6a63e8643607c33a2743241a03d31ac03870c15cefbb8e8b14c024f69b56a78c

Analysis

max time kernel
207s
max time network
213s
platform
windows10-1703_x64
resource
win10-20230220-de
resource tags

arch:x64arch:x86image:win10-20230220-delocale:de-deos:windows10-1703-x64systemwindows
submitted
29/05/2023, 14:14

Sharing

Copy URL Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

popup.html
Size

293B
MD5

9a889f7040359dd0ae5ec3f6838a6b0c
SHA1

5748d819f7ca9dfb0bbef35844284f0588e2d7f8
SHA256

6a63e8643607c33a2743241a03d31ac03870c15cefbb8e8b14c024f69b56a78c
SHA512

d646d922fd661647cb091d125672bd969b20e9739283894c18c996734756d4a33661c42294d71d1ae2207c6116a3631cdb805978ea98f672aa4544bd8e8fb258

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 6 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	OpenWith.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	DiagnosticsHub.StandardCollector.Service.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	DiagnosticsHub.StandardCollector.Service.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 5 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133298504826362546"	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "1"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\New Windows\AllowInPrivate	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = 01000000a8fc7e8aca48be117ab0a2309d953eb6e891ff3dfe98aedec78fbb8f758776d2710c109b713994977a7e0545b304994b00457b14155c8db41f656a61	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 05e952c54892d901	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = e0679a114992d901	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\bing.com\NumberOfSubdomai = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\www.bing.com\ = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$MediaWiki	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "890"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\DetectPhoneNumberComplete = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\Favorites\Order = 0c0000000a000000000000000c0000000100000000000000	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$blogger	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\LastClosedHeight = "648"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\www.bing.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\Main\OperationalData = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\F12	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLsVisitCount\url1 = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "19892"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 126db9c54892d901	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\Total	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\de-DE = "de-DE.1"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url5 = "https://login.live.com/"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\F12\ShowPageContextMenuEntryPoints = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Discuz!	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DomStorageState\EdpState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "24757"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url4 = "https://login.live.com/"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\MigrationTime = c7407ea65a45d901	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "262144"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\MrtCache	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CTLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Roaming\ChangeUnitGenerationNeeded = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Toolbar	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "651"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 96d0d9d24892d901	MicrosoftEdge.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
5548	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
5128	DiagnosticsHub.StandardCollector.Service.exe
5128	DiagnosticsHub.StandardCollector.Service.exe
5128	DiagnosticsHub.StandardCollector.Service.exe
5912	chrome.exe
5912	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5432	OpenWith.exe

Suspicious behavior: MapViewOfSection 13 IoCs

pid	Process
4848	MicrosoftEdgeCP.exe
4848	MicrosoftEdgeCP.exe
4848	MicrosoftEdgeCP.exe
4848	MicrosoftEdgeCP.exe
4848	MicrosoftEdgeCP.exe
4848	MicrosoftEdgeCP.exe
4848	MicrosoftEdgeCP.exe
4848	MicrosoftEdgeCP.exe
4848	MicrosoftEdgeCP.exe
4848	MicrosoftEdgeCP.exe
4848	MicrosoftEdgeCP.exe
4848	MicrosoftEdgeCP.exe
4848	MicrosoftEdgeCP.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe

Suspicious use of SetWindowsHookEx 60 IoCs

pid	Process
3896	MicrosoftEdge.exe
4848	MicrosoftEdgeCP.exe
4848	MicrosoftEdgeCP.exe
2240	MicrosoftEdgeCP.exe
5432	OpenWith.exe
5432	OpenWith.exe
5432	OpenWith.exe
5432	OpenWith.exe
5432	OpenWith.exe
5432	OpenWith.exe
5432	OpenWith.exe
5432	OpenWith.exe
5432	OpenWith.exe
5432	OpenWith.exe
5432	OpenWith.exe
5432	OpenWith.exe
5432	OpenWith.exe
5432	OpenWith.exe
5432	OpenWith.exe
5432	OpenWith.exe
5432	OpenWith.exe
5432	OpenWith.exe
5432	OpenWith.exe
5432	OpenWith.exe
5432	OpenWith.exe
5432	OpenWith.exe
5432	OpenWith.exe
5432	OpenWith.exe
5432	OpenWith.exe
5432	OpenWith.exe
5432	OpenWith.exe
5432	OpenWith.exe
5432	OpenWith.exe
5432	OpenWith.exe
5432	OpenWith.exe
5432	OpenWith.exe
5432	OpenWith.exe
5432	OpenWith.exe
5432	OpenWith.exe
5432	OpenWith.exe
5432	OpenWith.exe
5432	OpenWith.exe
5432	OpenWith.exe
5432	OpenWith.exe
5432	OpenWith.exe
5432	OpenWith.exe
5432	OpenWith.exe
5432	OpenWith.exe
5432	OpenWith.exe
5432	OpenWith.exe
5432	OpenWith.exe
5432	OpenWith.exe
5432	OpenWith.exe
5432	OpenWith.exe
5432	OpenWith.exe
5432	OpenWith.exe
5432	OpenWith.exe
5432	OpenWith.exe
5432	OpenWith.exe
1076	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3212 wrote to memory of 1484	3212	chrome.exe	66
PID 3212 wrote to memory of 1484	3212	chrome.exe	66
PID 3212 wrote to memory of 4676	3212	chrome.exe	68
PID 3212 wrote to memory of 4676	3212	chrome.exe	68
PID 3212 wrote to memory of 4676	3212	chrome.exe	68
PID 3212 wrote to memory of 4676	3212	chrome.exe	68
PID 3212 wrote to memory of 4676	3212	chrome.exe	68
PID 3212 wrote to memory of 4676	3212	chrome.exe	68
PID 3212 wrote to memory of 4676	3212	chrome.exe	68
PID 3212 wrote to memory of 4676	3212	chrome.exe	68
PID 3212 wrote to memory of 4676	3212	chrome.exe	68
PID 3212 wrote to memory of 4676	3212	chrome.exe	68
PID 3212 wrote to memory of 4676	3212	chrome.exe	68
PID 3212 wrote to memory of 4676	3212	chrome.exe	68
PID 3212 wrote to memory of 4676	3212	chrome.exe	68
PID 3212 wrote to memory of 4676	3212	chrome.exe	68
PID 3212 wrote to memory of 4676	3212	chrome.exe	68
PID 3212 wrote to memory of 4676	3212	chrome.exe	68
PID 3212 wrote to memory of 4676	3212	chrome.exe	68
PID 3212 wrote to memory of 4676	3212	chrome.exe	68
PID 3212 wrote to memory of 4676	3212	chrome.exe	68
PID 3212 wrote to memory of 4676	3212	chrome.exe	68
PID 3212 wrote to memory of 4676	3212	chrome.exe	68
PID 3212 wrote to memory of 4676	3212	chrome.exe	68
PID 3212 wrote to memory of 4676	3212	chrome.exe	68
PID 3212 wrote to memory of 4676	3212	chrome.exe	68
PID 3212 wrote to memory of 4676	3212	chrome.exe	68
PID 3212 wrote to memory of 4676	3212	chrome.exe	68
PID 3212 wrote to memory of 4676	3212	chrome.exe	68
PID 3212 wrote to memory of 4676	3212	chrome.exe	68
PID 3212 wrote to memory of 4676	3212	chrome.exe	68
PID 3212 wrote to memory of 4676	3212	chrome.exe	68
PID 3212 wrote to memory of 4676	3212	chrome.exe	68
PID 3212 wrote to memory of 4676	3212	chrome.exe	68
PID 3212 wrote to memory of 4676	3212	chrome.exe	68
PID 3212 wrote to memory of 4676	3212	chrome.exe	68
PID 3212 wrote to memory of 4676	3212	chrome.exe	68
PID 3212 wrote to memory of 4676	3212	chrome.exe	68
PID 3212 wrote to memory of 4676	3212	chrome.exe	68
PID 3212 wrote to memory of 4676	3212	chrome.exe	68
PID 3212 wrote to memory of 4748	3212	chrome.exe	69
PID 3212 wrote to memory of 4748	3212	chrome.exe	69
PID 3212 wrote to memory of 4800	3212	chrome.exe	70
PID 3212 wrote to memory of 4800	3212	chrome.exe	70
PID 3212 wrote to memory of 4800	3212	chrome.exe	70
PID 3212 wrote to memory of 4800	3212	chrome.exe	70
PID 3212 wrote to memory of 4800	3212	chrome.exe	70
PID 3212 wrote to memory of 4800	3212	chrome.exe	70
PID 3212 wrote to memory of 4800	3212	chrome.exe	70
PID 3212 wrote to memory of 4800	3212	chrome.exe	70
PID 3212 wrote to memory of 4800	3212	chrome.exe	70
PID 3212 wrote to memory of 4800	3212	chrome.exe	70
PID 3212 wrote to memory of 4800	3212	chrome.exe	70
PID 3212 wrote to memory of 4800	3212	chrome.exe	70
PID 3212 wrote to memory of 4800	3212	chrome.exe	70
PID 3212 wrote to memory of 4800	3212	chrome.exe	70
PID 3212 wrote to memory of 4800	3212	chrome.exe	70
PID 3212 wrote to memory of 4800	3212	chrome.exe	70
PID 3212 wrote to memory of 4800	3212	chrome.exe	70
PID 3212 wrote to memory of 4800	3212	chrome.exe	70
PID 3212 wrote to memory of 4800	3212	chrome.exe	70
PID 3212 wrote to memory of 4800	3212	chrome.exe	70
PID 3212 wrote to memory of 4800	3212	chrome.exe	70
PID 3212 wrote to memory of 4800	3212	chrome.exe	70

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" C:\Users\Admin\AppData\Local\Temp\popup.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fff28029758,0x7fff28029768,0x7fff28029778
  2⤵
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1864,i,12024482085422471702,16854745996385908948,131072 /prefetch:2
  2⤵
  PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1780 --field-trial-handle=1864,i,12024482085422471702,16854745996385908948,131072 /prefetch:8
  2⤵
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2084 --field-trial-handle=1864,i,12024482085422471702,16854745996385908948,131072 /prefetch:8
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2940 --field-trial-handle=1864,i,12024482085422471702,16854745996385908948,131072 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2968 --field-trial-handle=1864,i,12024482085422471702,16854745996385908948,131072 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4668 --field-trial-handle=1864,i,12024482085422471702,16854745996385908948,131072 /prefetch:8
  2⤵
  PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4740 --field-trial-handle=1864,i,12024482085422471702,16854745996385908948,131072 /prefetch:8
  2⤵
  PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4820 --field-trial-handle=1864,i,12024482085422471702,16854745996385908948,131072 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3340 --field-trial-handle=1864,i,12024482085422471702,16854745996385908948,131072 /prefetch:1
  2⤵
  PID:348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4772 --field-trial-handle=1864,i,12024482085422471702,16854745996385908948,131072 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 --field-trial-handle=1864,i,12024482085422471702,16854745996385908948,131072 /prefetch:8
  2⤵
  PID:2500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 --field-trial-handle=1864,i,12024482085422471702,16854745996385908948,131072 /prefetch:8
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 --field-trial-handle=1864,i,12024482085422471702,16854745996385908948,131072 /prefetch:8
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5976 --field-trial-handle=1864,i,12024482085422471702,16854745996385908948,131072 /prefetch:8
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3312 --field-trial-handle=1864,i,12024482085422471702,16854745996385908948,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5912

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4544

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3316

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3896

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:5012

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:4848

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
PID:4164

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
PID:3924

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2240

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:4684

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:4360

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5432
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\system.html
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:5548

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:5796

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:5128

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5688

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:4272

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:5952

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0 /state0:0xa3a85055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:1076

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
552B

MD5
bdd98c3026a5eb698077e2f1b0493329

SHA1
9466966bb3322ce5940029e616c6239e4d5b5242

SHA256
7cab72019f72fd12d6bb38aaf87ef2501f5c61cbc4723e2f4fad2861a1be9665

SHA512
9e861e861ba94eefaa68b141062c76664d59d3426906c3ef726b94b2ed9859a851dfd1e71b6cbec87bf9245cbef2d68d9d96fb9b8ce17172f7444256d5fc3471

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
7d7679ac610aa3acabfeee74b311dc50

SHA1
d7a973c75e078eb439f38e64d9557ca3f47e6933

SHA256
89d9f4fcb5293b1cda86e32caec3fd21ea879b08561f22e632aea4262d0ebb90

SHA512
ca31d1542e711686c8af4f162f0e0479d28aa806c6d002bdd46e9c9cc971c61a9e323c45088f6b4b016485d11c81a4ca05daf5e68f64be1e56077edc9b9bd9bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
d41c619bc122e0b81d41e0ecae876d5b

SHA1
865981ac238a28ddda49749d3fad9bda01adeab2

SHA256
5b8f8b14df44c64b680ee0854de40ae15e92b05128817129526154d62b7fb7db

SHA512
a4d35c36690fe36b777f931a2a737eecdca185ba405d6198feefb5b7797e82d7486ccba75d092cecc2534b3cacef3afc1a9643612506eb06e6b9d9d41d623659

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
3fceb70dff52857b700bfab6903aed89

SHA1
0e014343efa9385856093d11712de4ecd42c8b9a

SHA256
42485e8653d61163d8c03defbf3ebd5fa3cb4960bc5f2495a9c11fed08bef0f4

SHA512
bbce626a39ec561da7936310656d242f28f7c35ae03d521a559df29b3a9ab5700c18ed918f07cc955c03244692c853224a3ee0ed02b035987f5057890914f76c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
91c5830b97d8103ff1a84ffa45cb82c3

SHA1
0855ddebef11ec505b7694cd004f81206ab12c38

SHA256
f7fe93686d5d31a552c5e6d6c74905ff1597de8f8a504999f555489e9230e5e5

SHA512
4cd4f179c24ede95a38f43e6200396c66a637298ca7ffb5ffd70502cbab1a7f3b75effe7005702457d774cb7d7737dd64d1c8c161123abed93e083fb40e442de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
98080f46c779c00c075c2dd10cf48328

SHA1
57e1137c5965dabe29bc2fda5b232a946b478c5b

SHA256
9d3435c137eaa3181f90b197e018a10aa0a9029850e680987395152585baf47b

SHA512
03ee7e204708f86500901cb90b493bc70566c8a9c3451a2c86937dd775a8a5e1abcc740764a2bd2c72ad54c775703a37bf8dd5205790cf7e77fd55fe968140c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7a1e044836222e7787bd2a5401a3ca85

SHA1
3431f9ac24f5b29a4017d1b6b5808e5f978fa56d

SHA256
3c6c80509a237ce51b52040311855158c1abb7c68821d84c20170033f42f409a

SHA512
743af0c232ba66375a33810a30b4068001f27aa934f823aeaba490bccca4729fa45b849f0ce5db2edea06b552e8bfcbeedb4a6729cbeccf88c1d8ea8203386e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3439f8751e06d94a89cf071968b3ab7e

SHA1
e5f2efe3f0d041beaa00feab3c37c3ffba37fba7

SHA256
b6af9632dfda75dfaca531be11b0df4b805cc0a872063080c058ad5307b29705

SHA512
481f6d2faf5a1c4730ca6556d1bf68767571651bdc36226bdb4afa97c10d8e52821c4b4740a85e71ff8c17ad47d749046459abfaa7ba0da94e132519e09e44e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe568b4d.TMP

Filesize
120B

MD5
364632284bb3624ef411e689986ef9c5

SHA1
fe26bb630e02c3891adbdc8780863ec91b141542

SHA256
9785af605a363bc59d92ec5955fdfeef47275784e665141cd8779faa527c6731

SHA512
226e55ab96a75b5e0e6740e907ee33085f5937dd4f2074dd5cb201941085ec6732f64d5edf0181d9184d51f759ea53d7bd4a40bc45c6443f813213d0d38855f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
156KB

MD5
f8314ba3de09b19ed559c9989412016b

SHA1
326107fe154b9f7a79665a5146576c7c9d562472

SHA256
fb6fb6bcf96b9cb731ac12f3f5dac8dae2ee207aa30a45798e7c0186023367ac

SHA512
d7065e6c05f9de6799feb14c10c2ab5f7aef36cd6332e942297002daadb412771971bdb365d0dd23f2b0e7490cb68feb655da0b1d753991e5d0cb828f81def3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
156KB

MD5
c158d5fc4cbf2b354fbb48b89fd84056

SHA1
b8ca990ddd3c70206e85e90a523d301799e28606

SHA256
ae11bbf16860f2a6e070a8387be6dcdcf2d3fb1839912c6b78c1d3939ad5d00e

SHA512
c74ec256427d59e2b70b0d1db830f5c93b7929496e0b5587ea7d2fa40b3bed1a13aa9aa13bbaef72db8982824dfc4d2e070e3a2f93c18d0415756936557c9645

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
156KB

MD5
16f9af58c950d0961ef62c7213d34762

SHA1
152f047c392d1b247dd2756a180fe3c29708bcdd

SHA256
d685cfdf40285ad3175ebee03d9ec9b44263c8fece4e14e3eef8b8af961910f8

SHA512
691d284e8919316d70505c7992861e5e937e6bc0e3144b5f2d10fe6a3c13081b914146b073862889e69e505e12eae280826540e6585247fca604a04224f7c3ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
156KB

MD5
704f7f53e6b3ed1a785bcfdf6f9e99f7

SHA1
63dfcf6f86ff6aa9c1f7770613efb992568928f5

SHA256
00fb42b028d6a2f492b72e8fdd75a35334d949ae928dfffc78d5b93c98d8e719

SHA512
0750ae22c207dbbb8f8d0ddb447ee4141cce2cf1ef11c01e98bcb8f55892cc407b3f77ef10cb8d87702b3f3d661ec78dfd41596f8175a98223754c1dc4dbfbd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
72KB

MD5
25a40cf056145b2ab6d15c8ee9c8db7a

SHA1
184121099031ee6166b756e5f636e3fb167eb03f

SHA256
a3625841b86881d7a11927fac1bf91e9ce80da494385892adc32ac6335456482

SHA512
2b9a1025347a39bfc9f274d34842186ec3fd8068bd2dc5242b1d9fcd9c6ec9d26fcbd6867d312dfe10215194ad70362eef7baf1c1dfabf172232fe099a38ab85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
109KB

MD5
5c4ba3a003b583c72be20c849e7e991b

SHA1
cca4e6ffbb9d9c2e5c2331894284951861973dc8

SHA256
f4a982cc9cbd3e7d9eef650c03e7d6297ec903dfb7f7287ad2bcde44f0503ced

SHA512
66920e650f0bc0834ad89e1e42bc59f834cc81741074a2a4a6c215bfa5bae055909ee53d571344f1cc5922246104a9b1b8753de1c77964cff5bf74205955a2cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe56dfe5.TMP

Filesize
93KB

MD5
07f60d141c49da6f28a0ce372cd8eb0b

SHA1
3a256498a9f7d79e8bcb7a6cebf351f4b2447aff

SHA256
c99f5091ce222522e2a3df2c81acce7ee4c1381b30fa59464985b16bba3d7257

SHA512
025ed28e50674befb1fc1361b5a1a06ac8a235a72f0627a2f9294d7ccf74ce1d8d1fe06bf868e01f8c8ab92b1f4327b94e380008b826b69cb145603c0e2b2db7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RIZDY293\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1GZV4DN2\isDebugBuild[1]

Filesize
126B

MD5
db73f776d86f34f1b1a868fcd913ba0b

SHA1
e523e3ae23da5e659ad0cc60f65ef42765c5fce9

SHA256
f9d7461b859197d4bb01a9f6bda6b8644fe19da7098a2abbe4cabeb6068b05d3

SHA512
0d3f12acb10d570dfa0c026fdbeb8fc4fcafbd41d38667ea4dd911fb7be3e5b2f3c52e27057ed7fde7c5a41935ab19a9b29f32fd005a108bd95234370516e820

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1GZV4DN2\loader[1]

Filesize
41KB

MD5
a38cb2d5a0c4f4233b535d38e2dd8967

SHA1
0875bbe8c942b21f5cd9363ea696fbe0d77fb25d

SHA256
87f6cb22072570b4dba3d808d6f8c9ce75ff7c49092259890865eb0459307990

SHA512
69547918b8f43488091791c745ca8542ad3ca8f4a557514624b569c664af7a3dd87c2f814044a79c75e1667f49ac9bc63e7a050a0694180fe3cf270543a67848

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1GZV4DN2\plugin.f12[2]

Filesize
161KB

MD5
6ffc76825ac5a364de7857cd9801a394

SHA1
7d2c4d675b7cc290d8fa5cd6203b445ddeb6f601

SHA256
247994a58c941356b9516722e0961eb54af73b28cc4bc8b66d0704014f3d466f

SHA512
fa6e8a64c2b4c1ceeb983944c9220fdb76aa6cc97e630677ce39cfc15ddf4b14db8e47c99b8694477b2f73b3c7698c57071c08262936091507783ad8af541847

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1GZV4DN2\toolwindow.f12[1]

Filesize
1KB

MD5
e56b737bc91b52870736dd71d17398ea

SHA1
7601965f13fce2feef0e68e3052c44006f289434

SHA256
f3d498dc9cff06cf9e6fbf135ff0215060c92a65d20cb6b53f38e9593741b090

SHA512
e6c0cb5146a289ba132625fadbff038668c43e1ea330593d70e90357cdafbc913cdc177b600d7d66b8433497d71f4042f5074784ec39b808bc34afd69a21222b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2ZJ0P4UA\simpleWorker.nls[1]

Filesize
1KB

MD5
0b729ff844c5989e85fabbc6cf826bae

SHA1
6f14bc0e4165d5dd1de15a08bb328b2f06c14784

SHA256
07308ccb7b61a296751f348b5225c296d12aef293a3ea9615906ceb974dc79bc

SHA512
8455a4e374d9755ebaa613af7c95c543189458f4b310fc97989401ebfe02d7d80abd6794b15fc3730836b407a0cf7c5c9cfb9e6b72f5aa852fb3d969c2d273c5

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2ZJ0P4UA\simpleWorker[2]

Filesize
112KB

MD5
96a50969a5c2417c07f09c8669ac18d5

SHA1
b9fbe7b47fb33f92cd765e7bd74bffea20cbc071

SHA256
2a08d8944cd9acc868aaf6990e5973b7800d37808a7fcfc47d89860b5ddc00f5

SHA512
6a49788e3c4e835e0c6771a5810d92d0d3cc5b081fbcf32f18e018e7ce49161cf6360c8f5edbc0b4da5e4568f8269c972277ab4ca079b3063e05549da597ceef

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2ZJ0P4UA\toolwindow[3]

Filesize
3KB

MD5
de7eaa047a27f56883430db286deb25c

SHA1
67341a5323c429a0c171e4b13531fe5f3834de87

SHA256
8c85eecfa99369a203b61460fed68b1ee65a6fd0bc11bbb93d3a994c007f4c4f

SHA512
2c98984cd27eea5a7f360e21a30f2929c10e4a1c50f12149ec055ba2f5c9d186c69c7a9c8d8dfd476e2c2eb161c203c56f8478479630bf8f022c04665fe8dcc5

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2ZJ0P4UA\warmup[1].gif

Filesize
43B

MD5
325472601571f31e1bf00674c368d335

SHA1
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a

SHA256
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

SHA512
717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2ZJ0P4UA\workerMain[1]

Filesize
880B

MD5
b51993116f202be63f5d33f816f12108

SHA1
2bdd9c44e22789d0b64a5127064eaa4d7873a993

SHA256
2790cf75d5c1d1383bc15755d0f35644d9722065a35256dc16a841004f48059a

SHA512
f2bad99f877d48ec5e966dd981f7eff4005ed0ce6226b635d07cc225c1bf59cbb83a7e105e4d8e2fab7fac938e129cd47215f8619987fbb43f7e8fc005a643ed

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\F6L0O0CJ\visit_js[1].txt

Filesize
38B

MD5
495441b834d5d4a3cf63dcccf1b9da68

SHA1
943e333e9f10d1f470e3c3d18adf7da6f5344c92

SHA256
aff0df3e9ebbe5e452f7bafebcd5bc838faa6816bee47eb5075848c5dc22a34b

SHA512
454d6c9f9564a898ac7d433fa1429b44f124274c578bad5a5055a2553f8e8ccb2d9abbb06346a164cc91fa584354c1c6982b6be75fe9509181ecc2fe1028055f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KK123FCG\CommonMerged[1]

Filesize
591KB

MD5
0a87936cf5a69c4acbf907836d8a39d3

SHA1
7e8aa29618d9f32ac4de08158b07553dd95e04ba

SHA256
da5df576197529c480646a41bf2749b8266fd09345438380168ce46b5c9edf76

SHA512
6b44d4eaa3fc4be2c17ef5288d93eb68ecdf996478c2635cc38380de3131f654211aa3bcde3d76250c81bbcb7daabe62f1cbf0f83a5ce11d3418995199af3b05

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KK123FCG\DiagnosticsHub[1]

Filesize
65KB

MD5
a35da0e0894dd209babc89237aba4cdb

SHA1
26300430151bdcbd5bf1bf0d4f117744ef253ef4

SHA256
7a21542e91ca8acfc359b2bb195b7a00a83fb513dec15c6d85f7640166fa2792

SHA512
eadca60cf58331bda1cd242b5313403fb879d28bfc33ed89c0b4786cdeea143c7637369b84ed52a13406046f73f92ff8667daf6084c83ffe405e4190f0acc534

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KK123FCG\controls[3]

Filesize
21KB

MD5
a4a318511d80be37665e73ec973b81e1

SHA1
920d4c59429eaed48793adf1b2a022f02845dfae

SHA256
487bd289a6ab1696dd8a4131e450cc750705ccca1a8c2ccd72877ccd1bb64ba2

SHA512
7ff0ec31a5286633b7c76dda03437c61f1f8ef792e46a600443c6c8ed2a717540ded82f3b4bd10d34a4f13a912e12afb07d221d4150e7ff4e761945e0ec95afa

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KK123FCG\hubControls[1]

Filesize
148KB

MD5
e8a3330ff236aefd758133872da2218a

SHA1
8c47f3d5ef9bceb69a2875663edd2de1a07b57ef

SHA256
4cc934fa94f373e8911f3f38f700e8aede50fc85c5721278effbd440f933f3a2

SHA512
cb729b4e17c2a6cff1cb3c74bf70cb466c8a19cb98df25bfaff30ea632310f1f89f037d600c5280536bd57e7d06148ca596eb47546dfd8bbb01a8f4c73dbc3cb

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KK123FCG\intellisenseListBox[2]

Filesize
1KB

MD5
25c03042f832f94c90a1981b5f04668f

SHA1
3c4c7a7bec711fab71ae604cf71420822832f849

SHA256
5b022a7a87500c676972a9cebf5e3d2261a89a2f86fd543e2c2ae4d2ad9b129e

SHA512
a1d5070a7f381d2fe91c1e07fa2e6735b188c210ac55a0e0f06722577aea3d84d9f7045eb9b9b10e8b0e9b49b219773b728e5a28d2aeb4f18e41be0d1df2962a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\F12\debugger\settings.json

Filesize
324B

MD5
9b2ea9b07aab2f1c47c212f88bcf44f4

SHA1
c0418d6d6fec1836d6283dbe8ff12f672bc9f193

SHA256
5e0064e501c49add71b2ffe7e31a5c7e83b8c747c5651377a1452f4c09417b53

SHA512
23458912179b902153dc979a4c1232ed06232dbb22cf37d43887b8d7ec5fdf10217798ef9720f7ee99ce495eeb8810a762a5dfe0702120c08ad653e6d05aeeff

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\F12\dom\settings.json

Filesize
83B

MD5
6914b6dc12877946790111e7902e27a8

SHA1
df08fe775d73da76475f3c8363eb408f7adfe189

SHA256
800dbc882ba3ce4b2696011cfd69428f76710e38ae024ae4f5862240574044b4

SHA512
1fae08070a22461f2e796d298fdfdf65abe346de3e5ce37344ca4acc89ad5df9aff8a5ecd28a6d69e4696f5decedd5062e969a22ac35c4a23cff80cc856885ed

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\F12\emulation\devices.json

Filesize
3B

MD5
ecaa88f7fa0bf610a5a26cf545dcd3aa

SHA1
57218c316b6921e2cd61027a2387edc31a2d9471

SHA256
f1945cd6c19e56b3c1c78943ef5ec18116907a4ca1efc40a57d48ab1db7adfc5

SHA512
37c783b80b1d458b89e712c2dfe2777050eff0aefc9f6d8beedee77807d9aeb2e27d14815cf4f0229b1d36c186bb5f2b5ef55e632b108cc41e9fb964c39b42a5

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\F12\emulation\settings.json

Filesize
262B

MD5
6790a6397925bebec7a6d6ed3415a1cf

SHA1
5f23d65bf6fd28e9754573c3c4cf113c7422dbc6

SHA256
ef79a8492aef6118596b130ebf36e8ed4ca79cdabf8dbc457e49c22cdcd22ca9

SHA512
be4627a472963719caa86d41dadca70bd77ca54da7c6349b817bda3b395fecd0c4ecacaa85cf7a3288d5575980f0b75e39f436fd9b6429bcaa132d09c2d9154f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\Windows\3720402701\2219095117.pri

Filesize
207KB

MD5
e2b88765ee31470114e866d939a8f2c6

SHA1
e0a53b8511186ff308a0507b6304fb16cabd4e1f

SHA256
523e419d2fa2e780239812d36caa37e92f8c3e6a5cd9f18f0d807c593effa45e

SHA512
462e8e6b4e63fc6781b6a9935b332a1dc77bfb88e1de49134f86fd46bd1598d2e842902dd9415a328e325bd7cdee766bd9473f2695acdfa769ffe7ba9ae1953d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\NS2072FW\www.bing[1].xml

Filesize
1KB

MD5
0a4637b0b76330292ac849b359fb0f71

SHA1
577f3d139a45618b6d3fad2c3f136fae32dbe0a3

SHA256
7cc85a7519c1aeaf787d89b4eddedd7ea9cb79a69eb951629acdfb85b0fcabe5

SHA512
e03dc44f6f67c4b580961bda3346257ef7fb7312bdf3db4b1593f07bc65aecdaee4252bfbd620c4635fce9c4aa47c37557f4fd07322e77bb78a1136c9d43b37d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\D6A8XKYW\favicon[1].ico

Filesize
4KB

MD5
665a0544fd283424695af97eca0a8384

SHA1
b6a2d5b23a4fc248243723503b81018aeae55c90

SHA256
78926cb0a4289b4b9fa939f8ce2fedc1d9b78cfb62180c81f2acdf910149795c

SHA512
500e21faf1183305d58e51899bbab97df26c84f0ac47a467bdf21aef8f8b94ae24199b96be43fec38b29d0581c99b81bb7b0416fa024ae69f15bed850a9c4c15

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\D6A8XKYW\favicon[2].ico

Filesize
5KB

MD5
49034aee486f31affc8123f0513ab97e

SHA1
0d1aa2e1fae513741c17d7fe6068cf21f1d1cb08

SHA256
54ef59039e08e63e46a89640ede8e07405a3d24f4185d3aa8f22fc82417a0045

SHA512
a7c4c1cbce741789369b9c6bc2fa4501559cea6a1a5bbe71cc28e2e992d557a388c1f43dafc8e19bd9eb9f69b0960c2f5cfc7b7415e1c0b046f4699d2e1725db

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\N1PKA6N8\favicon[1].ico

Filesize
25KB

MD5
c30c7d42707a47a3f4591831641e50dc

SHA1
9ecfcc8f0ead0bf3d2d7c39e084b88f41cc89a2e

SHA256
2b8ad2d33455a8f736fc3a8ebf8f0bdea8848ad4c0db48a2833bd0f9cd775932

SHA512
7053e0f76e92179fb5154e2665d81897736bdcc22b002b0a3f8e212f27ef80f56224adaa09972848a20c66b064d16eafa732140461071ad70b6193c33dd517e0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\N1PKA6N8\suggestions[1].de-DE

Filesize
18KB

MD5
cc5361b5fdccfc6830217e2eb9972dd8

SHA1
e4a1206d9190eccea3e6a116c954d11da0aeba66

SHA256
afd57b0b6d8166e25bbef7cbc97522677c11c9a930fd4d4a204d1b7ae6258492

SHA512
ef63961bd7f0d3357d352a8f9c8ea57d0271e0fb664b1be179c38cd2d559bbaa4864f64f3521f26f868cc074f97994e2658c6d652021a39dc5207d45411691bc

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\Z2BZRVTT\favicon[1].ico

Filesize
1KB

MD5
630d203cdeba06df4c0e289c8c8094f6

SHA1
eee14e8a36b0512c12ba26c0516b4553618dea36

SHA256
bbce71345828a27c5572637dbe88a3dd1e065266066600c8a841985588bf2902

SHA512
09f4e204960f4717848bf970ac4305f10201115e45dd5fe0196a6346628f0011e7bc17d73ec946b68731a5e179108fd39958cecf41125f44094f63fe5f2aeb2c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\edb.chk

Filesize
8KB

MD5
cd19a1c067c9349a316a49f905882ced

SHA1
e45c6171eee95eab71dc2b8745688bc9dd2c0389

SHA256
0fdac9674afa327792f615f2ff831da387c558a3746c1d401f2d3c8f720acbfd

SHA512
9aba51049558fd9706396e8cb4054f2bcb2b8bcf69da50d003fe7b9f7f12a991cc338b550ecc83de9853e6310d4021890dd9633eb5bcbfcf1e3fde0198c8768e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\ou0u86z\imagestore.dat

Filesize
27KB

MD5
e756c9b1649a61c49cc41a13dd5a136e

SHA1
0b544702753c60a9caea6968df7965f647f90843

SHA256
e1b95261448fdb7a5f7d346c9050d8553fa66b9b9e3016e452b4cf6dd60ec09c

SHA512
ecbcdbf135e06b349ee2f5110cb26b5eca4e7781fe3a35e84e56b7e45d049b65712c36e35af03ab98c9d30da6878fec4f5b604cd78a987c3da30a82d754dd0e1

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1GZV4DN2\visit_js[2].txt

Filesize
38B

MD5
495441b834d5d4a3cf63dcccf1b9da68

SHA1
943e333e9f10d1f470e3c3d18adf7da6f5344c92

SHA256
aff0df3e9ebbe5e452f7bafebcd5bc838faa6816bee47eb5075848c5dc22a34b

SHA512
454d6c9f9564a898ac7d433fa1429b44f124274c578bad5a5055a2553f8e8ccb2d9abbb06346a164cc91fa584354c1c6982b6be75fe9509181ecc2fe1028055f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442

Filesize
1KB

MD5
045a028415c4f2a96b87a0e271e3ee66

SHA1
a059c9d584d4ea80e3c2962f99c613f02ff0fa3b

SHA256
8c698e337fe1e44b8c95ac3f6d1fd0b6664599751351913657115723264b7e0b

SHA512
dceab3948d5865bebc030c135226bb08bf8d33d91a0aba3749211eb9db95ddc9ed278b6314627ba028b1177b425cb090594a5b754d8e2778512d25e099008d06

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_056B48C93C4964C2E64C0A8958238656

Filesize
1KB

MD5
5091a79db59ef019e7f57a3b9a0626dd

SHA1
f53fb4ca2173f9926034871a3eae6dd851028c35

SHA256
47218bf1a01fff1fc4d71f9089eb5c9fa63416fdc9ccd9a5b3ed91e79fb1be7d

SHA512
d35f9e3f71383788e07b244d7390709a52aee63ffe1c614c8a9da7ff857b4d9c2e645e8a9f849eca6094e71358307edc2c78f0d78995a24a3bf33ea4e16c0b42

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

Filesize
1KB

MD5
3aeaf9832ad473e96945bcf3804687d4

SHA1
bcb624bfa3796a4c309e2ca8a006ad63ae820de1

SHA256
c1c6554ba66e1d2a77341de2ce24b07a6fdb105dff2a1496449887d77998f271

SHA512
5ec5460f33979d4f621d92a9fecbde6a469ca5dd562e58274887f02a257d0cb820653ab453ee2d346c0832962d76371340e81bedb595c070006cd4f0a6318270

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

Filesize
1KB

MD5
e730155d8a3eea10518cc122ce39026d

SHA1
4dbae2d5d7563dbbcf961a23410958279be610d9

SHA256
599a63a603bd759f62e2e9d82b83c169a2420c70e45e06dd5b2795ac2cacd7d4

SHA512
e436ea10b309bcc565f8cb73b1d9765189f193332f1594751cf009690d3c884b7aa1d521abaac6d805f66e7afdcf6092f9d636ebfa13442b4ba37ec61a8fcdcf

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F53EB4E574DE32C870452087D92DBEBB_B859DF36A9678542B4E2912B82658BC5

Filesize
471B

MD5
8e6ebf0119b1277462c0b81209f9803a

SHA1
e6719317414b3807ef1d839b667ab8428d04f411

SHA256
134b54fd718edec7bd3817a2a887c18d84cf1fc7111ef12eb0c3e719e4c6e1cb

SHA512
6a853aae2628c973c13ecafc31e458c80c9ecaf706a8919e7f3183229cdeaff806d9a09f67bf0f54046a14c1b818a2dd9c527440e5248f953c717f02e8b53cf7

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442

Filesize
416B

MD5
6303bc0ec583c6310129bf910b748509

SHA1
238a2332f62c00fa8a4138bdf1d83bc9ea40d4af

SHA256
8352e9a3de400dad62c7431782ced4d0017dda9fda5d811f8eee58399aaa839d

SHA512
952410129c31b96298c5ca88ef3a278ae9aae238ffcbc18e220a9c65e05488fd129a7a3189d6b34c0be6d5fa54adc6878fcaa0780c61f4791c5d96da1077efb5

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_056B48C93C4964C2E64C0A8958238656

Filesize
434B

MD5
6f5db1d33c91c8787dc527fb4319cded

SHA1
735d113a9b0d3555afbbedcc29e785621ec30a2f

SHA256
41a63bf085f8eca7fbed0fe96b1054fa30c229830f01ffdf0de6e0d8419e7c05

SHA512
104a433f9cb8f98c2ce87f3da1cd8f4bc2a490e66567c0d2cb5c5f16bc74ffa48566a7757e9bc88a2f55c559b66bf7117442b83fe652208ae871f986c02b5f73

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

Filesize
458B

MD5
0a68b6ac55a89c693435ead14793892e

SHA1
5f9b051c9c4bd91a222855156b79cfbf9d35596e

SHA256
8c8bb8c133d629ca84b77015d19d474113b08afca556ed381504874007cab473

SHA512
be448b8491e02452b7ba25829a40ecff0687075e0c7a11fcdf0a187c2676e175fd5a06ec580163c1e1606272b996e5afd047d0e8da024e21a39396d9e279075e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

Filesize
432B

MD5
3d882f6dab6427c6de23e152bef3267c

SHA1
7b350183abf6da62a7735a14f27b5049d90c10ba

SHA256
6cf6d1bd2207ccad619e0e513b6e9296554e57291452fb8abac6ad7bc15956bc

SHA512
dd44b47d5b9ea52f36f72f47c4762689a48ab2880c258fc91833f7d5520acd8b67ba0bdd42fd5e5eae7136bab7e61e1f823c0911159875a9f8ce20afd1d95944

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F53EB4E574DE32C870452087D92DBEBB_B859DF36A9678542B4E2912B82658BC5

Filesize
456B

MD5
34b0080d97d49f03ee2d30f0892e9198

SHA1
9fbb6c42e39c171fdb93d60404cda4986dbecdfd

SHA256
c4490ad2a62b4cd8d8ad29c9712bee6ed7bd735b4f6f85aa24bf1fb200a4fa4c

SHA512
0778f0065b2beffb6a46cee09b48ef281e4fbab00233b86a62c1a4f3f86cad340b16c76fe6dccf5537270de32b714fe463256bd7b852ba8a57216bf0355eb010

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\F12\console\settings.json

Filesize
3B

MD5
ecaa88f7fa0bf610a5a26cf545dcd3aa

SHA1
57218c316b6921e2cd61027a2387edc31a2d9471

SHA256
f1945cd6c19e56b3c1c78943ef5ec18116907a4ca1efc40a57d48ab1db7adfc5

SHA512
37c783b80b1d458b89e712c2dfe2777050eff0aefc9f6d8beedee77807d9aeb2e27d14815cf4f0229b1d36c186bb5f2b5ef55e632b108cc41e9fb964c39b42a5

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\F12\debugger\settings.json

Filesize
324B

MD5
9b2ea9b07aab2f1c47c212f88bcf44f4

SHA1
c0418d6d6fec1836d6283dbe8ff12f672bc9f193

SHA256
5e0064e501c49add71b2ffe7e31a5c7e83b8c747c5651377a1452f4c09417b53

SHA512
23458912179b902153dc979a4c1232ed06232dbb22cf37d43887b8d7ec5fdf10217798ef9720f7ee99ce495eeb8810a762a5dfe0702120c08ad653e6d05aeeff

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\F12\dom\settings.json

Filesize
83B

MD5
6914b6dc12877946790111e7902e27a8

SHA1
df08fe775d73da76475f3c8363eb408f7adfe189

SHA256
800dbc882ba3ce4b2696011cfd69428f76710e38ae024ae4f5862240574044b4

SHA512
1fae08070a22461f2e796d298fdfdf65abe346de3e5ce37344ca4acc89ad5df9aff8a5ecd28a6d69e4696f5decedd5062e969a22ac35c4a23cff80cc856885ed

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\F12\emulation\devices.json

Filesize
5KB

MD5
1fdc58ab496c38a39005e97e69c297bc

SHA1
45b639e6c6ac1e26ce0260adb7d7d1fdff8b3030

SHA256
fa4c690917b77e0b986e5791f0c71a9a3dccdb72910fa2dab8940ee1de524e96

SHA512
27afa644efe90cf7a13808a71679ee7a1b54436f77c49b0fe26d5cb3ba328c49f032e6e1c583af0e21e4fa18665aa55d9e781c11677e1bb8812c12812894a066

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\F12\emulation\settings.json

Filesize
262B

MD5
6790a6397925bebec7a6d6ed3415a1cf

SHA1
5f23d65bf6fd28e9754573c3c4cf113c7422dbc6

SHA256
ef79a8492aef6118596b130ebf36e8ed4ca79cdabf8dbc457e49c22cdcd22ca9

SHA512
be4627a472963719caa86d41dadca70bd77ca54da7c6349b817bda3b395fecd0c4ecacaa85cf7a3288d5575980f0b75e39f436fd9b6429bcaa132d09c2d9154f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\F12\header\MyCode.json

Filesize
3B

MD5
ecaa88f7fa0bf610a5a26cf545dcd3aa

SHA1
57218c316b6921e2cd61027a2387edc31a2d9471

SHA256
f1945cd6c19e56b3c1c78943ef5ec18116907a4ca1efc40a57d48ab1db7adfc5

SHA512
37c783b80b1d458b89e712c2dfe2777050eff0aefc9f6d8beedee77807d9aeb2e27d14815cf4f0229b1d36c186bb5f2b5ef55e632b108cc41e9fb964c39b42a5

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\F12\memoryAnalyzer\settings.json

Filesize
3B

MD5
ecaa88f7fa0bf610a5a26cf545dcd3aa

SHA1
57218c316b6921e2cd61027a2387edc31a2d9471

SHA256
f1945cd6c19e56b3c1c78943ef5ec18116907a4ca1efc40a57d48ab1db7adfc5

SHA512
37c783b80b1d458b89e712c2dfe2777050eff0aefc9f6d8beedee77807d9aeb2e27d14815cf4f0229b1d36c186bb5f2b5ef55e632b108cc41e9fb964c39b42a5

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\F12\network\settings.json

Filesize
3B

MD5
ecaa88f7fa0bf610a5a26cf545dcd3aa

SHA1
57218c316b6921e2cd61027a2387edc31a2d9471

SHA256
f1945cd6c19e56b3c1c78943ef5ec18116907a4ca1efc40a57d48ab1db7adfc5

SHA512
37c783b80b1d458b89e712c2dfe2777050eff0aefc9f6d8beedee77807d9aeb2e27d14815cf4f0229b1d36c186bb5f2b5ef55e632b108cc41e9fb964c39b42a5

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\F12\visualProfiler\settings.json

Filesize
3B

MD5
ecaa88f7fa0bf610a5a26cf545dcd3aa

SHA1
57218c316b6921e2cd61027a2387edc31a2d9471

SHA256
f1945cd6c19e56b3c1c78943ef5ec18116907a4ca1efc40a57d48ab1db7adfc5

SHA512
37c783b80b1d458b89e712c2dfe2777050eff0aefc9f6d8beedee77807d9aeb2e27d14815cf4f0229b1d36c186bb5f2b5ef55e632b108cc41e9fb964c39b42a5

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\Windows\3720402701\2219095117.pri

Filesize
207KB

MD5
e2b88765ee31470114e866d939a8f2c6

SHA1
e0a53b8511186ff308a0507b6304fb16cabd4e1f

SHA256
523e419d2fa2e780239812d36caa37e92f8c3e6a5cd9f18f0d807c593effa45e

SHA512
462e8e6b4e63fc6781b6a9935b332a1dc77bfb88e1de49134f86fd46bd1598d2e842902dd9415a328e325bd7cdee766bd9473f2695acdfa769ffe7ba9ae1953d

Download Submit
C:\Users\Admin\Downloads\system.zip

Filesize
265B

MD5
047c11075244b774b4a848bf08e04f62

SHA1
bae7f2e6336826b855335f4ad119bb7c220e3db3

SHA256
d0e821c53c0b6fb071d0da407ce83b95fab6b531cbabf6bd31e69fbe437b2d7b

SHA512
737ebaf2174eb605b7358343f4b3f0ea5c6eb3881e605063338ac884438b31a3420bce773cade0aec05ac7f559923f5e030bdf3d06aead7583681300343d6125

Download Submit
memory/2240-473-0x0000022355770000-0x0000022355790000-memory.dmp

Filesize
128KB

Download
memory/3896-394-0x000001A2C4C80000-0x000001A2C4C81000-memory.dmp

Filesize
4KB

Download
memory/3896-278-0x000001A2BE620000-0x000001A2BE630000-memory.dmp

Filesize
64KB

Download
memory/3896-296-0x000001A2BEE80000-0x000001A2BEE90000-memory.dmp

Filesize
64KB

Download
memory/3896-315-0x000001A2BE790000-0x000001A2BE791000-memory.dmp

Filesize
4KB

Download
memory/3896-317-0x000001A2BE7D0000-0x000001A2BE7D2000-memory.dmp

Filesize
8KB

Download
memory/3896-319-0x000001A2BEE20000-0x000001A2BEE22000-memory.dmp

Filesize
8KB

Download
memory/3896-320-0x000001A2C3170000-0x000001A2C3172000-memory.dmp

Filesize
8KB

Download
memory/3896-395-0x000001A2C4C90000-0x000001A2C4C91000-memory.dmp

Filesize
4KB

Download
memory/3924-629-0x000001DFAA570000-0x000001DFAA590000-memory.dmp

Filesize
128KB

Download
memory/3924-371-0x000001DFA9D90000-0x000001DFA9D92000-memory.dmp

Filesize
8KB

Download
memory/4164-340-0x000001E613BF0000-0x000001E613BF2000-memory.dmp

Filesize
8KB

Download
memory/4164-342-0x000001E613CB0000-0x000001E613CB2000-memory.dmp

Filesize
8KB

Download
memory/4164-338-0x000001E613BD0000-0x000001E613BD2000-memory.dmp

Filesize
8KB

Download
memory/5796-856-0x00000259F9C80000-0x00000259F9CA0000-memory.dmp

Filesize
128KB

Download
memory/5796-688-0x00000259D0460000-0x00000259D0480000-memory.dmp

Filesize
128KB

Download
memory/5796-599-0x00000259BF3D0000-0x00000259BF4D0000-memory.dmp

Filesize
1024KB

Download
memory/5796-807-0x00000259F5B60000-0x00000259F5B80000-memory.dmp

Filesize
128KB

Download
memory/5796-815-0x00000259F6320000-0x00000259F6420000-memory.dmp

Filesize
1024KB

Download
memory/5796-781-0x00000259F6480000-0x00000259F6580000-memory.dmp

Filesize
1024KB

Download
memory/5796-760-0x00000259E4D90000-0x00000259E4E90000-memory.dmp

Filesize
1024KB

Download
memory/5796-617-0x00000259E0690000-0x00000259E0790000-memory.dmp

Filesize
1024KB

Download
memory/5796-826-0x00000259F7D80000-0x00000259F7DA0000-memory.dmp

Filesize
128KB

Download
memory/5796-842-0x00000259F8350000-0x00000259F8450000-memory.dmp

Filesize
1024KB

Download
memory/5796-845-0x00000259F6F20000-0x00000259F6F40000-memory.dmp

Filesize
128KB

Download
memory/5796-843-0x00000259F8840000-0x00000259F8940000-memory.dmp

Filesize
1024KB

Download
memory/5796-841-0x00000259F8E00000-0x00000259F8F00000-memory.dmp

Filesize
1024KB

Download
memory/5796-851-0x00000259F9C80000-0x00000259F9CA0000-memory.dmp

Filesize
128KB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads