2dbd1033a26118d27915184864ad2a0add89d5ee3153eca157fadaa62ad19af5

Analysis

max time kernel
1046s
max time network
440s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
25-11-2024 16:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

text.txt
Size

168B
MD5

10a317ca10f0fd2af4bf2043ff8dd8fd
SHA1

c02bdb3aba83817ea599a004fcfbf09c419c326b
SHA256

2dbd1033a26118d27915184864ad2a0add89d5ee3153eca157fadaa62ad19af5
SHA512

192f635707607a716f2d12f191cbb12a42f65d1aa5446ea7a6fc6adfe8b1c88d3210488ceec2528d6e276593ed9603fac14939bb431b689702dd4f1829de44e0

Score

8^/10

microsoft discovery persistence phishing privilege_escalation ransomware

Malware Config

Signatures

Boot or Logon Autostart Execution: Active Setup 2 TTPs 2 IoCs

Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

persistence

Active Setup

T1547.014

Modify Registry

T1112

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}	setup.exe
Key deleted	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}	setup.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015
Detected potential entity reuse from brand MICROSOFT.
phishing microsoft

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Roaming\\Mozilla\\Firefox\\Desktop Background.bmp"	firefox.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\727154bd-228c-4757-a549-ea96eacc9928.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241125162148.pma	setup.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 8 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies registry class 28 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	explorer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{463ABECF-410D-407F-8AF5-0DF35A005CC8}	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\ChromeHTML\DefaultIcon	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\ChromeHTML\shell\open	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	explorer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\1.0\0	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\LocalServer32	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{708860E0-F641-4611-8895-7D867DD3675B}	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\TypeLib	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\1.0\0\win64	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\ProxyStubClsid32	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\1.0	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\ChromeHTML	setup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	explorer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{463ABECF-410D-407F-8AF5-0DF35A005CC8}	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\1.0\0\win32	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\ChromeHTML\Application	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\TypeLib	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{463ABECF-410D-407F-8AF5-0DF35A005CC8}	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\ChromeHTML\shell\open\command	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{708860E0-F641-4611-8895-7D867DD3675B}	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	explorer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\ChromeHTML\shell	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-584106483-899802418-1877852863-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\ProxyStubClsid32	setup.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
5036	NOTEPAD.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
328	explorer.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
1104	msedge.exe
1104	msedge.exe
1664	msedge.exe
1664	msedge.exe
4328	identity_helper.exe
4328	identity_helper.exe
1020	setup.exe
1020	setup.exe
1020	setup.exe
1020	setup.exe
5812	msedge.exe
5812	msedge.exe
2552	msedge.exe
2552	msedge.exe
220	identity_helper.exe
220	identity_helper.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
328	explorer.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe

Suspicious use of AdjustPrivilegeToken 12 IoCs

description	pid	Process
Token: SeDebugPrivilege	2912	firefox.exe
Token: SeDebugPrivilege	2912	firefox.exe
Token: SeDebugPrivilege	2912	firefox.exe
Token: SeDebugPrivilege	2912	firefox.exe
Token: SeShutdownPrivilege	5556	chrome.exe
Token: SeCreatePagefilePrivilege	5556	chrome.exe
Token: SeShutdownPrivilege	5556	chrome.exe
Token: SeCreatePagefilePrivilege	5556	chrome.exe
Token: SeShutdownPrivilege	5556	chrome.exe
Token: SeCreatePagefilePrivilege	5556	chrome.exe
Token: SeBackupPrivilege	1020	setup.exe
Token: SeRestorePrivilege	1020	setup.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe

Suspicious use of SetWindowsHookEx 16 IoCs

pid	Process
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
2912	firefox.exe
1020	setup.exe
4236	setup.exe
5556	chrome.exe
3032	chrome.exe
5612	chrome.exe
1544	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1664 wrote to memory of 2904	1664	msedge.exe	95
PID 1664 wrote to memory of 2904	1664	msedge.exe	95
PID 1664 wrote to memory of 1688	1664	msedge.exe	96
PID 1664 wrote to memory of 1688	1664	msedge.exe	96
PID 1664 wrote to memory of 1688	1664	msedge.exe	96
PID 1664 wrote to memory of 1688	1664	msedge.exe	96
PID 1664 wrote to memory of 1688	1664	msedge.exe	96
PID 1664 wrote to memory of 1688	1664	msedge.exe	96
PID 1664 wrote to memory of 1688	1664	msedge.exe	96
PID 1664 wrote to memory of 1688	1664	msedge.exe	96
PID 1664 wrote to memory of 1688	1664	msedge.exe	96
PID 1664 wrote to memory of 1688	1664	msedge.exe	96
PID 1664 wrote to memory of 1688	1664	msedge.exe	96
PID 1664 wrote to memory of 1688	1664	msedge.exe	96
PID 1664 wrote to memory of 1688	1664	msedge.exe	96
PID 1664 wrote to memory of 1688	1664	msedge.exe	96
PID 1664 wrote to memory of 1688	1664	msedge.exe	96
PID 1664 wrote to memory of 1688	1664	msedge.exe	96
PID 1664 wrote to memory of 1688	1664	msedge.exe	96
PID 1664 wrote to memory of 1688	1664	msedge.exe	96
PID 1664 wrote to memory of 1688	1664	msedge.exe	96
PID 1664 wrote to memory of 1688	1664	msedge.exe	96
PID 1664 wrote to memory of 1688	1664	msedge.exe	96
PID 1664 wrote to memory of 1688	1664	msedge.exe	96
PID 1664 wrote to memory of 1688	1664	msedge.exe	96
PID 1664 wrote to memory of 1688	1664	msedge.exe	96
PID 1664 wrote to memory of 1688	1664	msedge.exe	96
PID 1664 wrote to memory of 1688	1664	msedge.exe	96
PID 1664 wrote to memory of 1688	1664	msedge.exe	96
PID 1664 wrote to memory of 1688	1664	msedge.exe	96
PID 1664 wrote to memory of 1688	1664	msedge.exe	96
PID 1664 wrote to memory of 1688	1664	msedge.exe	96
PID 1664 wrote to memory of 1688	1664	msedge.exe	96
PID 1664 wrote to memory of 1688	1664	msedge.exe	96
PID 1664 wrote to memory of 1688	1664	msedge.exe	96
PID 1664 wrote to memory of 1688	1664	msedge.exe	96
PID 1664 wrote to memory of 1688	1664	msedge.exe	96
PID 1664 wrote to memory of 1688	1664	msedge.exe	96
PID 1664 wrote to memory of 1688	1664	msedge.exe	96
PID 1664 wrote to memory of 1688	1664	msedge.exe	96
PID 1664 wrote to memory of 1688	1664	msedge.exe	96
PID 1664 wrote to memory of 1688	1664	msedge.exe	96
PID 1664 wrote to memory of 1104	1664	msedge.exe	97
PID 1664 wrote to memory of 1104	1664	msedge.exe	97
PID 1664 wrote to memory of 2408	1664	msedge.exe	98
PID 1664 wrote to memory of 2408	1664	msedge.exe	98
PID 1664 wrote to memory of 2408	1664	msedge.exe	98
PID 1664 wrote to memory of 2408	1664	msedge.exe	98
PID 1664 wrote to memory of 2408	1664	msedge.exe	98
PID 1664 wrote to memory of 2408	1664	msedge.exe	98
PID 1664 wrote to memory of 2408	1664	msedge.exe	98
PID 1664 wrote to memory of 2408	1664	msedge.exe	98
PID 1664 wrote to memory of 2408	1664	msedge.exe	98
PID 1664 wrote to memory of 2408	1664	msedge.exe	98
PID 1664 wrote to memory of 2408	1664	msedge.exe	98
PID 1664 wrote to memory of 2408	1664	msedge.exe	98
PID 1664 wrote to memory of 2408	1664	msedge.exe	98
PID 1664 wrote to memory of 2408	1664	msedge.exe	98
PID 1664 wrote to memory of 2408	1664	msedge.exe	98
PID 1664 wrote to memory of 2408	1664	msedge.exe	98
PID 1664 wrote to memory of 2408	1664	msedge.exe	98
PID 1664 wrote to memory of 2408	1664	msedge.exe	98
PID 1664 wrote to memory of 2408	1664	msedge.exe	98
PID 1664 wrote to memory of 2408	1664	msedge.exe	98

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\text.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:5036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ff825d746f8,0x7ff825d74708,0x7ff825d74718
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,18369612509390197964,16306167801627062981,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,18369612509390197964,16306167801627062981,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,18369612509390197964,16306167801627062981,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18369612509390197964,16306167801627062981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18369612509390197964,16306167801627062981,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18369612509390197964,16306167801627062981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2260 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18369612509390197964,16306167801627062981,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,18369612509390197964,16306167801627062981,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5896 /prefetch:8
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:1752
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x264,0x268,0x26c,0x240,0x270,0x7ff6a8165460,0x7ff6a8165470,0x7ff6a8165480
    3⤵
    PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,18369612509390197964,16306167801627062981,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5896 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18369612509390197964,16306167801627062981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:5444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18369612509390197964,16306167801627062981,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:5452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18369612509390197964,16306167801627062981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:5620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18369612509390197964,16306167801627062981,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
  2⤵
  PID:5420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18369612509390197964,16306167801627062981,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2008 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18369612509390197964,16306167801627062981,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
  2⤵
  PID:5540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18369612509390197964,16306167801627062981,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1
  2⤵
  PID:5268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,18369612509390197964,16306167801627062981,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4976 /prefetch:8
  2⤵
  PID:5984

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4700

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3476

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1936
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Sets desktop wallpaper using registry
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2912
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2004 -parentBuildID 20240401114208 -prefsHandle 1920 -prefMapHandle 1912 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f634dc68-063d-4ed2-b40d-589f1ca84b31} 2912 "\\.\pipe\gecko-crash-server-pipe.2912" gpu
    3⤵
    PID:5096
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2412 -parentBuildID 20240401114208 -prefsHandle 2404 -prefMapHandle 2400 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8d95256-392d-4e6d-9328-91ec65a24d6d} 2912 "\\.\pipe\gecko-crash-server-pipe.2912" socket
    3⤵
    - Checks processor information in registry
    PID:2464
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3048 -childID 1 -isForBrowser -prefsHandle 3064 -prefMapHandle 2976 -prefsLen 23858 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fcaef28d-4fda-42a9-bf71-aee27ecc0adc} 2912 "\\.\pipe\gecko-crash-server-pipe.2912" tab
    3⤵
    PID:5528
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4264 -childID 2 -isForBrowser -prefsHandle 1292 -prefMapHandle 1232 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {909dfcee-3a7b-450e-bc4b-ca07c1f54a87} 2912 "\\.\pipe\gecko-crash-server-pipe.2912" tab
    3⤵
    PID:5428
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5024 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4852 -prefMapHandle 4820 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {701257ba-9054-4287-9038-5e7a38327869} 2912 "\\.\pipe\gecko-crash-server-pipe.2912" utility
    3⤵
    - Checks processor information in registry
    PID:1936
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5332 -childID 3 -isForBrowser -prefsHandle 5328 -prefMapHandle 5236 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {71023f50-9427-4872-92a0-78e5f70b3664} 2912 "\\.\pipe\gecko-crash-server-pipe.2912" tab
    3⤵
    PID:5928
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5364 -childID 4 -isForBrowser -prefsHandle 5512 -prefMapHandle 5516 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a925d33-6618-4c74-abaf-e0a5fb1342cc} 2912 "\\.\pipe\gecko-crash-server-pipe.2912" tab
    3⤵
    PID:2152
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5768 -childID 5 -isForBrowser -prefsHandle 5688 -prefMapHandle 5692 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2749a48-f04d-4e22-bd5c-50eee561445c} 2912 "\\.\pipe\gecko-crash-server-pipe.2912" tab
    3⤵
    PID:5924
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6092 -childID 6 -isForBrowser -prefsHandle 6084 -prefMapHandle 5928 -prefsLen 27180 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {48eb8add-2a11-45c2-bef7-704340abf24d} 2912 "\\.\pipe\gecko-crash-server-pipe.2912" tab
    3⤵
    PID:2424

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:5448

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:328

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{FCC74B77-EC3E-4DD8-A80B-008A702075A9}
1⤵
- System Location Discovery: System Language Discovery
PID:2012
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --uninstall --system-level
  2⤵
  - Boot or Logon Autostart Execution: Active Setup
  - Drops file in Windows directory
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:1020
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x298,0x29c,0x2a0,0x274,0x2a4,0x7ff667f64698,0x7ff667f646a4,0x7ff667f646b0
    3⤵
    - Drops file in Windows directory
    - Suspicious use of SetWindowsHookEx
    PID:4236
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --uninstall
    3⤵
    - Enumerates system info in registry
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:5556
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff835f1cc40,0x7ff835f1cc4c,0x7ff835f1cc58
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:3032
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2052,i,13393902515510711157,9036098328780473562,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2044 /prefetch:2
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:1544
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1564,i,13393902515510711157,9036098328780473562,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2088 /prefetch:3
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:5612
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://support.google.com/chrome?p=chrome_uninstall_survey&crversion=123.0.6312.123&os=10.0.19044
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    PID:2552
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x150,0x154,0x158,0x120,0x15c,0x7ff825d746f8,0x7ff825d74708,0x7ff825d74718
      4⤵
      PID:5200
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2312,2841920715972309363,1475065126582295055,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2320 /prefetch:2
      4⤵
      PID:2484
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2312,2841920715972309363,1475065126582295055,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5812
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2312,2841920715972309363,1475065126582295055,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
      4⤵
      PID:5340
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2312,2841920715972309363,1475065126582295055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
      4⤵
      PID:3648
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2312,2841920715972309363,1475065126582295055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
      4⤵
      PID:1852
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2312,2841920715972309363,1475065126582295055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
      4⤵
      PID:5808
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2312,2841920715972309363,1475065126582295055,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5388 /prefetch:8
      4⤵
      PID:228
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2312,2841920715972309363,1475065126582295055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
      4⤵
      PID:1780
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2312,2841920715972309363,1475065126582295055,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6300 /prefetch:8
      4⤵
      PID:5484
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2312,2841920715972309363,1475065126582295055,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6300 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:220
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2312,2841920715972309363,1475065126582295055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
      4⤵
      PID:5040
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=2312,2841920715972309363,1475065126582295055,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=4116 /prefetch:8
      4⤵
      PID:3540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6032

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6116

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
218bb8c03da97b20bec6a9bae79eafae

SHA1
36e0f3756d12cfdeca1a34c8335251a34af3a14c

SHA256
176cd7d502dcc451a11e565918bf06af55e8f84314107d68136c7596f519e2ce

SHA512
3a4611d9f6adcdcb9fe83c25eeb0a75b55fb738b35f6312e4f9b1639ad8e31e844a3a4cd28d236f79ff43cf8fd207290b54b81b9ea07a70b52deffba5e2d1a3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
30d75a68c77ef91e6eca2642f8e95db8

SHA1
61e6476e4c2c911f7c6b5f214eb2342cb93f7af4

SHA256
f60e7280aa44fe053615fe750b2f5fdd672cf84d79e681e6636a01e9df7df731

SHA512
54dcccc0ad34fe242f64b09745ed5b1113dfb59120237fad1bde2fd581b87baf8075c45a0ccf09ec655cdd64eb168abd6ae760b891d9aa379a384edfc913ca15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
bb7f0f0da95145d09d26da70e48e2748

SHA1
938badb9f0ea972a8508ac43a0c35ffde5b47559

SHA256
504a8387837f9d29f816c01d79d708624eda611d429b69d62f2f27f42b73fa4d

SHA512
3b0e1ce9be2ced7297950b4d0658986f08932dda0744c74bf098a7ffb8b82eab4feca818bffdb2571cc3e844ed3bf0a6ffa0973bb533348defd84d4ca71c1107

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
b89065c8ec05900bdecad8d4d65deceb

SHA1
009dffaa38354f5c92d41ca114248ae63de4a5f1

SHA256
48de818f18cae72261da162461ea8ef5a5ea11dd2e43918e067174202cd3318b

SHA512
bd3c66080b704bf4ddb155bb1655331497aadb7328ed17d5e31271ed73cd522c0829728dd1f204a30eae22af7cf70faa5f9c61d3e95691bf58921f1ba2c67862

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
120KB

MD5
fec81475e195db0e66e918a9602845f0

SHA1
f4d808e76499083d18a71684cd0edb6658a5fd9b

SHA256
d029d912ad661943d300a8b2319d956a02e14ab192c395c37b944f2c1e63658a

SHA512
9432601e77b187551722b5718e159f3a0546852095ba819f5520e3a78456195a0ed011664bc717a4c0d23b0f995b907de0eb432e11b9e7469be9806ebced09d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
120KB

MD5
667861a4e6e2dbce29594a82b88816fa

SHA1
bdc359c4e7468217df4b7090d0e4bafec4a5d3d5

SHA256
65cb769b01d8b0dccd46cf4963eb1474763bb1c5549b991e4a56f2c314038a77

SHA512
45b136ac1ead31342ac6f0258344ef6e6cc13fb6c00c381b65ed0a66c7774a90f19ef5c376a3e0cd45b48f3abb9539dbc0deb5dbeed00c36b330d438cdd5103e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
438dc45957d82045c1d00b0863ab0e72

SHA1
140c7737c4de0c9671fd2e1bf885a32d99db2d80

SHA256
f0c337d36885498f884bda2d1159070187018514f405b3847ddf638e94315342

SHA512
9cc87bcc8e015ad25a907537fadc3fe86f499282df2f5a432f922dcd9657fbfe9789856382d7fd4286dfa474c08c6c3b28379dc10db28bdae8453bc7da29c72c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
587f909ec304ab56cfc213590fc930e9

SHA1
c6044621cc1adab40ac636608775b49781d17f4f

SHA256
13349a4fb1271e694260142a94c1265192c7c3d5fd6dfacb14b7718d6f0a6304

SHA512
3ecfacb2e50ba3c9b87528e7d0ae94313121fd2e36ec1bfbd3398f9fe5dcdeba534c7f1f9a10c41b65037a49c25c1729f548d1724957b9b6c21bbae9131772db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ccff51f965f8f4176e4ad112c34c86a7

SHA1
eab249ca0f58ed7a8afbca30bdae123136463cd8

SHA256
3eb00cf1bd645d308d0385a95a30737679be58dcc5433bc66216aac762d9da33

SHA512
8c68f146152045c2a78c9e52198b8180b261edf61a8c28364728eafb1cba1df0fa29906e5ede69b3c1e0b67cfcbeb7fde65b8d2edbc397c9a4b99ecfe8dea2dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6ee5c60a4efa3771e92699c16a358f6c

SHA1
baeb5c6d36eac493a633b2d1d12dc864a8ad78ca

SHA256
77d3b8f95d4e977b4ab1665d003b8d029f6372a1139ce52c30f17ebdd1db22b8

SHA512
141d96830ff52fa10f53a49c631278338837c37578eeeffdff396571b87ad8ba5d99e678999ab26a54f255c81ded78046129d55326fb338040d0b8e1fcbbbc75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c29339188732b78d10f11d3fb23063cb

SHA1
2db38f26fbc92417888251d9e31be37c9380136f

SHA256
0a61fa9e17b9ae7812cdeda5e890b22b14e53fa14a90db334f721252a9c874c2

SHA512
77f1f5f78e73f4fc01151e7e2a553dc4ed9bf35dd3a9565501f698be373640f153c6d7fc83450b9d2f29aeaa72387dd627d56f287a46635c2da07c60bc3d6e2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
7d030af61f46a251548dbb67b184170c

SHA1
77d049db203f80298b1c18e78e8f160d5c2a96ad

SHA256
3ad7bd3c9c7cb6268e54014c149fed4b74215d6c0bef1d6b45f219af9c46422b

SHA512
c6acebc7c5e801b3af7f796d98451ecc40e0cef1e2ef8c441911ad3046a23578bfb7dbcf9b26db0ec1d1a4fe19e3de5a7613cd4c7b74d75704b3d8efd8c706a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
2bde297594092f89956b420f6955236c

SHA1
c8ac728db90da5e2674e15eb2a00f4d3e54b29ef

SHA256
64314451dfe7b882b573a185aaa35c7ae8cb2d2a7ea015933742a3d776a97676

SHA512
d313e677e085fa6ffceb15b89fb842b752aaa05ff468b1f1297421678f31140645359cb8cdcfc08f3a3c457887ae95f29fbc53ce14b0852750b78f43832a0540

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\index

Filesize
256KB

MD5
0017fccf3d599dbc30f574b8bf1ec448

SHA1
434345fd43a30bb1f2417395c0beffc31d53033e

SHA256
0ae20972ea8e02f13ec7652736c8f8a105639b464f78d74f7bc8698c8ec9c621

SHA512
a6324798ebb6843989e038d516dc7bf42de8a9b2a6ecb2c374d01815201d96389d3b337922bb4c24025ee6df83afeb3f50aa87a2931f5ed3b0c547ef6e40c2b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
8ea2b17121fe4232e60def75535e98c4

SHA1
6368b07edab0b79ffbcf1cd865b708039a6dcf0e

SHA256
a24a75afda6e7296a6785278fd9d35400ab93ee8ecb4e9f6075a0fa211fc4528

SHA512
f5d3ac313ba27f2ddb8ff74012362bab59daa499f919efd8130c8de5a85612017d3f42ee5dcb38c150796a5369adab5cd953f75395820f8c2f71a82cddaa846c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
291B

MD5
7b3b1794e4e9292dbcdb94168909a383

SHA1
b1a8057a0c12019fa7d441d444855c2fc7603195

SHA256
2208aa700dfb8c0fdb65aab717e32bb695973b00d8d189bd327ff4b9e9ce3fb0

SHA512
06f2dd22225c72c8a1f8c2f63c10bd931ab06ee1ba7f585ef831cb728d1252bbba78cad5775f154a8e5782b097e051758a7b93c2566c81767ecc2c1fe2581ca0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
84B

MD5
32b9dc9cc81d0682e78627c873fdd651

SHA1
46c486386d3e153c3e9b11d54cb52cf0064b71cf

SHA256
712196693e3527ac1131831f1a2108b6c0e5c68967b26d51a452611cdfb86e0c

SHA512
f18bc37f8b72411548da247aa1394cc5ac03c3bbd98e82eb8ba290ef239ef5b8625cf4835bd41ce7c52766d0bc3bfe9150dd22dbf62f0f05992ddde5fbfdc811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
966B

MD5
2a2c18eb914b14183c28f488b2fc7455

SHA1
a00c16fb05205e17f58f95ac0da5edae985b33df

SHA256
716f7f20b5dd6116ce078b5708d30e6e8591a8d7847799be1968c7294c989d71

SHA512
fbd27707f09740760c38779a3111eac9dcefd09512a60346e151293f2aa20fd68c2ffa20418c2773901681f832844a69db4de1eb381043dfb9975fb6006fcab0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe598d90.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3448ff2db4ee397acce8d67a97ce860e

SHA1
58ce752e894ad177e3be85ec88e17a907ab120b1

SHA256
0ae472e59fd969f3d6e9fb7181e2a31ea8c71f0870313f11e76257ce1b3b3fea

SHA512
5f39d8df96a6caf83dd2724e99872a4c705d1a4e7f8ceeb5b0991d33c472e3008cc31bb960f45cd4cc4fd5300b43afa7c3e5bd844db6971510a77a8c0f541e85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5a372327539facc0233155aa42f65ac7

SHA1
99c29c19aac3d3b4f5f7f2dade450d69e3a172aa

SHA256
fb45910d9e71d923ece55feb0f6fc9e99fa14f4558a196ccdc8c22dad822acd5

SHA512
2b4cae103afa4c76ea041efd31b4ff8384dcd040f44349bf586a01d6bbe22981a79b77c36f757bd4435a4ca6a1af65dc7d6ec2edd091770b66336ddbfbc488c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1f13d3abc8b9c81ced26a615f58b5ded

SHA1
16958e932103eb756c18547f05e9e998ba787b50

SHA256
7885b4696b39b7a232fb2f279cf0d93b9765e4644b0ec2fc10c67bb811d09ac8

SHA512
7c9b127fb549fee69297a8c101000ad448665a650a39cc9cd73a23e46bf25f30e4bcb5e133b7ddc1de970a2e834653cc2cd50a17d323b1ef3031495b90f79a54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6aef6233852bfee9156b172dc4a7390d

SHA1
3428fdbe0a30a4564ba36c5b23a4d47f648b8844

SHA256
e95c0aa5721b2899a7b91aae746b8cfca6e3a4b295a3d6426d43ac7bc414edf9

SHA512
ced80110a8d3e0b47c24f168ea72ed99a9e297d2d9b2629a5578e6f60d6ba7abfa6106f57681a31028fb35b0bc4dcf44f4d3b111e55d6f824a8f66fae7034e31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4c715ef551962025bf0dadadb46254ee

SHA1
25d7481835ed35cb04e594e8286bf793959acd5e

SHA256
744560ece8d685c8311f6f09bf58542be10dee4c775b6631abc16d802a359218

SHA512
cc1c45f7a6d08e02a659f24de73938817c4d4dd2465724832d9b0987f4ddb71a308dd51ec158f8d915887e1c3c0c21cfa9634df1f346aa73fb966a3644366b85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
a1dd4f25ed7dd32aa0f302d0bdcf3a1c

SHA1
05b8aff0146dbf1caf72f5e0844425ddcaafbe1b

SHA256
b070426884aeee66a92dde2dbb3cdbfb6cb2e4cd7c6bf8a2ac41063215eb36be

SHA512
bc08f4b0fcf05ca26eedcd50b06f6bdec637758633583195f6aab22116c63dc0a9ac35a6d0cfebc55f194eb702c9f126336dfecac146d5167009480cf254ebb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
39319610448325df124944ca01835902

SHA1
1f76b918e40cd2e4041a5d421806f6f285b4d699

SHA256
46903f2586b0ea29e23eb1b31987ae407829284d858b5c0ca5a1f725e6f372ef

SHA512
d0c94434272221263a696e025ba8f8a74e4a634066d725208cabcfcb40287b5061815a86cd35e9920958c21db438ca03f2189b507cfb31070812ac2a0b1a6758

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d095449760e62b8ed14da8a780abe3bc

SHA1
fceee78c10d5571505a8b52bc1a9989e6abedc2e

SHA256
c1ca0ffdce656183006bbcc46e174b090ccdce0a99e4d1dba89d0b78e2cb2fee

SHA512
d2cb2dbf68e0dafb0718a8749cb94b7cf0d6b906e4565b9c09b2cc5103aac3890b8a91a28338f4405f0853cb2d236fe5c7f0cb4e899cb3b759ce2972956cfed8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3f527ef3440a2094feba5d3b9386efc5

SHA1
b9b396f465cc26a746f77c76d4386c2bb381bbf1

SHA256
81a2adb2a73beb0a2b5bf68b4eabfa2bdc7e6a42b8173570df2d05b94794cc0f

SHA512
11d5aadf0b7d192422d2c1cb9be4e0fc8658df43f0d5197d82d1bd55d64b0ebe1ffce87aaa5bd08e32d118766c1c70a0be50d14d274672005f1d200f1ed3bc80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
86aa28ffd286b08415aa197216684874

SHA1
d99924976c73e3220108817ad6bc1d8b1795ca2d

SHA256
a6dc4bc6ade3039e57b538f2620b91602199f1908b23c4a2beb3fd3aa721579d

SHA512
a51fbd1af778d32f2f95a9a863a59f42a7eb804dbb8ce85459297959eea21fbfe9625d74c3f91ad65016031d4b3e26eeb748c1c59e09ac68778fc670d408d0fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
fced4b6b32b92e26a942bb142f0c444f

SHA1
0bc5e12c68bb712dfc8a0f0997471df64c7ddb44

SHA256
237dfe555b61c1c584f011acbd70747a7464fa07b49748a76f1d9d00db5619dc

SHA512
a175c83d950daec2ab018bbd385991ae74bfd88959aaa5be032555cd6ba0495dfd88c1bc7d028cfa1cb073f8499edf03f8deeab8c0c5278c55e5d28318f45e00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
26978f38b0bce48572b90b762b7d937c

SHA1
8b8b88012fab1d37fca79575a5db81674b424867

SHA256
b38f05e2e63a1f87026aed06f5b85354570c6f91d28947466f0555276bab6afa

SHA512
501e0de5f46bfaac901cde5c39a321edc411426fd91c83427f36710fa56d20b5f6ab8f2219d963f7ab495c2df7def879652381db3876b7e2a7080921cce78379

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
48B

MD5
915ef46854d3022f48af7a00fd868c05

SHA1
55a3bea8f25c4cc6800010608ddca48c76e1c0c7

SHA256
56c160544015fe25dc9dca91153abac45e24257d4fda1025dfd74dda40bee7ad

SHA512
6d0f16bfaf72fbd8f4c83ddcb35b4d3fd6f2787e15c320b184dd3b6a0c5fb7c4bb7e5341d40c8275d6246bfa0d9c40672069c028c32dcec0ed37bddb12ad6b71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a3317.TMP

Filesize
48B

MD5
69ddc5f0a3213590d515bf5887765616

SHA1
95c4fe95f90c3cd2d8ae1e7d22f8946a407f4072

SHA256
b38136e86cc83cd065ca718d4f10ccf10ddbb139aa9faaaf47ef39a0a3eaeb11

SHA512
9ba5ba74e26cb2e2463840beb76618bd069103e6f210ef5f1aa1084f5c61a6646c51d308a434da4d0738bb02426e1547d9b59c3468986dafa36f60e113998a77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13377025413160656

Filesize
933B

MD5
135c1b6909bb7843061d464206d2de1a

SHA1
f5863bf70b326f3a2f68b417db89672054a7f341

SHA256
d7ff877dc2fa22c7f1f1ba1d44c9dc7e0cfb82b0f45bbe633971634047a6d81d

SHA512
ccd4a86af8046a347abe0172483371edb119f3916ee53ddbd09d5e076f751c72a0ed78f5a3a0d1ea3dfe89e8b835bb0be029a5654788853d3e3a882511e9ebd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
344B

MD5
e2f10eead152b70a11b793ccd28610dc

SHA1
5f4692bd4d08488d9b9a3feade4323b1dbd54e9f

SHA256
b0f536dc37259ab08039e835942494a173a251a93655fb35b95d94bef2643722

SHA512
ffe3de9e7ba5c8ad2c2ca7383335d66b177433717b4a6fa783bb9f1374853e36ba43f6b2bea4196547304595ed2fba32a0c80698076e9f6295372e6a03198b51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
17ee2dba0434fb23aad37edeebfe7bfe

SHA1
d557f786cd634ccb424e1e9089f8f3527c573bd7

SHA256
c84b7c26f51d20d3ed9465bf23dae78f54be5a1d3abb809df23ea3f7e8b5c20a

SHA512
34613ffd027a00abdc3e108d356a49c1e58bba84b964b3c2016c96b811190594ca03d90644fa9432e9fb6ff94ab2203f9319775fdf5f6293051104c6752d3af0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites

Filesize
20KB

MD5
f44dc73f9788d3313e3e25140002587c

SHA1
5aec4edc356bc673cba64ff31148b934a41d44c4

SHA256
2002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983

SHA512
e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
ebd2ddc77b9d972bfc3493c6f23a0b36

SHA1
0b3b1b48c6cd17aab42a4fad58ee58161acac3f9

SHA256
a0023dfcd13b47ea0eadb1f757301d922f5d51d7bcd07339c28d4bc7b7f3faba

SHA512
8526bad5957c6470d08684a1e3c05ffe97cf6f83d0ab2d0083c3706e8cd80705ce3d3d05f1b170664f6a3bfe965535149d57f953d468cb147f550c492d8bebe0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
1cfddc833a86ea227d6cbfa7d05df736

SHA1
4c4060dee2fae2bca55df72ac9ad46ba94f04b2a

SHA256
8db20544fa1ab3c2ee8f63bc1e566ad0b23ad85f6e920226122baece6be11473

SHA512
3277dace0bd38a94c4a3828cbd7370120ad35ae63bd912fa2b508d2d4ec9b85854b4fafae8cbdb0073d2df55075f68d63ba9789cbdb63f0503a25841616b0ac9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
2246bf3bcca58950976e53a6dcf088f7

SHA1
44f19743a3bb3a2572c62ab302737565943c8e68

SHA256
41884940e94cea493d467043860cda616da61218d696f79c7487eb9344700263

SHA512
b99ea3de930bfedffc2afdd7b8dac11f5d430c5c230dbac8b4e2f892927e882688dab6e1cda6183f7d4e37dd421e046a82d2230937b6b4f0a78bc3c95f27c837

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
08b7a0fffbf94a23daa746b500875dd5

SHA1
01b9b9406f651aba561d9573d49154086190f673

SHA256
0c1363a83ccd6717773763beb83f87169195af94ca88bef384aae8050265a910

SHA512
ee00b791cb4bb6b2d576c8cf1e24f3f44c98ba5702bc50bcb12dde6dd3d6ce6a177b96a98e09c265bfdb78c9b31888cb26354e21de778c04bfdcd0823c9c3c1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
e79a28fd45621faa8feab013c63fe010

SHA1
e37f025f27e43d046d43408186b142990d74845f

SHA256
78d146300a4516264c7fee4309093ede0b61cc84c3c752171796c9724fb40275

SHA512
5726c490c18255bbafbae417cf241fc029c0aaeb4cbef6362c2fc5ecc3619755d164e5108dfa009dec1d759fb49adace1d23c220814701d9f5133cf31174b587

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
8dea43687eacc43e530a150cbddad7ba

SHA1
27cfdbd435ff6bb26acd9a8912085b5c805c6e36

SHA256
d199e62a085200b70a47936979932983890a4d1cc78657b670fe4e18541650ee

SHA512
19b3f5a79635a81e03a8e2ecb3de287b7366a8f905fc7e430aa5cd5ccc13ebd0bbf439c0ecb47527a7a6026d1b5a39275f7b839e9b9c14f3a5cd5cecbc1fd489

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
473e21fb7b6ff096426ad53e5095048c

SHA1
c0eac13e9eb0707237a28ca095fa94cebae8ed73

SHA256
52cc8ac0328ab3ad3fef4c1145564d8cce4887f90ccc2665b9dbe101846ee7fa

SHA512
078c1479c36f1c45623002341ec0716f8eaff6410e0f6fb287ca5768fce29dcb65fb003d0487d5d51598af5ac7490d79d973e8339374d2218480b4b7bf5e5de3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e9c7b7243a804daedacbb0cf056322d0

SHA1
0d44374e04a3015bc15ff327c118c4d6f63eab5d

SHA256
c6bf063b684ceb944c6a7fe29b18ffd9c2d762a53ddcde4d110b6f3e678dc92a

SHA512
8e5a0a5fde1d3bb625c360d2343d26b358e979f88cf925ce60949e7144dc98f9c2f906fd3f2f17ab8ed334f8d172f1ba168d31cecf956fa6acbdb3520cf3523e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
c36c0a350680342df9cf896c600677a4

SHA1
476f8843b4cbbc7fcef056584afb72a807bf4710

SHA256
08bae9f52b6d0c12ace8dda884665c1e279ea29e6d5c4bcf1c07b24f0053fbaf

SHA512
189d1bab316a0752f65305eb90a4a88dd338699edd6df094c0490d362d187de255af6782b35f784a14035578d0a2fa5db775e859e586e20e4351b71bcc61d0ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings

Filesize
81B

MD5
f222079e71469c4d129b335b7c91355e

SHA1
0056c3003874efef229a5875742559c8c59887dc

SHA256
e713c1b13a849d759ebaa6256773f4f1d6dfc0c6a4247edaa726e0206ecacb00

SHA512
e5a49275e056b6628709cf6509a5f33f8d1d1e93125eaa6ec1c7f51be589fd3d8ea7a59b9639db586d76a994ad3dc452c7826e4ac0c8c689dd67ff90e33f0b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings_2.0-2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1

Filesize
126KB

MD5
6698422bea0359f6d385a4d059c47301

SHA1
b1107d1f8cc1ef600531ed87cea1c41b7be474f6

SHA256
2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1

SHA512
d0cdb3fa21e03f950dbe732832e0939a4c57edc3b82adb7a556ebd3a81d219431a440357654dfea94d415ba00fd7dcbd76f49287d85978d12c224cbfa8c1ad8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris

Filesize
40B

MD5
6a3a60a3f78299444aacaa89710a64b6

SHA1
2a052bf5cf54f980475085eef459d94c3ce5ef55

SHA256
61597278d681774efd8eb92f5836eb6362975a74cef807ce548e50a7ec38e11f

SHA512
c5d0419869a43d712b29a5a11dc590690b5876d1d95c1f1380c2f773ca0cb07b173474ee16fe66a6af633b04cc84e58924a62f00dcc171b2656d554864bf57a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris_638343870221005468

Filesize
57B

MD5
3a05eaea94307f8c57bac69c3df64e59

SHA1
9b852b902b72b9d5f7b9158e306e1a2c5f6112c8

SHA256
a8ef112df7dad4b09aaa48c3e53272a2eec139e86590fd80e2b7cbd23d14c09e

SHA512
6080aef2339031fafdcfb00d3179285e09b707a846fd2ea03921467df5930b3f9c629d37400d625a8571b900bc46021047770bac238f6bac544b48fb3d522fb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic

Filesize
29B

MD5
52e2839549e67ce774547c9f07740500

SHA1
b172e16d7756483df0ca0a8d4f7640dd5d557201

SHA256
f81b7b9ce24f5a2b94182e817037b5f1089dc764bc7e55a9b0a6227a7e121f32

SHA512
d80e7351e4d83463255c002d3fdce7e5274177c24c4c728d7b7932d0be3ebcfeb68e1e65697ed5e162e1b423bb8cdfa0864981c4b466d6ad8b5e724d84b4203b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic_638004170464094982

Filesize
450KB

MD5
e9c502db957cdb977e7f5745b34c32e6

SHA1
dbd72b0d3f46fa35a9fe2527c25271aec08e3933

SHA256
5a6b49358772db0b5c682575f02e8630083568542b984d6d00727740506569d4

SHA512
b846e682427cf144a440619258f5aa5c94caee7612127a60e4bd3c712f8ff614da232d9a488e27fc2b0d53fd6acf05409958aea3b21ea2c1127821bd8e87a5ca

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\etc817bi.default-release\activity-stream.discovery_stream.json

Filesize
19KB

MD5
29b1138d20dfdcaf6ec05a16dcce49a5

SHA1
9f3e1850852266efeda46d447949ad73a1d8ae14

SHA256
3e1eb359fdc9ba8a10674882b414ae30f28bf986f160ddccced3154bd0d8c796

SHA512
f3f6a769dbb6b1b6873b2b83b75b7e95a8195aab3be3d8f78b61d5af9b7ac3f3ef335c877ee307d51d530e345f558c1144b9dcb67400c7cd6610ed383b395788

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk

Filesize
2KB

MD5
b9ad8216f1f6e6b0013ed3e2a8a8bfce

SHA1
a1ff0e8b0c79727fc02662f86c9ce4d85c67102d

SHA256
03aae519e5c8241d9762b3af5f7a4df135695db0a9feff622ad005216f1911a8

SHA512
dc94c34bf5350dbd41f2d938d44cd63094f0d137eefcc9076aafca41919ca2a19c3ab1765beb90e1cb13eb0f97392436b0abb8b89c038c215e3e070a8df7f3f2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
2b647be7d70d68eaf073e2e1fbb42c64

SHA1
ce3eb8fa150245f7ae5c4017e83258de95b40e9a

SHA256
f94e5f7d8283a15037ed5fea7c41190ad673425aca7b56858608b66bf84a2276

SHA512
c293c8ee635a4f1143390d76f422dd4b07dd7d81c2fc828ab8792ec615e7b3c6f14c627c3ceef05b2f7422e74ce8ad76300ef6ff49c13b0d8561f5de52ea2984

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
a36c4439ad966d3d8098cbc8a0941e35

SHA1
31daafc65cd66401182a5902fdc6a40d832d9590

SHA256
608bb5e1cc25330caf6be42fedad2c003dc8097c5724f91770292991c3b05a18

SHA512
58949cf5719fc7d765d95ce069842d6b87c374913f95db21d8d7b90b3776cb1cb61a71226c3b46c64dcacf3fecf223baacc638dfb4b9ced27a0bd056513b1aa2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\AlternateServices.bin

Filesize
6KB

MD5
07b2e4fa98711fb00a424bec545328fa

SHA1
eaee328004c2560541b52d0eed27ff2fdbadc21c

SHA256
814a334a0fa44853813edd9fb7c40bdfe81f8a81413c74cb156036c79f3e8e16

SHA512
c3de4dc0979d09cf30a9a3b129c4667def8ee313b82cc1dd7418cff5779b777e28ec637d0fd3d46b4d429d686716b8d36f4007799344151c56ce75274c3f564f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\AlternateServices.bin

Filesize
8KB

MD5
44dbc4dbef17999c98f6c34ab1954f9f

SHA1
9c1e5bb670452bdc91a415d91f00ecbd989d9a21

SHA256
1dd2cc03c2ff7d6737ce09574f75beb02cc260a112cc575ad81e185ba4a0e859

SHA512
a460d5e6ec19e87f45e66969a223af4ff211e0f8e4b37868b8027bfef7aaf9a63b98636a4258d184f6ab60441871c442bc89c31987db54da0aecd09dbec56b6a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
7a9e17c5b729a9ee954f52e55b9afec2

SHA1
33eafd735c8aa925874b26c7a65fd689db990c10

SHA256
6eb3bf4ba20be81828a0abb29793e26d5a1de5a9443650b91da26ad59d02ae2d

SHA512
3def7359b739a7b846d6ecc171ec3a2103a67769fa898f3ce929ed00be45f2798c2f95eb546ab9a2a0aa1bfcda9dd0fb5a2d7ce651f3a39764a5f72c5fd8c2e2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
83beccaf25b0a314a60840dacff5ffdf

SHA1
a476e17eb6bd98c80817558e26dbc61958865546

SHA256
105f4ce6c7d8e1fba73091417cc949cece15a682c30cd30dfb41f38c1da1064e

SHA512
d12d2149314d23fb3a7ab389e23fb2f8fd8b9a8d48cd5a6bdfc7045f3af144f9172aee023205cc81fe6f5d724506e8243bed8e9d8255cf13ef8cde5bdaeba07c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
b3db3cb5f63a56a7b0a95456f14f8392

SHA1
75acb34d4e58b6e9c57c8bbcc65be064c4c0eb77

SHA256
cc1e9f1e2c363232ceb4e158bed36fdd04cedf7868b5d01463a47c3c65b553b6

SHA512
d56e222b56e62cf9a1f1b35f92cc6042b5e7a9b7badade7a51fbea23a631d89bdaca49f8aeffea96e343a9d5e10881d3f6b440a1db4f9e9c0f9170e5a50646a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
a3198f8445dd5c6d4a70101fcf8206fd

SHA1
850f02843af6e8794296fb291890d08a06a66e75

SHA256
504b42768289f924afa00064bea700920d756daea04c8682a2826881c2e97834

SHA512
f948401e3da932fefc6148f3a719397d12a9e4923acf0e466a34adffe11e9be2a765252854335ab679bb05229216719555d836a2ce1737227bd78cec4953e84b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\datareporting\glean\pending_pings\2f2e1751-7035-4574-afd6-6e0356432237

Filesize
851B

MD5
0834ea9a86b7d4821a41c597af78d9e4

SHA1
d151f93ef2ad962230ab284e527969690e1bcdd6

SHA256
314a65c1b4e2f944607cf739f8a8d31bfeb1eca4b409ce94dffc307a7e0f86df

SHA512
0877b273190dbce83420ae4c083bc6470f4a3be429c9261215378b2dd57f9dacdb253e50efb34b2c4a079ab6edf993d4bf00be5c28aa4fb3a4eed0d4928df05a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\datareporting\glean\pending_pings\946d81cd-952d-4130-8c0e-00f5ef712042

Filesize
982B

MD5
8bd428991cc1711a5f3bec0fd9e5527c

SHA1
444163f652b24004cf5636da3b00b88ef227eaaf

SHA256
0da4ac016ad5401735cdc44e35370117535f99273ef79141a59af34deb8cb06a

SHA512
25ffdc00bd691b3c5ccb0590c88ab23f0ee0278a56f033c7dec84ceb1e4c1d1ffcf76855fb73c895dec961cd7034ee0e8dc320a17350150edc54a45597a696d6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\datareporting\glean\pending_pings\bd48df71-231c-43f8-95b7-3afc4278cf4f

Filesize
671B

MD5
e4e33210d3198d67048207a5d67b0bf3

SHA1
b37f6fc3854d58a4550d027ef689820c6fcd3e2b

SHA256
ba2bdf5822a1b2d1796d058c684b73e2c2d2fa2e331dd3acb534ac4b2c3e7e35

SHA512
970a1586df0d4c2f7524ae393a4e46d75df11a315370d73029c7dd24aa5ff8059b571b5e73d66b606c2e56e01b2657157f84606cfb5594c2850544824fbd7f16

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\prefs-1.js

Filesize
11KB

MD5
9ccbd26da08e2dde4d02a260cd437772

SHA1
f57f4501792b219d4c98c772a86631e4ee8c05d5

SHA256
fce59ed2ea62fd05d7ca7ee2a89b13a6fd2781b576e7b2f75fb4aa1af2178d3e

SHA512
60f09ba5e9c1f7c3af27af6789998c8da5f880dfe5322562a2a5e1f6f69f598b97af466fef0e0af4ff47dda158bab3c93ea733da906c528f463c1dd39763b8aa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\prefs-1.js

Filesize
10KB

MD5
3d68bfe729a7c64ce2eaf6460d8d07fb

SHA1
55841835cbe664567c3cc66cd0d830f1702b428c

SHA256
a814cba2fd319b75601cffdfe2f77121e93966a68a00a0586adc2951174f4ee2

SHA512
7da4d419586f0a4f266aa26da0c0ecfe004f8f8f65e7a0d1cbd8d824a1634ba50a2b3d3bfcc6f4f6080a4fad6961c852bb94e4be34f9038a124ad0157892b210

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\prefs.js

Filesize
10KB

MD5
00c5b5db489adeeb4ba7c8fd6ed8d6bd

SHA1
b698fd2e016fce9c41a47a7080d449b34730595b

SHA256
e93d543a609e100e2fb0cd2aed1c2e9aa6da69ea7ac445335ed604c377cb1c36

SHA512
07bba8c42d8acf4f30fba0f57b8a7967754ecbc77e51156289e7e6383807c03bd1c57d2d7bbd6958ad321951a6970f77ef49cf62f82a48b99f1f25f76c57575f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\sessionCheckpoints.json

Filesize
228B

MD5
a0821bc1a142e3b5bca852e1090c9f2c

SHA1
e51beb8731e990129d965ddb60530d198c73825f

SHA256
db037b650f36ff45da5df59bc07b0c5948f9e9b7b148ead4454ab84cb04fd0e2

SHA512
997528e2ecd24a7e697d95cd1a2a7de46a3d80b37fd67fac4fb0da0db756b60a24648b7074255dc38f7651302f70894a53c3d789f3d7cd9f80fb91bd0cade4be

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
8832e31110358f63ae71f720fd3c0704

SHA1
007ae5dfac3e3a3d2223e58c2a991b501b22339a

SHA256
670f446f84dbc86608a54c2c785752042440eea65b40eff2eb8f179acd24c258

SHA512
ae366cd7b294385c510f6b91f973c7fb485c71e4bb98b1203b20a00e2fae507d72947e5a258496de1b27369f28f37f0809241219efb033e74e516c6a7160e9d2

Download Submit
C:\Users\Admin\Desktop\DisableClose.potx

Filesize
287KB

MD5
1ff83bf5b1988e6d442821cff0a601ad

SHA1
0c4cee9e7914cece2a071d86da483ac274d22a19

SHA256
4b928c331dfaec8d494549171037611312086d8c7ea67c00796525b8d67fe1ec

SHA512
a62236c66fab1f7188e3eaae1d3e403670ed9cd5bce33053f1decd7f587afcce85d634205fba7e232c78c11d4301f19d99ed1eeb33bfbc22d3010288a5772f26

Download Submit
C:\Users\Admin\Desktop\DismountApprove.mpeg

Filesize
649KB

MD5
085c38dd8adda8b2d84764dd10184b20

SHA1
c926e843f250e52d54f04b432a7320ec5c0f15fd

SHA256
a744b7bf97d31b70295b1a92a214fa7f995ab2a270f13cf753cf05ec13feb707

SHA512
5d665d5a37efa12a3519b1b8388b543d598cad5a7f5e2d30a3aee3d7e5a47091a87c58009266589a1af2123546a9319283a3a7e3db49db5265ee8ac0204eed51

Download Submit
C:\Users\Admin\Desktop\JoinRepair.wdp

Filesize
1.0MB

MD5
2f98f980ecfee48f73b7f27d480c70cc

SHA1
a6ea9f96462d934cfb0c89de5d23b9d09e578eca

SHA256
4d5813243d22ab3a92656ea4d4c6f9663bf13ce465dad24d136e6d7b93ced281

SHA512
14b385239afd2adc2e1be39b7a7f7b39215bb4b6a7297a219f565dbc0a99352757ac9617595d3dfe26acd971bbb7c149801a39c6dad1b66161e946ea24f62150

Download Submit
C:\Users\Admin\Desktop\LockUndo.rtf

Filesize
734KB

MD5
ac058b150cf7121e5c006a07883b9df3

SHA1
756fe11bdfce22cf0affa792782fafca9652989c

SHA256
008525108387f3fb1b62893a96393c6cf5a0ad303a1c945ebb63fdba5fad7bf9

SHA512
b8028eea8076ccf71afffc269595c270725822df6133dc5a2c4fc17ac4990cd09cd1d1ffb1c3fefd9c76c89d73c850cf4ccb9ed5ab527bf778b39cf133445d1c

Download Submit
C:\Users\Admin\Desktop\PopExpand.docx

Filesize
20KB

MD5
0a3c9e2f3291d3d843a2f962f514a131

SHA1
575d5cc27aea1ce04f885d0231371e5f7432a957

SHA256
62e2c341a01857753270da64239fab6cf3f74f8de7ed115c3b8c38580d4f9fa8

SHA512
cc71a8d97442ef2b942a05177a3d63093f6d381449abc937ccddaa3c03cd5b8852739464eb9cf5f3040a994ea47f7621fe8f1a1d22d911314de14188a19a033b

Download Submit
C:\Users\Admin\Desktop\ReceiveDisconnect.TTS

Filesize
351KB

MD5
80e2db437a0bb4462eb9087e4a72acc9

SHA1
0e6f93864c2ade7ee856cc8e5a07820c197fd821

SHA256
84704a05225434435a8d2c9ab01eafd16fa34c85e0ee28b06d4bcb0516d8a5e0

SHA512
f6f87d06c7f295c1ffbbe036b3677baa70b4cdae5c1049f16ac76743b4e60f66345f90736250595acaa1d8c301e70ef1ffd7fce504e90d73fb308781c004d575

Download Submit
C:\Users\Admin\Desktop\SaveDebug.M2T

Filesize
266KB

MD5
e1b541c2b39b3a7979596fa56e715597

SHA1
9188d34d0426b90e5ffcc48491cb54d8ad6ce8f1

SHA256
1316f0cb734a17d7a635f91b36a08372023dddaa38d7ea44d686acfedc048f8d

SHA512
2832b5274bbd1231b6dee90a738ce5f3acd7f7a09bbe088bf849e09d9a302f72f3cd9516ac7b109f924bc39bba37f8ca8349c3d6b69e22886315c90e192511dd

Download Submit
C:\Users\Admin\Desktop\SendUpdate.mpp

Filesize
543KB

MD5
09fa6b01fc543b9772b4047a4d279f67

SHA1
55770388586e839db1c523b7fa1c3bc60fa8da3f

SHA256
116a079dd478b47a6089c719330dfcf97ebf5f842b55d36f5bd476c24664f528

SHA512
16981921ffa789394cd2962c7256729373c91470c893eaca916b9df20ab985f5647772449c4061b9d151f5a8702b18170d99372e815b168bc2fc5123c3258939

Download Submit
C:\Users\Admin\Desktop\WriteSend.ram

Filesize
436KB

MD5
c19fe9008d47cb6a76cd025252c5c3ab

SHA1
412d0821fb687d17220120b79f25eb4d9357904b

SHA256
205658bcb5928216868622568e88bd3233f539f2edce8e303c9575ab67583832

SHA512
866a877ceec70c080aaaf29a7eacabd17aaffa1089c1fe0bbcc9e4f1126c1a7d76b09d9f9dde72dd9e990a3ccbb66c1d8d453793bfb3ec68463afc5870b88050

Download Submit
C:\Users\Public\Desktop\Firefox.lnk

Filesize
1000B

MD5
fccfe6e53bee69b4dbaea8e4e3c916cc

SHA1
4551b9ed24d141c802060605ed88f72a8132ff6d

SHA256
8438d17a6dee1eb056e727aac6d51f858a180cf278240351baccb28979a1f667

SHA512
7a2f1c060ccd0b40cbf3b0174ebccee82b8dee8708cfb1c139b41c66c441acb9205ed62751a0efc860b9e5998488814ad8916a02f42f935173da0b02476153e4

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk

Filesize
2KB

MD5
fca30dcacabe115ae7346defb9b88962

SHA1
78fb3231cbd3de0a9fdf627fd5bcb9aadb5b7dba

SHA256
0f8c964c5cda152d03d72929d2f484fb422b9eb3e615a1acd36de6812ca1bf88

SHA512
63148afb5ba6ce9a2849afde739868524db1b961b6a2bce68b0d614c920d5c831e5628ac4f7c1a9b27d0a0a39b853f444558b78035a347296daf44af2237e50c

Download Submit