globeimposter | a47d52573f5db76b36f37a70290db75d684a914eb773dd102a726aa73deb4bf7

Resubmissions

03/04/2025, 00:59

250403-bcla1ayqw2 10

03/04/2025, 00:55

250403-a9swnsyqs5 10

Analysis

max time kernel
279s
max time network
282s
platform
windows11-21h2_x64
resource
win11-20250313-en
resource tags

arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
submitted
03/04/2025, 00:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
Size

54KB
MD5

778ec99ed08d832a8bc2194744e8c12a
SHA1

ec359a3c19e321bf5c4b01ef7eb64dfcf5851d04
SHA256

a47d52573f5db76b36f37a70290db75d684a914eb773dd102a726aa73deb4bf7
SHA512

567c76792a6fcf18f17d430522d524128af8d102c183690afa8f291d50af608a2b53817bc410600165bd80a06d7338117e0302f137dc53d82e63d8268cd2938d
SSDEEP

768:4itKvuye1kVtGBk6P/v7nWlHznbkVwrEKD9yDwxVSHrowNI2tG6o/t84B5HmbSZf:toeytM3alnawrRIwxVSHMweio3FzZAW

Score

10^/10

globeimposter defense_evasion discovery persistence ransomware spyware stealer

Malware Config

Extracted

Path

C:\Users\Public\Pictures\how_to_back_files.html

Ransom Note

<html> <style type="text/css"> body { background-color: #404040; } { margin: 0; padding: 0; } h1, h3{ text-align: center; text-transform: uppercase; font-weight: normal; } /*---*/ .tabs1{ width: 800px; display: block; margin: auto; position: relative; } .tabs1 .head{ text-align: center; float: top; text-transform: uppercase; font-weight: normal; display: block; padding: 5px; color: #FF0000; background: #303030; } .tabs1 .identi { margin-left: 0px; line-height: 13px; font-size: 13px; text-align: center; float: top; display: block; padding: 15px; background: #303030; color: #DFDFDF; } /*---*/ .tabs{ width: 800px; display: block; margin: auto; position: relative; } .tabs .tab{ float: left; display: block; } .tabs .tab>input[type="radio"] { position: absolute; top: -9999px; left: -9999px; } .tabs .tab>label { display: block; padding: 6px 21px; font-size: 18x; text-transform: uppercase; cursor: pointer; position: relative; color: #FFF; background: #4A83FD; } .tabs .content { z-index: 0;/* or display: none; */ overflow: hidden; width: 800px; /*padding: 25px;*/ position: absolute; top: 32px; left: 0; background: #303030; color: #DFDFDF; opacity:0; transition: opacity 400ms ease-out; } .tabs .content .text{ width: 700px; padding: 25px; } .tabs>.tab>[id^="tab"]:checked + label { top:0; background: #303030; color: #F5F5F5; } .tabs>.tab>[id^="tab"]:checked ~ [id^="tab-content"] { z-index: 1;/* or display: block; */ opacity: 1; transition: opacity 400ms ease-out; } </style> <head> <meta charset="utf-8"> <title>HOW TO DECRYPT YOUR FILES</title> </head> <body> <div class="tabs1"> <div class="head" ><h3>Your personal ID</h3></div> <div class="identi"> <pre>��8D 94 18 F2 E6 B3 2B C4 F2 42 6F C9 25 1B B4 FB 2D D8 70 C7 41 6F B2 A5 8C D9 27 B2 F9 08 37 BB 76 55 FB 3E 49 F9 1E 71 F0 87 D9 3A 81 66 61 35 71 21 88 B2 25 81 84 2B 83 4C E5 1D 56 E6 1E 55 32 63 BA B8 5B E1 EB 5C 2F 50 39 A9 00 D9 41 68 6E 8F 43 B4 5E 4D 0E AA 2E AB 1F 9A C0 B9 3A B7 76 CD 2F 2A 0A 7F 3C 0F 37 81 0F 23 AC 3D 6A 64 6D 7A 45 4E D4 15 89 A6 AF FE A2 C6 33 9B B4 38 9E 68 14 2F DD 86 50 DB 61 CB 1D 3A 33 B7 20 32 95 98 1B 90 06 1F 4E A3 11 10 57 3A 15 2D 30 93 B8 38 BD 2E 92 EB 59 48 AA 51 EB 50 1C 7F A1 8E F4 B4 88 AA 97 4B 61 AA 5D EC 4E 62 29 8F BC 29 EA 4B 25 6E 6E 7E C4 66 FC E6 2F 3C 0B 63 92 6C 24 E9 6F 2E B8 85 84 24 6C D5 2F C8 8F C9 98 D3 E9 01 AF FA 63 7C 04 F8 01 0E 38 E2 1C CC 4C 71 9B D4 18 71 0F 1C FF CB F5 92 00 C2 BC 6E 7B 10 </p> </pre> </div> </div>  <div class="tabs">  <div class="tab"> <input type="radio" name="tabs" checked="checked" id="tab1" /> <label for="tab1">English</label> <div id="tab-content1" class="content"> <h1>☣ Your files are encrypted! ☣</h1> <hr/> <h3> &#11015 To decrypt, follow the instructions below. &#11015 </h3> <br/> <div class="text">  To recover data you need decrypt tool.</br> To get the decrypt tool you should:</br> <p>Send 1 crypted test image or text file or document to <span> <font color="FF0000"> [email protected] </font></span></br> (Or alternate mail <font color="FF0000"> [email protected] </font>)<p> In the letter include your personal ID (look at the beginning of this document). Send me this ID in your first email to me</p> We will give you free test for decrypt few files (NOT VALUE) and assign the price for decryption all files</p> After we send you instruction how to pay for decrypt tool and after payment you will receive a decrypt tool and instructions how to use it We can decrypt few files in quality the evidence that we have the decoder.</br> <hr color=red> <center><p style="color:#FF0000">MOST IMPORTANT!!!</p></center> <center><p style="color:#FF0000"> Do not contact other services that promise to decrypt your files, this is fraud on their part! They will buy a decoder from us, and you will pay more for his services. No one, except [email protected], will decrypt your files.</p></center> <hr color=red> <ul> <li>Only [email protected] can decrypt your files</li> <li>Do not trust anyone besides [email protected]</li> <li>Antivirus programs can delete this document and you can not contact us later.</li> <li>Attempts to self-decrypting files will result in the loss of your data</li> <li>Decoders other users are not compatible with your data, because each user's unique encryption key</li> </ul>  </div> </div> </div>  </ul>  </div> </div>  </div> </div> </body> </html> ��

Emails

[email protected]

[email protected]</li>

Signatures

GlobeImposter
GlobeImposter is a ransomware first seen in 2017.
ransomware globeimposter
Globeimposter family
globeimposter
Renames multiple (8998) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 1 IoCs

pid	Process
5060	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1136229799-3442283115-138161576-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\BrowserUpdateCheck = "C:\\Users\\Admin\\AppData\\Local\\2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe"	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe

Drops desktop.ini file(s) 47 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Videos\desktop.ini	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Users\Admin\Music\desktop.ini	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Users\Admin\Links\desktop.ini	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Users\Public\AccountPictures\desktop.ini	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Users\Public\Videos\desktop.ini	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Users\Admin\Videos\desktop.ini	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Users\Admin\Searches\desktop.ini	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Users\Admin\Contacts\desktop.ini	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Users\Public\AccountPictures\desktop.ini	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Users\Admin\Favorites\Links\desktop.ini	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Users\Admin\Downloads\desktop.ini	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Users\Admin\Documents\desktop.ini	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\$Recycle.Bin\S-1-5-21-1136229799-3442283115-138161576-1000\desktop.ini	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Users\Public\Downloads\desktop.ini	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Users\Public\Desktop\desktop.ini	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Users\Admin\Saved Games\desktop.ini	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files (x86)\desktop.ini	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\$Recycle.Bin\S-1-5-21-1136229799-3442283115-138161576-1000\desktop.ini	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Users\Admin\Links\desktop.ini	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Users\Public\Music\desktop.ini	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Users\Admin\Pictures\Saved Pictures\desktop.ini	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Users\Admin\Pictures\Saved Pictures\desktop.ini	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Users\Admin\Pictures\Camera Roll\desktop.ini	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Users\Admin\OneDrive\desktop.ini	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	F:\$RECYCLE.BIN\S-1-5-21-1136229799-3442283115-138161576-1000\desktop.ini	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Users\Public\desktop.ini	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Users\Public\Desktop\desktop.ini	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Users\Admin\Saved Games\desktop.ini	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Users\Admin\Favorites\desktop.ini	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Users\Admin\Favorites\Links\desktop.ini	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Users\Admin\Contacts\desktop.ini	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\desktop.ini	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Users\Admin\Downloads\desktop.ini	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\desktop.ini	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Users\Public\Libraries\desktop.ini	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Users\Public\Documents\desktop.ini	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Users\Admin\Favorites\desktop.ini	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Users\Admin\Documents\desktop.ini	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Users\Admin\Music\desktop.ini	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Users\Public\Pictures\desktop.ini	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Users\Public\Libraries\desktop.ini	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe

Indicator Removal: File Deletion 1 TTPs
Adversaries may delete files left behind by the actions of their intrusion activity.
defense_evasion

File Deletion
T1070.004

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingNews_1.0.6.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\NewsAppList.targetsize-20_contrast-white.png	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\officeinventoryagentlogon.xml	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16ConsumerPerp_Bypass30-ul-oob.xrm-ms	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib-amd\TeachingBubble.js	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_11.2104.2.0_x64__8wekyb3d8bbwe\Assets\FileAssociation\FileAssociation.targetsize-24.png	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.2008.32311.0_x64__8wekyb3d8bbwe\clrcompression.dll	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\wwwroot\app.appx	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\Images\Square44x44Logo.targetsize-72_contrast-black.png	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\seqchk10imm.dll	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ul-oob.xrm-ms	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Client\msvcp140.dll	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\WindowsFormsIntegration.resources.dll	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.ProtectedData.dll	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib-amd\Slider.js	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-ul-oob.xrm-ms	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\check-mark-2x.png	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\Images\Square150x150Logo.scale-150_contrast-white.png	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_1.0.38.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-16_altform-lightunplated_contrast-black.png	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2012.21.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-80_contrast-black.png	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Todos_0.33.33351.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-24_contrast-white.png	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\react-native-win32.dll	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ul-phn.xrm-ms	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Debug.dll	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libEGL.dll	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib-commonjs\components\DetailsList\ShimmeredDetailsList.js	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\WideTile.scale-200_contrast-black.png	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_1.0.65.0_x64__8wekyb3d8bbwe\Images\contrast-white\PowerAutomateSquare50x50Logo.scale-125.png	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_1.0.65.0_x64__8wekyb3d8bbwe\Images\contrast-white\PowerAutomateSquare50x50Logo.scale-125.png	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.targetsize-24_altform-unplated_contrast-white.png	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_KMS_Client_AE-ppd.xrm-ms	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\security\blacklisted.certs	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\adc_logo.png	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-256_altform-unplated.png	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\wpfgfx_cor3.dll	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Memory.dll	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsStore_12104.1001.1.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\StoreAppList.targetsize-256_altform-unplated.png	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsymxl.ttf	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-locale-l1-1-0.dll	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\BadgeLogo.scale-200_contrast-black.png	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Generic-Dark.scale-150.png	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.32731.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-20_contrast-black.png	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_ts_plugin.dll	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\cstm_brand_preview.png	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_fillandsign_18.svg	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\node_modules\@uifabric\utilities\lib\setFocusVisibility.js	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\models\de-DE.PhoneNumber.ot	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_11.2104.2.0_x64__8wekyb3d8bbwe\Assets\SnipSketchAppList.targetsize-36.png	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_11.2104.2.0_x64__8wekyb3d8bbwe\Assets\Timer3Sec.targetsize-32.png	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.2008.32311.0_x64__8wekyb3d8bbwe\Assets\contrast-white\GetHelpAppList.targetsize-72_altform-lightunplated_contrast-white.png	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.6.3102.0_neutral_~_8wekyb3d8bbwe\AppxSignature.p7x	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstaller.exe	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_1.0.6.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\WeatherMedTile.scale-200_contrast-white.png	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ul.xrm-ms	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.fr-fr.xml	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\RTC.der	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\node_modules\@uifabric\utilities\lib\focus.js	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\Images\Square44x44Logo.targetsize-256_altform-unplated.png	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_1.0.36.0_x64__8wekyb3d8bbwe\Assets\AlarmsSmallTile.scale-200_contrast-black.png	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.2008.32311.0_x64__8wekyb3d8bbwe\Assets\contrast-white\GetHelpAppList.targetsize-24_altform-unplated_contrast-white.png	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win8.mp4	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.21012.10511.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SplashScreen.scale-100.png	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsStore_12104.1001.1.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\StoreMedTile.scale-200.png	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe

Drops file in Windows directory 35 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3612_1760873486\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3612_1418769889\manifest.fingerprint	msedge.exe
File opened for modification	C:\Windows\SystemTemp	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3612_1441858147\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3612_1999558291\protocols.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3612_1569768240\LICENSE	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3612_1569768240\_metadata\verified_contents.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3612_1361641083\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3612_1418769889\automation.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3612_1418769889\classification.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3612_1999558291\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3612_3826105\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3612_1418769889\travel-facilitated-booking-bing.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3612_1999558291\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3612_3826105\office_endpoints_list.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3612_3826105\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3612_1569768240\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3612_1569768240\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3612_1361641083\keys.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3612_1062085149\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3612_1441858147\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3612_1760873486\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3612_3826105\smart_switch_list.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3612_1569768240\sets.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3612_1361641083\_metadata\verified_contents.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3612_1062085149\deny_full_domains.list	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3612_1062085149\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3612_1760873486\nav_config.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3612_1361641083\LICENSE	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3612_1418769889\extraction.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3612_1418769889\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3612_1418769889\travel-facilitated-booking-kayak.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3612_1062085149\deny_domains.list	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3612_1062085149\deny_etld1_domains.list	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3612_1361641083\manifest.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133881156593764358"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1136229799-3442283115-138161576-1000\{AC45DF83-EE31-4AA4-9C91-2C7B7558A3DF}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2836	msedge.exe
2836	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe

Suspicious use of FindShellTrayWindow 10 IoCs

pid	Process
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1192 wrote to memory of 5060	1192	cmd.exe	83
PID 1192 wrote to memory of 5060	1192	cmd.exe	83
PID 1192 wrote to memory of 5060	1192	cmd.exe	83
PID 3612 wrote to memory of 2956	3612	msedge.exe	89
PID 3612 wrote to memory of 2956	3612	msedge.exe	89
PID 3612 wrote to memory of 3152	3612	msedge.exe	90
PID 3612 wrote to memory of 3152	3612	msedge.exe	90
PID 3612 wrote to memory of 896	3612	msedge.exe	91
PID 3612 wrote to memory of 896	3612	msedge.exe	91
PID 3612 wrote to memory of 896	3612	msedge.exe	91
PID 3612 wrote to memory of 896	3612	msedge.exe	91
PID 3612 wrote to memory of 896	3612	msedge.exe	91
PID 3612 wrote to memory of 896	3612	msedge.exe	91
PID 3612 wrote to memory of 896	3612	msedge.exe	91
PID 3612 wrote to memory of 896	3612	msedge.exe	91
PID 3612 wrote to memory of 896	3612	msedge.exe	91
PID 3612 wrote to memory of 896	3612	msedge.exe	91
PID 3612 wrote to memory of 896	3612	msedge.exe	91
PID 3612 wrote to memory of 896	3612	msedge.exe	91
PID 3612 wrote to memory of 896	3612	msedge.exe	91
PID 3612 wrote to memory of 896	3612	msedge.exe	91
PID 3612 wrote to memory of 896	3612	msedge.exe	91
PID 3612 wrote to memory of 896	3612	msedge.exe	91
PID 3612 wrote to memory of 896	3612	msedge.exe	91
PID 3612 wrote to memory of 896	3612	msedge.exe	91
PID 3612 wrote to memory of 896	3612	msedge.exe	91
PID 3612 wrote to memory of 896	3612	msedge.exe	91
PID 3612 wrote to memory of 896	3612	msedge.exe	91
PID 3612 wrote to memory of 896	3612	msedge.exe	91
PID 3612 wrote to memory of 896	3612	msedge.exe	91
PID 3612 wrote to memory of 896	3612	msedge.exe	91
PID 3612 wrote to memory of 896	3612	msedge.exe	91
PID 3612 wrote to memory of 896	3612	msedge.exe	91
PID 3612 wrote to memory of 896	3612	msedge.exe	91
PID 3612 wrote to memory of 896	3612	msedge.exe	91
PID 3612 wrote to memory of 896	3612	msedge.exe	91
PID 3612 wrote to memory of 896	3612	msedge.exe	91
PID 3612 wrote to memory of 896	3612	msedge.exe	91
PID 3612 wrote to memory of 896	3612	msedge.exe	91
PID 3612 wrote to memory of 896	3612	msedge.exe	91
PID 3612 wrote to memory of 896	3612	msedge.exe	91
PID 3612 wrote to memory of 896	3612	msedge.exe	91
PID 3612 wrote to memory of 896	3612	msedge.exe	91
PID 3612 wrote to memory of 896	3612	msedge.exe	91
PID 3612 wrote to memory of 896	3612	msedge.exe	91
PID 3612 wrote to memory of 896	3612	msedge.exe	91
PID 3612 wrote to memory of 896	3612	msedge.exe	91
PID 3612 wrote to memory of 896	3612	msedge.exe	91
PID 3612 wrote to memory of 896	3612	msedge.exe	91
PID 3612 wrote to memory of 896	3612	msedge.exe	91
PID 3612 wrote to memory of 896	3612	msedge.exe	91
PID 3612 wrote to memory of 896	3612	msedge.exe	91
PID 3612 wrote to memory of 896	3612	msedge.exe	91
PID 3612 wrote to memory of 896	3612	msedge.exe	91
PID 3612 wrote to memory of 896	3612	msedge.exe	91
PID 3612 wrote to memory of 896	3612	msedge.exe	91
PID 3612 wrote to memory of 896	3612	msedge.exe	91
PID 3612 wrote to memory of 896	3612	msedge.exe	91
PID 3612 wrote to memory of 2924	3612	msedge.exe	92
PID 3612 wrote to memory of 2924	3612	msedge.exe	92
PID 3612 wrote to memory of 2924	3612	msedge.exe	92
PID 3612 wrote to memory of 2924	3612	msedge.exe	92
PID 3612 wrote to memory of 2924	3612	msedge.exe	92
PID 3612 wrote to memory of 2924	3612	msedge.exe	92

C:\Users\Admin\AppData\Local\Temp\2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
"C:\Users\Admin\AppData\Local\Temp\2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe"
1⤵
- Adds Run key to start application
- Drops desktop.ini file(s)
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1284
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\AppData\Local\Temp\2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe > nul
  2⤵
  - System Location Discovery: System Language Discovery
  PID:7084

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
1⤵
- Suspicious use of WriteProcessMemory
PID:1192
- C:\Users\Admin\AppData\Local\2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
  C:\Users\Admin\AppData\Local\2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe
  2⤵
  - Executes dropped EXE
  - Drops desktop.ini file(s)
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:5060
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\AppData\Local\2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe > nul
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\how_to_back_files.html
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2e0,0x2f8,0x7ffd9b56f208,0x7ffd9b56f214,0x7ffd9b56f220
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1784,i,9891713460448579211,14275186488601190309,262144 --variations-seed-version --mojo-platform-channel-handle=2208 /prefetch:11
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2160,i,9891713460448579211,14275186488601190309,262144 --variations-seed-version --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2224,i,9891713460448579211,14275186488601190309,262144 --variations-seed-version --mojo-platform-channel-handle=2384 /prefetch:13
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3432,i,9891713460448579211,14275186488601190309,262144 --variations-seed-version --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3472,i,9891713460448579211,14275186488601190309,262144 --variations-seed-version --mojo-platform-channel-handle=3544 /prefetch:1
  2⤵
  PID:264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4064,i,9891713460448579211,14275186488601190309,262144 --variations-seed-version --mojo-platform-channel-handle=3984 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=4128,i,9891713460448579211,14275186488601190309,262144 --variations-seed-version --mojo-platform-channel-handle=4200 /prefetch:9
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4084,i,9891713460448579211,14275186488601190309,262144 --variations-seed-version --mojo-platform-channel-handle=4184 /prefetch:9
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=4088,i,9891713460448579211,14275186488601190309,262144 --variations-seed-version --mojo-platform-channel-handle=4188 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --always-read-main-dll --field-trial-handle=4432,i,9891713460448579211,14275186488601190309,262144 --variations-seed-version --mojo-platform-channel-handle=4572 /prefetch:1
  2⤵
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5292,i,9891713460448579211,14275186488601190309,262144 --variations-seed-version --mojo-platform-channel-handle=5320 /prefetch:14
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5468,i,9891713460448579211,14275186488601190309,262144 --variations-seed-version --mojo-platform-channel-handle=5484 /prefetch:14
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5728,i,9891713460448579211,14275186488601190309,262144 --variations-seed-version --mojo-platform-channel-handle=5748 /prefetch:14
  2⤵
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5712,i,9891713460448579211,14275186488601190309,262144 --variations-seed-version --mojo-platform-channel-handle=5780 /prefetch:14
  2⤵
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5324,i,9891713460448579211,14275186488601190309,262144 --variations-seed-version --mojo-platform-channel-handle=5424 /prefetch:14
  2⤵
  PID:7056
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.exe
    cookie_exporter.exe --cookie-json=1100
    3⤵
    PID:6616
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5564,i,9891713460448579211,14275186488601190309,262144 --variations-seed-version --mojo-platform-channel-handle=6520 /prefetch:14
  2⤵
  PID:6524
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5564,i,9891713460448579211,14275186488601190309,262144 --variations-seed-version --mojo-platform-channel-handle=6520 /prefetch:14
  2⤵
  PID:6560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6668,i,9891713460448579211,14275186488601190309,262144 --variations-seed-version --mojo-platform-channel-handle=6648 /prefetch:14
  2⤵
  PID:5196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6628,i,9891713460448579211,14275186488601190309,262144 --variations-seed-version --mojo-platform-channel-handle=6672 /prefetch:14
  2⤵
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6432,i,9891713460448579211,14275186488601190309,262144 --variations-seed-version --mojo-platform-channel-handle=6484 /prefetch:14
  2⤵
  PID:5588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6636,i,9891713460448579211,14275186488601190309,262144 --variations-seed-version --mojo-platform-channel-handle=6936 /prefetch:14
  2⤵
  PID:5200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6932,i,9891713460448579211,14275186488601190309,262144 --variations-seed-version --mojo-platform-channel-handle=7068 /prefetch:14
  2⤵
  PID:5780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4428,i,9891713460448579211,14275186488601190309,262144 --variations-seed-version --mojo-platform-channel-handle=5488 /prefetch:14
  2⤵
  PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7220,i,9891713460448579211,14275186488601190309,262144 --variations-seed-version --mojo-platform-channel-handle=7236 /prefetch:14
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7216,i,9891713460448579211,14275186488601190309,262144 --variations-seed-version --mojo-platform-channel-handle=7372 /prefetch:14
  2⤵
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6552,i,9891713460448579211,14275186488601190309,262144 --variations-seed-version --mojo-platform-channel-handle=6584 /prefetch:14
  2⤵
  PID:6336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6500,i,9891713460448579211,14275186488601190309,262144 --variations-seed-version --mojo-platform-channel-handle=6516 /prefetch:14
  2⤵
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6540,i,9891713460448579211,14275186488601190309,262144 --variations-seed-version --mojo-platform-channel-handle=4508 /prefetch:14
  2⤵
  PID:7000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --always-read-main-dll --field-trial-handle=5936,i,9891713460448579211,14275186488601190309,262144 --variations-seed-version --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:5376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --always-read-main-dll --field-trial-handle=5864,i,9891713460448579211,14275186488601190309,262144 --variations-seed-version --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6024,i,9891713460448579211,14275186488601190309,262144 --variations-seed-version --mojo-platform-channel-handle=5988 /prefetch:14
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5372,i,9891713460448579211,14275186488601190309,262144 --variations-seed-version --mojo-platform-channel-handle=5344 /prefetch:14
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6424,i,9891713460448579211,14275186488601190309,262144 --variations-seed-version --mojo-platform-channel-handle=5620 /prefetch:14
  2⤵
  PID:6620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5748,i,9891713460448579211,14275186488601190309,262144 --variations-seed-version --mojo-platform-channel-handle=6036 /prefetch:14
  2⤵
  PID:6740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5984,i,9891713460448579211,14275186488601190309,262144 --variations-seed-version --mojo-platform-channel-handle=7432 /prefetch:14
  2⤵
  PID:6436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5440,i,9891713460448579211,14275186488601190309,262144 --variations-seed-version --mojo-platform-channel-handle=3976 /prefetch:10
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5364,i,9891713460448579211,14275186488601190309,262144 --variations-seed-version --mojo-platform-channel-handle=4076 /prefetch:14
  2⤵
  PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2940,i,9891713460448579211,14275186488601190309,262144 --variations-seed-version --mojo-platform-channel-handle=6100 /prefetch:14
  2⤵
  PID:5248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5652,i,9891713460448579211,14275186488601190309,262144 --variations-seed-version --mojo-platform-channel-handle=3524 /prefetch:14
  2⤵
  PID:7140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5648,i,9891713460448579211,14275186488601190309,262144 --variations-seed-version --mojo-platform-channel-handle=3256 /prefetch:14
  2⤵
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6072,i,9891713460448579211,14275186488601190309,262144 --variations-seed-version --mojo-platform-channel-handle=6236 /prefetch:14
  2⤵
  PID:6680

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:5024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\how_to_back_files.html
1⤵
PID:3644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\turnOnNotificationInTray.gif

Filesize
2KB

MD5
cacb80e09db102dcbd90114d46a2b059

SHA1
ee50d7518897cbdb9af0a882625f45ad1b31f832

SHA256
a1c78ae199ef0b7660f9e2784ad590ae375f70f512a5314a6209acf3e3c0892e

SHA512
d1647d39827c5a1949803491cc12b54fa2d525ee9135917dc37ac928e9d53df9525e4abb3a5c4a606ad5a6ee7481501841ce64926b378f68506e7d6b463f78d7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\RHP_icons_2x.png

Filesize
3KB

MD5
3514c84f96477f92718efa49bae6a062

SHA1
ebf28dae7c0766e7d78ab52981e50ad9e2d08557

SHA256
76d305f15977fb1aa0804ad9b48fe3a152c181fee70116e18bdd4db95843d945

SHA512
7bba3a7cdca804ad4ce03f65d5549b1e24c2d43b383ca25456d426e3d782626705521855f4f7441412514720c1d577a31a87447fe97504c9ed06882a9e56e812

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_folder-hover_32.svg

Filesize
2KB

MD5
3b2d556317ce2195bc88fc23ce1ab995

SHA1
2aca0ac82b678ea38eae6bfe05227c4eff71d7bd

SHA256
b275cb7d7121cf8dbc6af5f3e5edee0cb1585ad6e31448b26d3229e3247be36a

SHA512
ee5b01962f70114a56375661ab6b41ab9ae19f544c5d25c9f4941269bdbae9375714baafaebcc23f2e3377102f9876118d344e42e25185822fadd3062f9c1784

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_gridview_selected.svg

Filesize
2KB

MD5
6e0893b8afbc85bb47dfcdb485650079

SHA1
58c24a122e89630dfa103453d777965163324e2e

SHA256
efec21d025a148e2bea927512cc507dc4102a864971321e1e12cfb8e28bf8d26

SHA512
76c748a7760b814683a2b87102f73808b14958f6829c384b08885a4b09b5696d4c7c9450512c527a2472eae71c8c48cd90280b44c2d68c3ae370f5a60a963fe7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\apple-touch-icon-57x57-precomposed.png

Filesize
4KB

MD5
028190ba7763e62925c2700ac66467ce

SHA1
7e88c7c0e1883d2ac60fcf2cfb04893fff5912fe

SHA256
a7ab1c3f319bb831790c0e3c57d13e75c7bc4db7758585a1d2f9d51ebe354109

SHA512
6d27a710f3901bebdc0616816755cfbe58859270a52701378a8fd349d22644d2f5a55d1ee869caf7532d0de2f1e0e2a1f6589cfce38d287925560a132924411e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_ellipses_selected-hover.svg

Filesize
2KB

MD5
ac6cd01dad21771d184665b0939f5d83

SHA1
bdb65d931fe618c008106edb2d5a11e1970554d1

SHA256
5e057adeb7353110d5502d2196f0e05aa7081f2f57ef3681d31f6b18c2043c33

SHA512
42f9ecb1047fe49003868c66b8310caf2b75a10c2916fb00967894f36e8485f1772b08b7d4349f65f4612cfea47b86823c9f1701e6dcd5247b602640a816dbf4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_folder-hover_32.svg

Filesize
2KB

MD5
1f668ad3c7357d575ad1f7e1a07f6a03

SHA1
fafb73f52dcd5fd08679d96337585634799e38cc

SHA256
343f597fa2d67e81947cfca2856b5d721da4df8b70683ca2c4c085dd77a7ee9e

SHA512
717854d2a0b032dbcc143729770e0ef64181edff79a92cf9f43237ebb855660205fd08fab722d7eab768f255423ff29494bdc4d1aef9033bb9d9751f9df9f62e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_organize_18.svg

Filesize
3KB

MD5
1e6c45f725d788346beba2fb9b31ef5d

SHA1
19b1080e9e76e947f4a3bc1da32334a28d971dd4

SHA256
ec8a72f48b4da35f12ba9d9e5c9d493d5b62a87fed8d10f8b6bce63aa94ee2fc

SHA512
310c53e8b2f18658c24d3037acd6a3f7be6fe54cd81615391769f427c312e34077bdb62801a7f47ffbfdf1df704ae68e15e21128359d1aea611f8385fc74d67f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\icons_ie8.gif

Filesize
9KB

MD5
ae49c1c3a543a19b7ed1e4870218c5d6

SHA1
346b0be80b424d9d48fe1fc9cf3fcaf2b81b4247

SHA256
7fdcf4e11ce6f95a2a5075e1f5b01b990294fbf81143527cd3fdaf2c0238465a

SHA512
250ac75de6297c635ed38d60142095bfbe4155d6ba00e58e3a6a9e170d2e4dec91276cdbecd736a4b75549b60ee8a64488774e7559c0c84a1fed6842f868bedd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\fr-fr\ui-strings.js

Filesize
5KB

MD5
81b003c1641c3f77ce6b42c4a9a64f39

SHA1
c90ce1ef5fc2936a7e3de52c0045a2df9e76825c

SHA256
73566bbd1b25e150fa70b60e33eef1269005e8483a203e6a06efe1dfd01cfc08

SHA512
43814d3eb6ea35219f5d7135f2f1c0f2c0e0efa10159ab693e46aadbce43c8bf0a314a214777f865105ea8d5d37bd1b324434da781439ae15b9e2b96996261e5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\nb-no\ui-strings.js

Filesize
3KB

MD5
ca7d5fae16aed984b908ff2c8f8c31fb

SHA1
47ef1e90a13f5c30139e075ad5b97d7633780bf9

SHA256
75d745adb0e4b5f884e272869c294093d44a6cca04b8c228bd05f0d24dd086ec

SHA512
3c90963770af23510bef93c83b9a32fe1820d4d960966798b9d682562e136e5a90cf78ef30d88f2d174ba53457f943787ed981a9c9d3f04b6bee412a84e656b8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\ru-ru\ui-strings.js

Filesize
3KB

MD5
2f90b47af01df9ce7ad51936cae19376

SHA1
1a0b5b3ada9c7306a86631b4f5c7b412d9b6e100

SHA256
3b2c1c85fea33a9ceb48341b5ecf2e0df2a9bcb4bf57bfd5babb6d94de6d5910

SHA512
afbd9cf23eb6383836446ba1b0a2b5a80b5292fb76bc6182e5ddead95c72b297bceeaa084a819470d1d30ad960b71783ee1adbcc81f8975868f106f90e52a903

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\themes\dark\[email protected]

Filesize
2KB

MD5
030dfffdd2222295cfcf91dd18370ca9

SHA1
14ac48944466b26831f5eaf86726c852d8aaf49f

SHA256
90f7e4b019bd54f6d2383ffbd31ec4739abac47639eba79778e8fb0195275fd6

SHA512
a9c28a3af7a7e94b3c260862367f043b3c89b73af168191c5a58939d90867c1eed9dd8af04a7be500d7d4b1361e45222c926d5faf34f2dbeddea8a0134889082

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\en-il\ui-strings.js

Filesize
3KB

MD5
ac853edcfc03c56d946aba9189889a04

SHA1
b50847aaeaed274251cd03a06c30c8e2cc1264ac

SHA256
586429eba85a183ba931509b569c2566eec781ad095410e21bd19d0ede733f73

SHA512
5ef6036d3fdbf249515f87221f7373ae9503eb9a550620662cb47f0be9b6fa673e9324a9e72b54561aa82eec5410b44aa0322027aea48f57f567710e49309db4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\icons_retina.png

Filesize
16KB

MD5
65f040737b9e64d3453104b1288ea0d6

SHA1
e4654b35ad12c3c1af0b8a6c9160cc4f39b39684

SHA256
3ddc70bb4cefeae18e6448be7d60956fed6a446b83ba8bbd360b67229f1cf37a

SHA512
f52e37ddd70d620094a8d6e085020036f342206c2a0db5de1f87c83f815e5d12b90aeabdc6221a10c7ebe19870c6fbdf059bafea937be3602d383041273ff609

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png

Filesize
10KB

MD5
01ee3c64ca2eb33b19ee1b3202ba6341

SHA1
464a431daa86af384ec33d0168f9605efe88e943

SHA256
21059248f4ed13a1dba631498e78a0d28a2659082a12c8137d5e01a40f17e377

SHA512
42ddb6799c4b6704ea24b92d605534ef9ffd39f62836a718a3e75de53a7fc120ca027c24f2ea81c462b07916019d4ded189f7583a24af25056a13468444ee391

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\themes\dark\illustrations.png

Filesize
10KB

MD5
2cc82d28eae934c5f995e4e4b7e172da

SHA1
c7e846f886e568327a035b10e4c5bb4e25352606

SHA256
4e1c1eb70d382987047df24307df40583f437b6214702be8d3833f478b905d0f

SHA512
de9282b828fdac781ac6c783dbe25066b5e18fd1d91038c4129b3eef3256d739fbf9881a8fd5e79abf9e012a0f3abde194ef6566b0ffcb8f81f2ad42b4459a3c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\fr-fr\ui-strings.js

Filesize
2KB

MD5
54f167b589e5488bb816b2dd6239a0c2

SHA1
431c891d92f6d1f03cccca35a45c3bf92c3d077b

SHA256
4298b3cd1feba76ea6ff6fed92189edabd69ea6459aafb53b72b96b174c4799e

SHA512
b407f1e058b0d5c3a5f925d3ff4ddc360c07ac9c9fc02ef2fc0effa9bcd67bbe99028f50bc403a7d8c179d3eeb3fd0cd1ad928d9f9477b1905f9a0b9b16cfae2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\[email protected]

Filesize
57KB

MD5
f02c9336079b109c75ec78df60bec9ac

SHA1
a7def913d4bf8ba351bb038803f20d4b8dbbce0f

SHA256
0c396be0f8ee380ba7a7bcfd9bf512af0b6c448df75f1287c634180a914d27e8

SHA512
77158983a27cd56425c76371431d5ccdc4e5a3dc87fb267437b096ed13a8eaf1d577587d7f7081ce97ca0b8907dfd8dbc9d71dba5f85bd6d98e96ce71081fbf5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ko-kr\ui-strings.js

Filesize
2KB

MD5
e5bb65a6b2aebc87b4b8d28da35cf9ab

SHA1
b8ffd7a76c24396b408ae5c3fb8767330fe9930b

SHA256
f0925375d144d7c3422fab4462e839590590434fbdaf5307ef42d484b8391731

SHA512
e41fd3986a242a97ae1add4b13e831869ec134f48ad48871f55fb9ec83dd1b537448275efed256213469abd947234c81d6aa0074ef2e085112d58b7e160fdef5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png

Filesize
4KB

MD5
fc350c4a134cb2fe350d6b18937d6886

SHA1
7affae638c4afbbf77a93c2439ee758213aa6a6f

SHA256
3a13674b4b36860ca47d05aba5457f6519318d2c4b2b6614b85c745c41350e7c

SHA512
ee0d4067b5a623aaf382eec6666b8a1cb2a0c9dae3409894d72083af825de12baf5f0c80d1430f8566ac9038a0b582ab58149e0b3092245898fcb735c274b465

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\CompleteCheckmark.png

Filesize
3KB

MD5
d44c340ef70e5f0eea7f53f59b94067c

SHA1
201f47fe647a807d85f83a644fbffff95274c7b3

SHA256
0abc86f563ef10e6ff0942c1ded11992dbe2bb71a5a8d90926e5a90469e2717e

SHA512
fa94e156cc00c7fe926047ac033064ce38ff4b576a603d0895267f3c1d9e8e6f43c064a1ea6015d5f7043eabb7a54fca890636e7bda02683a6b2cabce1897fbb

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\CERTINTL.DLL

Filesize
23KB

MD5
598a46dc35c4c64fd170c3a545ffbbdc

SHA1
6e3dd97701b76c7d43696e5a6bbdf8a83265463b

SHA256
e048a8d889d321c46339f010321ddf3b40d0752efc0cc2291ae39d943c75084e

SHA512
a2c004e4d6885f0ec21a3a7ea804646ecab2447b8b61458d3a4667d4724672a45b74220e7f593f5331780dd283ea3de3d539bd401f8db1dc46e6ea109a409599

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

Filesize
1KB

MD5
36c0dc892caaa006b3bb9530ee1a4add

SHA1
f2d76e242b52c118d2d47215d8a8a10ad2369655

SHA256
fac649151fd15eb90b608259c5f42226a99b8c96f18a66ec513e31632261e416

SHA512
966b7ee414ba9ceaaaaf0060f1a24b696da008773803c9729fa88e9d2a0c4d230b42ab52f126f65dbe28c78abc9a4f3c6c23519405bbf907deed6b05ce4f7db8

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_COL.HXT

Filesize
2KB

MD5
872bf8d6e1b8fcde7e13059bae07b3c1

SHA1
d27557bd24c8c6ec271073eae2e86d6520771d83

SHA256
ce0fcfc6b17d8dd6d22bed7a4b63cf705794eaad0f7bb21ceaf0969b529df0c3

SHA512
85295c6411785f6e4e611d0a662cee9779164d0728e64343d7b4bc33c625910fd4584cb66778a61496af4ca772737695e70f9a4c79cde151ce45d318a415f2e1

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE.HXS

Filesize
246KB

MD5
01d99068830cccdaa48f2402a6b5d0c9

SHA1
d722774561a3c0e6938fbeb12e9aa2990d8cc1d5

SHA256
71c79ebd4df30eaa7e257e4a92f221e98839c20698c59b7c9639924873345ca5

SHA512
14fe9e95a102994d373d0b42740f0ad074151da7fcdcaea96e8efb51b115d95e97a1a72b0e818c204dab5695fd99048c2d35b0bc57a44a4d06ba1e0f5a6dea9e

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.DOC

Filesize
21KB

MD5
34e0d13a9291068f58a093d863003a90

SHA1
154fa0d492fe58d705858dd026e0421711c90567

SHA256
3224fb8b9d43ffb1925b2367ebb93edae6a744b8648c555e613c94567898c9fd

SHA512
99ea9a19fd3c29cd726d7abcd58a8eef3f7f7951c5ee64a5f8fc89aec6a0db966c25d32259c9edc01c92b13681183358e762cf003000a690e6c8b38fd9b9e56d

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\officeinventoryagentfallback.xml

Filesize
5KB

MD5
2260cd00be7e5f9d90d6d5a801d12f83

SHA1
3d8ecbc6a3795f2e59ca2b835c136340c30bc710

SHA256
e01339b330427e92955983bc9c4282296b79dfe66f55bb61db76b3031fad9a10

SHA512
b0ddc75ec61bb0bfe346cb9a7ede3dc88a6617e3721d96677def30329c71a2f4fc0575ab6ade004ddff867db3fdcf6c471a5b37792110bebcc2a18ed33dca5e8

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\officeinventoryagentlogon.xml

Filesize
5KB

MD5
4375699661c7f8ae637b0626302fb6f0

SHA1
d86c84814fd2cf3f52c4682fc118ee59149c4d74

SHA256
7ae97887ceb27d45e02adb9db8fd4d52f5e693ff95ef024ee7013fdca03204d5

SHA512
1dfb2397b40c63fdc2682827c9c150697c143a04156d8979ec8624d143f481cfd9e91776d81c1a40f8e879c82d942e86180361fdc3691ca4b93c6eda30e0053d

Download Submit
C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-80.png

Filesize
3KB

MD5
f186d2afd2b00c960a06b0c908b6449b

SHA1
d422de55861ae90dd138f282e1e1546a7a46f6a9

SHA256
73efad75464ba710325b0a33d414f970e69ab5383c3219f40071758d84d1b399

SHA512
d88b0de254723cebe4a673d4283973123299b456a9234fa5ebdda65d5f019d75455123f1da8e94ea12daed9488815ec285c36f692dcd7115cd75385996874e7f

Download Submit
C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-80.png

Filesize
2KB

MD5
bb198a08217f8856b3bbcfb34891d909

SHA1
a399bec300e7a39e73e5aaaae6d7c36dadd6abc8

SHA256
ee037a6bfea2c2129552115bda975dc0917f20bcf6512f346b9131d7b93befe8

SHA512
5e14d9b100aee3eb810fa263e81f87e7bc93ba36a0bdd7b8fb80ee31e762abb37ce3531a68d1416395a1bea4287cb28baae6e8b9ad578b28b5b44e3abe1c1504

Download Submit
C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-100.png

Filesize
2KB

MD5
dcb9701f14ccc83cca5a21857abdf90d

SHA1
f641a73949d7766d863f40063c9b887d9f00c7c3

SHA256
2a0395ce6affdcdf2b4a5c7c6427afc70d67c6c7424c2874d9b9e3d924213ee8

SHA512
f23297707193f8fa737b0ac048be08e4707dd5e55f46f90df915991e27c41372b5f60f5bc6749e189137bbfbc13979e4d68498d736dd63c7a671dce9852b370d

Download Submit
C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-80.png

Filesize
4KB

MD5
a143f24b607430b12770fc6111f6bd33

SHA1
ecfc7927b1b3568315e0d80336a92baf8b6edaaa

SHA256
c6ff6954772129e601134c67a103b5f33089dbdfeb1157229d85bacf4b809596

SHA512
247b7538568190de7e34c1efe00797a2fdaae4f0a3a552a41444639a0d26b01850c4fb67e08db77c622f6968502c69f83d77cdc7c112a6d2ef84d4176e87333e

Download Submit
C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-100.png

Filesize
4KB

MD5
8cc88fb589608752f812fbebab03cbfe

SHA1
d309c2168ef2f370d8140f973e5709f93e2af8d6

SHA256
a9b49d12c4a970126aabc99359bd90525964c580462ae9da3692799fb897d675

SHA512
3b0a3c9657144c775772cbcbec6598ca2a7119d5692f0d5e603162ecb57e08f8081143f1e98320542dc271cf3330db32ec5220248c8964a2e163a529a4967a63

Download Submit
C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-140.png

Filesize
2KB

MD5
a555456202719b0a95890e2e079795c1

SHA1
58c212d8fb0f91889b92fad3215f7c77882a1f97

SHA256
5049aa0a981f32d956e97c0256fa05059542f9d471279d5f2f9b501345afced5

SHA512
92d83ae63fd68c8a90981ca0d18e6f7123371c7b62466589732b78ac3adc1da4d0cff6ff9d3f463547cbd42c85b72202f3f2e42390a042794e9d9f223e60bfcb

Download Submit
C:\Program Files\Microsoft Office\root\Office16\MEDIA\CAMERA.WAV

Filesize
7KB

MD5
5861df37337fdb8ce7ed517030330cbd

SHA1
1dc8959854e64d4e4dfcf3e95652a03e08f6b3fc

SHA256
97ff9564970be42fee9231e25bf78370d4b6dc7b8c9a4fa84a9ba543649046b0

SHA512
913bcb05839a5658405d7d73fbdb6a1d33b067c82b38d90b13a17fc72f341747855714f90ff23314d380ce5a1b234fa92d1e6a2165b6eead7f0644fdea398854

Download Submit
C:\Program Files\Microsoft Office\root\Office16\MEDIA\LASER.WAV

Filesize
3KB

MD5
4cf27e474af133ad550df361c30cbe4a

SHA1
b62448aa1d089e8206f798b8ca72a86d5cd8cbea

SHA256
1d356541f99c03b21cf4e0a0ac859d1f4f1cc3414061f731f728748bd602f327

SHA512
599346615ccd180161a1823d207ba6a122d96aba89e3482db06fdc3cff289bafaabd5f6af99950e0f829d18f89d8aa25bd5790118b3e1d51be6fe2ebecb9c478

Download Submit
C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL027.XML

Filesize
36KB

MD5
190c717075ef7ecb18f1fe668ba56bb5

SHA1
aa83b9d4d473106912ea4d613fae3b0056c607bb

SHA256
24b46af679a6d4838c5d90d1c297be59f7f4ac237fd5ff31cf68e3b2cc737077

SHA512
68877807a870ce95ced19e03e1bfa75ad03f701f2ed7006aa02a73a9bc5227b1a7a3d7d1f31dc3e3e1a5df56db82faf8981dca993e830e189370abb43b57b6bd

Download Submit
C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL119.XML

Filesize
41KB

MD5
52920fb5999af3c9376fd4edb5cb6b94

SHA1
9a665628c37d93039660a21a4d79fa649e54af3b

SHA256
1ed0b70a484d7974e6dffc05eff144aa333d119135ecd87a21a41cee45e34af6

SHA512
88313eccc5df17117847df1a62fc460d379f0e9d01ecd98806ffcd3f2765842ed58aaa89cc1a30049b9f92b7552725e3193abfb659625351b2969f1c88536640

Download Submit
C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]

Filesize
2KB

MD5
82ded07b73180587d57aa5100f949b1d

SHA1
ca85de5c706eae315080ea54c56637bae4867f56

SHA256
09e15b364816b4c31e6217c5228c1fb5ed0d066695ae820b0c9f687a4e31ff0a

SHA512
f7d7b4ba8b2f353baafe291c4487e947ee97c9a0930ba73ddadb57e9f607b46bc37fc77f649bf8b75952869f554a878bc2ddd75c235518d3fdfec1f0f335fe96

Download Submit
C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]

Filesize
2KB

MD5
d764151caf7b9b49cfd2153c9cc9ca58

SHA1
3973eebfed7c75502b97c4b6f565f8e90fafaa4a

SHA256
0b2a9e7176982b8acbc574a404c8d444d0e667af5ae933c9a1237450225ceea5

SHA512
55f2994a21d7d661132c50c41bff2023d77e2aa262d2188bf8df5460efc46853e58a944959804fe030a0e211df80b7bbd64e9bcc2e6068dd535e5e4870e297f3

Download Submit
C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-linkedentity-dark.png

Filesize
2KB

MD5
21ae5c6af5c796912d121130efcd298c

SHA1
79d098babe74c3bd5e5f04ba1ef54bcf76297546

SHA256
d40c7a1f8c909fb69589771d7607820726c5ce4d69b9f1bcf621b51304f33b0d

SHA512
6e24a6ec1868538d31ff7bd583a2013d8395b4b15096e22da7846a4ba2e337da62a4894dae8237ea9a24a8c9ecd4d1828945bb316220f9b6939343b982adf555

Download Submit
C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]

Filesize
2KB

MD5
016baad8571495e26a7cc286c2ddbc6b

SHA1
8990058335eba08e958429395a8340a858ac90b4

SHA256
dc706d0efede528cd90ac52d9a5fee4c0b6683d989ad13513f65f47509f479d6

SHA512
1f19292b4fb13a7e23e9186f68a966c94646044ea5e1fdcacf6c1c58862e971cf44b2f0969a445dfa0899ff5f9232560ad6747da711cc6f8bd19e9394b19f702

Download Submit
C:\Program Files\Microsoft Office\root\vfs\Fonts\private\MSYHBD.TTC

Filesize
13.7MB

MD5
05a46b70c9156c4ac111f6cdc96a2c21

SHA1
7746986cf0e84c5874fe707dafc25e8978c25fe0

SHA256
b06222e7c13b9f89b4e782720f5b837d64ccc9abc04e5a4af80dae6a49b6344e

SHA512
3f439afaf4c30e10a91b25d5570665d79beacf58af958740ba0164ffa1b9a0d41001a3aeaf75b71aa2b156525a4a6a08824b756da6473803c9f4ada3a4426340

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.FileUtils.dll

Filesize
117KB

MD5
482010c6b588d53e6c0618967dbd450a

SHA1
8bf933df37effd3ce4163ec96c19b8322efd94c0

SHA256
740621b66c9b78d8f3a52766fd7da1474ed5ab3e98ef35a4fab1e6a057c89c92

SHA512
db8036329a39494827ce936f75dacca9af8af0b8577defe96e1981064e9b8c8d924c7834c9b552333747209f39e3625ebda6f95b4da5479efe36b4a450ddab97

Download Submit
C:\Program Files\VideoLAN\VLC\plugins\access\libhttp_plugin.dll

Filesize
75KB

MD5
d9ff4b99193e59275a4754490c457867

SHA1
b18bbce24151f06348d4aff60f857117ebfa24cf

SHA256
c3cab8e55bd052fb4f3295bb39cb9f99ff9eea7a5379955badf5a76aea9c5b3c

SHA512
d3e2d11797a0f9b2194090c45c8709b18213e0ec06f619ef19fe3ab4d243bb22e54db17964039d89c99773e79e5f977f01737848563258694f254a373bc9a487

Download Submit
C:\Program Files\VideoLAN\VLC\plugins\demux\libau_plugin.dll

Filesize
42KB

MD5
4338d2b04b14113b4351fc43bbbbc35d

SHA1
5c490c11484005b96edab4a6ead69aea9cc79890

SHA256
1a7b115ffc2a245996c3a358eced1514eeb673c48998e5965df09731942c1be5

SHA512
29183ee54a8e99ca15c776a57b6730a27dfe9a7667ca13f65bf038f5d819c130fbb93f7bb1f463c75cf3a2d473d329f27d9d7d7800c7e191c0f94e7939b591d4

Download Submit
C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmagnify_plugin.dll

Filesize
45KB

MD5
efd33a5bf1b1276095c835c1b6056f3d

SHA1
ae65949224ca4e162cc6321b1ca02a97aeb4a442

SHA256
82ea1d040039c226eb533a91f3191b9d80cf84ab7f48ffa416565aa9f9365db3

SHA512
3f2ab0ac0bdd72d786d7ee0d9beb7ea8c8551c53a60176484d8a3f8f80aa20f3fb35b95cf577af738d3b09a4db141ad160026cf617586411b1a73a4563e9ca1d

Download Submit
C:\Program Files\VideoLAN\VLC\plugins\video_output\libvdummy_plugin.dll

Filesize
43KB

MD5
6a67df91ce1710e8c4ddba765e7948dd

SHA1
8de98ef350dccee90a9574ce321ac87822825e15

SHA256
1321f37fe8e42adb7c1fe8a54f995d6500e22906282e9316aeb39420b469a67b

SHA512
2dc210d22a2d5e744efbb62f85e9cbacac8db14f0cd05a9951cfb8cb0b9ad55b9cc54b018fa8df0b6e20edb3e7668a0d13e805b04709f3f5f669315198d84987

Download Submit
C:\Users\Admin\AppData\Local\2025-04-03_778ec99ed08d832a8bc2194744e8c12a_globeimposter.exe

Filesize
54KB

MD5
778ec99ed08d832a8bc2194744e8c12a

SHA1
ec359a3c19e321bf5c4b01ef7eb64dfcf5851d04

SHA256
a47d52573f5db76b36f37a70290db75d684a914eb773dd102a726aa73deb4bf7

SHA512
567c76792a6fcf18f17d430522d524128af8d102c183690afa8f291d50af608a2b53817bc410600165bd80a06d7338117e0302f137dc53d82e63d8268cd2938d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\43b8701a-0835-436d-a2b7-8b3009dc5b6b.tmp

Filesize
30KB

MD5
74bccc572f626e5dd6560b34ee7b78b8

SHA1
fae56503070dac21876dfd00d05090b0507dc78b

SHA256
1d3979d121ef111f1804664e1aa516bf17306814d4257e90af5216dab008d7db

SHA512
bccbafb8554f3aa33053b7002a57f1ecae5d75f087d63d21e639ad5df23282fcf6b18c222e9cdbc8b818237b60d79edfd7a1d0f35df23cc2c75dd78eef18c29f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
cbc9fc2d9ad2df85283109b48c8e6db0

SHA1
721ea0dfafd882d6354f8b0a35560425a60a8819

SHA256
7c21b286b304b2b42ab3502158aef04892b60c63007b8ed7172dad86a4bcebbe

SHA512
09594b5f33704cf367960376e5abc8cbfa7baead59c3f199ffd365a9a9c2159b45f6596d597ebdd033db5436c000faac3c5b2fb39e97fc17b102d03831265609

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
046b1cdbd636e82e7711ea1fde31d7e3

SHA1
f5fa4183cb259a99b4148ee957a5f76e80a77ada

SHA256
40328502d95af4c1db45d98abe8c4e9214d80a8df7f0b8f19f81edd5e121f90a

SHA512
460ba5792f0df64289ff4057d04615973a7844b2fd2c14df554600c141d720fcf13d9e9c8449ac57e50fa074a81887437918970881b4d48f7a7ee3521bac8eb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
b12c31cc25b5b7b5c31c12b38aeac4b6

SHA1
a197acccc97e2a489482776319a4a10b23ccc4fb

SHA256
ba73c741662be4541544e5550856e20eeebdfefd64a2da839a28f3c7d855c01f

SHA512
ace70dd5c108692e890944020208db78f18163f1731f751c207bbdef9f843798991eb550db242625100261b61df5f80c1a035629eea7e9e57e59b3a6c67b3163

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
7ebe8bbe91ad06a2f83ba98d29445215

SHA1
5c9f19ebfd92c3046ed700e30c89b5626be209e9

SHA256
95d29cf033732733ef1e5739721aba774fa60f4f9228ab65fa96fe8fa4f28906

SHA512
901652cdadb958490f0145e58f47f77eeb82b3ab46f28b62b0574a2c65844c6dc03e8b75af31cb9508bbe10a79be7aae82f94dda107f3a121d953765e28e4d0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe589c4b.TMP

Filesize
4KB

MD5
6af9fbd51144d27a89f143924e455780

SHA1
a371bdc12c7eea53760feabd0bd35df987ac7b4f

SHA256
9fb19b8f4a6dfcd07e8700409563f22cc360a18f7e0f173a8f6bc7db40af22a7

SHA512
44befdc8752776804b93b36a7d8bd7b84e78a444b3284d5c86b23e0c2847d9824dbcbb96f57944625c761179c742c84cc045d7edd3e63c00bc79361af23226da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
69KB

MD5
164a788f50529fc93a6077e50675c617

SHA1
c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48

SHA256
b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17

SHA512
ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\content.js

Filesize
9KB

MD5
3d20584f7f6c8eac79e17cca4207fb79

SHA1
3c16dcc27ae52431c8cdd92fbaab0341524d3092

SHA256
0d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643

SHA512
315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
2b66d93c82a06797cdfd9df96a09e74a

SHA1
5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

SHA256
d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

SHA512
95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
4dc2fc9e16b3a0902e1017acd93cb7e7

SHA1
58dc30f604121ebf551816250dd641423fc31ea6

SHA256
2f425f2c69d5265101d94fd99261de233424e24210fe1c9f74d8d37b082dc3f0

SHA512
23a5071a95078c408055cbcfeb6fdb6d8b77e6c879454c2822d6608bbe256eb851a71de5f579351381844d164ad2a2a2d3639436e7efb0e6070cd7e5a30d4aed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
09e6c01e52a7b7771e23ade9766ec3af

SHA1
b3e8ad4957f177fe0e484ae96007f7951351aa36

SHA256
954fe4b0a483f5f0102682de4490ad020ce9b48ac586d34e6eecb4c82914eb5e

SHA512
809b479315eaa10e6a9047d3870c8e390ee0cb1e04b4dc5cd41e3c5ec7a69d7562fff5aa29ad89ba70e5bc05239032ec67affc98a7d421ca748a49da64a6908d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
76bd6562937ada2ecfb960e524ba7f54

SHA1
26e48448a9acaa5c11ba057a363dfa2b4df8bca0

SHA256
cffafe479f94eef9e9aad6acf8deac273c717c8195a5fcbbbe5ac1e7003688ad

SHA512
a70458984f90baeb2ea53c9135a82900b096b0c00b00f476c6dc1dd06e21c95039cdf1311017624515cde2c9a98ad05e5f84cf318af6bf9a6d19c7f6a56eca96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
9087c8299bf2b2e15c92240ad99d9024

SHA1
03c86e310b57fa780c3339544761cbcdc4e65a34

SHA256
db31c2bb192fdcaccedb9286dd5fa8ef359e0150bfd6da29638b95f3be6c27b0

SHA512
f85e5203da3726cff8446a599176b919148bbf9fdcf4dadc1d6c029143b81281086e80633427c7cf30d8ed654db4448e977ea7c0395fa4f2fa691bc8517970f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
8e0808fb9b59421ee164632379838f28

SHA1
6424177cf64ab7bee0a049ea804a749880757bee

SHA256
8f52b0c28decf3f2235dfa1296f764d825b2a3cb409192368fcbb919367fa71b

SHA512
95726e852558f5233f5dd6e3c05d164a976159cfe95e2ea829f10c807a96d197b1842ba8be836cdf1ec207b7721e134aeca9426a693f0a1108ed22fe2d8034f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
e32d1a42632c269395ec686660555f87

SHA1
32fe1b1ec041927311f7bd077f0f9975a123777a

SHA256
2a5eb0932ae726de98bf1aa2b42566461934ca066eb9c84cec5cb49ea48881b8

SHA512
500fbb42ad19feffa14ea6ff691de095092bd39af53be5d38a2741966dcc14161e75bcef4b8c365c01db696e3c4866aeba4d701d0cd97481f16779da7ea5601c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
53d1fbd8f18837e976adcf80708c190f

SHA1
8687affe089d3315ff8fb27823cd0eee50009163

SHA256
1e58442d44674bef9579e96d2c9fabc4d0c4a163c9801dde4e12750a72510d18

SHA512
af42511e560eac4fbae861bbd5e2773e0f63eb809539aaf9f8b1e6aa7721fe7e5fc4ecac2990345e058098e95c71d4d349ece6f4396cd568984de50c7bd08287

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
32KB

MD5
b6f5e332e53d7126eee0ef7c0486187b

SHA1
74fdbe7f06c5dadf7d1f441d06471b2f099e7a98

SHA256
bedd9c6300f28a3f27b151bff4fdf3f2eb0250c8713e0f2f89d257227973c897

SHA512
d15a882ab4ffe9007ad3b253ffbe7f7c0bca3480b33339dd4ced09abbaeffd43c738e95c8c9d882280545684fc582d80f6cb018a3f6d97ee0af0ca09e42f5825

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
4KB

MD5
44a235f9fdfeeed5b7bc744c7a38d00b

SHA1
c83af11cc48fbb20cb9fe9ba4a6e1b95f750d0c0

SHA256
277e59a4ee4dd156ecad67bb498f5e8165ea6c0297229d635c107bf15485f856

SHA512
b94a3a6762d66e61758c35c61c05123e8e321a2f749d06639c354b6ac7b4b12198c6520fec234257fff2b080065b4dd4e618b28d4b133d0dfd41efcc953f57ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\79cd914b-7164-46eb-93d6-99929dd3b41d.tmp

Filesize
22KB

MD5
3f8927c365639daa9b2c270898e3cf9d

SHA1
c8da31c97c56671c910d28010f754319f1d90fa6

SHA256
fc80d48a732def35ab6168d8fd957a6f13f3c912d7f9baf960c17249e4a9a1f2

SHA512
d75b93f30989428883cb5e76f6125b09f565414cf45d59053527db48c6cf2ac7f54ed9e8f6a713c855cd5d89531145592ef27048cf1c0f63d7434cfb669dbd72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
868B

MD5
fe89ab16e318e8de6f0ab9af25053ff0

SHA1
94e6a656a6fbfa6e2237d1de9f960c5bda7eabf6

SHA256
7b461c158c16f8f517fd5eed59d483670ca535aeebb27c7372382064786ca850

SHA512
fbf516877d1ec87bfc026e35469f37e8cdbd2b0099611ff003084bdc520a5816d5e0e72027f6bc0c703f3d6b7a46131613cb46313f592931b937e7d36c46eea2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
3b1a0acafab701dd048f3a5a1cad55b5

SHA1
6d09bac43b7fe8786a901f0d6bdfd3e46adfcee0

SHA256
3f0860eea25f35609769aa5493c7cb0a9b0ee29473396de974f6b1480545c98e

SHA512
4d9e9630839dc75ec5d0e5bb9ed8720b78de11cf15de9421425ecf0b1d62044a5082de9de973a711a08a8bac6fee02aa9520c7177afc57682d7fef71f69374b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog~RFe593270.TMP

Filesize
463B

MD5
893edf5bf8fd23e91aaa6a1bfef30678

SHA1
183fed4eec61f22494127b0ccac4bcf3c3aa475e

SHA256
fe4508078d2cfe5865990bd2ffcf18dbcd88602186c98e4dd6f41d410c700fa9

SHA512
ea50dd8a78385c6fbbfcab773371c28beaf07a3dc27fa978a2db9fa5d413c6cb18adb3213356e1fdf338a31102de1a559fb2aefd0e299f6c4c5b462108b116b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Data Protection Lists\2.0.0.0\office_endpoints_list.json

Filesize
3KB

MD5
94406cdd51b55c0f006cfea05745effb

SHA1
a15dc50ca0fd54d6f54fbc6e0788f6dcfc876cc9

SHA256
8480f3d58faa017896ba8239f3395e3551325d7a6466497a9a69bf182647b25e

SHA512
d4e621f57454fea7049cffc9cc3adfb0d8016360912e6a580f6fe16677e7dd7aa2ee0671cb3c5092a9435708a817f497c3b2cc7aba237d32dbdaae82f10591c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
97af7538b32a9a95a453c283d726e13f

SHA1
c0f1915e6008201b933ac81c4a9a9dac29c3ca1a

SHA256
9bdbd4e4636329aa31cffc6660ab30464bdf32f4b1f2dab012586915bd6ef6f8

SHA512
6efb701da12a97261125f2be8cb63b66ec6dbb30ab2690f0103f1b9805e52532df09ba117b2cd691bae06cd69dba4acdd91d97ee94ef2d90753e451e2bdfd888

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
30KB

MD5
c04460bdb835f70c869be1354daa4420

SHA1
6b315a1246533e925b05fae1c464aae211cf920e

SHA256
643e969efde939bea59d2057499f78007dbf0b49d013fef44f7d38e5f1a0be02

SHA512
06db897167cb96a0f988b4384ffb9960efce53d7d283d2bf8e40b9a3bee0e9ed2d2cbd0f57cf3f7e68c8cd65621c03aa2a21df3606a8a7cc00aba19b3bea005e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
34KB

MD5
cc8b672b77cf622f6887ea633d9df23c

SHA1
5a26d08580708a575b0113abca26bd32c6e9840e

SHA256
52a39780e0feb6e58f6562839186ce603a61ef2de46a1250dfd7cff4a6075fe8

SHA512
a501f80ba0e6357d15f85c0f9c94157af4eed8945a58693286a1b231cdf78a194218ab35e1bcd7c6d5a68e342c80ce80c9beab2fed163c7947fee31870666a90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
6KB

MD5
bbee5a8bc1128e6d62e997d94e72dc48

SHA1
c7f8c203cb1d739f2281e99255cc17bdadf9251e

SHA256
c62f15eb721288198af4f33693c6ad0110fd2119528e2836c37d81db68981055

SHA512
2e582a418a56142031475678b888fbc0cff9d8f23ebcc800f669ccc852157b7ac437a33ebc87c1b07861d677d6945df67c994a2ac2a629d9c615187f33be4c7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
f438b8e095bb8b179af4ff4e885e3971

SHA1
05736923f42505f0c531c6049db2ed844f0a537e

SHA256
f631f34e9c284369047ff969b494a624a3294f7a24895dd45defaa5e0a6dc52d

SHA512
bd9127512c25504663e0fca4e522d6efcf293dd774883bb45c2b8a52f4b7b5e6295a44c54778d75b0ea1bd43cccf5815fb15ee96e3d38bb2dffc6103e24374ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
7KB

MD5
5d9318ccc6bb311818643ca067179971

SHA1
8a2555b344835af523d2ae7e3b1dae7f7b4e9b4c

SHA256
a1261d260fc40876b80003b7643d07dfc503688a39262005cb20b8b137db7802

SHA512
6888befe8ab719ea7c8f68990e25a6ca581d5bbbbede8029704dba16cb822ae324a2ab2d97cb76edb6c3d6eefbd868ad1fd52ba2a9d0ff3d1b54f2406950b9f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\WorkspacesNavigationComponent\1.0.0.5\nav_config.json

Filesize
2KB

MD5
499d9e568b96e759959dc69635470211

SHA1
2462a315342e0c09fd6c5fbd7f1e7ff6914c17e6

SHA256
98252dc9f9e81167e893f2c32f08ee60e9a6c43fadb454400ed3bff3a68fbf0d

SHA512
3a5922697b5356fd29ccf8dcc2e5e0e8c1fd955046a5bacf11b8ac5b7c147625d31ade6ff17be86e79c2c613104b2d2aebb11557399084d422e304f287d8b905

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\O1F7E3M8_1\GUBSV80V_3\4G9P0XBWUN_35

Filesize
1KB

MD5
fe49e2169dd1f57eccc0d98190c2ea44

SHA1
1ff8af032bcf5a61115dad854791d1df931ff74f

SHA256
ebfb2ba7cf418738dfda7a47d1eaec4d7581b816db84ab762e31a01da6b791f7

SHA512
b21154efafd996f32e20dc2ec155039c622eae09a7e4cb99cc5fb7217e5a47179988802ec96c62f743444c0779f2182d64a99480f2a0d636cd42e937b79f631f

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\O1F7E3M8_1\GUBSV80V_3\T1NK9CMFTO_33

Filesize
3KB

MD5
264963d4eace2eac66df137215e6e099

SHA1
4116da33a23a38cf97b86257e2d94f0461425103

SHA256
67d8ea489fd8ad2175d860fb43e4c116a6bd587a1566026fcf888cb28b3e239c

SHA512
1feca1c219001fe08af1a1ddfa6077fc2b859982254c45102b861054bbaad036300a672edd252b2a1e89dc29725e8b390da1775e7837b3c5c793c9b19e85ebf5

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SettingsCache.txt

Filesize
848KB

MD5
5beba9379a48024cee472b5c9643ffde

SHA1
08085aa910ea96e6c1f5d5284bffe928618638c7

SHA256
17d8517b02aac03380c15652054439af28a1a0a0fd72e4d452eb85ba7f3e863a

SHA512
3e6cd88c94170197e28046e74af9e38af6e611cde30838b8669a290d1cb4854028716ff7b1414fc22bfb11da3c1b9deb2d2b4386fe4b7530e2d1e0d605126063

Download Submit
C:\Users\Admin\AppData\Local\Temp\7f75ed2f-0ca8-4bed-a192-b856970330c9.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\aria-debug-3708.log

Filesize
2KB

MD5
5d729a52a55e3b169f6496b55a383748

SHA1
38b59afd0ac9e2152675d1d6995ce85167eefc98

SHA256
1e16b809ddb0802b871de730b905fa834fde393a5e15e06dbd75d0a7fe346917

SHA512
678495c8c70a9f29722a396c26314ae5504341fc9f41d5ab44a181498b3db7c9935c19e5a6b42356d5390aac1b3717e4770e1dfe3e42c900a5c5c1e383a02693

Download Submit
C:\Users\Admin\AppData\Local\Temp\c7ed6c86-f205-4998-8d00-4c7a3024bb92.tmp

Filesize
10KB

MD5
78e47dda17341bed7be45dccfd89ac87

SHA1
1afde30e46997452d11e4a2adbbf35cce7a1404f

SHA256
67d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550

SHA512
9574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3612_1997045893\59bc6367-009e-4cb8-9b87-3d3e841e4fdf.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Roaming\ConnectProtect.vdw

Filesize
404KB

MD5
022acd8c0fa968f6003331d118666b67

SHA1
ab14a2cefdd95267af33d3b4c58f7bafe288f200

SHA256
99685a36a2ff44eb702f4f2aeeec3e3d180606dbb2bd13fb3e83f6868e80f51f

SHA512
87083ef4b4155c81c6e84887eb2c30e1ff6dedc34589abf2f5836d6f002e641b3d986af877118c04b7212f8ba14e785e0b802d20d811412f9f916ad81db9e47d

Download Submit
C:\Users\Admin\Pictures\EnableBlock.svgz

Filesize
703KB

MD5
9ddacedac7b2f9fb7337756fe765ef8b

SHA1
826f5b9c2db775c27d858fae055ad5785a9e96e8

SHA256
87d46f3e85b67637a0b70177d30cd045765ab28d5ef20a8b1c7aebdfd5bbff40

SHA512
20aa12689d205a67d146ea99ce999bb03a7377c70ca52b72185c67af7a6f94fda7cf985e6af32cff8118475d1df4f1713458cce2e427962dd574485be80259b2

Download Submit
C:\Users\Admin\Searches\Everywhere.search-ms

Filesize
1KB

MD5
3112bfc4fed3aa7acc50d7cdc3fc10ab

SHA1
73cf2461915492302c148c1a290523abcc52718e

SHA256
2cab0af39b5ffdc0c732d406bf5390c1fb2ffc9776c36205e828eff99dadf8d8

SHA512
cc772dcbfa43e47ab8727d933de8939fa5dd30fc7276b03173c345a4fa6948559f203373ff925560368968876a1a0a49b5f23b63eff4ed64a4177b0f3f6ec218

Download Submit
C:\Users\Admin\Searches\Indexed Locations.search-ms

Filesize
1KB

MD5
f812d58d26cdb256d9c7de719db3a960

SHA1
ef75f0d0400d755740287d2fd8fcbcf087baf35b

SHA256
21ebee82869c308cf5013ea36cdfca5635e136518a9f448bd7ae4ddd6f510e8a

SHA512
a8edb712875d6d49b50f512c2f8da4efbbca62ee55f964f09baa6480a21a1c09351c9a08781b626d4a2446d34548098efc2b2e7ca6dd9c525a997427de42b30d

Download Submit
C:\Users\Public\15AA54916B492125CDE4BF363E94DF0B805EBFF2C71AB7CAD47A09CD8D014C5C

Filesize
1KB

MD5
3c1e2313540c5885fcda22ce46039d57

SHA1
61259f21eae94a42dea9635110492b2b419e7b5d

SHA256
5f00d95e7a35afa40a1b5ff08288f0638c737cd687e1bea1f6391b67337c59c4

SHA512
5ebf54b5870a3bc871ae7acbe1460c9ea7c6b7b2efaa453d188077f2b5ddf4743a5faf01239024a810ee2828f2bbae1e3d8d5748cf3637a9cb4748910dcc970f

Download Submit
C:\Users\Public\Pictures\how_to_back_files.html

Filesize
5KB

MD5
f6943b22435eca744f8a5a60e95e2b97

SHA1
7f5443f131e062b60e43933227b234bcb90d8412

SHA256
fe976a68506db5f752c759793c4eed603c0f549f03edf8d9b7d4d30e95273088

SHA512
6e2dab9d63d555623409bd78b06f591845b40f514d5dd34af3a6c9678b554872d3178ed7d3851830234640984454f5a47af308149c552672ff81bc8efe303af9

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3612_1062085149\manifest.json

Filesize
176B

MD5
6607494855f7b5c0348eecd49ef7ce46

SHA1
2c844dd9ea648efec08776757bc376b5a6f9eb71

SHA256
37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd

SHA512
8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3612_1361641083\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3612_1361641083\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3612_1418769889\manifest.json

Filesize
135B

MD5
4055ba4ebd5546fb6306d6a3151a236a

SHA1
609a989f14f8ee9ed9bffbd6ddba3214fd0d0109

SHA256
cb929ae2d466e597ecc4f588ba22faf68f7cfc204b3986819c85ac608d6f82b5

SHA512
58d39f7ae0dafd067c6dba34c686506c1718112ad5af8a255eb9a7d6ec0edca318b557565f5914c5140eb9d1b6e2ffbb08c9d596f43e7a79fdb4ef95457bf29a

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3612_1441858147\manifest.json

Filesize
43B

MD5
af3a9104ca46f35bb5f6123d89c25966

SHA1
1ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8

SHA256
81bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea

SHA512
6a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3612_1569768240\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3612_1760873486\manifest.json

Filesize
160B

MD5
c3911ceb35539db42e5654bdd60ac956

SHA1
71be0751e5fc583b119730dbceb2c723f2389f6c

SHA256
31952875f8bb2e71f49231c95349945ffc0c1dd975f06309a0d138f002cfd23d

SHA512
d8b2c7c5b7105a6f0c4bc9c79c05b1202bc8deb90e60a037fec59429c04fc688a745ee1a0d06a8311466b4d14e2921dfb4476104432178c01df1e99deb48b331

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3612_1999558291\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3612_3826105\manifest.json

Filesize
160B

MD5
a24a1941bbb8d90784f5ef76712002f5

SHA1
5c2b6323c7ed8913b5d0d65a4d21062c96df24eb

SHA256
2a7fe18a087d8e8be847d9569420b6e8907917ff6ca0fa42be15d4e3653c8747

SHA512
fd7dfec3d46b2af0bddb5aaeae79467507e0c29bab814007a39ea61231e76123659f18a453ed3feb25f16652a0c63c33545e2a0d419fafea89f563fca6a07ce2

Download Submit
memory/1284-0-0x0000000000400000-0x000000000040E400-memory.dmp

Filesize
57KB

Download
memory/1284-2764-0x0000000000400000-0x000000000040E400-memory.dmp

Filesize
57KB

Download
memory/5060-15-0x0000000000400000-0x000000000040E400-memory.dmp

Filesize
57KB

Download
memory/5060-3209-0x0000000000400000-0x000000000040E400-memory.dmp

Filesize
57KB

Download