hxxps://carlosvinosbaettig[.]co/s3[.]amazonaws[.]com-appforest_uf/worddocumentviewgc[.]html?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp/

Analysis

max time kernel
360s
max time network
364s
platform
windows10-2004_x64
resource
win10v2004-20231025-en
resource tags

arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
submitted
23/11/2023, 15:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://carlosvinosbaettig.co/s3.amazonaws.com-appforest_uf/worddocumentviewgc.html?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp/

Score

6^/10

Malware Config

Signatures

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
238	ipinfo.io
239	ipinfo.io

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133452252334198584"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
116	chrome.exe
116	chrome.exe
3380	chrome.exe
3380	chrome.exe
3568	msedge.exe
3568	msedge.exe
4760	msedge.exe
4760	msedge.exe
1676	identity_helper.exe
1676	identity_helper.exe
5296	msedge.exe
5296	msedge.exe
5296	msedge.exe
5296	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe
Token: SeShutdownPrivilege	116	chrome.exe
Token: SeCreatePagefilePrivilege	116	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
116	chrome.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe
4760	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1276	chrome.exe
1092	chrome.exe
4704	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 116 wrote to memory of 4448	116	chrome.exe	86
PID 116 wrote to memory of 4448	116	chrome.exe	86
PID 116 wrote to memory of 4540	116	chrome.exe	88
PID 116 wrote to memory of 4540	116	chrome.exe	88
PID 116 wrote to memory of 4540	116	chrome.exe	88
PID 116 wrote to memory of 4540	116	chrome.exe	88
PID 116 wrote to memory of 4540	116	chrome.exe	88
PID 116 wrote to memory of 4540	116	chrome.exe	88
PID 116 wrote to memory of 4540	116	chrome.exe	88
PID 116 wrote to memory of 4540	116	chrome.exe	88
PID 116 wrote to memory of 4540	116	chrome.exe	88
PID 116 wrote to memory of 4540	116	chrome.exe	88
PID 116 wrote to memory of 4540	116	chrome.exe	88
PID 116 wrote to memory of 4540	116	chrome.exe	88
PID 116 wrote to memory of 4540	116	chrome.exe	88
PID 116 wrote to memory of 4540	116	chrome.exe	88
PID 116 wrote to memory of 4540	116	chrome.exe	88
PID 116 wrote to memory of 4540	116	chrome.exe	88
PID 116 wrote to memory of 4540	116	chrome.exe	88
PID 116 wrote to memory of 4540	116	chrome.exe	88
PID 116 wrote to memory of 4540	116	chrome.exe	88
PID 116 wrote to memory of 4540	116	chrome.exe	88
PID 116 wrote to memory of 4540	116	chrome.exe	88
PID 116 wrote to memory of 4540	116	chrome.exe	88
PID 116 wrote to memory of 4540	116	chrome.exe	88
PID 116 wrote to memory of 4540	116	chrome.exe	88
PID 116 wrote to memory of 4540	116	chrome.exe	88
PID 116 wrote to memory of 4540	116	chrome.exe	88
PID 116 wrote to memory of 4540	116	chrome.exe	88
PID 116 wrote to memory of 4540	116	chrome.exe	88
PID 116 wrote to memory of 4540	116	chrome.exe	88
PID 116 wrote to memory of 4540	116	chrome.exe	88
PID 116 wrote to memory of 4540	116	chrome.exe	88
PID 116 wrote to memory of 4540	116	chrome.exe	88
PID 116 wrote to memory of 4540	116	chrome.exe	88
PID 116 wrote to memory of 4540	116	chrome.exe	88
PID 116 wrote to memory of 4540	116	chrome.exe	88
PID 116 wrote to memory of 4540	116	chrome.exe	88
PID 116 wrote to memory of 4540	116	chrome.exe	88
PID 116 wrote to memory of 4540	116	chrome.exe	88
PID 116 wrote to memory of 1660	116	chrome.exe	90
PID 116 wrote to memory of 1660	116	chrome.exe	90
PID 116 wrote to memory of 1088	116	chrome.exe	89
PID 116 wrote to memory of 1088	116	chrome.exe	89
PID 116 wrote to memory of 1088	116	chrome.exe	89
PID 116 wrote to memory of 1088	116	chrome.exe	89
PID 116 wrote to memory of 1088	116	chrome.exe	89
PID 116 wrote to memory of 1088	116	chrome.exe	89
PID 116 wrote to memory of 1088	116	chrome.exe	89
PID 116 wrote to memory of 1088	116	chrome.exe	89
PID 116 wrote to memory of 1088	116	chrome.exe	89
PID 116 wrote to memory of 1088	116	chrome.exe	89
PID 116 wrote to memory of 1088	116	chrome.exe	89
PID 116 wrote to memory of 1088	116	chrome.exe	89
PID 116 wrote to memory of 1088	116	chrome.exe	89
PID 116 wrote to memory of 1088	116	chrome.exe	89
PID 116 wrote to memory of 1088	116	chrome.exe	89
PID 116 wrote to memory of 1088	116	chrome.exe	89
PID 116 wrote to memory of 1088	116	chrome.exe	89
PID 116 wrote to memory of 1088	116	chrome.exe	89
PID 116 wrote to memory of 1088	116	chrome.exe	89
PID 116 wrote to memory of 1088	116	chrome.exe	89
PID 116 wrote to memory of 1088	116	chrome.exe	89
PID 116 wrote to memory of 1088	116	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://carlosvinosbaettig.co/s3.amazonaws.com-appforest_uf/worddocumentviewgc.html?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9212f9758,0x7ff9212f9768,0x7ff9212f9778
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=1900,i,12040246730099697622,11722726689371130009,131072 /prefetch:2
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1900,i,12040246730099697622,11722726689371130009,131072 /prefetch:8
  2⤵
  PID:1088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1900,i,12040246730099697622,11722726689371130009,131072 /prefetch:8
  2⤵
  PID:1660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2992 --field-trial-handle=1900,i,12040246730099697622,11722726689371130009,131072 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2984 --field-trial-handle=1900,i,12040246730099697622,11722726689371130009,131072 /prefetch:1
  2⤵
  PID:3392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 --field-trial-handle=1900,i,12040246730099697622,11722726689371130009,131072 /prefetch:8
  2⤵
  PID:3920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 --field-trial-handle=1900,i,12040246730099697622,11722726689371130009,131072 /prefetch:8
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5592 --field-trial-handle=1900,i,12040246730099697622,11722726689371130009,131072 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5320 --field-trial-handle=1900,i,12040246730099697622,11722726689371130009,131072 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 --field-trial-handle=1900,i,12040246730099697622,11722726689371130009,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:1276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 --field-trial-handle=1900,i,12040246730099697622,11722726689371130009,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:1092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2644 --field-trial-handle=1900,i,12040246730099697622,11722726689371130009,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:4704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3908 --field-trial-handle=1900,i,12040246730099697622,11722726689371130009,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2788 --field-trial-handle=1900,i,12040246730099697622,11722726689371130009,131072 /prefetch:1
  2⤵
  PID:2604

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Downloads\worddocumentviewgc.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff90fa946f8,0x7ff90fa94708,0x7ff90fa94718
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,18031370765402969928,9579750448859952961,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,18031370765402969928,9579750448859952961,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,18031370765402969928,9579750448859952961,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
  2⤵
  PID:676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,18031370765402969928,9579750448859952961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,18031370765402969928,9579750448859952961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,18031370765402969928,9579750448859952961,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,18031370765402969928,9579750448859952961,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,18031370765402969928,9579750448859952961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,18031370765402969928,9579750448859952961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,18031370765402969928,9579750448859952961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,18031370765402969928,9579750448859952961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:5268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,18031370765402969928,9579750448859952961,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:5276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,18031370765402969928,9579750448859952961,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:5452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,18031370765402969928,9579750448859952961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
  2⤵
  PID:5444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,18031370765402969928,9579750448859952961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,18031370765402969928,9579750448859952961,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5968 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4312

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
df86d7ff06e0826711dd8a57b1773d94

SHA1
a83d2f6d590cf0ba301062d49a8aa38b67cfd64c

SHA256
cd93ff08d74ed9c02a95ceed44437083db518bf9139ff24715fd313f178cfe40

SHA512
7b16eb3954e2a3f3dc2480b495d546f326017b08dc12b89c5066710609092d932d4d895dd2677cad7f6f31f018b359a69f6685a81693fbfbd0d0d91142c89572

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
889fb2c6a71c1ac20837f522de9494e7

SHA1
4e00d0c4ee4e67c7cce2b217b15882dc1e312265

SHA256
561822a14ceea9e1d4721c6351f63f8e3ebf06b54f206f17cf5deaaa9313f288

SHA512
2332d5d4a27fca56e5bea5b79b0d799ac3f0ab3ebcba3797adfe81e07573bf5521e7c216b9a3d9af45ac8b34471ad777e82b60b1af17ce566464de6794ecbcd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c0b8d38778b818b4c9d01b209901168c

SHA1
18a3933f140cf3532f2e49e6a630c0c94e60233f

SHA256
a49cbcc5fc5d50a00a379787799f637640c64b5fc54a20ce812bfe424eeaa046

SHA512
fd8c04d6748e58a44fd08dc3516fb88598040b5be513c892d5de27bcc3639a91afa6828b7727e46386250313e3b1be2fef747b3ca767237576303e9068723406

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
9016faed2af9dc334c19ec711c9edd46

SHA1
573513886c25c677c8d54910d27e8900a76bf51a

SHA256
713344e21ccc6044b61dbab0d94e4c734d84373ccde04f8e6102c1a3ec4c788c

SHA512
72989e7b3b89f69a904bf59661201900234ee2722d42ea7d11915c41d2613e0f81e5af937e4201add291b4ca18d7b8293e5e8e95f9ccd95da4f36d9a315386b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cabb7572021cb8a72bf969f70f8fb415

SHA1
cf308e0e2229811d6580589b82faa42c5074e157

SHA256
707c9c4b76bd74466015562e4ca3f86e0192cfc2e331d742090501d818d49c4e

SHA512
1212e49aca02ec617a96f71ef070cf2ec26f031e40397d82588a249531b7a1e4ac6bdfe753cadf38a9f09106de1c6f57843f3500660f91112a905b6846d51e17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7a725f84affd936d456ce8b2293d65b8

SHA1
c7c93eafa60125a379778688e31a4cdd50ed79e2

SHA256
d20bd7d63fb4b0ee3f439c1c015610386ba8363181f1430f62afa5748390e0df

SHA512
bef708d0742514584ae5d9870307f21659e990b61ce71df62b2e3e07b14751d333e1cfdf838c40881aa61427e8387ff032a15bd56e25e63b40f3b9f7ad0215ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8319335edf8b30d8ccce22ec9beb532e

SHA1
15227c7761ca0674c021047e6cf031f879e6d05c

SHA256
998079220cfc03a70b970cbacaa2fc5dcc88388048383ed5570a0f6f6d8a5f50

SHA512
8a39dce55eacfa0d0f83a90aba130ac46d8824df16da94843220f289d7dbdca8c179e2ddfac3f5b012774252ed37c68d03c31bb65c06b4a19d698bfbc458fd70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0999f9aa4045fc7902be7a10197ab42d

SHA1
035e19038fe10e315c455df4d7ea04638a14b13a

SHA256
c5f54cc233bdf2dc247c0ed2368165558c80207cc57ab9c88907e699f8b4b9cf

SHA512
992612af3bd88ff829c37711dd06537d2b5e24561d13739572209e614ce17a69fe1165bcd51ecdf205dae6754bc0e3966dd31ece13295a03ec0b1086516d9145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
32f6c0764186637d7f2b903678c6c730

SHA1
5dca1dcf1df1d6c7128be9e731161e0de5e02ecf

SHA256
887f9ebbcbb1013f0dbb9e283d1aa90eb45ae026df545c219c5b128a8eb900bf

SHA512
ec7d690a2ce962d19d1faa7a28e12cfb7058364098e9d3230df59dd7e1d854952c53494df9f1915c76a37c1a913e3d3f2c417b6ece8da7513efc8fca281e9caf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cd8f8d004a0313395b05069bd2aaa571

SHA1
43dff69705b49ffe6cc867b4b0f9d1db8943f370

SHA256
7a57838aa6b7b1b58e918862b187dff61ea9f7bc672d44df7d1f5af473d2928e

SHA512
2e7fe5923bde3222b7b92d1e788f44cb14911b56007410274bd9dac685fd3029b4b92e7d844fd10026e1562b6b49eb3d43ddd6c7e04e7f4e998dee4ac4b03e48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ac3458a5ca666382764cf5ccaf62d96c

SHA1
74c4215285bc0576374aee3f8f32ca87e4f77241

SHA256
d1a0180571e4208a439759d2211cadc0ee4f5d08533504095df17540e19965b1

SHA512
1611b6e96a530a818101d024fd171944fbf3ee6b0baad71b64df9e874d7ede413c3d9ea1a0848151c518ab24efefc15197585530ff38e1903c7e9ffc84b2012c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e6b631fef9f217683089d0db3025c93d

SHA1
e547539424f70f0c9dda8cb4102e7114b9f8e761

SHA256
da88c881975e36e362c997cd875382fac6bbd4123935e0df616496b6d3ea6302

SHA512
8abc97710dd652167b89b914f45b472e4e4af50c8ac27402cda95c51d7b9858ca33ab71264515d52151d1536c3cb00008a4046d12aa5aff1d71375435433f0a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
215KB

MD5
8019c0639d2f43052d2975f0b93f5d53

SHA1
e282bc0d99c6b5b23dd935d3661e0bc50035fbe7

SHA256
4d65a9d19cae449dce9b8a44864cd91fe0f4e0c6e8e4288df15dbdc3c483d006

SHA512
9234cef0f8d62b4cf5ea951fe5eeaafccea80f07ce9b41f84755711587aa4783376d7b8e7695eef84fe3385757d8a6af5f1244c9b397a516640b0986f565557c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
215KB

MD5
1d1473690bde8c9ac03128bb900dc30a

SHA1
aa6f41acdc38150fbf3eb0d3af4a8345f457fe83

SHA256
ee9a5c2b59fd53ea803b2f1ec90dadbd3b596a49a54b864010dfbb58b3d68a9c

SHA512
b9633a7c8917a7848d65551af8e9da120e68b3e6ef56c2d1ab33f7e5f309fa4a29ca04e741ef5f718966c30efd90920650154d37ed0d13ec628e63232f614614

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aed593b08b94f34dd8f68fd369652ac2

SHA1
3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95

SHA256
5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7

SHA512
16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
29KB

MD5
6d973c8b7e2439d958e09c0a1ab9fe50

SHA1
05ae0830200c20b9a2dfd5a825adc400481a60fb

SHA256
f3c122dc227e829ed96b2a754296809201bd78abbad7ba50ef5079654e1cc894

SHA512
058982fecc0a8c10f16fcd8f42a3d25bb6da2c8786d4232bce76640b550b7624395c4dc679507f369eb19101c479700c26d459f232319213647e56385d2c011c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
23KB

MD5
373c5bfde8dab5190258ba2bb62c1d12

SHA1
e751ec33fcacb7466e2a371b54863a474f157614

SHA256
c28013b8a76e02e213229da7de13ef50af6ec6a40237d908baeb12f4a00a084c

SHA512
13be9013dbc5711f1009b412a8d1470e8c2624990ceee0356e4b65d04acdfd6237e115cce7347af7e5a37fa7c9093201934f6f8975159c7f9f03f90806680939

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
25KB

MD5
976ffd2914ed13087c124894bcba1634

SHA1
ab2bf2087e5bbd0d0e4be08d4cd213c3767361eb

SHA256
c593a68d1152e375e034eca9c2e97f433db3f70fe20bcbee5e1b09376bdc5899

SHA512
9b9673f5b40e7c7a619257b5443d69e899d7aa1cb24ea500343be62b85a06ab45f0241a8a1984e65b76cca5029bac9f6dd70ad9d04aaff6862eceb591612e67f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
26KB

MD5
f237ae2f479112e412386fb2f4668f44

SHA1
af71c99480c621ae54425ae448c7cdd732388756

SHA256
b2f3d79f0bb5590897600fe167d894e318e43542dadeb8ca7b6fcc0f1db8dff5

SHA512
3ac74b2733d1e7c922a7b68ae157b233b512b116d6fe6067ffc5c5c26f47095617467cb7e007a2d96ee9fd09815e87754bdcc2e27de4d6709ec7381efbd3f3c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
42KB

MD5
7ce5cb77b48a40aa50637bb9ce5c5d7b

SHA1
e9c65571392aca320b5132f6cbd58891742d8edc

SHA256
622ed8eb5ac1a7ec41c76282b1cce47845e4c414bfc59049b5ed1500c6ba8156

SHA512
6b9841f06e4736997b9a5ffd50916b4344bc5c79dcfd6aa127bc547013c248d17de8c2747b9c68e7e7b27749a9970ec3f584e532f34456618312eaa03ac5e93d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
39KB

MD5
568cc44374469da42002056a8d18bd20

SHA1
ad89259931f14b9d49214fe6da6321e2bdadc89f

SHA256
c39e2249942c842924c22735588dc703bd738ea310d318c5caa4027146d5777b

SHA512
dccc69ea08f26cbef4fd61900d1b86ecede1a151957e6e48e66cea6392c7a567ffe1a96aae48fc6d17d53e570cbbc46301a1b7a155294301e3d62c1ffe06988c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
78KB

MD5
d2059da6c7517c524ee4e225c6df5dae

SHA1
38227f09c81259c46af2567eccc1562baa4f689b

SHA256
2d5c7d764aeefb99f48f69e6fbf0fd35320c836a88c9446da5ff458a7079db44

SHA512
d93dd917d2fc42e8212899c8b3f90c247dc7b36978f2f248a3afd3db14daddd953dcba14ad46b8b2754a29e9267030b8e9a10bf7b69c948d6a8784be95a894c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ab538cca7aa677c3563522ff5170aaaf

SHA1
01893ef40dee9bc09ee92335bc5a0fd7f4ca2fae

SHA256
9844a31d1a355bc5b12eb3bb21a1076fd2948730b7043c4b8d1204cb713d68bd

SHA512
b2b3fbeaeb96acc5370eb9cb44666ab429f3e7ae4d1930906dacd6e4812a929ec4a324ba8182ca3c9b1eab7acd969a962b034d7f9bf1d39128b6f35d38a166a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
989B

MD5
7dca5c102e37d3b729f67a1dede747a4

SHA1
3296b5e747120867baaa46ab897ef9242124b832

SHA256
cafd7270ae7f06e6d3157658a77d51cd4aa71e86ca0c7b0dd6378eb4ee4916fc

SHA512
a50d70d30dc8bdcd20a2c6ee3f5f22fe0cb7e9bab7994f0113d3fa517e900d69624f6eb3e5cb4a811339c0d0e023fe87d4b1699e5711794d1c4cb6d60640dfec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
675e6cac90e5b016ac4cd766737de31a

SHA1
24454f2d5acfff0d3e0de372532cc01db2f5884b

SHA256
2b3cdad27adc502f1617219154723a0c071de721807c9c1fe8ccfac63123e076

SHA512
44de744cf4acdb9f3143bd6ce76901ff6fecdc3df27a81283f4b91165dc4f8427067ccafe84c8fd0f19e72df246bf8a7a243673d0eedfce73542eba3fd94988a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
8a90efec9848e856280292fda1c3bac7

SHA1
dc0c46ce44b390be123179fcc2606662027334bc

SHA256
709a450b19e0c00782c3c0cfb7a36c41933d97d5496e1abb42a3bfa1aeb4b7c2

SHA512
9aebd912a376e18c686774d44c37cd93bd30ba242d66ea14e3d7d5dab4ae68d8750dbdf5df1ad9373e16000f9813bdac441c154e8acd07ad47b06be2bedb0ca4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
669b2a1caa5eb9b44929ba77514bcb34

SHA1
67aa4cd8e1679f8696560b8590f809de2d3655e8

SHA256
4f260469603fa5106c905aa8a5e8d91eae804173a343f232f54d6e724da82803

SHA512
08838af279da92e95986f2786a4ef38b327d95666dae702bb700683fa213707cd4ec7b869abf67fd40890da852f0cc2d0fefca20cc65d8df844b3f92c639957f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7c1304513b94c3b3f26cfd57bf768ca8

SHA1
c11d53827e1db355b2ecf19d81b97bc6d6255b4b

SHA256
1ab37cdbb69a34362550cf2449b5705bf1d2ba462c8593cd9f6e112a5342a809

SHA512
331acfc07304a73f90b84567ae106fc6ed87dd41b19d25bd93bb41ecc9079bd2710bd5169305aed0f4e5ff918f4dd8af565347e966ca52851c77cfa641a355c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6a1e4eb999ecd3005e86dde7a193c37b

SHA1
08e9ce0f69e369c6e49278cb94dfe60982fd5dde

SHA256
1b9f3823ba66d128b90223a19191f7fc9b42c4faf2c3039dab1113930a2f7609

SHA512
239fecee9c468a96957658a259ffb3b475f39c6b9673746e9538342d0ec1d075ad1a8fed21faa15ba23217ddaf7f7d9e92484f126e546c8ead8759416430b637

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5ec2d4241f897e13cec18aae1c241fdb

SHA1
981ef4ea3790e6af2899a908e5633bca6da06d5f

SHA256
aa4710866a6940d2779249633a9e84eaff2fe63ddb44b056b1862d41044f3941

SHA512
4d152e117128840c79b6624e2acea27e27e1816c471580b4f504e4e186c8e1b7f0a1ab035827dd1ab2d53bd28c345583cf04d5b91eb35f9660398944290ed7ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
7217b3792f3c36a38ab40ce3a216add5

SHA1
3fce0179ef3588019eaa7dd4d75b75f42b17b9e7

SHA256
b1c9e0ccc49d7e7d3804833546ba1ec0e668790fd9a39d2f515882b8e6009bd6

SHA512
b11aee22a19f691dd4af8b099f14a97d289e238283519e2398d487c07893fa06ab9b9a525080bef48c71ecf1ec9cff08bfa313b50efb205a5db79e54daa9c64d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e2565e589c9c038c551766400aefc665

SHA1
77893bb0d295c2737e31a3f539572367c946ab27

SHA256
172017da29bce2bfe0c8b4577a9b8e7a97a0585fd85697f51261f39b28877e80

SHA512
5a33ce3d048f2443c5d1aee3922693decc19c4d172aff0b059b31af3b56aa5e413902f9a9634e5ee874b046ae63a0531985b0361467b62e977dcff7fc9913c4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
a7103fff35f804b5d8ab90b7adb0aa63

SHA1
b392d7c5915cb992aa3dc72ef38cd3be04a4b352

SHA256
76fb15215d81f5205abfbe094cd21076b32fd2485397db3c75d40f5559555f8b

SHA512
aa4558247657c10fddb8c3fefe56210a510bda1fb0057add5def8210bb755cb38f333209edc7e9ba5e41e3250b8f236421ec77e9d6f567645be8246b49134054

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
697B

MD5
4d67704461edafa9f9dfaa2ff1833a2e

SHA1
f7f40f7796416b2da0659f9646cc343a20e4454c

SHA256
9a178eb23d4c4ad57471ac6d1bb685a86c331b12bd0189a2cdbe42c011e229b1

SHA512
a73f270624e098e5f4b691583802ca8175ef2ebb41c17e1b04f04c7d967226a4677389dbc5382e95e1f9caf578dbcaddd362fed55ae27ea6f9bd3e3dd3973adf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
864B

MD5
8960d0cab55c2bb56e91f16d429a360f

SHA1
55f3d5f523e3ab03fc48c0cf472785cb785c2991

SHA256
4d1f3b3629787705c6b93a350dbd88cd8e022ddde12e4782e09c2540f2ad3800

SHA512
b64b5fcd45f33ebe4ad49528082ddc162d6f0fd474f9c79009ccb6c7c9b5eec9dbe6235dbe7af84788ddd49008018c73a257264e845e60d3f673f1f1be6bb9f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59e2c5.TMP

Filesize
705B

MD5
ac7173bfdb030afa2eb99407dcd1a8c7

SHA1
33796d4108db5fa71aa46774e863e2984562a2ee

SHA256
62ddde8317e020ed0213ecd19c3c8bf39259955de0e8a6ff8bbc7afd1ad32505

SHA512
bbc24de8f57f8505f664f29bcdddd424aec213f5521167910517f531c8ebfce3cfff544734d3b5c5166ae14a2b51ac9abe452c015090bb733c0a25c5affc58a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
14bf382f735ea1caebfaba209bab1ad9

SHA1
8fda81c8ff1efb46dc20ba7e199b422306c0ed82

SHA256
aa479148b9bdb61e7d3faea07d03a79e5f3be1d95bed86de5e3975f6aaddc084

SHA512
86dae1f8b48f60c03899e1d5484873b63a1b803b4beaa261c427ac51ffa8d8d2250cc59ee0064f5343290a534b346c368223cd578dfaefa2d0fb4894973e76b7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\worddocumentviewgc.html

Filesize
237KB

MD5
de21ef4049fde84e024124a65b49dbc7

SHA1
c2b759c4ec6b140f84fef14c241caa4deb250693

SHA256
07ab94644b1e821db79e223feb92640b6bc8ef525eebd5ec228d65ef29225d1e

SHA512
e81b92e2d96199928e32fb01e6848cbe7bb8b08e0139391b443d05ab4ff5a8b5b18a84939c3a2c2755fb1ec5198729a5bca0146d98499db470ba0ccfa37ee186

Download Submit