600d6151fe47eb99535638c7fed1183996d94ef603e0f8469383e058a3ed3f9f

Resubmissions

26/03/2025, 13:56

250326-q8qmxsxr18 6

25/03/2025, 16:34

250325-t3db7asnz6 4

25/03/2025, 16:12

250325-tnkgyssmv2 7

Analysis

max time kernel
899s
max time network
891s
platform
windows11-21h2_x64
resource
win11-20250314-en
resource tags

arch:x64arch:x86image:win11-20250314-enlocale:en-usos:windows11-21h2-x64system
submitted
25/03/2025, 16:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FirstLogonAnim.html
Size

101KB
MD5

d563f7a009fb7ac826c88dfd5cfe55d9
SHA1

92e3a38de7c6fae27bfb08f40c9d28780407c26f
SHA256

600d6151fe47eb99535638c7fed1183996d94ef603e0f8469383e058a3ed3f9f
SHA512

adf9f99b8419d4e1bf42be7a6128066df53d23359c319fe6ab3137811338778abaa2cb09d5411977edb9340491cc7a70a9c291fb2a2f6f8f2fb5270753903909
SSDEEP

768:5fDDI+fh378/tZ5vAiwf/ysFIVusFIVFDVgLRDVy18mCgLkm3y1km3gLRm3y1eDK:5bDIvwWxSAVUrhia

Score

7^/10

microsoft discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
47	drive.google.com
48	drive.google.com
49	drive.google.com

Detected potential entity reuse from brand MICROSOFT. 5 IoCs

phishing microsoft

flow	pid	Process
312	3720	msedge.exe
337	3720	msedge.exe
337	3720	msedge.exe
459	1108	firefox.exe
459	1108	firefox.exe

Drops file in Windows directory 10 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	msedge.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mshta.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileCoAuth.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileCoAuth.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileCoAuth.exe

Checks SCSI registry key(s) 3 TTPs 7 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	msedge.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	msedge.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	msedge.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	msedge.exe

Checks processor information in registry 2 TTPs 34 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	PeopleApp.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	PeopleApp.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133873927944544203"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.WindowsTerminal_8wekyb3d8bbwe\StartTerminalOnLoginTask	taskmgr.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\NodeSlot = "7"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupView = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\IconSize = "96"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByKey:PID = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000050000001800000030f125b7ef471a10a5f102608c9eebac0a000000a0000000b474dbf787420341afbaf1b13dcd75cf64000000a000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000e0859ff2f94f6810ab9108002b27b3d90500000058000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616193"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\FFlags = "1092616193"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Pictures"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\MuiCache	PeopleApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\LogicalViewMode = "3"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByDirection = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Pictures"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByKey:PID = "0"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe1000000068a7336cef94db0103a22941f894db01acee79d8a19ddb0114000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\IconSize = "96"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0000000001000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\FFlags = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupView = "0"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1678082226-3994841222-899489560-1000\{880CC34B-E600-44D0-A671-6AD21DB4101A}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\FFlags = "1092616193"	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1678082226-3994841222-899489560-1000\{A61E9925-A7BC-4AF6-A793-73D92462348A}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe

Suspicious behavior: EnumeratesProcesses 32 IoCs

pid	Process
3744	msedge.exe
3744	msedge.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
248	chrome.exe
248	chrome.exe
2424	powershell.exe
2424	powershell.exe
2424	powershell.exe
2880	taskmgr.exe
2880	taskmgr.exe
2880	taskmgr.exe
2880	taskmgr.exe
2880	taskmgr.exe
2880	taskmgr.exe
2880	taskmgr.exe
2880	taskmgr.exe
2880	taskmgr.exe
2880	taskmgr.exe
2880	taskmgr.exe
2880	taskmgr.exe
2880	taskmgr.exe
2880	taskmgr.exe
2880	taskmgr.exe
2880	taskmgr.exe
2880	taskmgr.exe
2880	taskmgr.exe
2880	taskmgr.exe
2880	taskmgr.exe
2880	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3368	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 54 IoCs

pid	Process
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1108	firefox.exe
Token: SeDebugPrivilege	1108	firefox.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe
Token: SeShutdownPrivilege	236	chrome.exe
Token: SeCreatePagefilePrivilege	236	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe
236	chrome.exe

Suspicious use of SetWindowsHookEx 13 IoCs

pid	Process
1108	firefox.exe
1108	firefox.exe
1108	firefox.exe
1108	firefox.exe
3368	chrome.exe
3368	chrome.exe
3368	chrome.exe
5572	chrome.exe
3060	WindowsTerminal.exe
3592	PeopleApp.exe
2532	PickerHost.exe
2332	PickerHost.exe
5556	SystemSettingsAdminFlows.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3300 wrote to memory of 2020	3300	msedge.exe	78
PID 3300 wrote to memory of 2020	3300	msedge.exe	78
PID 3300 wrote to memory of 3720	3300	msedge.exe	79
PID 3300 wrote to memory of 3720	3300	msedge.exe	79
PID 3300 wrote to memory of 5600	3300	msedge.exe	80
PID 3300 wrote to memory of 5600	3300	msedge.exe	80
PID 3300 wrote to memory of 5600	3300	msedge.exe	80
PID 3300 wrote to memory of 5600	3300	msedge.exe	80
PID 3300 wrote to memory of 5600	3300	msedge.exe	80
PID 3300 wrote to memory of 5600	3300	msedge.exe	80
PID 3300 wrote to memory of 5600	3300	msedge.exe	80
PID 3300 wrote to memory of 5600	3300	msedge.exe	80
PID 3300 wrote to memory of 5600	3300	msedge.exe	80
PID 3300 wrote to memory of 5600	3300	msedge.exe	80
PID 3300 wrote to memory of 5600	3300	msedge.exe	80
PID 3300 wrote to memory of 5600	3300	msedge.exe	80
PID 3300 wrote to memory of 5600	3300	msedge.exe	80
PID 3300 wrote to memory of 5600	3300	msedge.exe	80
PID 3300 wrote to memory of 5600	3300	msedge.exe	80
PID 3300 wrote to memory of 5600	3300	msedge.exe	80
PID 3300 wrote to memory of 5600	3300	msedge.exe	80
PID 3300 wrote to memory of 5600	3300	msedge.exe	80
PID 3300 wrote to memory of 5600	3300	msedge.exe	80
PID 3300 wrote to memory of 5600	3300	msedge.exe	80
PID 3300 wrote to memory of 5600	3300	msedge.exe	80
PID 3300 wrote to memory of 5600	3300	msedge.exe	80
PID 3300 wrote to memory of 5600	3300	msedge.exe	80
PID 3300 wrote to memory of 5600	3300	msedge.exe	80
PID 3300 wrote to memory of 5600	3300	msedge.exe	80
PID 3300 wrote to memory of 5600	3300	msedge.exe	80
PID 3300 wrote to memory of 5600	3300	msedge.exe	80
PID 3300 wrote to memory of 5600	3300	msedge.exe	80
PID 3300 wrote to memory of 5600	3300	msedge.exe	80
PID 3300 wrote to memory of 5600	3300	msedge.exe	80
PID 3300 wrote to memory of 5600	3300	msedge.exe	80
PID 3300 wrote to memory of 5600	3300	msedge.exe	80
PID 3300 wrote to memory of 5600	3300	msedge.exe	80
PID 3300 wrote to memory of 5600	3300	msedge.exe	80
PID 3300 wrote to memory of 5600	3300	msedge.exe	80
PID 3300 wrote to memory of 5600	3300	msedge.exe	80
PID 3300 wrote to memory of 5600	3300	msedge.exe	80
PID 3300 wrote to memory of 5600	3300	msedge.exe	80
PID 3300 wrote to memory of 5600	3300	msedge.exe	80
PID 3300 wrote to memory of 5600	3300	msedge.exe	80
PID 3300 wrote to memory of 5600	3300	msedge.exe	80
PID 3300 wrote to memory of 5600	3300	msedge.exe	80
PID 3300 wrote to memory of 5600	3300	msedge.exe	80
PID 3300 wrote to memory of 5600	3300	msedge.exe	80
PID 3300 wrote to memory of 5600	3300	msedge.exe	80
PID 3300 wrote to memory of 5600	3300	msedge.exe	80
PID 3300 wrote to memory of 5600	3300	msedge.exe	80
PID 3300 wrote to memory of 5600	3300	msedge.exe	80
PID 3300 wrote to memory of 5600	3300	msedge.exe	80
PID 3300 wrote to memory of 5600	3300	msedge.exe	80
PID 3300 wrote to memory of 5600	3300	msedge.exe	80
PID 3300 wrote to memory of 3412	3300	msedge.exe	81
PID 3300 wrote to memory of 3412	3300	msedge.exe	81
PID 3300 wrote to memory of 3412	3300	msedge.exe	81
PID 3300 wrote to memory of 3412	3300	msedge.exe	81
PID 3300 wrote to memory of 3412	3300	msedge.exe	81
PID 3300 wrote to memory of 3412	3300	msedge.exe	81
PID 3300 wrote to memory of 3412	3300	msedge.exe	81
PID 3300 wrote to memory of 3412	3300	msedge.exe	81
PID 3300 wrote to memory of 3412	3300	msedge.exe	81

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\FirstLogonAnim.html
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x2f4,0x7ffd8723f208,0x7ffd8723f214,0x7ffd8723f220
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1820,i,7070305067617165384,3335034607636381186,262144 --variations-seed-version --mojo-platform-channel-handle=2260 /prefetch:11
  2⤵
  - Detected potential entity reuse from brand MICROSOFT.
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2232,i,7070305067617165384,3335034607636381186,262144 --variations-seed-version --mojo-platform-channel-handle=2228 /prefetch:2
  2⤵
  PID:5600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2332,i,7070305067617165384,3335034607636381186,262144 --variations-seed-version --mojo-platform-channel-handle=2504 /prefetch:13
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3452,i,7070305067617165384,3335034607636381186,262144 --variations-seed-version --mojo-platform-channel-handle=3528 /prefetch:1
  2⤵
  PID:5320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3460,i,7070305067617165384,3335034607636381186,262144 --variations-seed-version --mojo-platform-channel-handle=3544 /prefetch:1
  2⤵
  PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4896,i,7070305067617165384,3335034607636381186,262144 --variations-seed-version --mojo-platform-channel-handle=4876 /prefetch:14
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4904,i,7070305067617165384,3335034607636381186,262144 --variations-seed-version --mojo-platform-channel-handle=4936 /prefetch:14
  2⤵
  PID:5380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5336,i,7070305067617165384,3335034607636381186,262144 --variations-seed-version --mojo-platform-channel-handle=5364 /prefetch:14
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5364,i,7070305067617165384,3335034607636381186,262144 --variations-seed-version --mojo-platform-channel-handle=5680 /prefetch:14
  2⤵
  PID:3628
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.exe
    cookie_exporter.exe --cookie-json=1128
    3⤵
    PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5672,i,7070305067617165384,3335034607636381186,262144 --variations-seed-version --mojo-platform-channel-handle=5704 /prefetch:14
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5672,i,7070305067617165384,3335034607636381186,262144 --variations-seed-version --mojo-platform-channel-handle=5704 /prefetch:14
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3964,i,7070305067617165384,3335034607636381186,262144 --variations-seed-version --mojo-platform-channel-handle=6104 /prefetch:14
  2⤵
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6108,i,7070305067617165384,3335034607636381186,262144 --variations-seed-version --mojo-platform-channel-handle=6124 /prefetch:14
  2⤵
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6112,i,7070305067617165384,3335034607636381186,262144 --variations-seed-version --mojo-platform-channel-handle=6132 /prefetch:14
  2⤵
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5052,i,7070305067617165384,3335034607636381186,262144 --variations-seed-version --mojo-platform-channel-handle=4888 /prefetch:14
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5052,i,7070305067617165384,3335034607636381186,262144 --variations-seed-version --mojo-platform-channel-handle=4888 /prefetch:14
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=4872,i,7070305067617165384,3335034607636381186,262144 --variations-seed-version --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:1120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --always-read-main-dll --field-trial-handle=4196,i,7070305067617165384,3335034607636381186,262144 --variations-seed-version --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=3524,i,7070305067617165384,3335034607636381186,262144 --variations-seed-version --mojo-platform-channel-handle=6212 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --always-read-main-dll --field-trial-handle=4972,i,7070305067617165384,3335034607636381186,262144 --variations-seed-version --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --always-read-main-dll --field-trial-handle=6396,i,7070305067617165384,3335034607636381186,262144 --variations-seed-version --mojo-platform-channel-handle=6360 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6728,i,7070305067617165384,3335034607636381186,262144 --variations-seed-version --mojo-platform-channel-handle=6736 /prefetch:14
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=7104,i,7070305067617165384,3335034607636381186,262144 --variations-seed-version --mojo-platform-channel-handle=7136 /prefetch:1
  2⤵
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=3608,i,7070305067617165384,3335034607636381186,262144 --variations-seed-version --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --always-read-main-dll --field-trial-handle=3560,i,7070305067617165384,3335034607636381186,262144 --variations-seed-version --mojo-platform-channel-handle=3612 /prefetch:1
  2⤵
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6520,i,7070305067617165384,3335034607636381186,262144 --variations-seed-version --mojo-platform-channel-handle=6472 /prefetch:14
  2⤵
  - Modifies registry class
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7196,i,7070305067617165384,3335034607636381186,262144 --variations-seed-version --mojo-platform-channel-handle=7248 /prefetch:12
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=6452,i,7070305067617165384,3335034607636381186,262144 --variations-seed-version --mojo-platform-channel-handle=7004 /prefetch:10
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4000,i,7070305067617165384,3335034607636381186,262144 --variations-seed-version --mojo-platform-channel-handle=5228 /prefetch:14
  2⤵
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7536,i,7070305067617165384,3335034607636381186,262144 --variations-seed-version --mojo-platform-channel-handle=3956 /prefetch:14
  2⤵
  PID:5472
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7536,i,7070305067617165384,3335034607636381186,262144 --variations-seed-version --mojo-platform-channel-handle=3956 /prefetch:14
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --always-read-main-dll --field-trial-handle=6064,i,7070305067617165384,3335034607636381186,262144 --variations-seed-version --mojo-platform-channel-handle=6376 /prefetch:1
  2⤵
  PID:5908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --always-read-main-dll --field-trial-handle=7552,i,7070305067617165384,3335034607636381186,262144 --variations-seed-version --mojo-platform-channel-handle=6456 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --always-read-main-dll --field-trial-handle=6092,i,7070305067617165384,3335034607636381186,262144 --variations-seed-version --mojo-platform-channel-handle=6276 /prefetch:1
  2⤵
  PID:656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --always-read-main-dll --field-trial-handle=6316,i,7070305067617165384,3335034607636381186,262144 --variations-seed-version --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --always-read-main-dll --field-trial-handle=6484,i,7070305067617165384,3335034607636381186,262144 --variations-seed-version --mojo-platform-channel-handle=6348 /prefetch:1
  2⤵
  PID:2636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --always-read-main-dll --field-trial-handle=7028,i,7070305067617165384,3335034607636381186,262144 --variations-seed-version --mojo-platform-channel-handle=7124 /prefetch:1
  2⤵
  PID:5844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --always-read-main-dll --field-trial-handle=3268,i,7070305067617165384,3335034607636381186,262144 --variations-seed-version --mojo-platform-channel-handle=6940 /prefetch:1
  2⤵
  PID:5248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --always-read-main-dll --field-trial-handle=4936,i,7070305067617165384,3335034607636381186,262144 --variations-seed-version --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --always-read-main-dll --field-trial-handle=6168,i,7070305067617165384,3335034607636381186,262144 --variations-seed-version --mojo-platform-channel-handle=6900 /prefetch:1
  2⤵
  PID:5184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --always-read-main-dll --field-trial-handle=3528,i,7070305067617165384,3335034607636381186,262144 --variations-seed-version --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --always-read-main-dll --field-trial-handle=7460,i,7070305067617165384,3335034607636381186,262144 --variations-seed-version --mojo-platform-channel-handle=7156 /prefetch:1
  2⤵
  PID:6020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --always-read-main-dll --field-trial-handle=7564,i,7070305067617165384,3335034607636381186,262144 --variations-seed-version --mojo-platform-channel-handle=7620 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7268,i,7070305067617165384,3335034607636381186,262144 --variations-seed-version --mojo-platform-channel-handle=5224 /prefetch:14
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --always-read-main-dll --field-trial-handle=7000,i,7070305067617165384,3335034607636381186,262144 --variations-seed-version --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:5364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --always-read-main-dll --field-trial-handle=3220,i,7070305067617165384,3335034607636381186,262144 --variations-seed-version --mojo-platform-channel-handle=7720 /prefetch:1
  2⤵
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --always-read-main-dll --field-trial-handle=7724,i,7070305067617165384,3335034607636381186,262144 --variations-seed-version --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --always-read-main-dll --field-trial-handle=7988,i,7070305067617165384,3335034607636381186,262144 --variations-seed-version --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:5332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --always-read-main-dll --field-trial-handle=7980,i,7070305067617165384,3335034607636381186,262144 --variations-seed-version --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6096,i,7070305067617165384,3335034607636381186,262144 --variations-seed-version --mojo-platform-channel-handle=6204 /prefetch:14
  2⤵
  PID:904

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:5240

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1956

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5876
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Detected potential entity reuse from brand MICROSOFT.
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:1108
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 1992 -prefsLen 27097 -prefMapHandle 1996 -prefMapSize 270279 -ipcHandle 2064 -initialChannelId {2f42b0cb-7e0d-4ab2-bb04-c59526999305} -parentPid 1108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1108" -appDir "C:\Program Files\Mozilla Firefox\browser" - 1 gpu
    3⤵
    PID:2068
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2428 -prefsLen 27133 -prefMapHandle 2432 -prefMapSize 270279 -ipcHandle 2440 -initialChannelId {42fe3e20-2cea-499b-8a38-884df4febd08} -parentPid 1108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 2 socket
    3⤵
    - Checks processor information in registry
    PID:1768
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3832 -prefsLen 27274 -prefMapHandle 3836 -prefMapSize 270279 -jsInitHandle 3840 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 3848 -initialChannelId {baa31eac-1352-4667-912c-d11f79fa2d8b} -parentPid 1108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 3 tab
    3⤵
    - Checks processor information in registry
    PID:1332
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 3984 -prefsLen 27274 -prefMapHandle 3988 -prefMapSize 270279 -ipcHandle 4004 -initialChannelId {1b41d9dc-545e-4ba7-98b4-cba713183f27} -parentPid 1108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1108" -appDir "C:\Program Files\Mozilla Firefox\browser" - 4 rdd
    3⤵
    PID:1388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 4596 -prefsLen 34773 -prefMapHandle 4600 -prefMapSize 270279 -jsInitHandle 4604 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 4568 -initialChannelId {73b3f005-d4b2-4dc6-983f-4899129390c0} -parentPid 1108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 5 tab
    3⤵
    - Checks processor information in registry
    PID:3112
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -sandboxingKind 0 -prefsHandle 4588 -prefsLen 34903 -prefMapHandle 4592 -prefMapSize 270279 -ipcHandle 5044 -initialChannelId {06085c25-5997-4a3e-897b-0cea7c7b801e} -parentPid 1108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 6 utility
    3⤵
    - Checks processor information in registry
    PID:2116
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5664 -prefsLen 32952 -prefMapHandle 5400 -prefMapSize 270279 -jsInitHandle 5656 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 1684 -initialChannelId {c68b9f10-ea55-4900-846c-7cfe5f439f4c} -parentPid 1108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 7 tab
    3⤵
    - Checks processor information in registry
    PID:468
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 2972 -prefsLen 32952 -prefMapHandle 5644 -prefMapSize 270279 -jsInitHandle 4976 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5816 -initialChannelId {bf5a3695-10a6-4681-9418-efc3fd3c9fa2} -parentPid 1108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 8 tab
    3⤵
    - Checks processor information in registry
    PID:2956
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5944 -prefsLen 32952 -prefMapHandle 5948 -prefMapSize 270279 -jsInitHandle 5952 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5956 -initialChannelId {bd095221-4135-4bff-a7cb-8106f96b3af4} -parentPid 1108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 9 tab
    3⤵
    - Checks processor information in registry
    PID:1548
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 6424 -prefsLen 33000 -prefMapHandle 2824 -prefMapSize 270279 -jsInitHandle 6404 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 2676 -initialChannelId {cca83852-5572-4c0a-bfbf-ba9920e28f9c} -parentPid 1108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 10 tab
    3⤵
    - Checks processor information in registry
    PID:4752
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3156 -prefsLen 33000 -prefMapHandle 5976 -prefMapSize 270279 -jsInitHandle 5920 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5956 -initialChannelId {c15392f5-c872-4152-9b0d-870f6081b7d9} -parentPid 1108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 11 tab
    3⤵
    - Checks processor information in registry
    PID:3964
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5860 -prefsLen 33000 -prefMapHandle 5864 -prefMapSize 270279 -jsInitHandle 5848 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5836 -initialChannelId {f14a8684-b8c4-4fb6-977f-beab1d0b200b} -parentPid 1108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 12 tab
    3⤵
    - Checks processor information in registry
    PID:5568
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 7000 -prefsLen 33050 -prefMapHandle 6892 -prefMapSize 270279 -jsInitHandle 7008 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 7016 -initialChannelId {0fbeedca-aaa4-4600-a534-83b93727d0ee} -parentPid 1108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 13 tab
    3⤵
    - Checks processor information in registry
    PID:5980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd63d5dcf8,0x7ffd63d5dd04,0x7ffd63d5dd10
  2⤵
  PID:768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1844,i,7861536298576966237,17201228720254013789,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2096 /prefetch:11
  2⤵
  PID:1204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2068,i,7861536298576966237,17201228720254013789,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2380,i,7861536298576966237,17201228720254013789,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2396 /prefetch:13
  2⤵
  PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3216,i,7861536298576966237,17201228720254013789,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3244,i,7861536298576966237,17201228720254013789,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3972,i,7861536298576966237,17201228720254013789,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4192 /prefetch:9
  2⤵
  PID:1980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4600,i,7861536298576966237,17201228720254013789,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4552 /prefetch:1
  2⤵
  PID:1180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5228,i,7861536298576966237,17201228720254013789,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5236 /prefetch:14
  2⤵
  PID:2956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5436,i,7861536298576966237,17201228720254013789,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5444 /prefetch:14
  2⤵
  PID:5224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4748,i,7861536298576966237,17201228720254013789,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:5524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4632,i,7861536298576966237,17201228720254013789,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4664,i,7861536298576966237,17201228720254013789,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5796,i,7861536298576966237,17201228720254013789,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5968,i,7861536298576966237,17201228720254013789,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5916 /prefetch:14
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:3368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=212,i,7861536298576966237,17201228720254013789,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5808 /prefetch:14
  2⤵
  PID:1332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5452,i,7861536298576966237,17201228720254013789,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6056 /prefetch:14
  2⤵
  PID:576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6032,i,7861536298576966237,17201228720254013789,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5912 /prefetch:14
  2⤵
  PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=6088,i,7861536298576966237,17201228720254013789,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:3912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=4276,i,7861536298576966237,17201228720254013789,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4296 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5936,i,7861536298576966237,17201228720254013789,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:5144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=3208,i,7861536298576966237,17201228720254013789,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:5976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=4300,i,7861536298576966237,17201228720254013789,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4228 /prefetch:1
  2⤵
  PID:5940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6356,i,7861536298576966237,17201228720254013789,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6340 /prefetch:1
  2⤵
  PID:2532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5860,i,7861536298576966237,17201228720254013789,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4296 /prefetch:10
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6060,i,7861536298576966237,17201228720254013789,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=5868,i,7861536298576966237,17201228720254013789,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:5276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4616,i,7861536298576966237,17201228720254013789,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4716 /prefetch:12
  2⤵
  PID:3888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6420,i,7861536298576966237,17201228720254013789,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:2452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=6608,i,7861536298576966237,17201228720254013789,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6168 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=6204,i,7861536298576966237,17201228720254013789,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=7032,i,7861536298576966237,17201228720254013789,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6192 /prefetch:1
  2⤵
  PID:3788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=5272,i,7861536298576966237,17201228720254013789,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=4220,i,7861536298576966237,17201228720254013789,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6180 /prefetch:1
  2⤵
  PID:5388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=4292,i,7861536298576966237,17201228720254013789,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:5408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=7044,i,7861536298576966237,17201228720254013789,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6884 /prefetch:1
  2⤵
  PID:1524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5308,i,7861536298576966237,17201228720254013789,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5916 /prefetch:14
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:5572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=6048,i,7861536298576966237,17201228720254013789,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7056 /prefetch:1
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --disable-databases --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=6184,i,7861536298576966237,17201228720254013789,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6808 /prefetch:1
  2⤵
  PID:340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4508,i,7861536298576966237,17201228720254013789,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5960 /prefetch:14
  2⤵
  PID:4232

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:5976

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:2636

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3148

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:3404

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004C8
1⤵
PID:1820

C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\ConfirmMount.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
1⤵
- System Location Discovery: System Language Discovery
PID:5928

C:\Windows\System32\DataExchangeHost.exe
C:\Windows\System32\DataExchangeHost.exe -Embedding
1⤵
PID:1460

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\1a68e7db1eaf479296522cf99813b0b5 /t 2572 /p 5928
1⤵
PID:5592

C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\wt.exe
"C:\Users\Admin\AppData\Local\Microsoft\WindowsApps\Microsoft.WindowsTerminal_8wekyb3d8bbwe\wt.exe" -d "C:\Users\Admin\Desktop\."
1⤵
PID:2332
- C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\WindowsTerminal.exe
  wt.exe -d "C:\Users\Admin\Desktop\."
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3060
- - C:\Windows\system32\wsl.exe
    C:\Windows\system32\wsl.exe --list
    3⤵
    PID:3900
- - C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\OpenConsole.exe
    "C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\OpenConsole.exe" --headless --win32input --resizeQuirk --width 120 --height 27 --signal 0xa10 --server 0xa0c
    3⤵
    PID:5348
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2424
  - - C:\Windows\system32\winver.exe
      "C:\Windows\system32\winver.exe"
      4⤵
      PID:4396

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
PID:3112

C:\Windows\System32\SystemSettingsBroker.exe
C:\Windows\System32\SystemSettingsBroker.exe -Embedding
1⤵
PID:1840

C:\Program Files\WindowsApps\Microsoft.People_10.1909.12456.0_x64__8wekyb3d8bbwe\PeopleApp.exe
"C:\Program Files\WindowsApps\Microsoft.People_10.1909.12456.0_x64__8wekyb3d8bbwe\PeopleApp.exe" -ServerName:x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x.AppXp4q8q2jfk5x248b0h39ew5k7wz3xvc5b.mca
1⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3592

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:5736

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DevicesFlow -s ConsentUxUserSvc
1⤵
PID:3564

C:\Windows\System32\PickerHost.exe
C:\Windows\System32\PickerHost.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:2532

C:\Windows\System32\PickerHost.exe
C:\Windows\System32\PickerHost.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:2332

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:5524

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:5808

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:3728

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:5692

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:1012

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:2948

C:\Windows\system32\SystemSettingsAdminFlows.exe
"C:\Windows\system32\SystemSettingsAdminFlows.exe" RemoteDesktopTurnOnRdp
1⤵
- Suspicious use of SetWindowsHookEx
PID:5556

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
bd83426a5a006b0d097ace6d84bf5e11

SHA1
45684f5112db4d6eaeb4c0b98e95740b4217e275

SHA256
1bf1428c2039a63d2026cb8d09950654432e801d1caba36f8bc55864ff825059

SHA512
ed71318f822ee32bcb90bc0c4cd32fc3643ce86356d84a5a02b18e4fd054bfcf9f44426eeb1d6128723e72928f0fb1afbe9ad18488a4260fa7e44d24f83f00a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
f03c26e0914bf8fe02441efa00efa5d2

SHA1
adbd9acc48c9af89da24cdde116e4d0d1f3abd4f

SHA256
dac3df6177a2e5c8ee747d2155b877dcbe18914c957a1a3b3f88aebd8d5fd807

SHA512
b0c744705bc6d51f667d11e848b17b6ca0ffc286ef3fab7879ed267431ff62517d74071e2bc4895afcc4217b1e6c2598a1639370c31a35c8cb562d98c97ed85f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnWebGPUCache\data_1

Filesize
264KB

MD5
b70b8efff673d299ac1a61603b2d7e78

SHA1
62ee376051e9d013672ecf0f6902f34ff5c87d27

SHA256
12c9ae5558c91f49e2f5f483d6847645d9fec6457086462bec2ed5bbc2d4440f

SHA512
bda6b5c2b7ebb50737182a4fa37f77ebed260de227e03bb34de0c5849173bfcfcd0a52347d34639b9dd4de3b10a8fa06a396a9dff7bbcc7501b119b60183e10e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
ac533f74f128ba8bdb54c9f0dc57119c

SHA1
c9133188ea7a885c4c12200e0adff06df604527e

SHA256
8cebc365ee614b0eaed999f789cf071ebce624c7ceee1b48d0be189892e0e6ca

SHA512
d8afacda699cdc033759e7e3f04d6ffab9798d4275e3dd787f1e0c158b3a2c5a5b931e8f98221fe047e1987f489a918bfaf70864f80506a75d2c6d74d2ebe064

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
9a2a5d861380ecdd27350c03d71e467f

SHA1
72a58a9bcfe14875d826a43b8331284a2bce6989

SHA256
d596d9c59e3b08c89cf14ea6a99aa8edd5427cfbeb07ae28b5f0ff2e77ae83e3

SHA512
e44bb0315a65c57cacc1ceed582ad767a8c6b844fc916faadbe5a4484347b3e96db426d341847893bf1a3ea90cfd99a7d2b1fdac1819f96a0080edd120783e64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
5991527d11e18b2e9926f08598bc6e1a

SHA1
6a72cbb34e4e1ca3c2e6b4fb041811083c590605

SHA256
2b8d1249810ef59e1277b087bf49cd3d420223d5267c25a0502b28f5169e2f38

SHA512
fbee6e9e1f8fd3763f98199378558bb97bec4c3a1c69d3009360f84af1dcb0f598d7f9950d32c61af88da80e4ea723d72f83dcd283dc84458272dc8dfc794b1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1a771c10a0a45ba0a2bdacab9c5eff9e

SHA1
1f2e984f527fd5a6904e7552535d64d38d7c7cff

SHA256
d6ffcf8f22cb606f22ce7a972e00fff6c40034de8c53d5e813885abe7db1841e

SHA512
fc4982aeb73510e664481f95eabc17d984bce0bb9a03c25f0ce2d8a3be9be081c0307cbb5aa5708e8253cc87ec154e29b8f0e9717604ddf3e83b9ebc03f10283

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
049e206eb11fecd9a44a5e4f81d8f27e

SHA1
7ca255897472cd6f7cf10628c1e5ab4c3e5edad8

SHA256
0b1391d3a6ef0fa3a9a4d2df58352c0a5b800122d59e6ff5e0276e78a87249e5

SHA512
681284309809875652bb561b08216a35311909dcf5c6b1af635d3bc831d6919065132650433592e04b88e3b1d2e1a6543160921626286ea9f90ff57a48a1ccb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
fa53dc427c933085e668f405a181b520

SHA1
30128d347ccf39c56de6ab7f49cbd40662a8c980

SHA256
0d7e27103cfa6e485c7c2b1d505fa0d71dd21178546dc6a591a84dc7138d0f65

SHA512
1e5b7c4699e5ee2463f850afa4baeb70e7fd97cd19bc01cbde191b2943032ed9247f59847c44cfd71c336eb63bce7dfb101f5861f1e0223cb0de5b8bbfcd07f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f420388460ae29d884dba87658adcaed

SHA1
702d268c4eed8c1efab6cbea209260af4e860896

SHA256
de8be55dcc84f93f77566d7bd09614653c397585f9f7e134c184841a1013f999

SHA512
77cdbcf475693f44e1f3e2d93259f1a223afafff42694625e8f71d2218a11870bf394a72841af327bee877322290f8373901310edeeb5e3857cf718e99956c65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3f1ae8698101acce60d7f9601df797cf

SHA1
5875ea128fbfcd0fff60da3fc4cfc9ed33a8f9cd

SHA256
fcc0ab24c4de8521f8332b9f11e2d1daacca1690f38e63d2d4ee7e0ea10a601c

SHA512
9c3ff02118f9e2ac08e1840213873bd9c75edc0ac84a5cab43136f41efacbdfffba60a544b0c801b5ced807c46f152d1464996b8fcdbf292874c28237ce2746a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
63f7267bd3ec7f881e09008322ff8962

SHA1
643a467ce80bc15f4a173b389ad7fbc1d0f3025c

SHA256
962d53e931dd85321197279c5a4cb7fe412a28b3c67a11ad1286d608fa1ebd86

SHA512
b7702279b4ff7e7f125a03389ab56eeb214e5341d48f56d6df1efeace943c3277dea8a4433dd7dba52ce17e9e6ca94f66c1713c047b7d89296e3ce21a8b9ec80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
dd58875ea8fe0f16ee318fdd50649b2a

SHA1
bb2e370d1466aa08c7436d3f947422b1f045c70a

SHA256
cb10fcc6c669b7c5d3e02574ce376bc9d2427dbb5337b07388caf17363417e29

SHA512
2d98c1bc1816ea79cb401f0fd4d2040efaf3054624c2c26894c28b9a7e65fb101b3c75da840981203e9284ff160a8f85822f168070b9a0188c22ac180c432d00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5e4ddf.TMP

Filesize
48B

MD5
0f127fd7ccaa346cec4509dc26c6ecff

SHA1
3a81a4138946fd3cac482d748bbc71c1d200ea2b

SHA256
ac8a2147d783f4e7e2a96a44197389db2d03e3561e0b03372a9e47ea69c770fc

SHA512
b02c290e0b90a2f893969e68b94cefb78da001b9889bfd896d696bc1b88a996870d93d58f66b3dc74a22307c40e272cdfa38651f5ddc51ef7af758c7132b697c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
7216ebb8f8b682714c7e82c68794053c

SHA1
cd8a4a385fdca809f1e36104de1912debb004f5a

SHA256
d23f8b5f6b8503e5418a3c4afe6b8e2e2df00dfb1b06014457e6128970bc5b42

SHA512
3dd3ebc6f7e947cd88019a29a3a7bcac276e40fd1c44f8079eb4e439fce83d4c24962a6c85352ac73612dcba3d21d9da1bc7fc6ce05090f1003cad058c5d4bb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
156KB

MD5
3e3b738364562c90262a0cf5cdae9590

SHA1
7f24f5717bd99115c5d5d6fbe48a70b02d014a92

SHA256
2a9baaad4d96f1593d2ec9d5c06dbbd9b2dce097f0867fc9756dccf736cdd289

SHA512
1b5aec7bb5a745d2bd43582b101b8aa4449b2c6bc387bee9b7878570d43b1c1437a6bceb17a2c9c47e785622150280985d052e79e4a5a3c27ea5e9a5120cfb21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
156KB

MD5
df20f511b16ff51290b135bdf2bec76b

SHA1
dbd977f3f917dacbf0d845050f23d7abb9fa70da

SHA256
917cfd1864184eb6653002844d83a79769823858154d4a5a339dd3a8a718f87d

SHA512
ff0b31875f25212d93890154eaf83f52fd46dc2cf9bc32e97f8ab7ff2c6a5a43e8c4fe3f9f501e6aa27eb01e80fd24c143c43061786c82f0f1e4dcd644cae6d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
d9def0c71634c802ff5a2860925462dc

SHA1
97b117017f31feb6a0fcb55676d1bee3c173dc4d

SHA256
deab08bbc34f677f29be7ac77413fdbdf1683364a79d4658b15261070a562cf9

SHA512
115af48d0a59f12e90aad319db9b094e546738ee51e2975b054a8e149e4edd01b6059940e10da9df2adc82d87b59f11eba9b92b11e390025b9a0f5fd2e98142b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
91a0e7b2e45dadbde01dcec7dfe49215

SHA1
5604c83931321783d7ab8439259c70e6d299641f

SHA256
110be5fda452639bafff180eb8b0fa135f5538d208446c7910a192d79803a160

SHA512
c6a3ff1cd140c1148d0e6f91b161ea35c977041b0854ab83f5efedc86cc08784aaf018622088a3e418cad05b84f6a747a0b399f394878002e4de9f1fddec8cbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
19a88bad99bffbae6102e191cfedd75b

SHA1
df476b325df883b73eda1b2349bab45aa22e808d

SHA256
0d576dfbde1712b7288e4561e3eea75ffdad84dc50a77ceb57a6e9c37d60465a

SHA512
9ec5eb487d8c8fc8e283a94bd43afd740edc4df6a4509d83629416d040586bd42330eb0da6dd41ec1e5550bce9a6643319ff8584f8638a9cde9042fa406825fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
8f41599ef1e3e9e51e5bb3746a35fd79

SHA1
87b7052112bff5c9d5fe63e5b438e12293493864

SHA256
b3a493f5b4d72796e389381de8057971c1898a93697fbfa1a1d219c6b076aee3

SHA512
fb9f22f9c121ab7ac4314e1f00586d822c14eac818447656dbf0c3d4597ff7e73d7a6a57dde0ed9bedd41cd8e9c070ee817b7c14cf594c22373dd0d44a4777ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000007.log

Filesize
21KB

MD5
aa1683b2326e36f0c12953a6e8edf39c

SHA1
efe96f36900dab9367aa89f4a77ed43d387a179f

SHA256
00df8b32ca99dd542413d6675870bfeb82c775b50e7616a3560e9195e97bff80

SHA512
dfb90cb234e1341733702209ba6acf2da16df2474f9117784cadefd2711490827e520ccc94a1ca3269e1443700d551a22347b9cc36ccaba162a6f1f8d5e80362

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
334B

MD5
05d27e7c29b491386f7cc9962a328f35

SHA1
6441524b2aebce15602f5fa5023a2ee149a33ab1

SHA256
49075fba5492ecd6795e44773688782027e4ce4136b840ecae044b0e41f3dfe4

SHA512
63939f5db25d2a733dc54baab5a43f742ab735a0b8f0600ff6827734e7a660cd4cfc8727881ff3306fa1eebea16c483babdea2843127d4e09b59988296a290b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
334B

MD5
b0976c90755337f720cb4815d98b8e52

SHA1
df445d40c3ecdc6e600ba4067793473780d0275b

SHA256
5bbb546dbde488049d8f7c6c2b3ce9aec669be41cc601c291d3beacb355c64c3

SHA512
649e62b78c0292c30f7f56b8d68fb39b16fa79c2043f9f29b1fef39b9523b075ea43f65f260f587ef7c4f80b7ca390b782a0e8cf9d5094cf13ad8708f6ef1745

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
331B

MD5
36b9df339ebdcdfb1033d3b086e63ee5

SHA1
498042b9712d33d4fcd5abd5b856efc1083a6276

SHA256
2404716ac31d3d4971e7fffe810e45ac8174a890b889a6cc610c552e0ab2f0e9

SHA512
7d6cabe990ab696fa572d3af2538e13e240ff54706937e4373e0cb26122d8258746b4f5af84982c362b277fcb25b5fb2692d2db0a47992b3075b549329a5bc71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
192KB

MD5
c40b625d6786c996b2dd6c277b8865c5

SHA1
75a11e241472e24e89db3217f377e2b849cf1450

SHA256
eecb333d39eec4bdc508995326339a37e44c9d26dea5ef12bb8e44adc0cb60e3

SHA512
12e9b00ec827d31d4f796159f2c09dfc17d2f82710265de24dd168ed7ecd610a55256cd6e20b943a25113dff835ae6d61c5dd75517377da35139e2a85b6a0c9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
70b25f72336f5a0423e3e97c9e38dd22

SHA1
d9d4d904fba59be828302c5c6eb3312e315b5615

SHA256
212d3c459ee1391610c680dc0de46a2591e6b69f8b1725e8193c9f3077657cc9

SHA512
71a79512aa44f1a977ea3c7e2b3d70513932de6d9546569582b345887c5d5fb2e35193e8b7803987e7418a1be9a7c5f9b96a31a17aa477e88707f5aa0e2ffc7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
9feff2966c36a1463eeb98db131a8b93

SHA1
0a8fe9e490d1939677e2544765f6e00371899dc8

SHA256
48a32dea75ea6fb63fb5e2291212a9959c296fe04d73cc381182546171de5b8e

SHA512
61390f1114faf304761435ff46318173835af86cbece3592f94cf5fc41268b7d4136af34099425adfb0d41904472a9852b6a76002b0a30d264362e49e8cf1020

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
1a7bc96eb5874c77d865f220baa3fabf

SHA1
f305433cc8574095ebd7c74ecfb900c3547594f3

SHA256
5506352e0cdd832cac03124e301c160eea7af8cec50544d09528ba8820150d3b

SHA512
fded631f00b661ab71c0888278cacbcc08e09f6c1655e389b1ba5a3859f85b902f13b3711bc5cde2bf0ae4dc657fb761097a690c5e1a7ef908e525a489552d24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b9afe9549012026d2fd61f53fb2703ea

SHA1
2313a97b2a0dc3a6af2ff09feb3dff6a6f70560c

SHA256
801bf0d3a253254620ddc5ca0407bad7ce97c4573aedb9b0b3685952777e8814

SHA512
577cd8071642e07125f20545c4a72ab42370d2656efefdba2dcd1068171edcf62d7be8382c099ddca3db3ae75225273ed6b9e788f4deef0327f79280aec5b965

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
acca0464f244810c8e43a07836ffe80f

SHA1
c486cf49a9b51cf4420f28fbb5e11d37789ca834

SHA256
ef657cf0370dbae985d6ff1a8d4251e37a4c767e1eac42099201dfa99f74f352

SHA512
cb624a4388685a6b16055ebdcdbb8af3c09ecc0dde74a1b1e8bc9b64d3b1da35e9710df2ee69c5d6ad648d009e9f1f307bd85b6bbca7a200ddc410215250fab1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
254fff07fb014e620159bb00d3ee3603

SHA1
df14800a4c039b9385f332f2cf3f1a39015f3948

SHA256
3939355edd09f05ac5fa40f72fb0d4b6e2b60103f906cdd1a4bd1d5efe2a1d1a

SHA512
d3d457e2bcc1c477b4edd28effc4470fe9c6ce4bacf663ae3efb635e3cafc2f4828b5d5eb6385c8d9f81e92cbb1e8fc003eb1f24cc5e7f67630bab0956ad5857

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
c7768645ab2dac14065890e7a46003b2

SHA1
1fb2c99f1defcbdbf4b5733baa75fd6e243dceea

SHA256
15441e01e38d291f83ff0173a260040f9a777105e8912491a966adf8680dd819

SHA512
67062dc8be7094df9d8ca6d6ab43261c3e6fe73d19b2e5c41989ad000906bda3663268a3d1f5f24e1b1c7693e614faba68b1777775ae5e35f0da1188867ce887

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
37KB

MD5
1c0ec5bf940f3d4dbbfceef849d1ed25

SHA1
6d8eb40f329cece20448b4296bb4d3fca17f9c08

SHA256
bcfcb3e9ad5f3dae7336eddaaae387ff508de82d2f96d0833d4b21f10e9d3cb9

SHA512
6555666281a17c361d9b9b715f6cce0db28c209b7b133a31c193eb2797ffbf0ae941bfab9792064a2f3a7859b161c3aa5354a6b06e4b27c08f90ea00a2dae032

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\6de81848-5b24-4103-b044-7a04b1ce3981\index-dir\temp-index

Filesize
2KB

MD5
dc53c45bf67ac5fd1ac7bbeb1df760b3

SHA1
bcbfbea43392a39ecfba87bd93d5e47d910d2234

SHA256
92fadc7328df58f79d62936f23bfc543b3d495621a4530eabcd74b25635240eb

SHA512
400f55149846004f655caeec44d63f70b47ff8c79fcc707f8ec6b03177a7efc6a005bb9fd51a177ba7539886caf0a52f9c2ea381c62338cefe756e74496de3fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\6de81848-5b24-4103-b044-7a04b1ce3981\index-dir\the-real-index~RFe5be7fb.TMP

Filesize
2KB

MD5
f1e321e79dc035b0cac967b801d7d891

SHA1
1518e8f3c57462cc6b072d7930335c86590a1fa7

SHA256
117ca82922b4b51a65302cd14288aa5cf04640c64fcb027a6498c4b948b77b4b

SHA512
1c46949b597e391bb152fca8ee956c65825a645aacffbb3f6df5a078ae75f194780493b610d644db174d4af9d8d994cf479321e0c73160e5aa3dcaafe65a757f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
253B

MD5
96c80b66ae5ba6e2648da6723523b79a

SHA1
0ba97a0b0651fff2208efd8f0e812a946bf8a601

SHA256
4734b90b65dcedfa7e130873bc30af96f97fb0d74b196a4a3c32e29cba443aa8

SHA512
487e29b46b7ba6d547d6d1e213987e4dfdafc1e7d4ee8cae093a712ae90cf607f9f5340a6d1e8abd19720ee3f0af31b1b98cd0e18e85dcf2945eb25b05642e63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
a9bc444bf9a511ad752399fb1a40da73

SHA1
23d13153ffb8c8061b32f95f17845fa2042c2ec4

SHA256
2f21837eeeb54b023469ffa52fcf204dfcda4a910a0a41bb7e1ec52c0fa935e7

SHA512
5893c40b041f8065a02607cb0478ffd294f9fb9369f01bf498333ebc6fd527c4e7244657935d4e7a7245233a7686c50950c0b4c5f51db5ce311066bc51c48913

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
228KB

MD5
e50fe622cc09518ee342db01dc121f65

SHA1
e82cd4f6aa0d9b96d5c12e3f0c8618b845895055

SHA256
d20cc25f035a21f3d0fefc01904041f87dd85f8a94095f5143c7a9dc3e45462e

SHA512
9eb0dec8c2cdb7206b93b76d53249c6f225ea6d76e1a61c5089d35bd82d62bafa78741001dd91a66c2c462aa842be55f013779a75db799183c32e5065decd521

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
469B

MD5
af5332d53c22bcdb69f37c54c07cc3dc

SHA1
0349cf1e8ad029048ec2108898c95c5f9ac500ab

SHA256
4a7d2a8fe06503f0b81bf2deefb2836b9db4c3832d8460fee5a74fad2200161f

SHA512
a15b154a76cf0bcfea52233541e2eaa77b40b52321afc0402b2988071472f81b3db29f9ea645b900e4a76f6a0fcd83f8b6e78eae6aabb50ca663e2dc77eddca0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
904B

MD5
90bc4a36a91a858aa7776b80f824fa51

SHA1
b8c9ac12818056ffa19ef97a8e3ae163b4d52d10

SHA256
1249448f56d736d61c4b35dfb79351c8492bd3d2ff96d63a16726e29c99c87c0

SHA512
19ad553ec92f04c2cefc88bede137dc22e77b4e897f507ac97fe7e86ce4f8fbee58731f4dba79738334a83a5de7ed9d08e89830431ef115dac2bfb45a9452dbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
22KB

MD5
bb05ae282e2b8242b483f10fec760773

SHA1
5bc54631dcbf76c6f9c7dc967eafdc7dab94b4e9

SHA256
7eae290ebb9560948b51c17373b91574d2b80e80c559376af17b823b1292bef5

SHA512
47bb482bc92bc2e6ec25a24c9472267be300a39ce50fdaf7f616e89c5d97c84274d37410b016bc8d100c3b035ecbed260d1201d37495c0543faff8b91a952873

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
2f666e4803adb48f8b946d91f8b62173

SHA1
c7401ed66f20150d75bda7bb71fedcc3092b8bab

SHA256
a2ed5eebeca8a202d1dc6cefa0190f05dddbf76240afecde372165a1445617e9

SHA512
61727e93cfb198bf687e525a02a28abb4f58bb544e46ca19a9cc964660a211080af9a3ff0b1f42a9bc883f504b6eb35269c1579734b64d593d595c7883f64bf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
9705e4497c20abe17480d74c84c6d2c1

SHA1
44114930a4b1ce1eaa774e4a581b6db5973c3791

SHA256
563b94c595b75e4ad8a410b1f36e894a4f04c2cd159881fbce5bde5b8929b7fb

SHA512
d174a51990debd4fa23e3dcb44d86daf5e8765267a0dca87ae0d0d40b016dc8a1fdd5b64758cf2d74fa446055ad2f3d0aaa074009d3508ee270488395735b6a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
50KB

MD5
36baa24d853718607c5d639dfe026084

SHA1
8df503f04f66bb22843e7ada6e9df2d8186cb7a6

SHA256
480c2fd3c4280a5bcdad2786608a428f5367edddac0aa26c232efe8b9d76a29d

SHA512
7998663a5c5fa9b9bc3247657faf571b8e8845133f8671cebd268418669259cf692ee2d75d976476d10a0325282b3377b8d3f08b89e2a596da3a9e0b969c79ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
62b82a74dae5f248f778c5a98507b208

SHA1
2ece30182cba97140e547c6d028cd0045c42b6db

SHA256
d3b0262d383ad15a6b819c53c443e66ce9376f88843b44675e7f6d24da6f853b

SHA512
b833356ae6608209c2ca3fe5cdc6713b664c578f72a1037836c39e611d92b615a9301a54366771414611bd94554f3e6ad09481367b9c425c078ef659013b4395

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
2f267b27341d0a7fa50bc927978af5ad

SHA1
27facf5da6a622be8c24e86981d1ce594806912a

SHA256
a821d1b5ac4d535c716220bfeb2980a653872fed2f5561a84ca43911d9b9d5d9

SHA512
5e03432602073306bcd13739dbaed81f38acff8b1882e54cca7e3c08a66fbcc067b071a05b189926beff85e85ea8406bad0c5b143224995c34cce60f360e71f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
ded9728b5408d4a411a573034d721f6e

SHA1
1fe6aeeab3b114a196a6a8e623eb6f8ea0f73849

SHA256
5c40ccb99a80e0ee1ee99aca52401471e73f23561a886944c5f1187959385179

SHA512
d4a3774d55b8dfb0caecfc567a018a180814e95b221aa062ef7256cb6c303fa124404e71db4134dd3148840f816a801f3a914caadf5fa9e55eb75f0ebf07f506

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
e04feda7e0f907492dc59bbb5250cba4

SHA1
22434d219a45c33a85ae623aad373dd92dd33404

SHA256
1207fb1bc1074f5f1a99585d6f51ef9fd4274f10ba3d6121b27f7c9d47c2f866

SHA512
ad38f2832374d757421cfc722bdd676f3635103524f01d7419dfb7f88fca5d9128f5535f24aa53609a732e825052c9c7573cc8bd9ba14329669889774c81131f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
38b4b18256c19d781d1839173ea3af86

SHA1
a3ecb5ef28d6671bb5e9491ec1a15bc33da21c5d

SHA256
623de3fe4fb3aaf69aaaab1ecd709484f86f833aa459780353294e2ab7961173

SHA512
5887b94051941ab2b480415bfb447073cd022e330e39bd3d84082993c87edbd7b1cf140e68fa9cb20adbbbabd5524ab6efd5d01ff4f795aed3fd872f03647f0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
8340e4c87ad82ab60177e49075b4719a

SHA1
6948b8428ad7c19346e30d70b0f6ede901c762be

SHA256
aa8d2bbac81ec8a711e5f1b15fe7eb44cc448374f6eb9d5f151990c26ac50f6e

SHA512
a86fc326162cee4c6d691b3e1c0b0caa54247e82c14f60f2d1b5339444252c3ac22350df99cc6f081a4e9ed659fa046f2e18b29a24971f2882cb7680e5e4af62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
7a97f8662adbe73cd8476d9818776765

SHA1
c25af05a1df91fdd3fb31966c7ca0e17db7f12fc

SHA256
e318da431742bc7b03162aeff5c6d888090b71ac630e943120de5622cf718530

SHA512
e5fc4fc0ab74afade43db60a4e08628e4f111c7c4731b357aa56e720de46f324e0938d188be8f7ca1b4bc413b87782c1ddd14399951e36b7b88a6eaf797a9e8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
db84af35203b6ce1fa9bb7ef03afc45f

SHA1
d1cacbc4347941dacbf43c933d73327c087dbbf9

SHA256
4c2dc30f4d6169a5756aed9defb80cd3cab9139e99d92646ea702d0d285f4528

SHA512
e247be65c5a585213bad78f9de373080fefbe5d164ab1776ae818007513edb21bf54313b6f7157b0b13666d42eb8481d670a85106a327e216aa707f7c15374e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
be684ab75968972f83c39779f71bd803

SHA1
eb3295ff3d38d57dfcdf49d802e65717a152cc97

SHA256
40b2311b6256f7c2fccf4dc0061307164e8f27de116e3bdbcef9f00d6b7cf1b3

SHA512
281a3c5ad1999fac6b299b2ad1303cd00954aabda8237dd5eb827ab85be9d8e40e8b941bf9932302721ea04a78a58f41003603ea748799b8380af661d22cb862

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe589c1c.TMP

Filesize
392B

MD5
f11b2672d09183cf992e823e2b6f2192

SHA1
11eacc99e1e12c4c89984c8f937dd016c690ea14

SHA256
3b7c4a2c533c0e1f0b65981f26db976f8e3590da28cbd6a010c24705c97018b1

SHA512
23a890355e7de144dc46e2fae1a21e10c214a6df9648f02a74fdca9598acab25748c82e10fa6330337cb2416b9c5e18cfc2da4937303a2f96bbb5746688bdd32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\f14fe2e2-97cf-4c69-957f-3ab008c96457.tmp

Filesize
50KB

MD5
b58e52ccc614c01055c4395230f85ba2

SHA1
c4c65f289309607e9335e50d4828b9a0d80fdca0

SHA256
c73dcf33a42b7af3ad85767a1f0e40b3b65904ea9303e821f9fe4afd664fef8a

SHA512
d04758d7729a88da7b9ee983a43c6de8b2f554d33e985557ef797713920e2e1324b50891ac22b24eedadc899cc5a3a07a7d9719a5c330b9c3ebef143a823905a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db

Filesize
14KB

MD5
256a52eea61c786be51fa7f82ebd37a8

SHA1
1012d42adcf4e859613a860c703b2e86e8683a27

SHA256
36a2f58c37aed607a21f331082d628748657be595406827af1e261ac8fbb3665

SHA512
cb6d765c10f93a974d7078faf456bf286d23f16571f56dc67b71fdc3ce7bc1db270626f3f9a0dc36e9bb735ac8655b2bd37a8046cdf254dc2cc37d060fe4b125

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\90bkg1w0.default-release\cache2\entries\A585344A45AF937E3AB7D706291A9A3ED8D581D9

Filesize
13KB

MD5
d961b5ded6384bcc25948c896833128e

SHA1
32215cca283f0ed215b7c2e99c7fb71573321b97

SHA256
6fd0fce7e4bfd74a560c16022c16e62e0b6bcfbd5ea0ea169357b034c2fc2214

SHA512
9ae43f14297dcdb0b5dbfb785b168a45c3c17aa19c6141d387ad216db90617f5cf5a69e1c23101a4def6c9611810691ccdb897889e526f95df737a7c9dda91f8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\90bkg1w0.default-release\cache2\entries\E19316B1CDA62317F9DA2551F9B56E711FCC77AD

Filesize
13KB

MD5
70947fb160db2051160235d3ad532375

SHA1
ee113cf686f000d26858da24f3dff3a3cdf56030

SHA256
a007d91e243aab51be4d2c647a1aec0436dcf52da322167e3084322aa4979b54

SHA512
619f4302c7b0ee6a8bc787f897491f265448e886e11737722f937ba3939ea040fbbb8e38b1eceac941b1d54a9f0553351e2d38cbbd5ee34577001fefb6b46f92

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\LocalState\SRPData.xml

Filesize
879B

MD5
5e8f584cd957624509229fcd2feaa8e0

SHA1
0f8958261f562ae75b47d80577b0957d8b0b7c29

SHA256
d74917e275af5e99938193bbc0b51e926f8735cb3f210d21ae27db35377b781e

SHA512
b3f90f42b79994701fecc44eecb66668df9ef4d9210497c39c82327c1a10c51278fd9af79fa86f0ca510aa2b0ff4f831081c48d72f70a146523b63c43955b940

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\9ccb0668-12b1-4e9b-a720-316b0f1cce4e.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_u5g5fam5.a4n.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
14.0MB

MD5
bcceccab13375513a6e8ab48e7b63496

SHA1
63d8a68cf562424d3fc3be1297d83f8247e24142

SHA256
a6af95a209b2e652ed6766804b9b8ad6b6a68f2c610b8f14713cd40df0d62bf9

SHA512
d94483deaae98bf9212699f1ab0bd913f6151a63e65ebc1ea644ab98d5e3ebd74ecaa08f70aca31e11a5d2c64d1504b723817af35bbe9d7b05c758dd6945d484

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
11KB

MD5
25e8156b7f7ca8dad999ee2b93a32b71

SHA1
db587e9e9559b433cee57435cb97a83963659430

SHA256
ddf3ba4e25a622276755133e0cce5605b83719c7cab3546e09acbfed00d6a986

SHA512
1211b2fa997ba13ff926aec58b6b35a81d7fe108b0caa8f4d6369d0a37f8481373b78a4b201651243adde9e2b2699ce929482a46226ff6299b0a0e40fe2ddc56

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
502KB

MD5
e690f995973164fe425f76589b1be2d9

SHA1
e947c4dad203aab37a003194dddc7980c74fa712

SHA256
87862f4bc8559fbe578389a9501dc01c4c585edb4bb03b238493327296d60171

SHA512
77991110c1d195616e936d27151d02e4d957be6c20a4f3b3511567868b5ddffc6abbfdc668d17672f5d681f12b20237c7905f9b0daaa6d71dcdac4b38f2448b2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\90bkg1w0.default-release\AlternateServices.bin

Filesize
6KB

MD5
68ab6cca7f5d08851d24838771577dc9

SHA1
e41b59a44ada40b18344a28d194a4c1680c88fee

SHA256
ef20336f1a8209155c47348d41f4f5bdc13e73b22928e7fbadff38d0af33e093

SHA512
958686a147f1a62bf8872920094b6846cc17adb48371054e13352a0f765552a0a616c4cc7503a4c4ab2bd39d52fa0291edef3af39ace108f2124547e77333112

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\90bkg1w0.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
c8bc72405a0096ebdc750f257b31d635

SHA1
9a571f25289653d35d93dbedbafc9cbd45b2e46c

SHA256
00a58d6e6dc275267ca044e892a5844a998c646c64e7653eed213df59448f96c

SHA512
006621754b77c15b2bbf847817aa2cba32c942cc8d31084288995c195dba0355f93c08a9aabaaff10a06d2438ea7a9694049075d8c51b498908b0d98a4a5375a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\90bkg1w0.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
b4d54f4073cfef2f57c6ece6ba8659fd

SHA1
29479d4fbbb936194cd9400edba883350e4e6abb

SHA256
62bdca83bcb3e18edaf5a2749be532a8e038756209ae06ed9d497bdd54a014f6

SHA512
31b496552a132dbcb52c2c0498be3d0d7c9f86f4121d47220c33d59de4a6a8e4c13ac1dc8884fc947be9355dadc49b70778cf4edc5f51f8dafb14c9abc4714e8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\90bkg1w0.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
387a210f44077a123ed382d0be63dda4

SHA1
fbe27b55cc79a809193814994d6e1b80d2978fa3

SHA256
3d8009b7d9f2faff46fd141d4df6abf768085283408bdb61df681ab318961354

SHA512
0e08a26d2110854a7ca1906b526ff9f7c59920eaf4f18601431d9dfeaea5a930da01ee88fea1d6c0840dcdc6fcc684fe452be7729345196d4499a009a4dcc514

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\90bkg1w0.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
5734b0f76c776ffd84ad4bb4fb3a3e71

SHA1
e2c48665045f4e9b071e1ff68055d7f70d19c8f6

SHA256
b5fccc45fe0ca80a0fc98a5e03da89aaf1b00789f7b22cca7ec29f2ee79b31e9

SHA512
6bd1b9d4f8d87a4185d0aa224b55ac94b6f3665e4ed490e272347159cd6087d58252b30c854dd7587be3fe36e8c0fc551391f987241e134e53e7dd553ac2be53

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\90bkg1w0.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
de022d2aedbd8f055c89105fb1537937

SHA1
5135be7179d6bd410467267329f2fb4b071b0490

SHA256
acf03d0b34a76a153f2880db4c2c810f9099c82444ccb6c59a33097e88ef3a83

SHA512
500b9c9e3d5f0bdfda80b279d63636481ca913784faabd459490cddffdc176c85e0e5cab17b2cc10b717fa9bedd3d2675c96742708c6319eaa18350fb4c0d059

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\90bkg1w0.default-release\datareporting\glean\events\events

Filesize
1KB

MD5
84a3589d1b2a5a3b75fdc4e594face0b

SHA1
83c21871bb84ea29890aa3ec83e076251d6cf89d

SHA256
ae28b4057af542e6334670f8019b16a41884b1154984985a698e5c55e688e2e8

SHA512
a8eaed84c58983a6dc796b2dd2d6b29e6879863fa7520571916a2130a2f429cd3bd8aff92e5093e4b2f9335a724be4d94ebfbfc60cb66313067311b27faaa3f8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\90bkg1w0.default-release\datareporting\glean\pending_pings\275b930c-e8c3-444d-90aa-7e42cc9802c2

Filesize
16KB

MD5
604dbae2f2bfbb6af85f70da37b25737

SHA1
a3603a13d5b401b8c02812fc04149bface4550d4

SHA256
a23a2aa102371e9cecba795053e016c243f12d5bf5a2135fa629ad97da9507ed

SHA512
cd4ca9637897eadff93c374df384ae1001cb8fdf932b035b40396be2bf158c8559f76bf6dac0f4bb61ae669349d4e5b43c0b26103a5a23aea50f407e4b4785a6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\90bkg1w0.default-release\datareporting\glean\pending_pings\4aa491c8-782d-4cb9-b187-4ea70fce3f89

Filesize
2KB

MD5
c2953f61b0b11e9d8c0f12cb06cd153f

SHA1
169c480ea39170acdaf581562e71a53c8b2d4b33

SHA256
5d9b6f6549bdc62714da7145f7386e1c9d283a4b379c67e280ec3ef6efe07576

SHA512
3db9aae560d5388de260b388425c61bf141f618a4e3c2c16027134745378f8acd2b1b754591e9cdc0a13c1167f21a8971272e0dbdb55d9989d62ea0839611e25

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\90bkg1w0.default-release\datareporting\glean\pending_pings\5b56421a-ab0b-4e11-9fc1-79efb9c29f62

Filesize
886B

MD5
fd248e5d875ff590717be7692ced8819

SHA1
5087e1f450ab31384da9a47e15f44c4cae4b9076

SHA256
15cd5e5f0d27da2893bbf164c2bea20e513bced1018d3686ad8e3d08b8f9038d

SHA512
06c3894f7bdb25dc570446c906231fb275c19f46b04e883b1a64cef9477f8887d3fb02b801d4c722b19cf1d3a95cb4df003e040c8bde643709710f211a2668a1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\90bkg1w0.default-release\datareporting\glean\pending_pings\9d359d53-0e53-48b6-b8f6-807a1141beab

Filesize
883B

MD5
04939e98a7fb743720a0722a28c40bff

SHA1
b74115e0994610e3a8252cc3782c7e2b7a3b8b41

SHA256
ba495c05b64b2df8491961b1681be777a948d845fc37b302260365da3f598c60

SHA512
13ef8c927f4952be89a729e503f78c380122a140732c0a33a0a42b997fafd8fd1a41961283c14a74fb9d0a2654f5bdb1967b3ce33f1da6e792cd8e8ede0f8af5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\90bkg1w0.default-release\datareporting\glean\pending_pings\aee1b935-8f48-4c25-a863-0e65d4450000

Filesize
235B

MD5
bc1b56d43ddf80d67a4ed8ad881b2e5e

SHA1
15652356c1908e9472b821273caf29ef94e2f80f

SHA256
0120f17ad1a26c68a441a58a62bbe7c5482d86f3786e8f14875c6eed0e5cb8e7

SHA512
4a9f776f547fb7b0d0c5a25daac89ef3c43a8a719c13cf29b6d998f304da25ecbd54717dd562d050728490c0e8625aa8343d202a6f613f4cb7d9f8d3bb9e88b2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\90bkg1w0.default-release\datareporting\glean\pending_pings\c344bc03-ff9d-4aeb-9e4d-290cd59b9c77

Filesize
235B

MD5
30f6bc5931cd3d1e7520089290435b51

SHA1
c353c512e1b76e0fa9e1decf92eab4fff796f1e1

SHA256
4b460bce1bcd7d1c73de4d194bc89a4356eb4511f930e6606f9ffb0b4d9c9bf8

SHA512
09a5718eab99c92ad7cc415db2110f836070ce110b7d165978a54d76953b64720935b39f9d284aec7cb203026de1a4f1375b3ec064c8bc9ac9ac902f1fc9e68b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\90bkg1w0.default-release\extensions.json

Filesize
16KB

MD5
0daca044d7cbfec2d2143110d48591e5

SHA1
4567f3b9264a6aa440dad2464f6a3a479c149302

SHA256
bca59d3616b7bd3ddb0cebfbdff2747edfcc9b36b371c53e3805d5d5193d4134

SHA512
10c07ae9a4e5e41d31670d00221fe00c227f4973845d3b1a9944973498cf15395ad6b5954f0de439c658456751fc52c3187daae3eb28f19cb7e592afdc5de4b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\90bkg1w0.default-release\gmp-gmpopenh264\2.6.0\gmpopenh264.dll

Filesize
1.1MB

MD5
626073e8dcf656ac4130e3283c51cbba

SHA1
7e3197e5792e34a67bfef9727ce1dd7dc151284c

SHA256
37c005a7789747b412d6c0a6a4c30d15732da3d857b4f94b744be1a67231b651

SHA512
eebdeef5e47aeadfeebdbab8625f4ec91e15c4c4e4db4be91ea41be4a3da1e1afeed305f6470e5d6b2a31c41cbfb5548b35a15fccd7896d3fde7cdf402d7a339

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\90bkg1w0.default-release\gmp-gmpopenh264\2.6.0\gmpopenh264.info

Filesize
116B

MD5
ae29912407dfadf0d683982d4fb57293

SHA1
0542053f5a6ce07dc206f69230109be4a5e25775

SHA256
fe7686a6281f0ab519c32c788ce0da0d01640425018dcffcfcb81105757f6fe6

SHA512
6f9083152c02f93a900cb69b1ce879e0c0d69453f1046280ca549a0301ae7925facdda6329f7ccb61726addee78ba2fffc5ba3491a185f139f3155716caf0a8d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\90bkg1w0.default-release\gmp-widevinecdm\4.10.2891.0\manifest.json

Filesize
1001B

MD5
32aeacedce82bafbcba8d1ade9e88d5a

SHA1
a9b4858d2ae0b6595705634fd024f7e076426a24

SHA256
4ed3c6389f6f7cd94db5cd0f870c34a296fc0de3b1e707fccf01645b455790ce

SHA512
67dfe5632188714ec87f3c79dbe217a0ae4dfb784f3fac63affd20fef8b8ef1978c28b3bf7955f3daaf3004ac5316b1ffa964683b0676841bab4274c325c6e2b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\90bkg1w0.default-release\gmp-widevinecdm\4.10.2891.0\widevinecdm.dll

Filesize
18.5MB

MD5
1b32d1ec35a7ead1671efc0782b7edf0

SHA1
8e3274b9f2938ff2252ed74779dd6322c601a0c8

SHA256
3ed0dec36754402707c2ae4fbfa887fe3089945f6f7c1a8a3e6c1e64ad1c2648

SHA512
ab452caa2a529b5bf3874c291f1ffb2a30d9ea43dae5df6a6995dde4bc3506648c749317f0d8e94c31214e62f18f855d933b6d0b6b44634b01e058d3c5fcb499

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\90bkg1w0.default-release\prefs-1.js

Filesize
6KB

MD5
425fe506696b05628415c51b14bddef8

SHA1
27ab0b2328582fe95a407c2531f433ace9d829bc

SHA256
1ca316dd125454137ed171190a3bbf8834ef64b0a9d51dfe041a31a33022470c

SHA512
7506317a30551328065df0622bb6f86d8eaa9fe75f5e0d3f7280b432a7ef25f7f93243f8328f6385d44db953dfa6c1917c73e3b2c4aaf3cd5d335e34a1afd1fe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\90bkg1w0.default-release\prefs.js

Filesize
6KB

MD5
7545b6d77f3877def531bc7a3f42f5e4

SHA1
451c9f107c559354916f5f8b211d0415fd6b4cc6

SHA256
5f1d9279608ecab631fcdf82423fc8ddc075babb1cfa6c0b4399ceb1a35bbd81

SHA512
ec0cea94fc1d40c80e32df30eb375c20d3d0e289f3ae8bf326fd776c8c40e5098c8e45ee99c8be3c0606b5b1324712a973648043f0e3469f37e5cb58488e77e5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\90bkg1w0.default-release\prefs.js

Filesize
6KB

MD5
98d930866c782a94f40f4b7d2f0a7b20

SHA1
d8af1daef8cbf54a17dfd4421eff828b36583798

SHA256
43f7e28934641650b434fe6b1a2b7325b9fa0c80174efd2a075a59c11619e093

SHA512
6ff8d1789338c6cbe6d2cdcfbee9d93384e73b7d154ed1dbff1c9892bb4a4442dd33a6b44eee5b0b9bf2d34416fdce39a6722d60499b9624a33d635fc83bec3f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\90bkg1w0.default-release\prefs.js

Filesize
6KB

MD5
ae46ea130e93b06a28c97e25502c2154

SHA1
45f0f6f80088d6e98944a735467a5e11ca71a9b5

SHA256
4cbc1d188e5003dd0ae39a298e23d0059bc2b17a1492924401f3751e8569f4aa

SHA512
228470d460ced853b5463fdc1b15001c8d94f461d5bc54bc9c69cca51467edc7274ae3cd7dbd2b04da2505db8f83688fee54f642606ffa709da2d39750f46415

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\90bkg1w0.default-release\prefs.js

Filesize
8KB

MD5
238e9dc7783f6bb90a93ae10de82df8f

SHA1
7096b3a1b22a52b3b1afb7d7ac48ded84c26cbde

SHA256
f814f4a418908fb6ba255f27c19f73c660ad462bafc1e21996cdc59ba0c43c2f

SHA512
798e2d5821ae5bc25d20c6a205d93010bf531424c2efc15d17949d10756654992fa45bfef3cf16a2867ce0e04ec704ab47fc08dde0d86bb97648747300616644

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\90bkg1w0.default-release\sessionstore-backups\recovery.baklz4

Filesize
863B

MD5
a7302b49c72de3f5b713da8a6e0a8fac

SHA1
d253036ce158c8be0f2ccc07cbadb13429d0a543

SHA256
3c26b303d3f102d074e39738185f5c3768cb9afd655f67058dcac1068ffac3a6

SHA512
46f16e0d9cb14df01b462f28e19587c2ad2faaa52f092f65e710c9bb29d1d4acb4b39117d2d4fd7b7dfe078fbf5051511511070eb181f80ac2b78f6a10787336

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\90bkg1w0.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
3.3MB

MD5
094ef7aafe52840696f4c01a23971bbc

SHA1
b140f7fdcbef53d197925ce2f2f6561fd3e4a280

SHA256
6577d1e7b648029e33ef3399ba9bdeda730c258c06eae126a13a6ecc63867de0

SHA512
86d22ac24cff501ba9fc7f90db5e1a332fe44c6c8c05418e8fad4ef22dbead4355944bec852910d8401b800504d8bbd31954dcd2cde1009c7df7fb1636e09ef9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\90bkg1w0.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.8MB

MD5
753a8910cde7216f8e3353a58f9ed24c

SHA1
a97d7a28079f9da08d6704bed7b3db1a36895bf9

SHA256
bcc0f2bcc4e20d8d2120fdb269df27e02a519c86a02c777edeb0777e88d57b8e

SHA512
7a64f39a1788a179ff0098c00ef685d4963b1542dcee21581281c5e009afe5cb0c8d8fd27673b747c7af78175f78a32fde9ec63d2a121ef4462e9f1eb054782a

Download Submit
memory/2424-1782-0x000001F3E43D0000-0x000001F3E43F2000-memory.dmp

Filesize
136KB

Download
memory/2424-1791-0x000001F3E4930000-0x000001F3E4976000-memory.dmp

Filesize
280KB

Download
memory/2880-1876-0x0000027015D00000-0x0000027015D01000-memory.dmp

Filesize
4KB

Download
memory/2880-1882-0x0000027015D00000-0x0000027015D01000-memory.dmp

Filesize
4KB

Download
memory/2880-1877-0x0000027015D00000-0x0000027015D01000-memory.dmp

Filesize
4KB

Download
memory/2880-1878-0x0000027015D00000-0x0000027015D01000-memory.dmp

Filesize
4KB

Download
memory/2880-1879-0x0000027015D00000-0x0000027015D01000-memory.dmp

Filesize
4KB

Download
memory/2880-1880-0x0000027015D00000-0x0000027015D01000-memory.dmp

Filesize
4KB

Download
memory/2880-1872-0x0000027015D00000-0x0000027015D01000-memory.dmp

Filesize
4KB

Download
memory/2880-1871-0x0000027015D00000-0x0000027015D01000-memory.dmp

Filesize
4KB

Download
memory/2880-1870-0x0000027015D00000-0x0000027015D01000-memory.dmp

Filesize
4KB

Download
memory/2880-1881-0x0000027015D00000-0x0000027015D01000-memory.dmp

Filesize
4KB

Download
memory/3112-1833-0x000001B3787A0000-0x000001B3787A1000-memory.dmp

Filesize
4KB

Download
memory/3112-1813-0x000001B370340000-0x000001B370350000-memory.dmp

Filesize
64KB

Download
memory/3112-1797-0x000001B370240000-0x000001B370250000-memory.dmp

Filesize
64KB

Download
memory/3112-1829-0x000001B378660000-0x000001B378661000-memory.dmp

Filesize
4KB

Download
memory/3112-1831-0x000001B378690000-0x000001B378691000-memory.dmp

Filesize
4KB

Download
memory/3112-1832-0x000001B378690000-0x000001B378691000-memory.dmp

Filesize
4KB

Download