d8fce9dd9c65ca143343f7711859a7cffc3c5e656a8b84108183fb769a12ed8b

max time kernel
186s
max time network
193s
platform
windows11-21h2_x64
resource
win11-20250217-en
resource tags

arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
submitted
10/03/2025, 14:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

test.txt
Size

18B
MD5

5b3f97d48c8751bd031b7ea53545bdb6
SHA1

88be3374c62f23406ec83bb11279f8423bd3f88d
SHA256

d8fce9dd9c65ca143343f7711859a7cffc3c5e656a8b84108183fb769a12ed8b
SHA512

ed2de1eec50310ced4bde8ef6ae4b7902920b007df7b6aeb200cfe9fcc0d36ef05af7526c4675be2feac52831668798d5fe3523175efad6f6549b30f30a0b5d6

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
20	portmap.io
21	portmap.io
9	portmap.io

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133860916012947996"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\Local Settings	cmd.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
4592	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1444	chrome.exe
1444	chrome.exe
32	msedge.exe
32	msedge.exe
3564	msedge.exe
3564	msedge.exe
2036	msedge.exe
2036	msedge.exe
6136	identity_helper.exe
6136	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe
Token: SeShutdownPrivilege	1444	chrome.exe
Token: SeCreatePagefilePrivilege	1444	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe
1444	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2292	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4880 wrote to memory of 4592	4880	cmd.exe	83
PID 4880 wrote to memory of 4592	4880	cmd.exe	83
PID 1444 wrote to memory of 1540	1444	chrome.exe	88
PID 1444 wrote to memory of 1540	1444	chrome.exe	88
PID 1444 wrote to memory of 4440	1444	chrome.exe	89
PID 1444 wrote to memory of 4440	1444	chrome.exe	89
PID 1444 wrote to memory of 4440	1444	chrome.exe	89
PID 1444 wrote to memory of 4440	1444	chrome.exe	89
PID 1444 wrote to memory of 4440	1444	chrome.exe	89
PID 1444 wrote to memory of 4440	1444	chrome.exe	89
PID 1444 wrote to memory of 4440	1444	chrome.exe	89
PID 1444 wrote to memory of 4440	1444	chrome.exe	89
PID 1444 wrote to memory of 4440	1444	chrome.exe	89
PID 1444 wrote to memory of 4440	1444	chrome.exe	89
PID 1444 wrote to memory of 4440	1444	chrome.exe	89
PID 1444 wrote to memory of 4440	1444	chrome.exe	89
PID 1444 wrote to memory of 4440	1444	chrome.exe	89
PID 1444 wrote to memory of 4440	1444	chrome.exe	89
PID 1444 wrote to memory of 4440	1444	chrome.exe	89
PID 1444 wrote to memory of 4440	1444	chrome.exe	89
PID 1444 wrote to memory of 4440	1444	chrome.exe	89
PID 1444 wrote to memory of 4440	1444	chrome.exe	89
PID 1444 wrote to memory of 4440	1444	chrome.exe	89
PID 1444 wrote to memory of 4440	1444	chrome.exe	89
PID 1444 wrote to memory of 4440	1444	chrome.exe	89
PID 1444 wrote to memory of 4440	1444	chrome.exe	89
PID 1444 wrote to memory of 4440	1444	chrome.exe	89
PID 1444 wrote to memory of 4440	1444	chrome.exe	89
PID 1444 wrote to memory of 4440	1444	chrome.exe	89
PID 1444 wrote to memory of 4440	1444	chrome.exe	89
PID 1444 wrote to memory of 4440	1444	chrome.exe	89
PID 1444 wrote to memory of 4440	1444	chrome.exe	89
PID 1444 wrote to memory of 4440	1444	chrome.exe	89
PID 1444 wrote to memory of 4440	1444	chrome.exe	89
PID 1444 wrote to memory of 2728	1444	chrome.exe	90
PID 1444 wrote to memory of 2728	1444	chrome.exe	90
PID 1444 wrote to memory of 3092	1444	chrome.exe	91
PID 1444 wrote to memory of 3092	1444	chrome.exe	91
PID 1444 wrote to memory of 3092	1444	chrome.exe	91
PID 1444 wrote to memory of 3092	1444	chrome.exe	91
PID 1444 wrote to memory of 3092	1444	chrome.exe	91
PID 1444 wrote to memory of 3092	1444	chrome.exe	91
PID 1444 wrote to memory of 3092	1444	chrome.exe	91
PID 1444 wrote to memory of 3092	1444	chrome.exe	91
PID 1444 wrote to memory of 3092	1444	chrome.exe	91
PID 1444 wrote to memory of 3092	1444	chrome.exe	91
PID 1444 wrote to memory of 3092	1444	chrome.exe	91
PID 1444 wrote to memory of 3092	1444	chrome.exe	91
PID 1444 wrote to memory of 3092	1444	chrome.exe	91
PID 1444 wrote to memory of 3092	1444	chrome.exe	91
PID 1444 wrote to memory of 3092	1444	chrome.exe	91
PID 1444 wrote to memory of 3092	1444	chrome.exe	91
PID 1444 wrote to memory of 3092	1444	chrome.exe	91
PID 1444 wrote to memory of 3092	1444	chrome.exe	91
PID 1444 wrote to memory of 3092	1444	chrome.exe	91
PID 1444 wrote to memory of 3092	1444	chrome.exe	91
PID 1444 wrote to memory of 3092	1444	chrome.exe	91
PID 1444 wrote to memory of 3092	1444	chrome.exe	91
PID 1444 wrote to memory of 3092	1444	chrome.exe	91
PID 1444 wrote to memory of 3092	1444	chrome.exe	91
PID 1444 wrote to memory of 3092	1444	chrome.exe	91
PID 1444 wrote to memory of 3092	1444	chrome.exe	91
PID 1444 wrote to memory of 3092	1444	chrome.exe	91
PID 1444 wrote to memory of 3092	1444	chrome.exe	91

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\test.txt
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4880
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\test.txt
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:4592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffddda1cc40,0x7ffddda1cc4c,0x7ffddda1cc58
  2⤵
  PID:1540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1836,i,16679808015510014437,8987509567041257053,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1828 /prefetch:2
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2112,i,16679808015510014437,8987509567041257053,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2200,i,16679808015510014437,8987509567041257053,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2160 /prefetch:8
  2⤵
  PID:3092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,16679808015510014437,8987509567041257053,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3172,i,16679808015510014437,8987509567041257053,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3560,i,16679808015510014437,8987509567041257053,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3564 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4604,i,16679808015510014437,8987509567041257053,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4636 /prefetch:8
  2⤵
  PID:2344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4644,i,16679808015510014437,8987509567041257053,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4760 /prefetch:8
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5040,i,16679808015510014437,8987509567041257053,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5052 /prefetch:8
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5168,i,16679808015510014437,8987509567041257053,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4700 /prefetch:8
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5140,i,16679808015510014437,8987509567041257053,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4600,i,16679808015510014437,8987509567041257053,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4472 /prefetch:1
  2⤵
  PID:3516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3236,i,16679808015510014437,8987509567041257053,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4540,i,16679808015510014437,8987509567041257053,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4544 /prefetch:8
  2⤵
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5600,i,16679808015510014437,8987509567041257053,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3388,i,16679808015510014437,8987509567041257053,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  PID:636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3404,i,16679808015510014437,8987509567041257053,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5612,i,16679808015510014437,8987509567041257053,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6088,i,16679808015510014437,8987509567041257053,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=872 /prefetch:8
  2⤵
  PID:5168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6236,i,16679808015510014437,8987509567041257053,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=868 /prefetch:2
  2⤵
  PID:5180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6372,i,16679808015510014437,8987509567041257053,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6364 /prefetch:1
  2⤵
  PID:5188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5576,i,16679808015510014437,8987509567041257053,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1160 /prefetch:8
  2⤵
  PID:6808

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2128

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1600

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1432
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:2292
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1972 -parentBuildID 20240401114208 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 27135 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ec94150-e820-493e-974d-be4fbfbb8bfe} 2292 "\\.\pipe\gecko-crash-server-pipe.2292" gpu
    3⤵
    PID:3724
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2364 -parentBuildID 20240401114208 -prefsHandle 2356 -prefMapHandle 2344 -prefsLen 27013 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a6274d98-c9a8-4677-aa86-af2dd40e622f} 2292 "\\.\pipe\gecko-crash-server-pipe.2292" socket
    3⤵
    PID:4668
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2636 -childID 1 -isForBrowser -prefsHandle 2972 -prefMapHandle 2980 -prefsLen 27154 -prefMapSize 244628 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {31982f60-ec53-48fe-919b-806825928829} 2292 "\\.\pipe\gecko-crash-server-pipe.2292" tab
    3⤵
    PID:4352
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3404 -childID 2 -isForBrowser -prefsHandle 3576 -prefMapHandle 2592 -prefsLen 32387 -prefMapSize 244628 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b21af68-afa9-4160-8dac-e6f3f8796aa6} 2292 "\\.\pipe\gecko-crash-server-pipe.2292" tab
    3⤵
    PID:1884
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4516 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4508 -prefMapHandle 4504 -prefsLen 32387 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fbeafa28-3c90-459a-a7ed-d60bf43d600b} 2292 "\\.\pipe\gecko-crash-server-pipe.2292" utility
    3⤵
    - Checks processor information in registry
    PID:5408
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5432 -childID 3 -isForBrowser -prefsHandle 5456 -prefMapHandle 5444 -prefsLen 27114 -prefMapSize 244628 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {44bcb8b0-3f23-4359-8829-f390051a7a3e} 2292 "\\.\pipe\gecko-crash-server-pipe.2292" tab
    3⤵
    PID:5968
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5608 -childID 4 -isForBrowser -prefsHandle 2944 -prefMapHandle 2912 -prefsLen 27114 -prefMapSize 244628 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {417475e0-0dd7-41d1-9452-1687055a9531} 2292 "\\.\pipe\gecko-crash-server-pipe.2292" tab
    3⤵
    PID:5980
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5808 -childID 5 -isForBrowser -prefsHandle 5728 -prefMapHandle 5736 -prefsLen 27114 -prefMapSize 244628 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3422c335-06b7-4d7b-95d7-838099e3dfaf} 2292 "\\.\pipe\gecko-crash-server-pipe.2292" tab
    3⤵
    PID:5992
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5208 -childID 6 -isForBrowser -prefsHandle 5252 -prefMapHandle 5348 -prefsLen 28044 -prefMapSize 244628 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6edcd6d0-8d69-4c29-93e8-295098dae4a5} 2292 "\\.\pipe\gecko-crash-server-pipe.2292" tab
    3⤵
    PID:5952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffddafd3cb8,0x7ffddafd3cc8,0x7ffddafd3cd8
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,290453458483240427,284994008547418062,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1948 /prefetch:2
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,290453458483240427,284994008547418062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:32
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1936,290453458483240427,284994008547418062,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,290453458483240427,284994008547418062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,290453458483240427,284994008547418062,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,290453458483240427,284994008547418062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,290453458483240427,284994008547418062,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1936,290453458483240427,284994008547418062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,290453458483240427,284994008547418062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5720 /prefetch:8
  2⤵
  PID:5976
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,290453458483240427,284994008547418062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5720 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,290453458483240427,284994008547418062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:1
  2⤵
  PID:632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,290453458483240427,284994008547418062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:5216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,290453458483240427,284994008547418062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:5976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1936,290453458483240427,284994008547418062,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5280 /prefetch:8
  2⤵
  PID:5936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1936,290453458483240427,284994008547418062,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3376 /prefetch:8
  2⤵
  PID:6264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,290453458483240427,284994008547418062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
  2⤵
  PID:6644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,290453458483240427,284994008547418062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:1
  2⤵
  PID:6824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,290453458483240427,284994008547418062,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:6832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,290453458483240427,284994008547418062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
  2⤵
  PID:6992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,290453458483240427,284994008547418062,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
  2⤵
  PID:7000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,290453458483240427,284994008547418062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
  2⤵
  PID:6616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2200

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E4 0x00000000000004DC
1⤵
PID:5804

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
687fdcff8a3ad376e700aa8d9470d6b4

SHA1
c0834f0f559bed98b36115e9b3f06111cf48161f

SHA256
fa3eac83e7cbd1f1c452d85735b251dd5cd14eeb7271de9d57acb200aa185872

SHA512
2a65653aa996223c65e288f9d71719a261c583eb80d37df90f85644aa377ff012df93a93e65e90ed32297d7e0c8025a388b562998add459eb0636c16c5c4f934

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
cd98f3633f9dc455b0dbf0cdc10d2b31

SHA1
7174b310116597808720cf7580ba583aeeffe385

SHA256
08506e5f70a67690204f580b2fe05c263e83f5c93d324cb65edb9ee31f6960cd

SHA512
aef6bcf8861663e7620eb9e6cf60be412b54a661f6ce19bd8a5e74130b8759bc5a4a0ab16fbf771dcc192fef48d94c85e533b9b70d3c1da47dbe07ec4d9b7fa0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
05150d293e4900a68fac3d2d34f5356f

SHA1
b9069025f5c38c48c1ae5d3a243d84191ed639b9

SHA256
05d01477cbf1dc97394566ac7a255f16037c8e668e46b2391b2ba832d06a5b2e

SHA512
28567f76b38666292517a114469086b1c2eb5ce673d5b4025db4469c6105a2e3697d96e83fa75df4a897b28d4dbd108766e47660e5cc1164200cb6770f9f9cab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
e7c961517757ecad7129815c4ad1d9da

SHA1
b3a1c579be4e078ea5a55f48cdaf2172fcfa1f69

SHA256
f9f91528f0ca05907a55bc01ecaaf957ce166cfca7d9910e5d858b3a6291a396

SHA512
b64abdc238cfe845902c2f0c7ab96ec58cb19393cfc960d40584ff00eccae4ba4a9e9d314baba0655dca4b99cb71f0ea372e5e9f67d4b59d915af7e1003b5676

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
e3f6bf4a6d8dae69d80bd959bd08e431

SHA1
400e119fa3b912731d08f6338dadf12a3b5bc486

SHA256
be4877eb6f794fa676c7b78b550914937ec5cf00a493daee02eafb9e1546a234

SHA512
90c87f4b7fe7cfcbaa3da4ed1c9f205a36c14a46507855ae3532b4634551b2d2a782aeafe67bb438c0efdd8d86a35a5f4fbbe534623ab3c8f2e6038af0dc1ad7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
01b6558a5f4343e8178a77410e2bc646

SHA1
6d455f2f269405a219785728afd284a02dad5005

SHA256
fb36c052f765a92b78bde663ad472558d7661b96f847839cd76fcc7faf004a5e

SHA512
bf3d5f0212cee0b2f3c7ec039899ca009ed863b16b874a9be84466cf417f057adc76916b94b38e4fa2ae32786169cb2b703d94f5a9d4f19175476d074da7fc0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
420ce5e088d8f69572a876bb9018d1d5

SHA1
8c5a851d4db755f555c14357ad76f1002c7b3ed7

SHA256
3d9829c0e78c68e807de5c59a302d92c3eb8d83fff3838f348f45861ee517e54

SHA512
cad6323f14ebd3b930d69654fe38b19bab0bf13cb315508926a2ba8982852dfcdb7f5565f5ad1726992b9118e582c6e9f147963a5eea30c2a308ead9f68b3b32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9f1d47b230a582872fba299ad298286d

SHA1
e58983ba504201c32e59be2a1acfc1db5bded2c1

SHA256
75b1f0cbdd7f96ea9609adac563a8c4b7067a6ea37c7bd562ba817d17bca9d15

SHA512
2b5e06176f950ff02e3fd442760e899f95c6050efa45ee347ea9894e4ec1937fc61223c6632ec7e0abc8291798197f174d8849e0fee9d81a1b5d34120a426d95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8127e3a568376a5fec7664038e59a82e

SHA1
dddbee4738d14b5e73fe3ddbb9ae580b3f1b2c0f

SHA256
7ce6543ee9c920a995d75516a7aad06aafe26704e67f329c645da26d5a45e686

SHA512
1b082f6b6660b29540f19697dbcb91079749e0c3412b5df3c6ccae0351e68adea5f4cca28bd1b6e1c80c4a8a0d675b5000b943bcb88ca089c89848901724117d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a83c369d849ced289fd3f138e59488e3

SHA1
254f3c4bfb0d75767e49e3c51e5a2287695dc62e

SHA256
bb6c98bc9669f95ecf14b010f25776943683361bdc3d6d43498d2d62f70dd84e

SHA512
d8f3a74e611f9030cb36f87fb8ab582b537ec4f8466e3adac160add42df3dbff5125857c0d576abda57f8225a3c60da93e72a933e891da20c7b402c807ef5656

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d104a30482a50ca3054d67ab8f2411a4

SHA1
89393917b60c26eef8c3f9119e77ebb7924abf48

SHA256
70bbbe5b1d71eba3bddeaa1208bec19ffb40511064c3f64464d47438d1c5e4c7

SHA512
4560be5562d0ecd81d4ac11c66c9e6e5a78322024fc83686da4bc77b2757bdd52ca07144d74f738eaf269a96710153a3eb020f5d3ff5a786ae5e3d1be396cc00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a410d7e8c01fa49996dd5573390da518

SHA1
3451e8dddbf75f420f26cd7a607eb7a1d79b0651

SHA256
f5aab7035cc2b969f7c34c3a23ea34bcf45d299ede3fb5faab32474d343d6220

SHA512
0c73ab853767fcb804cb7153e49738d5fe56a162250698a324ff6e8016d7b98972fa43997dca97be6be83027c5480c589abc8672c77cd6ddca42e383a770a247

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f32f0caadcf14763919b92475202887f

SHA1
ff94bb1991f8ede23cae6ec45bfaa5ad8c613b21

SHA256
5328b20d6dce35e4be44dc8d7de250a12053df35ef7441e282e93a950d969fb7

SHA512
c0b890f08581341cdfa88e290ab9fea058ac9a675eeba1ed35ab26aa1e23fbba4dc8698ddb02af1d75b651eb70e835d0ae6d917bf7150e51d1e86aa885e5d5ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6b99ca1bb1713c14f43d3faaf1143765

SHA1
71547f0b72591bd86e6bd411b959b3b41b02a70f

SHA256
c4f27a76ccb8d256e6f695cc7bfcac3bb835a62dd05903d39931cf6025b57b69

SHA512
9a1f4b331234e6a6e7148f0017ed4295e8bf3f8b91bbdb924c5e963574117f6aa6041936a503aa3cc9156684a103360add3cd1c5175c1247d80ae0a0cea251f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ae4305e991ad67074779837b3dcd74bc

SHA1
ed8d59561eab0e796c761740492b80cba732a4f1

SHA256
b7a70dbb96df1b8ddc46f89b13f88d3ac302ce05e8bb9708738005b41de4a2ae

SHA512
d31642a65dbf0de15fbd31b73b9cc5f7d5248ec8f6e814febce7e5c591090f827eb0a99221ac3314e329c56f7621a79ec260cbab0ee694aee25fc8ba88c12ede

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8a8e7bba11dc6c635251321841f053d9

SHA1
9512e432c1f44b03544fc1a563bdaabd90cadfc5

SHA256
bc29622182df98e41fa03164fec9bd0defa883cf69871ac9f55ec7eed775bc77

SHA512
1bfed1915efac1c2d18e059160ce5989a07556f337df3d876f3a47d23d34e67963e6468f70ad4a5ae9ef28fb9a18143e9a8fd20df0792591285253b1e628707e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1a8d06c3dcc3c6a2a10fcd208f339013

SHA1
704f37f5e5f098720f7f413f3e2778a582423738

SHA256
8502244d6e1629628e060dd8e9d0a0581b8b6b24e3c0e6335cd7fb105cbb5a1b

SHA512
1735146b405c06baf588f91e5205d61ff7038cb45c481e20bc7e3de4c99a3cfbf68dc1adc355cbde562c5104ae22b31116282859abe280daba301228f547608b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7e988dd93d1ce50a4b71adb330434339

SHA1
18911acecb1a2877c9d154066edf6b7f0e81f94a

SHA256
c6b233b56bbcc851debce9a6185f78591613d58d9d2d6b3dca3362c86e59c888

SHA512
5502da89c178a8f5a3b48a43239c782504a5d61a3db7a3459312356dc590ff358eac4d0468758f3424d3abc009fb5728856f93900387363e1ff3aa807d18c0b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6f47202cabbc197581969c3290c53224

SHA1
bd29f1c4a5f838f73786e832da9eb66e53d2e27c

SHA256
002d2abd73083e7fa670fe0ac424e55a0ce485bea828e09e2766fa56f6702527

SHA512
6dd26250aa6b8b60ca74889ded611c04df1e24f4b9314597e9f1d96afdeca9369b19ee2917791899bb7a8aecadaea6a36cfcdea764bace763352953f4b5e2c5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
245KB

MD5
9bc0eb8b80f19a8398d3db23f1910cdc

SHA1
64fdeb3bb36b9126e40c216840f5904086d83650

SHA256
f6fa3c47776fc9fd18c4de747e85542911a4e52238ba9ef10f59f0bfa4d92466

SHA512
4c3ac0fe548e66710c8ba945e8dc2cf741119b4c3e750d69dae74dd4cbe80ef58d0b9eeccc1053e72dd2baa769673e12818d7ae834b444ac7dd2bffa46b4236d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
245KB

MD5
cd1b874ad8e7947acba6d037ac88a3c2

SHA1
d67e38047684ec948214b787766dcc3be94ed879

SHA256
28b7c1a77414090ab2ca7ed195b4a2cdc982bd0625558fbbec947421e410014e

SHA512
ed28c74333d3d80a0042e4a1a52d6c2c6d168a8ddcfe12ae2c8c3a4992aa41068adb9fac6c1050d426b0a3b66ccdcd1525d95aa210cd2216021c8f63caacdce1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
245KB

MD5
4a92708dfb5f46627fc4e0bc58c58647

SHA1
5d0759f0a756759363c59ed68dac14e5f1b33df8

SHA256
bd54aa66cb6c61e2c0862ff32341d2f8e395783e1778947b5a06342622f322f2

SHA512
abaf9461c9bf6d52b86e4a836a1f3201932ccb6d533b7dc2a268bf6e1d3eb51969a4a17fc73798e0a4d5a16234becf8b9b29e1186c54c501a13265f2bb615dbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
245KB

MD5
38dcfde15137d403db9cae594390c1d2

SHA1
3f20fa25308452838223f4a0d1d6b5560674655d

SHA256
b7505f6739aaed2d48a79d5c98f1e69812d03d2268748d17943243facc1e09ee

SHA512
75dd857fedc591a2cf3bb1addc76c0db03b222472321791a1ae979eca2668f84646696367fe0dc56a9265345170083c7e411175d9c420229b431364a397eb2fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a1ea058d6231b47f5bb8557adba13351

SHA1
111dbb6ffff6517e11719a20683fd7f4ef0579d2

SHA256
f5a91a0770c54a1601557b8babfcc7813972275da171c384cc8929d2910a851f

SHA512
e613f481c50b5a7022a763d13ac1b1ebb6a9d4d973de95108d95d23844d9d526d8c90f391493f043e86e22e9a5abd8a3a4cab5f2def248033d0eb9421091889b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
46ec2d399c9d10a0545cb514e47de14e

SHA1
98fc6f3f34f4082b8d81cc50dc571ec06eb454ca

SHA256
f50fff32b15e4b61c3cb18655c3daf46a83556aef1f3ff8d9ed074f298f247a5

SHA512
993b723da7b0ffcaa731a1f06057bf2ebdc2fd518ef8765b4f625b9fd0094cc6abdccfe998d0e6cb760a3e5d6c411b197a47e67c1de5a6ec4315d017a552a2be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
5aab4242367e48e97b07d2c8cda80685

SHA1
c6cbad0a24efd840de73d7c69a90085aba51bee7

SHA256
4177bbe5af79f980edeaf3aed6fd8717c48894217d1f8915eafa71f9e73ebe4f

SHA512
4d92a42a66439f522f87c5ec6c0941522ab5b719d1f43098cd8aa39326382119f383aba4dbf1e358cd78689c8e6a5b08139a5d30c5a4c5618703488d6d1f0167

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
82d3651e2064da75941fdfda5ed79f18

SHA1
12ee79c8cb43efc9453d98332b264afdc7e0aaca

SHA256
626e3afe2d03607275d05832adec79e1fb90e5ddb9530c822c07cc85c7f58413

SHA512
1a48990e6a502ba1a0e3810ead2d0e94b4a22a0bdfb931102793d6b1148d1868e8802a101d5d796b5b64b2e68706b8cf6675ec7b2572b2567e7db82fe193f116

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Platform Notifications\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
795f77796fde1ad8d3daad42f1b6df87

SHA1
d9081880e61f49b2b3041ac12dfdeabfe471724e

SHA256
0686c1f8db482bac196ad85c8431ef92788f4a0ba3db0f66fc6c3f7280e8c429

SHA512
8c52eab52251d00477d289fca6d8a5d10e3c5f5bed230e3c5e4fe83d9382ca18925ff5b56638542743fbe0b8242e5bc0b568c72b4de79147c0bde06830b482fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c93e465e87bcc57145a60a36ca1bfedd

SHA1
98ec9d5c0220199fb6c283bde01d1e8f29f43c8c

SHA256
6e34ea56363380f6b4ffa74bbc9c6c8efaafb28392a44d61e019192abbf76a27

SHA512
33f674ff0c4494cf6ae27ee5a1d0d0c6501438b75ef3b48ace535e514831c341e9b89355a78064f91cef4098b2a09d0ad90b3cc92496a9869daa47297a9f5968

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
36306c530d9ceaba90b0ffde87212662

SHA1
5af44ef4a849436725a1c5bbe54d5c596f662b7f

SHA256
dec899de0da1e9f0a91c922cd1357ad182bd5da784d34967f78cb56b0d93605e

SHA512
92ac15921b2a0ad47b3d77a180071cb3d2d9307dda12d22cc7de8e4c56c3e1b49c566d36823ff1fa45be382bc7d156a9d576a2f6b6de4326898e14dd7791b05b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8cc2e39caa45cc7b7cc95153b2c43bc5

SHA1
f72214093d2ed462aea76d0509c0db70ec32faad

SHA256
99569a3a6b3f854ac89c081e2a71a798b8744118332d6e2103cc7c8c7145607e

SHA512
d6cca86798d46a09d04a088d6aa0f9d144564f3a8ebd110b3741f18141e7a8d3b8a7037e57f59ca860a8b7afd546a3929a036a8acc8dc9d4d6b41d5c90d9f089

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\cf40b064-e419-41c3-b1ad-aeca22142c20\index-dir\the-real-index

Filesize
2KB

MD5
68d2e349969546e62325f70ff390916f

SHA1
4018f291ef60572655277c24020465eca9a12981

SHA256
47250e590ea4fcb6ae9bc0eaa6484e703d4ca7ebf987b91754e47ff2a3b3705c

SHA512
f15f5686ac809a777b4d44bbc1a4bb3c77e45f12eaf5455d2dbc31f5c22c6b20a06bd3815d68b178c390909a0d0be5f885d7bc823e447065619ea4c61e47424a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\cf40b064-e419-41c3-b1ad-aeca22142c20\index-dir\the-real-index~RFe59c1fe.TMP

Filesize
48B

MD5
f22fe55ed0262584c10db5d54bbeda30

SHA1
c706397e4c06539a758c3ebd4cb552522c0650d9

SHA256
eb08c84eedb28dc26c7dd3a8324d20c55bce704875d088c80d7e2e0cf183fa2a

SHA512
d8be5120e3be8f087789dae552473fcf7fda5950a31ccb38f84305c6607a2ce49a054d19f00f051f5a2049ac9b74c354089743c05807b581254606160b279966

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
310c7c4cb72df1617f9ea93aac49f1e1

SHA1
52a9a8fc52b1053816123c5353429fbb52b4e1c9

SHA256
efe976ef2932122777671b9fbb91816472525a5ee8c36fd3a4483d46018e8347

SHA512
4e3e96e766ecf590e4433e9e71c169a43124ed56f1f21dffc5fa38ddda663aec5a598dd216e1c4ea67a0c2e5b8e0a60f9b984030cf1da39116172e70a1152677

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
2eca81f1f4df38fa12a7b28198a9c4f9

SHA1
2b87216052b4d682de52a7203d0c02e8e9cd0018

SHA256
3cfc4a4401fbc3b7aa8bad58b826ffaa2024e22839dfa381d344a2359140dfc2

SHA512
bc95c48585884769ed64749223adea7a4850ffade906fabb26e1dec67b2c3e3e6100f28a44fc58ec889a73434cf717a0e3a61690344f2e2ab4d2b6c12fefc15a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
4f4ff60dd2d9e223c5af9b860c0a1405

SHA1
a700e09384e7109b3bcb2d876118f9fe4dac095d

SHA256
3ca4625cd27aeb963788b74f0b3e6e96e1e5e82d80c57896f37b848871084ee4

SHA512
7e818ee7867a7cb55202d581fd43d9a4ef58c31f88d1999c1927154a14f5ad153b26a254731bae8419b2664d2fb8dd670af22e0dfa8a87bdb0ba51c329cf4970

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
a5ee9558530aa96d7c593627cd4616ea

SHA1
4b60766df726af9d14aca5a7545f882c0ab4399c

SHA256
81406c5f9ed7318a8da200f4bf07ce17acf4fb1d3a325f3f08ae65436118499d

SHA512
d7f12e36ebce1c5a55de00f7b5ab2666450d45ffb56bf893380e012b6515a183564a0ae5bd1da15936eee5a0d74368e4cb0ddd35f01d99c6787181f32358d654

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
77f86435213ef59b327e55c3d84e3a81

SHA1
f474f72b5a38a57e10a46f0010123dfbdeaa39f8

SHA256
12a59c8b3d224ad7497ccbc2ca733f71e939f4b31a7aca55eabdd9b3bcf0bd2d

SHA512
9bc2451a8fe4c3012882d1395901cdc6ae381286e2fe27493245b967b6422c88613d6880a453f208c34b8496a7dcf32a2eae307a777eca561e1681fefd20632a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
48B

MD5
6821a53d8ae2863dbad84e99603116fa

SHA1
37d4c4a51b2e36da831012db66b53f231a4d241a

SHA256
35cd667627aff06c83d48c37fe0d65b4d742588075b8a5a470608aba80e7314f

SHA512
175a2cd69fa9326126568be33c0ba0b62682e954fb41a49e35f0c0f636a6695ba0947c0895069619a2286999a94578bd0b825d928edab34c65661148c5c7a0a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59bd2c.TMP

Filesize
48B

MD5
148e9b8247ae1dd3407f4eb23ea18854

SHA1
1e2b56880abe3a41bdcf033ae51abe2ef33bbd9a

SHA256
6cb9dacc7efce4e3a373e973b1cb0a3b7c338b4e5e56ea5ed6f336d3119804a0

SHA512
d7819092600d58c4e4500ecb40815953eb1dbf9566fddbf26b56b1686538385129a5586ce8e9a96695a2e8e9a23562de862a592e18259b5bd26144945ee1a23b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
0a9a7fe6e90ae7a63b26c308c1579a81

SHA1
3071171be7615ace322849e0fe369283144577d8

SHA256
dd81cc8705d9427d1b067c706bd4a8935971a9cfe31740ad6ec55ec9f4be7699

SHA512
65fdd6848eb373fbe67fbbf5eb6f08ecb0716dee4e6befc643a409a10da95274065bcf336144c8dec46ba616a90616866af77423635f3be6fcdfd88aaded52f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59f080.TMP

Filesize
704B

MD5
d67a2cb8c722e8b758e6e8daa6a777c4

SHA1
83eb1167a9eef0108d21113c317045123324966b

SHA256
9fcad19b9fa617684af7f727b9824f897aee7bf90d20551a4c08eb2787e3cfdd

SHA512
c48fa56bdba17cdd03d67d69fc396bbc10a35743e44c71456be06ba354ea82b715f8c695a060089abb55edd439688cf21739047fc6e52b2b6ce2e1adf93a098a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bb0d89e76858b2409ec49aa69bb31607

SHA1
c90068d5c21df07682bcf3cfbe54d81affa3e57c

SHA256
24998088ff1df1c9e84ac90b28b82f48bd6aa0ec7a9dd13d6cd405e63c117802

SHA512
29a1dcc41bf74c29eb1f12b9be776d746182e6b9a12a4cc9c83dfcc726297738c488996288be1c980bf3112f7a829823e7b7ca3e2de0aaaae7506b52c8be4a4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
780d9d7326a55183394b6c5ab12c2eeb

SHA1
cea1f32d91ccc8d0d743589dce137cd8b93e558f

SHA256
f9f3944577a4c526a9e3f9778793c3aa68330136c160ab99d2f405b14187ae21

SHA512
c86fbae4700e235f1b78562576567397e7a322a4caf9d4e3cbdf5beca3b29305d84fca48c4c77d06c39dabf460c7d7b4763e19587f607cf8bef01514945b0ac8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ac69yvjb.default-release\activity-stream.discovery_stream.json

Filesize
22KB

MD5
9903e7b6d4dde8b8d55a16424e19bfac

SHA1
d2a1db767bd6583d12351daaa5f3a30ed5503843

SHA256
ff728237da78fb61a59104690acffa8681ca622f0edcb30f2e2dfc1856e00752

SHA512
9d6d1f637dc2d89ef63d48c64390fb18ac4730ed43bed68ea72bd0c5a6b32d056e8b57b2456efcd19e70841086ce1d0328bc6fd596e49fbe638d1f52b6357185

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ac69yvjb.default-release\AlternateServices.bin

Filesize
8KB

MD5
7804635e8c2e8b7f30b0e2dce2922032

SHA1
8a303418bf7afe2f63d10fb4534412c2271ebda9

SHA256
848a5d6ba3f584e0a2ea64f006a51bb56d4cbeaa278c89e9affde64844ae2f12

SHA512
fd911f1b00da763849699f3ecf498a6526180d781293c537802ba8d995574ca13f224ac446e002d485e72bae25f6ed5ef57be357ad022c3f96e6da099ec8dc8d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ac69yvjb.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
d87fb2d4ca6890201a7510acedbc597c

SHA1
d61d1c4a008515a5083781dc9bfb0fc46b4ed562

SHA256
2e0661e5dc023a30bfac4689047a8cf4847ade24f147fb0f86e07f394432646d

SHA512
7e6da3135b77a3953caf6db2fa9cf6cbb83c1e7e4c698c41305713ae7d64f2e576468989ea5d82db9ac655965083c67b0300644cd5725e6a00b5d7ccb82b849c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ac69yvjb.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
8687a4ada637c142d4e10c8133691e6a

SHA1
3acf2b9d940b8a026c6a4552b8c19db27625a324

SHA256
e84f259aa1561f9ff30f7d661be235a79b310a3ecbea778c6b991069dfe20a69

SHA512
44542046018b8d75357f8bb3a6fc99e12d493cf2700fd182b2eea1b77a2aa1d9efd0cf6d71ccfb104701983701f1015056242b5b29aa759e3f4d80a33bf7fe56

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ac69yvjb.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
27bd59f7aae2997503594f29f1bd0a9a

SHA1
0f0f0b7fe569700ae3ae8255a2d95b4cca3d3270

SHA256
56ac4b6f0dfa9dda29cf7916a69f6f0cd890a625681eee48ca5ac8e5f20b6566

SHA512
b49b4680c50382875588dd694f013775595bfdd7e5662e476a0c8641772e14501edba001a0a5b420b6861523e283097c7fb13a51ebcdcdbbf4cad5656861883e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ac69yvjb.default-release\datareporting\glean\pending_pings\7581973a-9810-45d3-9d86-31635654961b

Filesize
671B

MD5
c04f348d82c0f34d9f07e037989e2f47

SHA1
24b83246222d5dfbdea3be38398e808023400141

SHA256
036d77e3188b8470c7a37618c029d91404d3b8432a86b0a260a122144d1237a8

SHA512
2f746a7b7f3339595b433b1168da6ede659c9e6c8d32c30f58bdebe9a5d8ce3fa5cb3601250fd6e9ee889c1451d5563a919f821f962a1e390f264018f796df32

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ac69yvjb.default-release\datareporting\glean\pending_pings\77df340b-1246-4468-9a6c-9c911e7b399e

Filesize
26KB

MD5
0bd5e450f986317a0003ecd6d9ef2613

SHA1
84f9b92f6894c9949823a23abe332677c572f866

SHA256
213b044f8407be71a52c39c1b721bc801f9bce0ad8e412e8dd5ad4802f6496a9

SHA512
962444266c6ff2d6cccb1307777e7666b124e6ab7480b4378da1fd92d8cc55f4a0fd7664d0732035f65e2bc891f0cca58c1aace5346f7f4b4935a8d23c9283c4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ac69yvjb.default-release\datareporting\glean\pending_pings\b0dcf7aa-83c8-440c-b9c5-f53a380fe960

Filesize
982B

MD5
c23d53a4ce0cc61bd1fd46d3b9eafb29

SHA1
945d348b33188f2347d6c4acfe1e7a228ac78dc8

SHA256
bda20952cd70e326925b98d6b75136d275af644e2e23fe2520e36e40cab0971c

SHA512
d4549ae3954b4920cd33cec6f04e2b72bc7062817e887c9f1ba69aaadf572db7a8d17dcbe126ab77f3b90a4d42379279172513c241bbedaf649ca5e9a4e5e23f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ac69yvjb.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ac69yvjb.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ac69yvjb.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ac69yvjb.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ac69yvjb.default-release\prefs-1.js

Filesize
10KB

MD5
b889635240bd2779c029ccc1dc7e626f

SHA1
7d954afd3b4a26292f21a9f5a4666eb8c899749e

SHA256
250d51f8a535aba5c3b27f6e1476f1323a6009eb18788cbba0485b718e0a8f8a

SHA512
abb8f529d342832147e8af116ecd85f2f3f51fc00d1e6c51bc11b77690dda246d5cda75cd323e4e974f461b5a03e5c30891643309a466b3d0ab6ab8cf387c63e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ac69yvjb.default-release\prefs.js

Filesize
9KB

MD5
720a81092c95438a36fa0169fa0ffb9d

SHA1
d39dd6d334e5f6d80b4d85d6c3d47c05715e7edd

SHA256
00269a64a2817354042852448ccf7830ccb28fce9083294131842f22689b3660

SHA512
c14123fa18a3a3be0e894ac32715b0d8be73d154e8dca47797bdc082dd5064f4f50c7333518a22b576beee7607122324018036574c191b910f6f3c5fad7fde49

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ac69yvjb.default-release\prefs.js

Filesize
9KB

MD5
faed90739b410bbb2c58fb20adfe9d80

SHA1
f5102f262c58a25988ebe00839ed10c8b0f8299d

SHA256
ccef1ff8e718f9d361ddb1f767a387fb1d42fd8cfd67b1bbd4b51c7370df494f

SHA512
f9cd7947fa1eea2cad493ff1fd78efa897be5ddb9a7e3dda188c0e4f1c51ec178c6e71ab1a2115267e3f9d77ed4ecdb77e48ba402357f9897edb63c84e82349f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ac69yvjb.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
5ccc1bee1e307c2bbbb1c4d34b122f00

SHA1
1472242e9a8c601d46811621645ba7e6d3c93958

SHA256
778682f8672269087708db87d831990ad2d8f30aa4edb7cbabe632a04be88887

SHA512
b775db9e1fbfb009939780266dccb2809ddd6e0330e7b5705c2fc78afa205effc7f1d7c5579d9e5cee552958b1e87f1ef96cdf958bf9b1b81b30e283c2e23046

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ac69yvjb.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
0f58e5eda2118cc24c35ac6fce140067

SHA1
a9fecc107f3ec9f1cc3b6fe39f790e90af28e880

SHA256
16ec5e0a550655626d5eebc0fdb59771f94d3c210887121866329a9496a9707a

SHA512
4965261c0f5290f5faef7ded94907a597aea802cff5e824d5981b2f64faa613e3d005b469652726e75b787378cf3086f27a626e570a74e26cb9bc65d7e9c6708

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ac69yvjb.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
71ea0a8b0dba16eff3d7d86ef40d3cda

SHA1
27e7d92a58605ecdb49111e281b5e9935858ec87

SHA256
14a7bd6e0626051f14d23dcbd2bf5abe9bb3c02f81b86aa9d15d4fe77abdbcc7

SHA512
06f7cf7327c328a49d659277183d2ea94ea556fdadb0ad031b641c0da6f98583623832018dc89223de86f0eb52aab719e0032353c104d01e90b846dd9a69dfce

Download Submit