hxxps://github[.]com/NTFS123/MalwareDatabase/blob/master/Virus/Virus[.]DOS[.]PZ[.]zip

Resubmissions

03/12/2022, 02:22

221203-cts8lsfe76 6

Analysis

max time kernel
325s
max time network
339s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 02:22

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/NTFS123/MalwareDatabase/blob/master/Virus/Virus.DOS.PZ.zip

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Windows\CurrentVersion\Run	msedge.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 28 IoCs

pid	Process
5008	chrome.exe
5008	chrome.exe
1816	chrome.exe
1816	chrome.exe
2276	chrome.exe
2276	chrome.exe
4092	chrome.exe
4092	chrome.exe
3144	chrome.exe
3144	chrome.exe
536	chrome.exe
536	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
3140	msedge.exe
3140	msedge.exe
368	msedge.exe
368	msedge.exe
1516	msedge.exe
1516	msedge.exe
4524	msedge.exe
4524	msedge.exe
4744	msedge.exe
4744	msedge.exe
2352	msedge.exe
2352	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
1816	chrome.exe
1816	chrome.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1488	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1488	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 50 IoCs

pid	Process
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1284	helppane.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
4524	msedge.exe
4524	msedge.exe
2352	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1284	helppane.exe
1284	helppane.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1816 wrote to memory of 2936	1816	chrome.exe	79
PID 1816 wrote to memory of 2936	1816	chrome.exe	79
PID 1816 wrote to memory of 2196	1816	chrome.exe	81
PID 1816 wrote to memory of 2196	1816	chrome.exe	81
PID 1816 wrote to memory of 2196	1816	chrome.exe	81
PID 1816 wrote to memory of 2196	1816	chrome.exe	81
PID 1816 wrote to memory of 2196	1816	chrome.exe	81
PID 1816 wrote to memory of 2196	1816	chrome.exe	81
PID 1816 wrote to memory of 2196	1816	chrome.exe	81
PID 1816 wrote to memory of 2196	1816	chrome.exe	81
PID 1816 wrote to memory of 2196	1816	chrome.exe	81
PID 1816 wrote to memory of 2196	1816	chrome.exe	81
PID 1816 wrote to memory of 2196	1816	chrome.exe	81
PID 1816 wrote to memory of 2196	1816	chrome.exe	81
PID 1816 wrote to memory of 2196	1816	chrome.exe	81
PID 1816 wrote to memory of 2196	1816	chrome.exe	81
PID 1816 wrote to memory of 2196	1816	chrome.exe	81
PID 1816 wrote to memory of 2196	1816	chrome.exe	81
PID 1816 wrote to memory of 2196	1816	chrome.exe	81
PID 1816 wrote to memory of 2196	1816	chrome.exe	81
PID 1816 wrote to memory of 2196	1816	chrome.exe	81
PID 1816 wrote to memory of 2196	1816	chrome.exe	81
PID 1816 wrote to memory of 2196	1816	chrome.exe	81
PID 1816 wrote to memory of 2196	1816	chrome.exe	81
PID 1816 wrote to memory of 2196	1816	chrome.exe	81
PID 1816 wrote to memory of 2196	1816	chrome.exe	81
PID 1816 wrote to memory of 2196	1816	chrome.exe	81
PID 1816 wrote to memory of 2196	1816	chrome.exe	81
PID 1816 wrote to memory of 2196	1816	chrome.exe	81
PID 1816 wrote to memory of 2196	1816	chrome.exe	81
PID 1816 wrote to memory of 2196	1816	chrome.exe	81
PID 1816 wrote to memory of 2196	1816	chrome.exe	81
PID 1816 wrote to memory of 2196	1816	chrome.exe	81
PID 1816 wrote to memory of 2196	1816	chrome.exe	81
PID 1816 wrote to memory of 2196	1816	chrome.exe	81
PID 1816 wrote to memory of 2196	1816	chrome.exe	81
PID 1816 wrote to memory of 2196	1816	chrome.exe	81
PID 1816 wrote to memory of 2196	1816	chrome.exe	81
PID 1816 wrote to memory of 2196	1816	chrome.exe	81
PID 1816 wrote to memory of 2196	1816	chrome.exe	81
PID 1816 wrote to memory of 2196	1816	chrome.exe	81
PID 1816 wrote to memory of 2196	1816	chrome.exe	81
PID 1816 wrote to memory of 5008	1816	chrome.exe	83
PID 1816 wrote to memory of 5008	1816	chrome.exe	83
PID 1816 wrote to memory of 2616	1816	chrome.exe	84
PID 1816 wrote to memory of 2616	1816	chrome.exe	84
PID 1816 wrote to memory of 2616	1816	chrome.exe	84
PID 1816 wrote to memory of 2616	1816	chrome.exe	84
PID 1816 wrote to memory of 2616	1816	chrome.exe	84
PID 1816 wrote to memory of 2616	1816	chrome.exe	84
PID 1816 wrote to memory of 2616	1816	chrome.exe	84
PID 1816 wrote to memory of 2616	1816	chrome.exe	84
PID 1816 wrote to memory of 2616	1816	chrome.exe	84
PID 1816 wrote to memory of 2616	1816	chrome.exe	84
PID 1816 wrote to memory of 2616	1816	chrome.exe	84
PID 1816 wrote to memory of 2616	1816	chrome.exe	84
PID 1816 wrote to memory of 2616	1816	chrome.exe	84
PID 1816 wrote to memory of 2616	1816	chrome.exe	84
PID 1816 wrote to memory of 2616	1816	chrome.exe	84
PID 1816 wrote to memory of 2616	1816	chrome.exe	84
PID 1816 wrote to memory of 2616	1816	chrome.exe	84
PID 1816 wrote to memory of 2616	1816	chrome.exe	84
PID 1816 wrote to memory of 2616	1816	chrome.exe	84
PID 1816 wrote to memory of 2616	1816	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://github.com/NTFS123/MalwareDatabase/blob/master/Virus/Virus.DOS.PZ.zip
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa45704f50,0x7ffa45704f60,0x7ffa45704f70
  2⤵
  PID:2936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1620,79039136965066441,9834966569407236385,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1556 /prefetch:2
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1620,79039136965066441,9834966569407236385,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1996 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1620,79039136965066441,9834966569407236385,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2396 /prefetch:8
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,79039136965066441,9834966569407236385,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2968 /prefetch:1
  2⤵
  PID:2024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,79039136965066441,9834966569407236385,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2980 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1620,79039136965066441,9834966569407236385,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4256 /prefetch:8
  2⤵
  PID:3500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,79039136965066441,9834966569407236385,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,79039136965066441,9834966569407236385,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4496 /prefetch:8
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1620,79039136965066441,9834966569407236385,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3056 /prefetch:8
  2⤵
  PID:1800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,79039136965066441,9834966569407236385,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,79039136965066441,9834966569407236385,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1620,79039136965066441,9834966569407236385,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,79039136965066441,9834966569407236385,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5404 /prefetch:8
  2⤵
  PID:4548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1620,79039136965066441,9834966569407236385,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5392 /prefetch:8
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,79039136965066441,9834966569407236385,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1620,79039136965066441,9834966569407236385,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1620,79039136965066441,9834966569407236385,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,79039136965066441,9834966569407236385,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,79039136965066441,9834966569407236385,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5700 /prefetch:8
  2⤵
  PID:2772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1620,79039136965066441,9834966569407236385,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5792 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,79039136965066441,9834966569407236385,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5696 /prefetch:8
  2⤵
  PID:5024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,79039136965066441,9834966569407236385,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:3808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,79039136965066441,9834966569407236385,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1620,79039136965066441,9834966569407236385,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1112 /prefetch:8
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1620,79039136965066441,9834966569407236385,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5840 /prefetch:8
  2⤵
  PID:4428

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2968

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3508

C:\Windows\helppane.exe
C:\Windows\helppane.exe -Embedding
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:1284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://go.microsoft.com/fwlink/?LinkId=528884
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  PID:368
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa538246f8,0x7ffa53824708,0x7ffa53824718
    3⤵
    PID:1484
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,16801890795376492131,12123904399519514689,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
    3⤵
    PID:3752
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,16801890795376492131,12123904399519514689,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3140
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,16801890795376492131,12123904399519514689,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
    3⤵
    PID:1848
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16801890795376492131,12123904399519514689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3872 /prefetch:1
    3⤵
    PID:2580
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16801890795376492131,12123904399519514689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:1
    3⤵
    PID:4136
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2096,16801890795376492131,12123904399519514689,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5436 /prefetch:8
    3⤵
    PID:4208
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16801890795376492131,12123904399519514689,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
    3⤵
    PID:4940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16801890795376492131,12123904399519514689,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4264 /prefetch:1
    3⤵
    PID:180
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2096,16801890795376492131,12123904399519514689,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5560 /prefetch:8
    3⤵
    PID:2228
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16801890795376492131,12123904399519514689,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
    3⤵
    PID:1016
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2096,16801890795376492131,12123904399519514689,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4272 /prefetch:8
    3⤵
    PID:4956
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16801890795376492131,12123904399519514689,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
    3⤵
    PID:1608
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16801890795376492131,12123904399519514689,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
    3⤵
    PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://go.microsoft.com/fwlink/?LinkId=528884
  2⤵
  - Adds Run key to start application
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  PID:4524
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xc4,0x108,0x7ffa538246f8,0x7ffa53824708,0x7ffa53824718
    3⤵
    PID:3952
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,7200282781612025633,5104923686142576879,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
    3⤵
    PID:4480
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,7200282781612025633,5104923686142576879,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2804 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1516
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,7200282781612025633,5104923686142576879,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3052 /prefetch:8
    3⤵
    PID:532
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7200282781612025633,5104923686142576879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3640 /prefetch:1
    3⤵
    PID:2304
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7200282781612025633,5104923686142576879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3676 /prefetch:1
    3⤵
    PID:3736
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2152,7200282781612025633,5104923686142576879,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4224 /prefetch:8
    3⤵
    PID:4272
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7200282781612025633,5104923686142576879,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:1
    3⤵
    PID:4880
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2152,7200282781612025633,5104923686142576879,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5088 /prefetch:8
    3⤵
    PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://go.microsoft.com/fwlink/?LinkId=528884
  2⤵
  PID:1208
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffa538246f8,0x7ffa53824708,0x7ffa53824718
    3⤵
    PID:2884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4232

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2cc 0x150
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1488

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa538246f8,0x7ffa53824708,0x7ffa53824718
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,16115649587148154106,3002699064590473101,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,16115649587148154106,3002699064590473101,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,16115649587148154106,3002699064590473101,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16115649587148154106,3002699064590473101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16115649587148154106,3002699064590473101,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2140,16115649587148154106,3002699064590473101,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4128 /prefetch:8
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,16115649587148154106,3002699064590473101,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:1616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2884

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177

Filesize
471B

MD5
e877e3e3b39a7035e3ea12fe708c369a

SHA1
e5db0f99473d2c5fb6ffe4e9f1addac24a7ebe9e

SHA256
a2bbce32037541da250a5e2f42d68f86e277eed8d65d44bc2fd7e21ad03d3845

SHA512
5b76ca6cd6fe7ef0b0a9c23ffcc455b9532a5601cf4e2dc6bb2d4b84a4b72cf33d2989ecda2a1bfe1d296dd897230a5a3e412ae3d5aedb0ff96770d38956843e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177

Filesize
442B

MD5
677f864890c2b552599615deb2ef2bc1

SHA1
5209d2a318b948c0128d308767ad7d1623adabf9

SHA256
dc6717b23792806d95965387c1c85f7d7f7c511b4b8e3dad2f96c005917f68a5

SHA512
5ce4a3a81729ea7499f60d92f556b33d9386cc5c5cf943ad0162e639523093e5581910cab423bae2e13675e5008ef14e80be27c9d8d980b818c3675520f6b740

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
784854017c5588597f6e2085acde7d4f

SHA1
780a6411cafefa17f3dd413984fde709285c99c8

SHA256
6da9d351283e4fe2166066d6389cfaedf85262a05cffaf64fe32b4e278f1eac1

SHA512
4c02ba6de1d06f95bd26e07b6933e9c6d104c3b2535726afec76c90d16027864c640ee5633dad1b87514ef265e9b7584ecf3c6918edc4157d8943cb2e0ccf41b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9227ba18e4106970788586689f7dddd7

SHA1
7e2c112b4b2f2fe7b5d308a2078dc487f8b50c7c

SHA256
01d0339bd0406e76af6bbce8ca4e41d6c0bb5e1ac9f5926f1e0627590880e481

SHA512
b0fafe3d9e1e5d7e8eb6ba258852ae1d1c9ffb04a6378703755a89e4575d3af1c2b88e5367e0868b7f1ea3ee7f9a76a1541a2846e583621ed495d1d97ff864da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9227ba18e4106970788586689f7dddd7

SHA1
7e2c112b4b2f2fe7b5d308a2078dc487f8b50c7c

SHA256
01d0339bd0406e76af6bbce8ca4e41d6c0bb5e1ac9f5926f1e0627590880e481

SHA512
b0fafe3d9e1e5d7e8eb6ba258852ae1d1c9ffb04a6378703755a89e4575d3af1c2b88e5367e0868b7f1ea3ee7f9a76a1541a2846e583621ed495d1d97ff864da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
9746223984cd7f690f558e4725eb74bb

SHA1
c8bfdecb9ecdc28fede4ae0789361b4f95891608

SHA256
57d9e0fd80a0c7f4629fd04ea4e9bf9b32706ca74e88779c0b90b808e9f14ee4

SHA512
046a5863cf782ec5485bc5078c242ad8537190490163958cccd47c3339d7a5e98da68740ef462b3eb514bc205bda4eb1182f1e3607742e3b839abc834e9944d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
1KB

MD5
0421e81756a58889f9ded48d529a053f

SHA1
e18d51af4803fa926aada3fcfd086dd622795c46

SHA256
da8be306a44c997e93a34ed9abb23f68aee1b7b7ce80fca177f0894af79f1537

SHA512
75044be5a9ced0f14cc586521ceb974b533db04f815e29568ef2f5eed584141583f52481aefc1aaf1e613f8008179f3faa2cec088b32a37f9ee123183b0c849e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
48KB

MD5
d250f10bd966f4713b5ddf17dbc1c37d

SHA1
acecf63dcf1f3c6359ce44c6a4af72e6bc0dd565

SHA256
8c07ae01f2fa4e5ed09dbcbdb9e6868b6b6fdf9d11d0bc77cd6da14cda5276ea

SHA512
1e6f86a9977c9419590df454f69c6fac924fab987facaf4e6acdb3124a45ea4aee3276e84a4ca00a38348680299485d218a0135856e2507b4da962b0c1c74e72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
29ad704147a1ec4c88ca4b778e0d2c54

SHA1
8954a54033bfd7a989669ea30d461f8be9ab012e

SHA256
d0a40e5f163d53fad1abfaa1a9e8c7074bc68eb447265f960b5b30a58d431171

SHA512
4db14ea548614c20f7509812191e0bb29d5c5836eb83fd55d0fd7482c31b468f138349ab1491419a5e13c1f88b86c0dbf2a622ac79fb002a851226acdb63cd12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
c3d5d4e0350f7cc1eec2ff69ae4f39f1

SHA1
53c685a67559285ab7796b9834f45623abb7ae2d

SHA256
9535b5e181fc548db3869d2f1697842ba5484c634919f4a13792789068ac2afd

SHA512
59609f8c5f0964f4683aeb4ee2048f87fa4f3e0a3a86fc450e56f96f46472a723fc98591fb7969314b142e4aca9021d8661638e30fe6f5408032947beaadaba0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13314511614956476

Filesize
8KB

MD5
5a58067048cb71d389132ab483599570

SHA1
36277a56782820e939ff670e7280d4d4e678ab38

SHA256
07cee57cc5ec1904f622f15f81b8a44c922803099db8752e6c0b145e8c060e86

SHA512
4d16e0aecf200f34d660cf46d44e29ea2db8a9fab25b76876e3d981c2ae9e9edfb9455b817716ba7c83fd81ad267b1039660ef19568ae0aee630c8bbbb3a6706

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13314511639880471

Filesize
4KB

MD5
a2745f09d0ad294c69554bae88798021

SHA1
ce0b514d031d2e5420b3d43f6f1322f83eada8d9

SHA256
c60920a7ab99bf518c9ba79f1ba1cb03693822a54869bcc87f16c1346e012d59

SHA512
50be47b4151dade55abe5a528d57b3ac736a43ce93571307fdfcf4b31dd1919e0edbbde9ab08a91ffa8b12e7f51ec564ecda47b12f4afde4e303550c2f9d3e39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
ab6a56da97d9f40653a60576441ebd07

SHA1
546799aa7408292e23bfb77445284ae5ea7df0b4

SHA256
fa02fc90773d7f746cf2104774771c2c675cffbdc31091ca949c5ef849521a2c

SHA512
6aeec2ba26e42d6a02b153cbf1e5ddcf26baba4f98c83b8a6074f258e929b7a40cd9e18cee49a3b6d35ccf109b23664e115a9417b1ea8d0e7f639d969777f4d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
f80e0bbe99e534da640cbf2b780d3f8c

SHA1
9d703c5f6125d12b36f38398739330275b0acf60

SHA256
90ad6ab118ed5d5189d79b1413e435c12763804b3ce2511b6553c2961b2ce02e

SHA512
89a5825756d14d16ae47fbfa7728cc748c7bf1ad93405111e32f0f6105a9fdda5c553899a494a19de68e8f19c8cdcf3477671f946a28720e78cb364fac05cd0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
e507d181c322a3d54741d912952af862

SHA1
fd2f7b66efcf6b94b8cadacffc443ec6e19309b1

SHA256
a803e8341a6008c9bd7a05515d78f2b6bcc7cae260b7fff077e2e1b20dae2905

SHA512
e17bcfae0efc4c400a55e70a8cbe090900d2be5db7fc43f17227e461191e80f2bda168440d12dcb7cff28c98c5105353dda9134803b637c63e95a58c4d081c8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites

Filesize
20KB

MD5
f44dc73f9788d3313e3e25140002587c

SHA1
5aec4edc356bc673cba64ff31148b934a41d44c4

SHA256
2002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983

SHA512
e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
7a51185178560d5d060eb6072572f2fd

SHA1
96688bfe4969fbfa1eefc2c58645f102c5b691b0

SHA256
6dea157431831b151335c6862a67ac01ff8e3fb30429737a7a856ecfc2262cfe

SHA512
96c9c453444262944e43c969cdf241d998f83154dbf11caf70bcb3b64355786fa0415163c0d12d17d1cb44ba1a36b9d98bcee627b19e56abb4911267f50646a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
daf51b27158146a6388603299ab3cbd0

SHA1
e9070b56dbb2ac703a06988b9d2db3506412485c

SHA256
61d36f584ba190c7ae2a255cbdeb8fc0d1bf679cafde25d6e5012c9dc2cdff2a

SHA512
c29e90474d9b609eeb6baea6b7e8cca2da3fe48f3cbc5506cee55b42711a4920ea989382e689257f81788cb5dad5cf6a0a75e2c7b9d7c0e41783028803dc6da4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
999e47a3e0afc6ba446bb2cde6898a0e

SHA1
21958dc3410f198d7558c9afebc0c7cea9942f01

SHA256
22a26ca48cfd522d25a5829bc0469e12a4ffa7d1ba01d6a126a5c96d9119c7bb

SHA512
c5bb20f3016086700356c9bc85041577b01e17a210d6a19cb3abc4b2fed2d9192ebcd737453e60fb317ad18e0435b24c3f2c73b123bc4911c9084c0b3a416ebc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
8750b6b97e6be50f050963efd83de695

SHA1
799138a29d5ae78b2bcf91a97b702933393f0a03

SHA256
72e66a60701eceffd1fffd16937c7560a922ad6c7a545fb7848a6fd3ebf51a7c

SHA512
5ca6f2b4cfd290f83ec8aedbc573606df49581ed8ec58db8c56b1cd750870efc74145e193858cc855400dcd48f2adccb881b1dd94f3852497b3e08e3e7efcd2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings

Filesize
81B

MD5
f222079e71469c4d129b335b7c91355e

SHA1
0056c3003874efef229a5875742559c8c59887dc

SHA256
e713c1b13a849d759ebaa6256773f4f1d6dfc0c6a4247edaa726e0206ecacb00

SHA512
e5a49275e056b6628709cf6509a5f33f8d1d1e93125eaa6ec1c7f51be589fd3d8ea7a59b9639db586d76a994ad3dc452c7826e4ac0c8c689dd67ff90e33f0b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings_2.0-2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1

Filesize
126KB

MD5
6698422bea0359f6d385a4d059c47301

SHA1
b1107d1f8cc1ef600531ed87cea1c41b7be474f6

SHA256
2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1

SHA512
d0cdb3fa21e03f950dbe732832e0939a4c57edc3b82adb7a556ebd3a81d219431a440357654dfea94d415ba00fd7dcbd76f49287d85978d12c224cbfa8c1ad8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris

Filesize
40B

MD5
6a29eab0e54c97ec90245c38ace76bb8

SHA1
3858734862cc02c58c1742ebafef63eb1149f642

SHA256
ecbb3d676b94fd92a0a2f34f28bd2e2cc4a28c3bc7f3c632886e8c85353e34a6

SHA512
61a6f94064c26568dcb64d1fafc45d8bdf6a48972f868143be335b13bfc1d2be265777084a5f93c960f2cfa6632845906e7fa8eb0a600c16f2868cd4e91b44a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris_638056229734701866

Filesize
2KB

MD5
dfb38d7ce6038f13635865b90900c9b1

SHA1
55991269b66cdd8572a2f1f0321c1dfc07d60d93

SHA256
112f1ba1321adbe23fccd76b1de8fce33f17b99345b7cc8c3b8f07f0762ba044

SHA512
08ae5616e54cbf948f7997aab2e9534548bf9662b8040b87267236fbf81b2bc104306061d847b32013156cf84e55248bcbc2350dbc25907ac38b85f86963c982

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic

Filesize
29B

MD5
52e2839549e67ce774547c9f07740500

SHA1
b172e16d7756483df0ca0a8d4f7640dd5d557201

SHA256
f81b7b9ce24f5a2b94182e817037b5f1089dc764bc7e55a9b0a6227a7e121f32

SHA512
d80e7351e4d83463255c002d3fdce7e5274177c24c4c728d7b7932d0be3ebcfeb68e1e65697ed5e162e1b423bb8cdfa0864981c4b466d6ad8b5e724d84b4203b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic_638004170464094982

Filesize
450KB

MD5
e9c502db957cdb977e7f5745b34c32e6

SHA1
dbd72b0d3f46fa35a9fe2527c25271aec08e3933

SHA256
5a6b49358772db0b5c682575f02e8630083568542b984d6d00727740506569d4

SHA512
b846e682427cf144a440619258f5aa5c94caee7612127a60e4bd3c712f8ff614da232d9a488e27fc2b0d53fd6acf05409958aea3b21ea2c1127821bd8e87a5ca

Download Submit