf58aed7a51571ab45cbf01852b36c437811befcbc86f80ec422f222963fa7dabb04b0c9ae72e9d4ff2eeb1e58cde894fbe234f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
677505fdd06e29806877a3d9c5bdc822

SHA1
777848f89c453448f1df0de019440b119730b27b

SHA256
aea2d81432b601aa7a0f6bb63a67129433c6a5234905b65996578235c43c5e18

SHA512
8971dc731c41f962e9bdbe5a41dab9feb7b37957542b37a82b2fe26314c1a1169e4da9bf5ada86af508f5ffab1d83e4c6b5c1f2540dee380bc9692baaecf514f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2ae49687a0d19ef7fb2b83cc94b40011

SHA1
245872b698b7b0611bb33438938f994754ac7f66

SHA256
7d1d6fc7588e1db1e7174fe2b3e6d8aae0b9159c60df3a04aa2de4d38b9346f5

SHA512
5f0ec959105f09d11b5b8743ef2a0e350bcdaf8a40e9b8dc2211d0a79156bb569a167a4baa6e880999ca4f42dbf60c1659a12d2bba1d2c8ea7d2043a42099ea1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2f325fb5e14279b035e45c76cfa2b0f5

SHA1
0801692163de07c8077ae8387ae71ee0fd5ae94e

SHA256
4f3fb963effd5f9655d68859caec3632a472a06f411237d8379297047c249c58

SHA512
7b71046bf432c51c6759d99005e3ba95d287c016b8d541422cb939904d3991050ccb3e61c771b325c8b29f7969e2fec7b0abd68c46d1025fab3a37a87cbbcb1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
470c049c467dde9ed65c778a80d1cf78

SHA1
ff396c597ae03b483f438717a6eb38c92dfcc095

SHA256
870ba2419734bdfabd64b6d2f546f2978c40b1688cd7f54f347a630a121b2ba4

SHA512
eb4f728fbe6068f95032e1f6185404f1d055a0688cc33e3645524f48192054498587887aae463e5001b41609039c2570a4c133ceaea48708c8a39469eff3e485

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
514d696d1c7bc5ab8092bf83d43d2303

SHA1
55a4a0863dde524cdc8375dd32f560352e65f2f1

SHA256
0b8568e05b289d7bc20f6c6ef91a3a9fadb6b7501c0a8f70f2e5ad7c02a988bc

SHA512
1a753027248e2b1f9e2d9bc418d3cb521f3664bcebf1c3d7510ed04a41b6c1c7bec230d3efded64dd6b28fe133b0ff29d146279cffe4feafc7a685afcc560dfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e4e57f5e06f0357f76863b2cb757f525

SHA1
bb20ac56acd5a308ca49c3a3a176c55fc232eb92

SHA256
684ee1951f0bcc307fa581812f9967634f3ca9d0176176bd1ecdb0de33397e3d

SHA512
26c1db65f98463fb2a1e608da70fc62f1b262eb71adb41b6c66186ccea309c1f13de87b95defef0766d71b119be6a5365ae2f325cecfaa18d9f32d0655915168

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fabf48e40d41b9f1b00b13ee0ee95c22

SHA1
d944347c6bc24bd6f8ea5906e6be6817c3f00da0

SHA256
2b99081b127f2e323ab59df75d3712c3103607ddf988f778aae126717266983f

SHA512
3785c5b7e6e589ad25ba173df8bd569b0583fe691f6192b8a5256ef72d912889a06d727a52c97c14322a4ef5005ad79810bdb172c260bf8e8d184e98a3b17e58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9cf1be1570afdbc74daf0b5a891f927d

SHA1
b1f751736f8ebaca57b64df17220037d08fc0488

SHA256
9c07cd9fe0aa24b49ae2c291fd3a93322a12861375e77d74d2866ddf19717d10

SHA512
cc13dadd73617f77eb81afd4544ff0d0b0ca2b2de3948d6a74449fd37d840194227b9d75006e13ba6721dbf8714245d92a5e8f6c9560cc771b1639f455ee38b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps

Filesize
33B

MD5
2b432fef211c69c745aca86de4f8e4ab

SHA1
4b92da8d4c0188cf2409500adcd2200444a82fcc

SHA256
42b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de

SHA512
948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
7419641b4941b50a4e65c86955c8bf94

SHA1
f19bee39de731de66f782fb94315e3a95f65c051

SHA256
4d92c21adf809bf9694343c36643a9c0d4e61ef86d9d3456774055ed6c35f8d6

SHA512
728feb85acf9e994ccd14775d1828eb5f7e572461adc775ba58a97acc90061e08121a4bc98ffaba09dd10ad6affe37d38fe5304f68d63dd53d8e64719332eefd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL-journal

Filesize
28KB

MD5
db5f85856ca4e9755208ea8b868a9c2f

SHA1
a04ee452cd75248edcb686c04f3d48e7b0475830

SHA256
8bec2b8fe59087e4075f3200a85c097bef4ef0748e73d8ece08695f8b0379f53

SHA512
5beeaa035c30eaac63216db69f5ba06fc5240e8667312bcd298b0a00f46b90dffb00420cd30079e3b8ed88ea23a9955c1731430589a0b4b1e93a2c079a094862

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
137B

MD5
a62d3a19ae8455b16223d3ead5300936

SHA1
c0c3083c7f5f7a6b41f440244a8226f96b300343

SHA256
c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e

SHA512
f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
99f2a7a6e4e69d654d079b4973745ce0

SHA1
1fe400f19600f26b5d60e5025c8339ee077e39e0

SHA256
979b6c9a86df429c96e9a9b851c36978659605cdb5edd800820e654e9a01ea8c

SHA512
ac7421c9c611feb585d78f64e1c8d634cb67a1e20c587299959739af7a8b960faa8739ee5bb15282bbbf2c35dabd708db6a1fa6784bc67ddb737b52f52678c58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13370911938866066

Filesize
1KB

MD5
45a1723cc2da64882bbc025d6101d9f4

SHA1
f13b56baf5683fa8b30a9a6c8cdcda10d3c7168e

SHA256
d53e8a5add3409809e5fc783554e16c4f98d56ddb521e6e96618eacc337b1ca4

SHA512
9f433ee138a4c22a86017a1bd1f6f8b1a76a4f2b199a5f336d541b5a7b75e872c5cb6c836cb7347c6e37a4bcbc96aae6552bff91805f99cb7fb5102ab3d98bc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13370911939015066

Filesize
1KB

MD5
d0ee714dc6a2c71f38c4f778c375bc0b

SHA1
7b0a7b4dd486f45cdf75e6912e40b2174d2556c2

SHA256
576e12fc6620d9ff2974a484b8f5d6191456bef4d110b36dd3bf58402d1d6184

SHA512
24c90fe910d556e22898e9daa67c630ff78d95382258a7f04478cf4ad481c83f5722d59ef3c589d32d5bab920a2990ab394cd47d8dfcd036407a2766ab4a369b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
c11cc8c728c861ebc3ea21eea6c16e11

SHA1
4f5c9f8951035dfdf9c590331ab9d34334ede52c

SHA256
81864d919e1787a9e51ff9e1c699e403e09ce495341253fcf29c03e35d4ada54

SHA512
e62561ac286e9f8536c12be976d2938b2adb776dd1e8e41f36e5b1ab7ff4838edbb7a1fd419db72e93c3ef7ed7a6e16a94d03ecd784f83fa12a563c421609fcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
90a21b193068f295bf5b010b914d7c29

SHA1
c973ecb31729f80e2a101925e1a02c8b789dbfd8

SHA256
ebad8b97fabcc6394718f46698bb2d33a3f8b283301a8cdda914d10528ef2f92

SHA512
2592732b133b4149160c4fce391b241f329513d54bc708b69dcab0cabc9b52c85a5577e01bb276e8850a15cf67e96139f4be8fae47b60e8c57601212d323a2a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

Filesize
139B

MD5
c91b3dc08d0ec8ea0a059cc839793255

SHA1
f9ee34f5ad6962de2e841d0d2474fc97e6745440

SHA256
f10612c7186500f27ac85b2fb6df76882ebd86c15c373790108453801284da82

SHA512
cafabd2c8b6a9b229e3b2acbfd9bcd2e2ca99ad002533c451ac90a9cab1865db6ea57c4d6d190567ba13db05b6c271ba4281933718e9eb1d67ffddb6495deb2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004

Filesize
50B

MD5
031d6d1e28fe41a9bdcbd8a21da92df1

SHA1
38cee81cb035a60a23d6e045e5d72116f2a58683

SHA256
b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da

SHA512
e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
b11139be1642320bc731b70aba7136cc

SHA1
58dc0dab12b245c49d421ee94f2b89408b20bcae

SHA256
ef909406690419d749139bbbbbdab2cda535dc91ed3eee09bafae3eaa0f8f41f

SHA512
d3f7f0d0987d2237e57b7c87389ce2443ec9cb002cafe07a56c807713cd08e9d18e453d4f4cf5235f676a9f16dc11b3f942e5e7ad825333702664e0e1f2dff03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
31B

MD5
60eb3bf3eab496d9605a08d97aa8dbc2

SHA1
8ba2008648071b65cb9669f6386aecebbb50d27b

SHA256
7828155986ef293584e278446bf5b57fdaf11e57568528b5d8ad06046df89633

SHA512
3254ac42443ef3aa37ce908b1f7a3277a2e871b1c8162e1cc2ef1e67ceedff7a020c5881c149196cbfe5c190384cdecf35928d3ebadaf304818bfa9382b7a7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
441bc4f9a70192ebd95cc3ba5e1da24d

SHA1
420913373a925960a25135c4ccd396054f1a622b

SHA256
3501009fc59d40046753dc685478a0a8e9642438dbda1ba264964a1bce1184de

SHA512
c60a9d3258f6bd1b30ae1295d87684b5532bd1339c63042d671fdf94cf87b857bd2ebdf2d41351d65340c56a82db51e8d47ade28fe02efdb605921c6b7e01fad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
509B

MD5
c04eb187b758fe8d01d1c8cd0488348b

SHA1
8306fff0fb48ab202a24f6fb10afcbdfd260766b

SHA256
50a15408e598a6c6635756be5d31fd0e861bb39507df73957b7028f800580734

SHA512
99d4df1c63c2429bf1624b838e418b0b71931a8a0fd461f28745481133dc7778ec771a50a0b2403a37addb9a7f4650419e4c9c25df836ab4f37b0e87fc379105

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
aac159e15b787a1f864c9696fdefca30

SHA1
7d68f8e55d9301954a0132f2c1ef5cb62ea096d0

SHA256
3fb42b88a10aebc7d53d570fe577d241b8fe1a6aab094f0c15b46060a6eaae96

SHA512
c9cb1fc8be89d803bdaf6183bb46b82aadaf3b4a164f7c6c8ac75bb37db437b774ac7f39183d49da6b4efe22b8ac4a8893895fa6882965010f3f8dc735f71785

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
f1e74019cd9fb062cf85c08b556db609

SHA1
607e08b3dc48ea5014fa3a457eec9beb2d721998

SHA256
0ef9156f690be2f86fce22de0ecbbd806ae9bc7ed1267c3f23f79f5f4650f8ba

SHA512
1a4a4dc92209353db6eb2863d06f860b279f797e9c3f08ce9514fa9f472b4adb05454f9003cd10159cf0b98ce889d11ba61d407366e5551d2424d1581c45a883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
c3fe21616cd2484315a4d0c0d4f6b6b7

SHA1
24cac9ee82af96369a8f4844c09a3115008eaaf0

SHA256
060c25dba92c27b45048b19e769e3b08dd260f96c28a4d9c58af5b220525f0ac

SHA512
8ea065506ca32262851705428ca1bf6736891219b64e3684cf6331b30fde7d52abd055d3d4acac5eab246c13ae65d69a2c0e78ddcbd0cd10501ab2640c1d2ebf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
27238625c5cb99ad81477dce2a0d80a6

SHA1
fadbdcb6f36df45a85698796f9667c8707b64e04

SHA256
5c2a6f671f0fa347ddb0a669fe38b512feac1b09c0aaabe6658e0e2e1ec5e22e

SHA512
ec7f98343109cf82ed0f799dccedffe1e3a69aa0a99c27deecd275fa20e106560f774d11e22b69fe5ba7bcb3ce7cd218d2089975b9fc61c72d33a8ca0b674370

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
22KB

MD5
1ac9e744574f723e217fb139ef1e86a9

SHA1
4194dce485bd10f2a030d2499da5c796dd12630f

SHA256
4564be03e04002c5f6eaeaea0aff16c5d0bbdad45359aef64f4c199cda8b195e

SHA512
b8515fb4b9470a7ce678331bbd59f44da47b627f87ea5a30d92ec1c6d583f1607539cd9318a5bccf0a0c6c2bd2637992e0519bd37acdf876f7a11ed184fb5109

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
17KB

MD5
6bc4851424575eaf03ebe2efee6073ab

SHA1
2d014fe2feb929d03a46322645a94556ca5c9e96

SHA256
abaded8e235fdf329521806af30a1cc7701eaca3fe2efccb9da760ec6d8e5e4e

SHA512
af3b7d93fa2243475d74d4bd7f918ce2706bf6eca28029b9e49869f5f793e483efaafdfab1fed6306d5fc77a5ed3b27097b27448cd04560bed4df6fa3268ccf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003

Filesize
17KB

MD5
fc97b88a7ce0b008366cd0260b0321dc

SHA1
4eae02aecb04fa15f0bb62036151fa016e64f7a9

SHA256
6388415a307a208b0a43b817ccd9e5fcdda9b6939ecd20ef4c0eda1aa3a0e49e

SHA512
889a0db0eb5ad4de4279b620783964bfda8edc6b137059d1ec1da9282716fe930f8c4ebfadea7cd5247a997f8d4d2990f7b972a17106de491365e3c2d2138175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000004

Filesize
16KB

MD5
2ac0e9550a06af37db2959aabfc084e2

SHA1
1949433519c9d587f66d317018a2fb2538973df9

SHA256
f077596d48d72f781d8dec4803c6b360e0a6d193758952e70a8a42f309595d91

SHA512
cc943996eb97d1f64408d9c66290e65d7ca499d318cde1492afe46e461964fba97b3c01bd884e23b63870e3808682f981345de7eced62025ca2be58d5d82a43a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cb1a367a609f3dfac4885d5b97f3b56d

SHA1
04e656a543ca990645c4054ddc651d40a5103c8e

SHA256
8625891eae5a34ceab02365057061d8130dd18c36efdb3081774b6a4f9d7c666

SHA512
325a4b9d57c6f983b12d2cb0f5c2788258847318f8d1eaac07e2bd45270e4202335243ea471be5a96a185ee871a601ae68ab1514f9ef1c158ad96ccf63e9ec19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
796bcc4a30e132be1d8e6bfb44653394

SHA1
48bbc5518c3e6a44f3cc5eb74505250885f201c8

SHA256
648c967ed112ce6a55df3039cd7d2a9867869225f8a1e93c387d0e1b13dbc074

SHA512
f44fd5ea80f0897e180844277d0295f62a1d66a897cbc548df36373aa3fcef22cbb50e7f128cc77f283a1f0992f8a6208f390a3f59e71e384bc10d89dec004d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d27df2557a92d917e7d71ec16c392e7a

SHA1
4c4633afbf9ee26a6db4f5d6bfebb4f2b72b0b18

SHA256
b3528829f2ccf7dc3f90a6fc4d26699ef37f1aad05efdbb28dd9839f037898a6

SHA512
f62f35b1d070c582d65370bb92a224de0d3c2283077b85b7308c255621967df3453554a6736f9d8397d24ac25d69e4dde20057aa15bb0400de6c23614c175d5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9dea34a7d9cd4c0675df0829ddde43cf

SHA1
2fe6a429110db9425c24aca2f74e917ff9eb30c9

SHA256
95c86f637a78d8029815751700bf5fb914c05ebd19b3ab472e34f6eb94a20939

SHA512
cbc08bebe85b92cbbb223a7d194cefbe80164d1c02bf08a411aa235cfddd1f914030dc338c6984f9da8bea1132554396923ed9c6f1c651dff9eb3844478488ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
b112323e9eeba3bf7478ba1d28695ffe

SHA1
6557c4e32c6e338f16744bfed7eb5db166d1bc8e

SHA256
4d28e4a5d91a082dfb12b1f2c09d629f7c8aef990d343e0862121c1f87654c66

SHA512
af97de6af3aad64a15f020ff6d4bc4b6d6e512b42624b3235ed9a05343af7928a33d49a2945e69e7ec97c5df3a05c2cfa865a327afc3ba57c8f4a30c7732266e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
c7ca31b580fff5a82f608da51a045d8e

SHA1
645889163847222f47bd03f4eba564ae6108335b

SHA256
f4749d67a9efe813c392eb79b732691ad437e5ecc12bf2868eb3a475bcd31c19

SHA512
cfddb3e05a2648937286fb4b62304b790094619f0847f6f368e9a2f425a190730e66965b8bdf2b1d9c422620c64489ad943a60851003fa91dc9861f0959c2c0c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\illkw0pr.default-release\activity-stream.discovery_stream.json

Filesize
34KB

MD5
b979aba97f6f6266184a06b32e9fd94b

SHA1
e51f1c0a03a0ca6b251363713ba15b2ac6c3b88b

SHA256
a42ec99f28945fe4696df9a888161e289ac4659c3515008c442f7f220a742ef3

SHA512
43d960ac0645a54c4d917a4fd440b20f3dd8adfa3f50fe635d02056abff21683aa39ded7670495d6ad3acc52dafd08ddae20be5afad9a09ad2d6fc0b833de603

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\illkw0pr.default-release\cache2\entries\10A0222AFA26BA84074326BA5AAF691B1EB56EDC

Filesize
32KB

MD5
55aab515d3d0869f7daed7c4c8aae2c8

SHA1
92f8835ab503b514c8e5a9e0311ad1ca92d24e0f

SHA256
ba8915c970e5f5ee4ef01c8a61757bc8291e0511e9474811d355ed6cbb880fb0

SHA512
4c314aa1187e4a365985ee60b8fa819920972905ba7182a34f62f767eadf4cec2811cf3de78de9cadc43231ad59691aefa559d5b2678c359fa5bedb22c1c95a3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\illkw0pr.default-release\startupCache\webext.sc.lz4

Filesize
107KB

MD5
86b7858159fa5ddf118ca0c13fe01a89

SHA1
15f968a4b016626092b2dc28618945511feb03a6

SHA256
8fc0bbf68cafc27d784e540d0bd0047291defa2686611d6bebdfcd67dcf704e3

SHA512
f8325354b5c02fb2373ef9681cf592c98263c6b96ef341946c737727e038534fa01f88bcd179c84c9a31e6654e86a0716f15747c3b4609336d2a0db133d9705d

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\AlternateServices.bin

Filesize
11KB

MD5
7e292af09989a7c9701b9bc45caadc49

SHA1
3067906259e7d8d431f97090f44d736e32360576

SHA256
73ce307f1687d378e24bb240b97d648f5ae6e28f9aa1fbee5d8430c212ccc972

SHA512
490eeba36a3b041d78d6d54d76dcb99c7dd7d964edf72784c59fc7cc8567600234f3057cdab9d06cc836bd887fe2e5914d0ebf9f8d1215ba9683a7c633059797

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\AlternateServices.bin

Filesize
8KB

MD5
36dae44c36329a3fd70068349a2c1f31

SHA1
678da7a889a05204f080564666a81fdfc8e429eb

SHA256
a0bed797359c483c04ead72d226ae518a40487430d0ca621a44bc07d78056968

SHA512
cf58730e7973710d7f97f081aa58d401d69667478cca8c4de6682ab3ad822fc7442d86c1346e2b6b5243e9de74c51505c1abd7546a742a1b07fefab712f6a59b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
d2c86d529cb9ddf5c038912c0c0bf20f

SHA1
2f5454dfdbb7c822582b65194034b9496d0709dc

SHA256
3743573ce387663a80df13a216fabf80bbabaae177982e77347351cad2fb5669

SHA512
75f6096b53f02b7455337916e49e61350dea3390ed7021f305975598d3973d6419aedc3de9e652af0f13062f1db383ca710da21569d70416d5fed3d7ffbfbce7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
bc6e29ef5e7ceeadc64d1403519277eb

SHA1
4fe70c9e353c51ea865ae7dbe8c04008040c54f2

SHA256
442112b0d3f5fe37e967b00c7ad95937a14caf2116f8692470d79a0927763ca0

SHA512
f9d21c360f5c2fc5fb8bb03ee53fdf9c4c706b21836b875258c193ea36b5112eae67e35dc07a9b2150c49ad1edccd317670f5bc900793689305a721eb8e6d66d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
7a87f0ca2db21afaacae0ee7d5232176

SHA1
8209bb4146126ca876a08992dd4b2bf5713265b5

SHA256
eb3a99e54020a435ff8ab17fc72c21ef26725c08b904399f0cdf77c90b784a2d

SHA512
3f4a0265423026035bea0d92955b7542b4a980ceead9d94708341885f0885ca6ab93d6933eb69ae80bc5d2418e068daa41ce04892cea26baba07b5631eaac719

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\db\data.safe.tmp

Filesize
17KB

MD5
62e91689f898d6e8732564a60acbc18e

SHA1
229303e12f5523de0eb3f15daf237af9251d7d21

SHA256
1ec3b81391a97b6febfab3c6089a52541b636c1688751958b391be76dffa3a79

SHA512
6517f99543565873463f88d2ff72e638089c5da09ff26b77febd9b88536114807518e0510c343128ec3373347661d5d7b44fa46b4cda65a8baae7a93f83b7d10

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\db\data.safe.tmp

Filesize
17KB

MD5
2d3cb73de666fafa408aa2df5dc6b46a

SHA1
31fc22b2ea8bd6829a796e19478649699d7dbde9

SHA256
905bec7ec1628fca4aeab2ad958a20f81423defbcc532058f34b4b6aba4f82ab

SHA512
317cbd4ea2f7ac9fce93c01dcc44bed45e44f0491ac97660726825f212106fd8a2a63be000b9f597c92c6c0a94a6b580c9c75359313b4cf3d78b922ccf11a2c3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\pending_pings\17a0644b-c94f-4b8f-abc3-de5990830253

Filesize
982B

MD5
e16c5c879a951ffda6cf89d2b3876e97

SHA1
42395b8627ae985701c2c06f4ef2c3addd418e8d

SHA256
c51c7a0100f1fd0702df30f10581d13091a3aa3fe36cceba893bd37c38073f66

SHA512
9bffdbc88961a5f6903bd2ac6280d307e7793353c115f010c819751d9b0be05151f1daaa1ab8de72539202b4e82397b04b301338bde2fccb0fab8b8ba184203b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\pending_pings\48fefc2b-2b14-460c-a671-2430ee4bf058

Filesize
659B

MD5
ef3f87c8ff198e78a75b7252a44b3bcb

SHA1
918649f492abe3b43a91ee55620a784036f9af51

SHA256
3f3a616e0b6e72127a845fade5c55da0239640d4447b8737c0eeddd65e31e9cb

SHA512
b0c2c8ab75474ab030f792d125d8cacecfe1fab56592d39e57bd29eccf3adc39a12463c579084daeb56875371801f25f25ffd2abaf95e0296ff7cea817f752b7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\pending_pings\672ee36a-c3dc-4afa-be1d-eaf7289dfadd

Filesize
25KB

MD5
2fbe80b3e50132aac70dce068d2c14c6

SHA1
a6a69bdc620a16fd314487d9e957d69c44c62952

SHA256
4b61b4260a025135640f7eb042c3b151827a282a3b2966ad7ab3781c8e36b736

SHA512
af37cb0830db2f2916fe74079c03311642125a2b123081e9a9e5532a33d2cabf77ae9591f6bdf3295347030f10aa791356dac128144448932398adf0752567b7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\pending_pings\b2cc73b0-33db-4369-907e-529cc6956583

Filesize
1KB

MD5
a39824833e5f88c6de659c305a991504

SHA1
3fa7ca6f1923d36c4c29492bd52aa7c6df049787

SHA256
f9e3a7270da62214304879fcb5ac8fb3b86f31ee5ad4f53ce938945c5aadf601

SHA512
75b442c89ebd5a808f4cfa52be8a3c16dca86838328ed639dfa1bd2645fb793c4e6b8ebdf4c578d43458b5215519a5b6fa192828186f2c6633ebb626adeceb77

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\pending_pings\b765d011-4414-4e0b-b551-c7ac756c88fb

Filesize
748B

MD5
72267a030132165d096ff7e7f4903872

SHA1
8207e2e0ce1c9a81061398c473e23355dc88f4e0

SHA256
5ca649d7d42527acd2001c178518b64fb24523dca561e0e210a5e9dcbc96a484

SHA512
fca2cb6bb77f0d9e4149376bce2411afa3e4862de7d4eccef4973a30e35c15038547322907441f94b0bcd1761520e72eb0d6eed17d17e52744b881e630fc75bc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\prefs-1.js

Filesize
12KB

MD5
6a284408771f9894b0bba469842da24e

SHA1
47056575d1577d6cabdbb290343d47d3674856ec

SHA256
ac09d96af2799e718edb36502a502ee08bf9f193a80ae22090d744c80eb97d56

SHA512
90c25e8bd7cd98839c9703f5bdfdc447c2ce62854cd2bd95e14848ac2d65ef73d8c24be6fe5e1af94d67b2715534fe5fc6b277155c978ad706784dca7526b275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\prefs-1.js

Filesize
12KB

MD5
90e1fbc1a1d0cd6be0553f654172f61f

SHA1
0ed388546bc33c6815060c67695cf0f42942fa68

SHA256
35c8c0d635812e69a52fc05b134771468580ded94a311a79583b7eb765b5f1ae

SHA512
4e69a2d99a4282cd3f785be663a992953ae6da614ceeb06e8b44d8656e4e589f45f0b71cc9e3b5211472466876651a2cbbeeb7098a9253ce534f28cd67fb6c2a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\prefs.js

Filesize
12KB

MD5
11c4f626ab14cc01103b60d5053eb1cb

SHA1
96773c65623d735257d5e3ffff1444b41403a2da

SHA256
f2133fd5df6a96030e1604bc7dd7c235e43871dc0afbbb71af2ef00a7979f4c7

SHA512
1f391785ad07b051755c9e91f48186842ca5a9f1f7359c526511215fcdb112e295de0f39484893686efa1a64233b58aecd0b83ef0e4b8796fd8bafb6037c9524

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\sessionCheckpoints.json.tmp

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\sessionCheckpoints.json.tmp

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
\??\pipe\LOCAL\crashpad_920_CMPLZRIYTMLYZQVL

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1224-1576-0x0000000000400000-0x00000000007D1000-memory.dmp

Filesize
3.8MB

Download
memory/1224-0-0x0000000000980000-0x0000000000984000-memory.dmp

Filesize
16KB

Download
memory/1224-1255-0x0000000000400000-0x00000000007D1000-memory.dmp

Filesize
3.8MB

Download
memory/1224-1124-0x0000000000400000-0x00000000007D1000-memory.dmp

Filesize
3.8MB

Download
memory/1224-1122-0x0000000000400000-0x00000000007D1000-memory.dmp

Filesize
3.8MB

Download
memory/1224-559-0x0000000000400000-0x00000000007D1000-memory.dmp

Filesize
3.8MB

Download
memory/1224-281-0x0000000000400000-0x00000000007D1000-memory.dmp

Filesize
3.8MB

Download
memory/1224-1244-0x0000000000400000-0x00000000007D1000-memory.dmp

Filesize
3.8MB

Download
memory/1224-434-0x0000000000400000-0x00000000007D1000-memory.dmp

Filesize
3.8MB

Download
memory/1224-32-0x0000000000980000-0x0000000000984000-memory.dmp

Filesize
16KB

Download
memory/5448-1159-0x0000020A61E70000-0x0000020A61E71000-memory.dmp

Filesize
4KB

Download
memory/5448-1141-0x0000020A59B40000-0x0000020A59B50000-memory.dmp

Filesize
64KB

Download
memory/5448-1125-0x0000020A59A40000-0x0000020A59A50000-memory.dmp

Filesize
64KB

Download
memory/5448-1157-0x0000020A61E40000-0x0000020A61E41000-memory.dmp

Filesize
4KB

Download
memory/5448-1160-0x0000020A61E70000-0x0000020A61E71000-memory.dmp

Filesize
4KB

Download
memory/5448-1161-0x0000020A61F80000-0x0000020A61F81000-memory.dmp

Filesize
4KB

Download
memory/5620-413-0x0000012AACA00000-0x0000012AACA01000-memory.dmp

Filesize
4KB

Download
memory/5620-408-0x0000012AACA00000-0x0000012AACA01000-memory.dmp

Filesize
4KB

Download
memory/5620-411-0x0000012AACA00000-0x0000012AACA01000-memory.dmp

Filesize
4KB

Download
memory/5620-407-0x0000012AACA00000-0x0000012AACA01000-memory.dmp

Filesize
4KB

Download
memory/5620-409-0x0000012AACA00000-0x0000012AACA01000-memory.dmp

Filesize
4KB

Download
memory/5620-401-0x0000012AACA00000-0x0000012AACA01000-memory.dmp

Filesize
4KB

Download
memory/5620-402-0x0000012AACA00000-0x0000012AACA01000-memory.dmp

Filesize
4KB

Download
memory/5620-412-0x0000012AACA00000-0x0000012AACA01000-memory.dmp

Filesize
4KB

Download
memory/5620-403-0x0000012AACA00000-0x0000012AACA01000-memory.dmp

Filesize
4KB

Download
memory/5620-410-0x0000012AACA00000-0x0000012AACA01000-memory.dmp

Filesize
4KB

Download