hxxps://github[.]com/chronosmiki/RANSOMWARE-WANNACRY-2[.]0

Resubmissions

10-05-2024 17:50

240510-wexf9scg87 1

10-05-2024 17:47

240510-wc9c2she9v 1

Analysis

max time kernel
150s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
10-05-2024 17:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/chronosmiki/RANSOMWARE-WANNACRY-2.0

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 8 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exechrome.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133598369279698770"	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exechrome.exe

pid	process
4636	msedge.exe
4636	msedge.exe
4880	msedge.exe
4880	msedge.exe
3696	msedge.exe
3696	msedge.exe
2864	identity_helper.exe
2864	identity_helper.exe
4492	chrome.exe
4492	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

Processes:

msedge.exechrome.exe

pid	process
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exechrome.exe

pid	process
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe

Suspicious use of SendNotifyMessage 36 IoCs

Processes:

msedge.exechrome.exe

pid	process
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4880 wrote to memory of 908	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 908	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1844	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1844	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1844	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1844	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1844	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1844	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1844	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1844	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1844	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1844	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1844	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1844	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1844	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1844	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1844	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1844	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1844	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1844	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1844	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1844	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1844	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1844	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1844	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1844	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1844	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1844	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1844	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1844	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1844	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1844	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1844	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1844	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1844	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1844	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1844	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1844	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1844	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1844	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1844	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1844	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 4636	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 4636	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1788	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1788	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1788	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1788	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1788	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1788	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1788	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1788	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1788	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1788	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1788	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1788	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1788	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1788	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1788	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1788	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1788	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1788	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1788	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1788	4880	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/chronosmiki/RANSOMWARE-WANNACRY-2.0
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe07e33cb8,0x7ffe07e33cc8,0x7ffe07e33cd8
2⤵
PID:908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,454588851565417197,10566746238346326972,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
2⤵
PID:1844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,454588851565417197,10566746238346326972,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,454588851565417197,10566746238346326972,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2516 /prefetch:8
2⤵
PID:1788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,454588851565417197,10566746238346326972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
2⤵
PID:1124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,454588851565417197,10566746238346326972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
2⤵
PID:580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,454588851565417197,10566746238346326972,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3696

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,454588851565417197,10566746238346326972,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,454588851565417197,10566746238346326972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
2⤵
PID:3636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,454588851565417197,10566746238346326972,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1
2⤵
PID:4832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,454588851565417197,10566746238346326972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
2⤵
PID:1932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,454588851565417197,10566746238346326972,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
2⤵
PID:2104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,454588851565417197,10566746238346326972,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3704 /prefetch:1
2⤵
PID:1380

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4872

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe07bfab58,0x7ffe07bfab68,0x7ffe07bfab78
2⤵
PID:1596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1516 --field-trial-handle=1784,i,12142729929035203037,10441482259295435834,131072 /prefetch:2
2⤵
PID:956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1784,i,12142729929035203037,10441482259295435834,131072 /prefetch:8
2⤵
PID:2104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2204 --field-trial-handle=1784,i,12142729929035203037,10441482259295435834,131072 /prefetch:8
2⤵
PID:4064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1784,i,12142729929035203037,10441482259295435834,131072 /prefetch:1
2⤵
PID:3932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3132 --field-trial-handle=1784,i,12142729929035203037,10441482259295435834,131072 /prefetch:1
2⤵
PID:3784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4192 --field-trial-handle=1784,i,12142729929035203037,10441482259295435834,131072 /prefetch:1
2⤵
PID:1184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3828 --field-trial-handle=1784,i,12142729929035203037,10441482259295435834,131072 /prefetch:8
2⤵
PID:2236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4572 --field-trial-handle=1784,i,12142729929035203037,10441482259295435834,131072 /prefetch:8
2⤵
PID:3296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4568 --field-trial-handle=1784,i,12142729929035203037,10441482259295435834,131072 /prefetch:8
2⤵
PID:1672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4532 --field-trial-handle=1784,i,12142729929035203037,10441482259295435834,131072 /prefetch:8
2⤵
PID:4748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4400 --field-trial-handle=1784,i,12142729929035203037,10441482259295435834,131072 /prefetch:8
2⤵
PID:2388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4568 --field-trial-handle=1784,i,12142729929035203037,10441482259295435834,131072 /prefetch:8
2⤵
PID:2164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4472 --field-trial-handle=1784,i,12142729929035203037,10441482259295435834,131072 /prefetch:1
2⤵
PID:976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4860 --field-trial-handle=1784,i,12142729929035203037,10441482259295435834,131072 /prefetch:1
2⤵
PID:1880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
PID:3636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe07bfab58,0x7ffe07bfab68,0x7ffe07bfab78
2⤵
PID:4832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 --field-trial-handle=1576,i,12538937773852009410,7593629158885457976,131072 /prefetch:2
2⤵
PID:2632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2020 --field-trial-handle=1576,i,12538937773852009410,7593629158885457976,131072 /prefetch:8
2⤵
PID:824

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1044

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
fe0564e60bca98f07f3cbaf8ac77999e

SHA1
bd3c7c933500606e6777f58304fff8e771da4c96

SHA256
755a85b01ce80f82a2613f69f59eaf79b3d8529beef6cd7d56bce885ae424554

SHA512
c200c9e3725af83aef01b361a3cf2f9b6fa477fdd8602504a9f42069bbc4af0d146ce85a6c61599aff8a10eeccbfcb42c0dc39d7e038a758afb0bec5b91d62b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
589ed2f31f34806942b49914f9bce3f9

SHA1
806d5ab7a76b8d590a9f26664859cd0ef4bae8ce

SHA256
e235b95d77d6394a6cbbd5e9796bb9d8af906ea0483bbf4575cfc798689c205a

SHA512
4ee845fc56b67b348668b1da7cfade0b4e58c2b6f4c5272403acb4a54dd7686d7ae95af1c0e51afbdf292622fe4d2c996ff923965a9f1c8ab72c02ad8827c82e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
695cc37454e29025e67f81e8beb0ca99

SHA1
ba894e8fc86a36bf488177df8e7b52617af2a4fe

SHA256
32d2dd6acca933c098d957d9acf55181d470301ddada4488ddbf86dfa0084691

SHA512
d6b3ddbec6d9a6790614f40b2fde7a318ec13808d0359a4b3c7f5c8ce975a7ea80da4a1dcdd1b15a72d9f2672c6ef781e8f9d23a1fc575913ed6dd8e44addbbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
0a6a10a5095ae2084f20dce4df6e71fc

SHA1
01786df5d493cf73eedccdc72022f3a14cff3a25

SHA256
2afa4745fb7fa5e34efa1e5eaaeaa7c1b79b74288adc60d99a585c91f8677fdf

SHA512
ccbb561eefbcc4b1eecbfdd4b67ca4e6da877d7c1dabc4a8d9c70c5233226636719631648e0e17e81d66a174327220aad9351f3119f959fbc3b52fe638ceb6c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
a1d9de24ab02ee6f8e3297eac30ace7d

SHA1
020e202628320f026cea69d4caa7d323055c7210

SHA256
98fde7976a472168a30eae11e4ca0b9c6abc7869c1e25d59d1f8065e595ac8f5

SHA512
b79fd5fb5c7adba4422614b5f80335dbc5a1bd6897ceebb0dc60c268473d7f9b5ae1b187226ab8d787cf87765c79e48ed6b3715b49a31752c119ccb8e94556fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
a3d7cbf66da3230a9ab210ad038024c2

SHA1
00629d6ca465900645e62529be79b97a843ff6f2

SHA256
5b3a054feda0eb1c693f24550b4d0fdb629abe4b762edd9b0aeb705900007364

SHA512
48bdedb7759ceda2191566611c9e5f2c1fefe742290dbc3be7e1d8aba06c263d2744280b6417d7cb61b9699953a9cc4a7843b693f16ce769967fb72f283350b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
44b93251da76bed6c4eb637c7a2f450f

SHA1
be549164547a6842093dce250ca58aff0c44b6d0

SHA256
97af076cd6d3f1c353a560dac1185d6994035b22ef2b367ee0e93b5df85995e8

SHA512
a00582180c662ea947326d8a16a56aa38dac9a185b097fd0e84e868d4f257077b59a763bd1d905c3c796e4645f73bda0a01044c7d31254b750fe7f286c3bea98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7d3c9fd38221a8a3198367afa3beb4d0

SHA1
f85fd7e78b322d8b14a42371ec09ae0f3a5db703

SHA256
24d97793f62866c3d2b44a885a8b0276910c2a605d3f4a390d31d905e5ea2636

SHA512
3461e7dbf51bb69a0a6cf03ae0596a364b53d7a7e98b8b6cc5327d5be238e66c97774f9053dbb3f48331281e0913d3f36c812b769dad20acf2e90fa162899285

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
18fb3e75cda8290e9f3f01f8cb3997c2

SHA1
6d3fd9bfc04b09435c4a627196a7c4e05bcdcc68

SHA256
f35d57d1bd9e4f0670eaabee28218f7a211468e95520c1a74758a12edd95b4c5

SHA512
6b09bb841ad038778eb050c8d9e02cda45f79f1105c70448f3aef74453677c6aeab67cb7bad287f138fd1d512e30231ac2dc18867e481242033c6244bc7771df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
95c38116be46949619e42690c89decd0

SHA1
e2c700fb2d694b0c464de02f85a02a388bdf40de

SHA256
e52ecddd02f590c41a44a947bb9c7fd1b9e8bc1d06532bf905cdabf4efc5d87d

SHA512
d4c72e300a6a970752c6e8003e34ab27ecefac2e1ac3ae0582da20bc97409fdc3e2c86ef66dfd58d572cc0dde196ee82fa4921943855fbb81b9d5d9b4c327aa9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9ee6c7a8212cd1925f3a143074e03696

SHA1
f4d8fa1492994f06ef759701b76318209d7989e4

SHA256
d8ffc8c597b8c64900f6c37e49aea6f3e9733a911a6349eac5400342e012947f

SHA512
4d397ab7b7b8d0af8105413c1b56f11fb25b5ad243b07b775e7ace1ccdb4c0fb4f27bdd18d740c8cc69d028cb8662956af20ed772b35824ac6492ada069c5545

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
3f183337f672004e7f4fdf9175b08f75

SHA1
5f0c41635a8b4028d1bb5432373d4d7d8a1973a5

SHA256
7bba734af76bc6202624d4682eafaf01c1de3c195e4839d80c5bc4a7cf465c32

SHA512
1a07cc1dc9291567c2d7fa1d2e2b4e5c65a922c6c4e16feec8e8ca08e64c41ea4421ff1bef255f4d0ea5db2664c6387756dc89fabd407463a54f606382558372

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
275123f607dc621877261e1e21a204e0

SHA1
bdd4b2dd2ba0badd8c632b75f0bb9dc183a76832

SHA256
e8cfc356e5e5e321c31f6df6c54c302ddd8ac9e9b7c8e1c1761bcf3aba6077f0

SHA512
891b2c744504cc698ed41141ed72173c59decd8867fb2b01d1507b741fa86bd38645bfcb37e29f27498b46b1a75b702b732d83888c1f036acd6baee144bd65df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
64d139851ebc6ad8243ff018816494a4

SHA1
6356343fe73edd25b6dff761d38b2bff8d3d2ce1

SHA256
8b3b9f3d82a5a8c121ed3b1e4bb71d4985ddae71a982b475167dd653a747a0a5

SHA512
a88cb6c161e971bf239fbfe2813ba55a50e51a07dd56992ef7eccaae0e52a48a6c6302810ddd47ac63501a71e1c3cce57ecde8a1c4bbba8eb5b52331f353aaf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
456b47a55efaaa360d821b91f463f246

SHA1
43bba6118ceec8cb05856ab07232c6db9d4a1321

SHA256
051ef9a435983bf20ed4094abad502e0bb1cf02b5e89163bc1a4ef54b87f6de1

SHA512
014c4e60c551b46e8a6594beac15130f9bcc60dd485a64899a0aa2273075dc1fd93e8f4c52d8b2047c6427a65740f549160c372a4547bdb650016808882bd045

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e5008a58-a7bb-4906-948c-20e9587fc1c7.tmp

Filesize
7KB

MD5
c84e892a297d7b5110bff752af070152

SHA1
74687a9822284c165be76fbba3631062d4515cd9

SHA256
b785f87364809d0b92721a48051f521b01bb9fc469af020834823a027329376d

SHA512
d5d4c34b789b03634563b2cfd5a685b4c77dcf4288aa6e64da8d4b413579c3c9f8070665ac00fdda0b6c0ff06def0ec62c81d22a1429a7fa0a6fc683ca45f9e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
e1f3aab24157449bdf21ce03e8e3de92

SHA1
e93d7813cf98b76866e33e41c1cd116d2954dc20

SHA256
a7e36700e67073cbbd96856ee424cfa8d6d7c2ae9736b46069abc7cf5b9d5166

SHA512
1c2a7a66bba6f938ee0c7d6b45fbbadf3427353df141e0a48f79f64554e70707576bfdd844871ae6eb60fc9c8ea98c03d404c569ec5eeb24b92306a819dacb82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
f3361a9d2768ded165ba32ad82eb1c34

SHA1
3ffc5e5a190804108ec0dfcccffbe83175a27800

SHA256
d6ed91b165d41b48ec7960a6efa95c1da66f8f17cd53b064765f296da5cce52a

SHA512
169fb6be2540be88a837531298dcbf24e4b69d2b1ee7b224d7358f056e238ec5fb689056c6aac2268e442c51b1e10d81796c3134af4ffdfc4420ef18461951bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
f732dbed9289177d15e236d0f8f2ddd3

SHA1
53f822af51b014bc3d4b575865d9c3ef0e4debde

SHA256
2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93

SHA512
b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
046d49efac191159051a8b2dea884f79

SHA1
d0cf8dc3bc6a23bf2395940cefcaad1565234a3a

SHA256
00dfb1705076450a45319666801a3a7032fc672675343434cb3d68baccb8e1f7

SHA512
46961e0f0e4d7f82b4417e4aac4434e86f2130e92b492b53a194255bd3bba0855069524cd645f910754d4d2dbf3f1dc467bcc997f01dc6b1d8d6028e2d957236

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d22039bc7833a3a27231b8eb834f70

SHA1
79c4290a2894b0e973d3c4b297fad74ef45607bb

SHA256
402defe561006133623c2a4791b2baf90b92d5708151c2bcac6d02d2771cd3d6

SHA512
c69ee22d8c52a61e59969aa757d58ab4f32492854fc7116975efc7c6174f5d998cc236bbf15bce330d81e39a026b18e29683b6d69c93d21fea6d14e21460a0a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
6a5a97c18ba8bc0ad187e1d5e5246e91

SHA1
b6dce0a06dc872f60e17c13bbd0d5427a2a877cb

SHA256
2e7daafc3dfdc0aa8601aba142ee353b68fbdf456ae6c44aff951f6ea3707fd5

SHA512
bc38b3f04a74af4958c508128cfcff4c32342893410ddd5a07ebe5073f50a4299edcea47b21f7d8c3167aaf885433d79d1ff25ea84c8c26bde438bc23360c6ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
496B

MD5
d22266ba3d8db30279b96944f0cec985

SHA1
44e288cdfe75a5e8299ce32e75dd9e0705cdbac9

SHA256
77873629fa695e434160c86ae9116906ff65a97666d7d35a3ed63221b627c0bf

SHA512
d463aecbdac835dace5544b4267c86c2ed7d3165ba95095db6dfc3a25655f2391fa202a81d37b4a76a36f04456ed86df137302ad0e456fd59ecdfee3c69c6c1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
10fc89c94686282d7ffaab06b202ccc7

SHA1
3414060cc4f4f640ed347028ac387718491c5163

SHA256
34fdbe854c2a8db93e05d3dabcae731c9dce73164592527424d879e3d97c8b70

SHA512
872f920baf4d16d5ca67a8b40e66c185e1c2e43d6ddd01d47d8d7fe25e54080dab9c402fb6d20a52f3f8ceb39ea66e7ad30664b006c54464c0f86f6f49efb2c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f4d540d212ec831b7ad711e946278bec

SHA1
24fb3ba45d60de90fc3f6fe91511abc855f9a6f0

SHA256
fcacfdff130e36905a7fa7b43abad13e3f889fda02db8d7c17cb7f0732b5bf27

SHA512
45a5e01566081f30a95b0e8713f26ed27e59f9c665f6f373795545fe7387fe89500b53f23d917aafb4fa17882e1ebde6498be3c7cec94f2d11f728b61583a13e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0c9fdd71f9cd937dcc57d3c231737585

SHA1
9bef132c901e4effc432f3a74c4cb61723e43559

SHA256
64651f690f1b2ab43385681e70e817f382c06e434ad97d8ad54ea69efe5ee261

SHA512
3fd32b4947715acb2ade64db3820ea344d58b0297ad7f6f38646377a35888f373b8f38cc0e0ad43a38370fd99f8fb3d71103d993f15a7cf991b37acf7f55cd91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
b0319e11a5409c3002072bb09e3d8174

SHA1
bdaa5d114e3b4d4b2386bda8f89666e5ce7f4010

SHA256
68f07b6f2649f95d9fa3d22e4056490addc3b2d34c1144bc2852f320aa3204fd

SHA512
ba2d378fba681547ce843737cfff9bdf50cc0a71b5db6d91b2e713826089c283fa0ec4a3670811a112e007c6c03676f3c58e99a1c6807740a50d429cc1ab3ad8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d764.TMP

Filesize
874B

MD5
15fc97765042944c90df4f6b7fa5a34b

SHA1
a1aa0e8503ff664748278f5856aba90b7cc73fc4

SHA256
af40c5fa14503e4d4cdb74c414c7ad8114daf94d3b36d3c1dad860162c725f51

SHA512
cd4b95ba305046336da01cba0f931d01d3e884ab62572ba48f0f5d07b94b81ff74d5f1b66bb7acc92a0537fc5a33e6108b827aa32e49055b869a60f9eab1105f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ef9675498e7c10473f3804982be0f6a9

SHA1
15d0c0d9b7445e1b2b94cd7a3691d922b86ad1ed

SHA256
5dd48b017a78dd7a0ce22bb5974e2d5639b879d81bbef9b3ec33705de8221ea2

SHA512
4b4d622077d7a5956b2e1fe9fc49a6097e5d71b12f56b0afafdde7767fdb4ae8836ce58d011d8cdbf7b6037c760a5db9f15df37161f94187ada95aeea1d4668a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c741a90edff0fc7fd467f010086b2b4f

SHA1
c8ebdc40d018b06885c460a1c2a5c038212b489a

SHA256
389e67f64974a99089bf0db35930e916c1c6b1d97457f5c81ed1dbe7ced848d9

SHA512
b87f58bf939827f25def9037208585c2881a8f2087469b66e6f49af50bf99ada9631473f4e02ca9fdbf8cbe498bcbe1944d849100af25e86ff2d3ba57ff70074

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
321e724b4fc976fbe3b173e9fe1cd5c8

SHA1
26d6da06611e85330ed170e9b3f0153464a9a333

SHA256
143d021346f8d9f3e95fbf177913b1a934ce000546dee415acfeec0b83bfbefb

SHA512
36e10a118282e8bde197dcb687940328ddb586905050074c79792b7d0a76fe28bf70151191aec752b5c870ec473d98a01892c946c5823a8cda07ebd66b2b419b

Download Submit
\??\pipe\LOCAL\crashpad_4880_TRAEDCSYDKWYOTYG

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit