Analysis Overview
Threat Level: Known bad
The file https://tenor.com/view/goon-never-never-goon-minions-the-joker-gif-5757765421562093508 was found to be: Known bad.
Malicious Activity Summary
Detected google phishing page
Browser Information Discovery
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Checks processor information in registry
Modifies data under HKEY_USERS
Suspicious behavior: AddClipboardFormatListener
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-01-12 09:42
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2025-01-12 09:42
Reported
2025-01-12 09:45
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
145s
Command Line
Signatures
Detected google phishing page
Browser Information Discovery
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133811486355392898" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://tenor.com/view/goon-never-never-goon-minions-the-joker-gif-5757765421562093508
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd480846f8,0x7ffd48084708,0x7ffd48084718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,5470125012858651145,4495245873968985086,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2268 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,5470125012858651145,4495245873968985086,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,5470125012858651145,4495245873968985086,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5470125012858651145,4495245873968985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5470125012858651145,4495245873968985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,5470125012858651145,4495245873968985086,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,5470125012858651145,4495245873968985086,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 /prefetch:8
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UnprotectBlock.wpl"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3e8 0x44c
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5470125012858651145,4495245873968985086,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1756 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5470125012858651145,4495245873968985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5470125012858651145,4495245873968985086,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5470125012858651145,4495245873968985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5470125012858651145,4495245873968985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5470125012858651145,4495245873968985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd2f6ccc40,0x7ffd2f6ccc4c,0x7ffd2f6ccc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1840,i,10744081993320988026,12117539435639465315,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1836 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2164,i,10744081993320988026,12117539435639465315,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2212 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2280,i,10744081993320988026,12117539435639465315,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2492 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3196,i,10744081993320988026,12117539435639465315,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3200 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3312,i,10744081993320988026,12117539435639465315,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3404 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4468,i,10744081993320988026,12117539435639465315,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4532 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4832,i,10744081993320988026,12117539435639465315,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4848 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4892,i,10744081993320988026,12117539435639465315,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4916 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5470125012858651145,4495245873968985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5470125012858651145,4495245873968985086,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4904,i,10744081993320988026,12117539435639465315,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5132 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5184,i,10744081993320988026,12117539435639465315,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4900 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5188,i,10744081993320988026,12117539435639465315,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5092 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4780,i,10744081993320988026,12117539435639465315,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5172 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5128,i,10744081993320988026,12117539435639465315,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4772 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5470125012858651145,4495245873968985086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5470125012858651145,4495245873968985086,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,5470125012858651145,4495245873968985086,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4652 /prefetch:2
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Documents\GetOut.docx" /o ""
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | tenor.com | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 34.120.13.18:443 | tenor.com | tcp |
| US | 34.120.13.18:443 | tenor.com | udp |
| US | 8.8.8.8:53 | media.tenor.com | udp |
| US | 8.8.8.8:53 | media1.tenor.com | udp |
| GB | 216.58.212.234:443 | media1.tenor.com | tcp |
| GB | 142.250.180.10:443 | media1.tenor.com | tcp |
| US | 8.8.8.8:53 | c.tenor.com | udp |
| GB | 142.250.200.33:443 | c.tenor.com | tcp |
| US | 8.8.8.8:53 | 18.13.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tenor.googleapis.com | udp |
| GB | 142.250.178.10:443 | tenor.googleapis.com | tcp |
| US | 34.120.13.18:443 | tenor.com | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 34.120.13.18:443 | tenor.com | udp |
| GB | 216.58.212.234:443 | tenor.googleapis.com | udp |
| GB | 142.250.180.10:443 | tenor.googleapis.com | udp |
| US | 34.120.13.18:443 | tenor.com | udp |
| GB | 2.18.27.76:443 | www.bing.com | tcp |
| GB | 2.18.27.76:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 76.27.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 2.18.27.82:443 | th.bing.com | tcp |
| GB | 2.18.27.82:443 | th.bing.com | tcp |
| GB | 2.18.27.76:443 | th.bing.com | tcp |
| GB | 2.18.27.76:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 82.27.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 20.190.160.22:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| GB | 142.250.200.33:443 | clients2.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 2.19.252.146:443 | aefd.nelreports.net | tcp |
| US | 8.8.8.8:53 | 146.252.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | roaming.officeapps.live.com | udp |
| IE | 52.109.76.243:443 | roaming.officeapps.live.com | tcp |
| US | 8.8.8.8:53 | 97.32.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.76.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.73.42.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a0486d6f8406d852dd805b66ff467692 |
| SHA1 | 77ba1f63142e86b21c951b808f4bc5d8ed89b571 |
| SHA256 | c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be |
| SHA512 | 065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a |
\??\pipe\LOCAL\crashpad_4688_UJJVEQQJKHBLHSNQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dc058ebc0f8181946a312f0be99ed79c |
| SHA1 | 0c6f376ed8f2d4c275336048c7c9ef9edf18bff0 |
| SHA256 | 378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a |
| SHA512 | 36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 49511ecd3f2158a5041cf553d2a16cf7 |
| SHA1 | a3d9c147573d3e309d5fca46c69c557635928e8f |
| SHA256 | c0bc7d72240838643b86301997a4f6bc63280dd7ad732682d853d8ff3b75ee3e |
| SHA512 | 54bca18ed0cb4ef59436fe2c3d89a545ac606ab99523fc58d3b95807d624fcd38d75816d02df47447ca50fd9954e6ed48092259e6df5a277fa2a57a54a9e6073 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f250dda90642e0bbbbb9e07c9ae87c4b |
| SHA1 | dbda46329f26331d61b80e2c92d3a29ee06ce42d |
| SHA256 | e1aea4e8542cc95132bd85fc2619368663a690342b16fee7003eb76d6db54580 |
| SHA512 | a413d16fefe9676a3449e7ccf646f5b249b472a2fa7070b8e87ae974efbcf430a4f005fe0050f58c16e9eef576ac6c2b046af2f41175e0e553aec44689c2a34d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 762bdc5348c7150e0f196040542be9db |
| SHA1 | 4c8df388d08d479af153343acf16196e42a97856 |
| SHA256 | fb690170e5cde31fde8949fdf54907878cedafa7fb85d9b54d170310fb4549c8 |
| SHA512 | 125b7a62bf3a98158023f1cfb7ea385ebe08762a94da1125d8041bd34700083071a98fed2fe16ca080d476d1a65072d1aec324269a4c0f4f957a51f1d8b395f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c3f807c210fd9ee8c99ac0f03935951b |
| SHA1 | 893005c46cd2740df102406fc39acc5d9dfe4605 |
| SHA256 | 50bd04893c5426920f262bd5b7e1404174181d939436f3b447869d9def4aa758 |
| SHA512 | 4f97eaf677bee48f8ad89639ecea11d91797889e78441343e90b062a5852d93373bfc83219962bbb43414b876ed7f21a20ba2828a0df6646854a9e13ca78f2f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7a3b3d41db57cf5767f765163af4d6cb |
| SHA1 | fd1716e929255de2c55d834df00ad69835baeea0 |
| SHA256 | c228e7bdc881b237d136f108a2b47d043152de57e01ed6f6b19cebb8b7a36ec0 |
| SHA512 | bb5b177634fa7cdf0e6aaa259e1f1633414abacc5ce908cf2398be7dc3e005844620a1aae17b0762a609440f79bc0f47140aed94a35a96e610a8d1c60c0b9c54 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 42a5c1099ab73c5a92f65120fea30fad |
| SHA1 | aa79eaa7e41f6ef5c2bebb31709102395601ea5d |
| SHA256 | 028b82177da5e6d24372e1471d2a96044a37cfdb1462e54e9242e245a8e716fe |
| SHA512 | 19bd8a6c7370061e5a3e44eab141a86a5f199574528a80226982efb243294cfe64d8f0a5999d212d31cb0a45789147c86630ac0647c2cdbde99b9696af3d8d0b |
memory/1644-117-0x00007FF644E10000-0x00007FF644F08000-memory.dmp
memory/1644-118-0x00007FFD47990000-0x00007FFD479C4000-memory.dmp
memory/1644-121-0x00007FFD482C0000-0x00007FFD482D7000-memory.dmp
memory/1644-123-0x00007FFD3E920000-0x00007FFD3E937000-memory.dmp
memory/1644-126-0x00007FFD35140000-0x00007FFD35151000-memory.dmp
memory/1644-125-0x00007FFD35160000-0x00007FFD3517D000-memory.dmp
memory/1644-124-0x00007FFD38F30000-0x00007FFD38F41000-memory.dmp
memory/1644-127-0x00007FFD343C0000-0x00007FFD345CB000-memory.dmp
memory/1644-122-0x00007FFD42C50000-0x00007FFD42C61000-memory.dmp
memory/1644-119-0x00007FFD34D30000-0x00007FFD34FE6000-memory.dmp
memory/1644-120-0x00007FFD48690000-0x00007FFD486A8000-memory.dmp
memory/1644-130-0x00007FFD33290000-0x00007FFD332B1000-memory.dmp
memory/1644-134-0x00007FFD33230000-0x00007FFD33241000-memory.dmp
memory/1644-137-0x00007FFD32710000-0x00007FFD3276C000-memory.dmp
memory/1644-136-0x000001F8F3010000-0x000001F8F3067000-memory.dmp
memory/1644-135-0x000001F8F2F90000-0x000001F8F300C000-memory.dmp
memory/1644-133-0x00007FFD33250000-0x00007FFD33261000-memory.dmp
memory/1644-132-0x00007FFD33270000-0x00007FFD33281000-memory.dmp
memory/1644-131-0x00007FFD35120000-0x00007FFD35138000-memory.dmp
memory/1644-129-0x00007FFD332C0000-0x00007FFD33301000-memory.dmp
memory/1644-128-0x00007FFD33310000-0x00007FFD343C0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d30c0c9fc169df6f0e3352fb15c207da |
| SHA1 | d6903454e3f513d3d7fdd76fb134e6e063b1ddc8 |
| SHA256 | d0f8abeb19497c89fd825086954fee43cc239b72f7949abbb92edecb1c3ce027 |
| SHA512 | 7a3300f80823cb04f2641ad7d589ef64d3c99a9516786856edcc7303fc7243cf7aeedea6c903b7b482bd4e096a3cd2f9b1563ab87ebfb43c1b3b32b9129f5f01 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 18107e84c7b0ace7eb71a9e07cf2857f |
| SHA1 | 4153a62720f6f9c362f965db0229d51444591946 |
| SHA256 | 41f9f610710d9c52575eba87784b929486592d50fe375dbcaf12d97f46358760 |
| SHA512 | 4c6c9156ba91f29119effc0b22216b35d65d0533d70992cd4d83b65dae5ce10df63ac2f778bcc7cfc9caf5f39285db1a97f16a6400e471a10fce63241a2f4768 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586879.TMP
| MD5 | 3f78ce336eef8d8212220b7b162b8f30 |
| SHA1 | 0d3764f3f4e18cf4af78769d0c6db3cdad043b0a |
| SHA256 | cd987b4d885b43af3588b7a734474b10ebcbe4947ee72bb2ed65245e7c1e6f44 |
| SHA512 | b45a3e314b332fb1bdd4d0214a2c4172af1975994cd968845fc0aa6394faa80f588f7d191535914096fe349833f9c64a2c012416a16b456844b6c069a6af7b82 |
memory/1644-212-0x00007FFD33310000-0x00007FFD343C0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 97837745fa735db8e8a52ad00d9b6cb1 |
| SHA1 | c417cc26e4d77174cbb6e7bdc5ee978be7d4d903 |
| SHA256 | 7ef366f7460a1e07b2faa5c10f3e3ce35eb4edc4ae54366c1b456dd6d93131ab |
| SHA512 | 5ee812408bf8524bc4cee812c22c9d28e3d67aba082748255c8d1f35add38a1915fbe76a89daaa8c2da60d8690cc38c9fc52c0991a5045e04073544883e37edb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e40a500df7719ce1ae90aa7b5d00b158 |
| SHA1 | df9003d4e82b6ae2df40b734f5103bc0b76524db |
| SHA256 | d6dfa14d73c7232f1897ad47aa0fd6fc841c7843cff53585aa3c08b0900b82ce |
| SHA512 | 35b233ed131a775b8d007f087c89dce2b102539ba0e2b02204eafb3d7c42e1bb64694d1e5c349c7de2c76c9331bbd2c5fa768a4b2b9db4f8686398f8418d63b6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e19804d399cd35fc96cedf1e500299cc |
| SHA1 | 6ca5c678b7a297c01e2b1a71e01b503999dc69f6 |
| SHA256 | 62d1bc61b6deef62b819b7dae57d37d5b51cd0209781950ba86e3429dd457341 |
| SHA512 | 207dbb8c4207358aa5039b249b3f290821e9f5807145d142e581bd656b78bf1909b59caaf7e2b8184f49cc3f0f94f0c07c2cae22f050a7385c4c7a54609b4e3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bb8a292a72c743295c3655f3843e0889 |
| SHA1 | d13690a942965a9d4efb62bf13addbeae4a033fc |
| SHA256 | acbfe40897de6a7b161bf98c00de45ea99e27baa36b62b61c721901b812cc4f1 |
| SHA512 | eabe8c0c28ce6a085e91ae1789bf3ef956be03fbbab53517308b0fa5099849b685b55afc055560e41adbc8503ee28c8af9518dac4c3a0947753b9fd3c30d35cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 749bb6e42ad7a873ab95fde2fb77394f |
| SHA1 | 838e9d990ca430ae79646c2059aa0e2c7f60b8f5 |
| SHA256 | e10fce6eb817718ec753137b710c30bffde82b81da4d5c62b324b6a8e8bc5006 |
| SHA512 | 6b87e85caeaa21f91d5dab140c700c3ef7764d9f2fd26cfa2f0614432975569e6dea814328a1d1b0abf6d5daa418ce7267636bb27422784eec26128cb4c044a1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 45feddc731f3e2260f9463d07f944aa5 |
| SHA1 | 15c9d932ca663874b0eb56216f441e8e32463828 |
| SHA256 | a97f4740854ab8370e9bf002ecdc22e56e3c83688114ebdb08818c2bcb5897bd |
| SHA512 | 2eabf9631b77689b54965977e59a15210ee40cb4b235ef37261acfb8a1348128717e6f6519f5353b72684422837d6a35ce2f1f8aaf7800c0d5181e53d67f0fea |
C:\Users\Admin\AppData\Local\Temp\6af10511-0a37-4f48-b1c4-aefa43ed2c9e.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir4492_1739324556\4b0601ac-ba74-400d-8f97-55c8507efd5e.tmp
| MD5 | 14937b985303ecce4196154a24fc369a |
| SHA1 | ecfe89e11a8d08ce0c8745ff5735d5edad683730 |
| SHA256 | 71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff |
| SHA512 | 1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c |
C:\Users\Admin\AppData\Local\Temp\scoped_dir4492_1739324556\CRX_INSTALL\_locales\en\messages.json
| MD5 | 558659936250e03cc14b60ebf648aa09 |
| SHA1 | 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825 |
| SHA256 | 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b |
| SHA512 | 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json
| MD5 | 07ffbe5f24ca348723ff8c6c488abfb8 |
| SHA1 | 6dc2851e39b2ee38f88cf5c35a90171dbea5b690 |
| SHA256 | 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c |
| SHA512 | 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json
| MD5 | 4ec1df2da46182103d2ffc3b92d20ca5 |
| SHA1 | fb9d1ba3710cf31a87165317c6edc110e98994ce |
| SHA256 | 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6 |
| SHA512 | 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0222bbb2336e82b8c0ef5a6d139b528e |
| SHA1 | e71fbbe277d152b7dda93af2a11fe38c7f5d1cdd |
| SHA256 | 4f2856a7e0042e2edec567152263fd9fbe9dc8d50975f78a01df23d35657e17c |
| SHA512 | e538ad589b8c5e927ad9bf89ac73e81b9eae3b1677c7007c524fe446a3879e5a269223247deddefa1564c94f4503e4929007ccc61e4e48b15046c7ea77438af5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | d92b8f2a4f187a6d8122e7cf0b9162c8 |
| SHA1 | 405ea099cccf7afed0707c208abf912deb9695b9 |
| SHA256 | 3f83db86ba0fdafa768fc5318503757ff5b543c0d6b4750fc4f4e07e5174455f |
| SHA512 | 9cb5be55995070d3527fe894bf38f062af29659aa98ba255f992a36a3e328e6a64f32116e2b356c65444122f62779fb3120aaaeec0b47f727d0f7d4fab2f893a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 0256e78036b2b410e19bbe1101fe9a70 |
| SHA1 | ed90b574627225045158e36813a71e39f900f6d3 |
| SHA256 | f9562fbbb7840ab78e15764a867f5344f7fa55a297227d70a1ffd62a53847ac3 |
| SHA512 | 9b5122d54b7bfa2cc303bc25af70ca22b1382ce79aa695eb09c8b23d1f05441c42e411a9f6bf7baffb64d2659326b3cfa400e6128f443098fc090385b0c00ebf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | edb3865942d1fbaa42bfa1b6652c1ff0 |
| SHA1 | 9a926f25f499359c8ccdd7b7a70576a7c9293c12 |
| SHA256 | c36d493211991d47dbb4aecc8922cefca1eaf57d65808743d776340b51a52b92 |
| SHA512 | 14bcdade83f7abc5bdbf123e082a691798389b030bf0ac02743fe235e388da32fd6872f799eaa1ae256f57f178b7788738020c730784850d46772cf0e4597874 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ef275a06a0468af7c452c4cf4a77cf37 |
| SHA1 | e541db1324e0468410e21683512789121c4779c6 |
| SHA256 | 8e1a68787a0a90f5dd4dc6036c2d05d384041ce2ebc1ea9f26a30ac9efa92a63 |
| SHA512 | c29eff45a10832aaf248a11e55f207ad17a53382cc67e330bf920f2437f4d5b7581d05ee1966119df6bfdeb2e883d24bb09f2a60142e8d25f93a362ad87d0146 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 92ad3278017388c322295920434bd8e8 |
| SHA1 | 48d02477ee34d278cb9a6fa0a77ba3488753923e |
| SHA256 | 4524a041c41a710fa755a9f58bd5ac4372964f39e97e676b87a4d8753b36e904 |
| SHA512 | 8d6db8bdb2b33e7f314d3cea101932320a79a44b575b1034b05b9197155d33e8f2bd959eb2cad1687501aa770a4fa693ee617a18839ed77f56d0e151ec20d160 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 740b1e2bbd6c9bb651130e7b4f3a9685 |
| SHA1 | 11bd64cc86ddd0add17cdb50e55b9fe3a698991c |
| SHA256 | 275b63892a4c7122755e55f5dfc68685cf5a6084ce83d59c341b7bc881caceb2 |
| SHA512 | f90f7e9d83ff2e929ffc75ee2d4bd345eb9d8e4928aeaf27c6aa30c4a0455622b93b3bd802551aa85edcac7b8a99b6b6a11b8fa2da964a43f317da048ac41b2b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 604c893d6dfec009b17f201fe5a198cb |
| SHA1 | 8814bd881718cf97e47ceaad9b832326d421b89e |
| SHA256 | 1e4537f789973c111efa0122b418c8d3fee344d55f360200dda8d4527a979035 |
| SHA512 | f63cd074d1a8719a21684591170a5c2038ca2a4927ac899d37d399a4e189f8dbeadb2dfe08dfbb3e1ef235ea186bc54615714bce52b4b269ff6fc9652531b486 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 06ba1c83b5732c0831666aea6833cd86 |
| SHA1 | 60636f63a81548dc3d3ce1f8ac758b1595a4d90c |
| SHA256 | 3b225689cfb7ef37611cc176ba39c044d54fc7361812539368a7badeeab1e1bf |
| SHA512 | 84b17f23114c6a43248bbbd0a5a07163d0f683eeedac1f2f98282a74005e64dc92d19d669232020863917893ece70338d09cd502588b39d4b318f9dcbc545a63 |
C:\vcredist2022_x86_001_vcRuntimeAdditional_x86.log
| MD5 | e7b2121dfc429a84eceaee4aa49a2ea0 |
| SHA1 | c983c4718ad3411f9b6206c75e7b5412d27fbe67 |
| SHA256 | ad21638459e368bc6a8b54f66dd50621f9882ba20b65267d0d4aeea8b8b5e8fc |
| SHA512 | d03cf2ebea96097b98309a479742b314e486d5e7728df972788b2cdab77ece1b9d3d2e76672cb85cd33d64680d2b8c395160e042d9797239631cbe2257de4118 |
C:\vcredist2010_x64.log.html
| MD5 | 34a9549f1a173ec59b81f544d44e9cf0 |
| SHA1 | 22c04a337802aa617cb873ff294c6fb46e99131a |
| SHA256 | ce7d014cbc1812fb7f0932c213a486937aec13f48bae281f463b9dade976231a |
| SHA512 | c7f1e463b7ce70e28cd133e04093747c2d3c24772b239d9433223a6a2a0a1382eecb7172cf528906e949760d9936a0c98d43dc8b7e49f48eab46fdfb7762e27a |
C:\vcredist2010_x64.log-MSI_vc_red.msi.txt
| MD5 | a206338b4707def93941887980438214 |
| SHA1 | e8228e4d65f1f678a563144aa777a94c6ec1e30b |
| SHA256 | 1cf3a142c60b8b34cd1cfd562da3d519579390ddd662b053442e4fc179735830 |
| SHA512 | 227b0de3ed521fe6db0ca12c2ba426998abc106df271898e2ca61de1bfb60cdeba458afa4d09111eb29ef55444e30cc9f34c894e1976f22aadf0eb6a088b6f46 |
C:\vcredist2010_x86.log.html
| MD5 | 4e9c894fd51d3399dc22536107dce872 |
| SHA1 | 8dd5b392a9a9699473aa79978829f42b858b0869 |
| SHA256 | e0bf364ff9c5cbdccc845ac11a0d17081528a38a5984874d968d5c7d55cad40d |
| SHA512 | 9a3acf120f1bbec923e13332582f4c1a528ebbe08a695b4cbe6b44f4b660be0fc721758b2c9f5fd89438d4e0bf613118e5f532abf04151026d6029117b77344c |
C:\vcredist2010_x86.log-MSI_vc_red.msi.txt
| MD5 | 5b6b7e6752a671506d1f79f56f44f8f2 |
| SHA1 | 30ce91deaffb092a6700b632b687e32bd45ba42e |
| SHA256 | 4c95c86ccd49e4dd6445736dc188ac1e07060023ff26dee137a0364c5c96d921 |
| SHA512 | 1484d777c8cefcb793ac10bc48c5f916504ac231b33073ef6cd7aade19a81087cf582676cbaa56bc88cb4adcc0d946df824517fb14c271e7b80eb96cde79f1de |
C:\vcredist2012_x64_1_vcRuntimeAdditional_x64.log
| MD5 | f5975d89ac55d3d1db7bfb52dbdb475f |
| SHA1 | bcff121c07e29de864b5546a82a93f29d343abaa |
| SHA256 | cfcef2b10f0cf320c911e7ea32bc5fac5172d94af0a3cc8d8c042aed6b0b23ac |
| SHA512 | b292c5d48dc335eeed4e5f9c6ee6a133d19afa7d73c7b69f0e29675879c34e83a3a99c9292e90b97d990ecadfdc619d56190f3ca80a769348145a05323558efe |
C:\vcredist2012_x64_0_vcRuntimeMinimum_x64.log
| MD5 | 5447fd1259b17a3131d56cb56ce04539 |
| SHA1 | 53a6b885955369c538622edd1cf73a390d41b7d5 |
| SHA256 | 5d4c0ba7eaddc7f723b1d50011a1c1cd2b187bcaa6edf0337aa930a19bfd5c75 |
| SHA512 | d88e5de91709846662b2553c9022e4c264e80b2a89403d6915a60b42221a62db0a180a93dc54cff4e31ed36686c69204ec70e7177ebad76d21b2ac77d1ba610e |
C:\vcredist2012_x86_0_vcRuntimeMinimum_x86.log
| MD5 | 0f29f006e17693dc53cf070e0da7b13d |
| SHA1 | d39dfd55c79aeb88556f4a161248ddff9abd42d2 |
| SHA256 | e98ecb0e04fb73f5e2b24ea94418aa5cd5f11006a68cf6b28b11af0626da1c4d |
| SHA512 | 8d166d704efcbf66ba3f56c31018cc2c51a46130611af377e01ae5163dee17a44b74ed92c2b8592523f43e97fbeed6117cb1be2d2621866fa1c71b3e1d112162 |
C:\vcredist2012_x86_1_vcRuntimeAdditional_x86.log
| MD5 | 38f2bec2fd170660767058020997907b |
| SHA1 | 30b778cb71453a3b9f1c4482d9916137f9f1c01e |
| SHA256 | 9659f2a00d6a132d9c5474b4b1e076c7977f075b34dd995ae03bb9df535aed77 |
| SHA512 | 02572fd4f1aaee7c0c906c95fe600d98bbd277cec1ff3ee54b992c28b3e195bfe614a928138d2ff7a172511854c20362d971fbe9d4f8267734afe0d70b1424ad |
C:\vcredist2013_x64_000_vcRuntimeMinimum_x64.log
| MD5 | 093a03e143e4c57216d72149cc698501 |
| SHA1 | f5c2487723300fd8101cee0ba175fc7ebd007f4a |
| SHA256 | f1bdb3813c84e884acc7b516cb7a3b836fcce3c113e945518f9e84574976a28d |
| SHA512 | 6eb7e60ce9565566ce52ffe9b9732cd03e63f405d4d6c6296da01d41aa296eea0e40333e5a13bb6f95c3c7feb1b989cc5eade3beaf786c4eb5288e464ce6ac25 |
C:\vcredist2013_x64_001_vcRuntimeAdditional_x64.log
| MD5 | f61b82788b77a97e8db83938e74a45b1 |
| SHA1 | 506d12bbb37a253ed3df124f42b6540a16e88955 |
| SHA256 | b761bb1045c9691111a9f1d48526a1aa60af617dd1051a389489a8f3c02acd3b |
| SHA512 | 8a5306131569de91169591d300ad31c30ba084e87bc1db0daad126659a1b4ed0ee458ecd007cdd20fa6db777c579c62e29fcf080d26c0980b6e0813ced7b1e1a |
C:\vcredist2013_x86_000_vcRuntimeMinimum_x86.log
| MD5 | 508f77b1ba7da56b558595ef20734133 |
| SHA1 | ed27a4221b3bbae41bde990c4060b42644129bf1 |
| SHA256 | 97a54246aa1cf7f0e72ff3f1e8de719afeb8c80a74bed8c78f0505a7c1df33ef |
| SHA512 | 5e5d0ae14aa9e9930ccf128a29be331110533d90d40749c9313c1ce23f7df409a05024ba57b10033ba880e9b31977a3b99ad2b082302032f8f6d9d8c044298a5 |
C:\vcredist2013_x86_001_vcRuntimeAdditional_x86.log
| MD5 | 379d9fa7fefe8b564ad983690cc3ca70 |
| SHA1 | 2519d9095c84e08bc8f66f9ac29345407c02e68d |
| SHA256 | c69af81b6b4c7c21ccaf7a099cb1a539f6d750beaa74b063b33f7d0d70cb4d60 |
| SHA512 | 4a456285c83454418b99d1d7864701779857bed63be3cd90727bec6835c3b40f46dae9caeaf03b8d6d418c741fd49d018c5e732a01ed3925669b683b679ccb1f |
C:\vcredist2022_x64_000_vcRuntimeMinimum_x64.log
| MD5 | 22fb3a8303c2b8e83d804484c3ca1a8e |
| SHA1 | 35408903ea0b61aee37cb4732b97ff51e9353d28 |
| SHA256 | 74745219032b04fd7ce7a63a3b23c8e8cd66ff13768e6e114fec79eb12ba97cc |
| SHA512 | 402c3f06cfdf97435f6bce6080ff65c6a7d889cd5f0c5d9fb6a8f0b604f9c7e02f33758ef889bed61ebbdd796005a4f18f42145e6ddbcb58577cd22d41959ee7 |
C:\vcredist2022_x64_001_vcRuntimeAdditional_x64.log
| MD5 | ce860191a3a8dd668d03e3531c7356c3 |
| SHA1 | f46b14ab1fa7c1142d074178ec64cdcbaecd6292 |
| SHA256 | 56aa4ed1cba83acf9ef049b0515cfe1e394e83a6fcdccdeac026882121bf335c |
| SHA512 | d379fa880570779e6dbe388142b48e161292aa2a9e7f948b1a342ee487d5f799208593309d373fb33d179c94496861ae4b230ed6029db36e936a38543fa22833 |
C:\vcredist2022_x86_000_vcRuntimeMinimum_x86.log
| MD5 | 32cf038783cd731b6267a3e72f8087ff |
| SHA1 | fa51da1798c53ae80e23b916b83e6aeeb45c6cfd |
| SHA256 | a31d91b6c63752fea3780ba8cda753183bde646e345b271f2ae98ebe0da9431e |
| SHA512 | a90aafa18c96159af696eaffdff4e448e73004d6da4fcdc288fd02d6e758daf51831cc815d26e67e7ee5e105b28d5456f117d50d791e04a203cd3cbf107651ff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 719cbb38545a07cb458907d30f1c922e |
| SHA1 | 09c4a34f9f93ea7c31c06a23730c8f6892eaadf4 |
| SHA256 | 39aedf2fbc8fe126059932b57c3a4b2e2b1feb31a561a8217507fcffa27b5547 |
| SHA512 | 7d4d203b6f1ce4ecf904e1619ba6441579e864bf7f5df1991575521f65e3bc1a382f3e83f540eeb71904614544942fc03e4689b0e210663d8f7065ee71f74a44 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | ce608225f86642173bcca2af7a43290b |
| SHA1 | 98414ff2e737c2908d8fc0896cde7bb63d94cab2 |
| SHA256 | 7b98f331b9fd713c1a3c656d7409b8ee47a8c472bffc60ba6deb2c99c1da36a9 |
| SHA512 | 5750cd0667214089c6a2f16516941b602263493e30778dc2fb73e8302352a1bad7353846a76bb28f264195d1b3fac6e6c9bf5b290da1860f934f8f53e762c49a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e3873e55a65e3cfa1ee013566e748a1d |
| SHA1 | 8541cd15eb28ca437d24b2b6d09dc5a6554589a8 |
| SHA256 | b3326be6502b416afc7067342fafafd0decb7e58f28d3af4999b41b181caf266 |
| SHA512 | 1a58452e66641cb6823deddc9092a7407c6616878ce0cc68d790225c076297346e26ab739c983f82768b3c757befa9b31d2e8e7e5e90f5eb15d02420004b5e20 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 63e6c221c7da61f7fc09a6bd37f2a35f |
| SHA1 | f60a3a67c0cd7b78e68c5a08fc64879650111265 |
| SHA256 | 3f29887fc259dccf5e985a02d610285024f4c5b5eec37c8c999ccfb98126ea08 |
| SHA512 | 59fb563175f5398cca40cd1a50ea730fbdf056ef2317468acd9e06ee9f19de69c5e7ee4ab544419bf7d1ace8534d148338f9401699e7ff4071a1fd207166fc91 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 68c6211da0812c1449087448e205ae79 |
| SHA1 | 28f046c0cbe5100979def685c3d35ce8e3e02d8a |
| SHA256 | 4cf92522922f01d31a3fa36564208d51a2a9a60eb108b6e7e28e804aadd5bece |
| SHA512 | 300076ee0232960c3c645b15d54d5dd94b1a6991c355cda220ba824a992308691c5229b4e0ca26b3193868ec564c44cd04080aa2f163780768de762bf86a6182 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 323cb648d32259d2d46deccf18d29d58 |
| SHA1 | 4dc1ca8945f1f881bb8ecd087242dca6d8b863bc |
| SHA256 | 01943f564bc7ce4907e76989eae4b8c142e4ac200dbe3790eeae48c2f364b360 |
| SHA512 | 2385104a60360d4658d05cd5775cf597cdfbc961be559b41b4b140175acf831ac5df6c7a487b305b74acda07663ffd110f4ce36e8a043e53cd2cbc3529ea21ea |
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
| MD5 | e12ca84a963e12c4192c6497822e29a6 |
| SHA1 | 494c4e63baa8eef0571ecb3b6aa940bf88d5504b |
| SHA256 | c0edd1d78b9865ea3bcf4ff46f1551bda0243099b4ae291e6ec243daed00536d |
| SHA512 | 339c48b72b4e9b1db779530fcb671ab413d9e1df7c0ebcdee1337ee8f647702371424358ff4ab69ad4d568843199ae4502f22e6cd64ee6aa98bbd83c684d9c74 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | eea37ff3ca92dd9194d96b7a31e252a7 |
| SHA1 | cb81404d2782334fb6f989126cdd4bc2d979a0e1 |
| SHA256 | ba7db74d180dc39a4fd62d5f60c3410cb70d7fe10eb1bf54bab720384628184f |
| SHA512 | 5fc0b474ffa3ae9d3a835e1981f32191665b786fec29d5a96a4f0405e3723f4b4267c2963fbb0c4100394f9c6862567a875eece2e6210a0c4fd4a61449578286 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | dfdee07bcdd42bea7cd76907657c0ab7 |
| SHA1 | 6ff894fbfc8b220f5b122d3822e4fd49965aeae0 |
| SHA256 | 71d3422d9f3cf0a841b010796ce5eb5c55dedbcba1128625cb1efde8e1e9bf38 |
| SHA512 | 0c118df98c4874098d659153114413fcc8ee938ba86b24213e3defb7bb6765ef94599eb22de04403625ffa179c7ae3fd23f97a2c9fb1d1740d16c8648d894a06 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
| MD5 | f6cacfd1db2443e3be7784c238757b5f |
| SHA1 | 3e4f4c5c9d1c54707835c425649bdd48b6ea706c |
| SHA256 | 1a3f584efdceb8b58b4b140e55e1bfdc425bec1bfe6cf6f94caafe2801e46855 |
| SHA512 | a30f75c9d809d92baf3f167b4f640a06d35ba4e513993b5534cab0a9de428fdc2491037a2a7c8d8672d556ff74a5c7f1644ff92727d4e23e4b2cc54ec0f4211b |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
| MD5 | 29f0b86b4817c7f7400f5b324d3a324b |
| SHA1 | a8012b3ac08b0c273ab86fb4e40a1b9f16196b6e |
| SHA256 | b0639af82318e028e5e9f60ca1832664a35153b08cbf87849b932555f9332047 |
| SHA512 | 098eca7f55c1bc87b8723342cd01e2656ef7c80fcfc6c55830eaba3c17fc5e972f1b177c3b21b9442ab49dc1118a8b422087ba02fb9de17939145581493bac39 |