5aa6b72f45d93c3a3fba72562b48c1aac699ffb3bcc34e0367f78a2c59c28e2f

Analysis

max time kernel
256s
max time network
238s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
22-05-2024 14:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

spam.txt
Size

86B
MD5

8aff6eef359d11a1a6bfbbd77a59fc3a
SHA1

32735e0d894ddcf8bf7f86ce595859be97d6509e
SHA256

7725a3735da0026d74d202075fad3af35aaf7c870be3ea765b7d524641960114
SHA512

d1d196b4ea27fae93d1b53f143378b6202515804cd4c070e5f4a6bab71dde173d74674188543be306148e6ee1c68f1a80618ae68b32661f296f222767e2ab16e

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133608604185967557"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings	cmd.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
4024	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
2144	msedge.exe
2144	msedge.exe
1984	msedge.exe
1984	msedge.exe
1456	msedge.exe
1456	msedge.exe
3528	identity_helper.exe
3528	identity_helper.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
908	chrome.exe
908	chrome.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
676	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeCreatePagefilePrivilege	3068	chrome.exe

Suspicious use of FindShellTrayWindow 60 IoCs

pid	Process
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3432 wrote to memory of 4024	3432	cmd.exe	81
PID 3432 wrote to memory of 4024	3432	cmd.exe	81
PID 1984 wrote to memory of 964	1984	msedge.exe	86
PID 1984 wrote to memory of 964	1984	msedge.exe	86
PID 1984 wrote to memory of 3456	1984	msedge.exe	87
PID 1984 wrote to memory of 3456	1984	msedge.exe	87
PID 1984 wrote to memory of 3456	1984	msedge.exe	87
PID 1984 wrote to memory of 3456	1984	msedge.exe	87
PID 1984 wrote to memory of 3456	1984	msedge.exe	87
PID 1984 wrote to memory of 3456	1984	msedge.exe	87
PID 1984 wrote to memory of 3456	1984	msedge.exe	87
PID 1984 wrote to memory of 3456	1984	msedge.exe	87
PID 1984 wrote to memory of 3456	1984	msedge.exe	87
PID 1984 wrote to memory of 3456	1984	msedge.exe	87
PID 1984 wrote to memory of 3456	1984	msedge.exe	87
PID 1984 wrote to memory of 3456	1984	msedge.exe	87
PID 1984 wrote to memory of 3456	1984	msedge.exe	87
PID 1984 wrote to memory of 3456	1984	msedge.exe	87
PID 1984 wrote to memory of 3456	1984	msedge.exe	87
PID 1984 wrote to memory of 3456	1984	msedge.exe	87
PID 1984 wrote to memory of 3456	1984	msedge.exe	87
PID 1984 wrote to memory of 3456	1984	msedge.exe	87
PID 1984 wrote to memory of 3456	1984	msedge.exe	87
PID 1984 wrote to memory of 3456	1984	msedge.exe	87
PID 1984 wrote to memory of 3456	1984	msedge.exe	87
PID 1984 wrote to memory of 3456	1984	msedge.exe	87
PID 1984 wrote to memory of 3456	1984	msedge.exe	87
PID 1984 wrote to memory of 3456	1984	msedge.exe	87
PID 1984 wrote to memory of 3456	1984	msedge.exe	87
PID 1984 wrote to memory of 3456	1984	msedge.exe	87
PID 1984 wrote to memory of 3456	1984	msedge.exe	87
PID 1984 wrote to memory of 3456	1984	msedge.exe	87
PID 1984 wrote to memory of 3456	1984	msedge.exe	87
PID 1984 wrote to memory of 3456	1984	msedge.exe	87
PID 1984 wrote to memory of 3456	1984	msedge.exe	87
PID 1984 wrote to memory of 3456	1984	msedge.exe	87
PID 1984 wrote to memory of 3456	1984	msedge.exe	87
PID 1984 wrote to memory of 3456	1984	msedge.exe	87
PID 1984 wrote to memory of 3456	1984	msedge.exe	87
PID 1984 wrote to memory of 3456	1984	msedge.exe	87
PID 1984 wrote to memory of 3456	1984	msedge.exe	87
PID 1984 wrote to memory of 3456	1984	msedge.exe	87
PID 1984 wrote to memory of 3456	1984	msedge.exe	87
PID 1984 wrote to memory of 3456	1984	msedge.exe	87
PID 1984 wrote to memory of 2144	1984	msedge.exe	88
PID 1984 wrote to memory of 2144	1984	msedge.exe	88
PID 1984 wrote to memory of 2996	1984	msedge.exe	89
PID 1984 wrote to memory of 2996	1984	msedge.exe	89
PID 1984 wrote to memory of 2996	1984	msedge.exe	89
PID 1984 wrote to memory of 2996	1984	msedge.exe	89
PID 1984 wrote to memory of 2996	1984	msedge.exe	89
PID 1984 wrote to memory of 2996	1984	msedge.exe	89
PID 1984 wrote to memory of 2996	1984	msedge.exe	89
PID 1984 wrote to memory of 2996	1984	msedge.exe	89
PID 1984 wrote to memory of 2996	1984	msedge.exe	89
PID 1984 wrote to memory of 2996	1984	msedge.exe	89
PID 1984 wrote to memory of 2996	1984	msedge.exe	89
PID 1984 wrote to memory of 2996	1984	msedge.exe	89
PID 1984 wrote to memory of 2996	1984	msedge.exe	89
PID 1984 wrote to memory of 2996	1984	msedge.exe	89
PID 1984 wrote to memory of 2996	1984	msedge.exe	89
PID 1984 wrote to memory of 2996	1984	msedge.exe	89
PID 1984 wrote to memory of 2996	1984	msedge.exe	89
PID 1984 wrote to memory of 2996	1984	msedge.exe	89

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\spam.txt
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3432
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\spam.txt
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:4024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff25483cb8,0x7fff25483cc8,0x7fff25483cd8
  2⤵
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,3745259872648248992,1099533139107998931,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,3745259872648248992,1099533139107998931,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,3745259872648248992,1099533139107998931,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2504 /prefetch:8
  2⤵
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3745259872648248992,1099533139107998931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3745259872648248992,1099533139107998931,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3745259872648248992,1099533139107998931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4560 /prefetch:1
  2⤵
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3745259872648248992,1099533139107998931,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4516 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,3745259872648248992,1099533139107998931,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4040 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3745259872648248992,1099533139107998931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1892,3745259872648248992,1099533139107998931,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3745259872648248992,1099533139107998931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
  2⤵
  PID:1076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3745259872648248992,1099533139107998931,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3745259872648248992,1099533139107998931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3745259872648248992,1099533139107998931,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3745259872648248992,1099533139107998931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2400 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3745259872648248992,1099533139107998931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
  2⤵
  PID:2444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff2622ab58,0x7fff2622ab68,0x7fff2622ab78
  2⤵
  PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1824,i,10292272247760828708,14304686345247787318,131072 /prefetch:2
  2⤵
  PID:1052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1824,i,10292272247760828708,14304686345247787318,131072 /prefetch:8
  2⤵
  PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2188 --field-trial-handle=1824,i,10292272247760828708,14304686345247787318,131072 /prefetch:8
  2⤵
  PID:816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3140 --field-trial-handle=1824,i,10292272247760828708,14304686345247787318,131072 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3240 --field-trial-handle=1824,i,10292272247760828708,14304686345247787318,131072 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4220 --field-trial-handle=1824,i,10292272247760828708,14304686345247787318,131072 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4384 --field-trial-handle=1824,i,10292272247760828708,14304686345247787318,131072 /prefetch:8
  2⤵
  PID:3280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4512 --field-trial-handle=1824,i,10292272247760828708,14304686345247787318,131072 /prefetch:8
  2⤵
  PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4612 --field-trial-handle=1824,i,10292272247760828708,14304686345247787318,131072 /prefetch:8
  2⤵
  PID:572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4820 --field-trial-handle=1824,i,10292272247760828708,14304686345247787318,131072 /prefetch:8
  2⤵
  PID:3796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4416 --field-trial-handle=1824,i,10292272247760828708,14304686345247787318,131072 /prefetch:8
  2⤵
  PID:3444
- C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:1088
- - C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0x7ff72e32ae48,0x7ff72e32ae58,0x7ff72e32ae68
    3⤵
    PID:4808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3524 --field-trial-handle=1824,i,10292272247760828708,14304686345247787318,131072 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3984 --field-trial-handle=1824,i,10292272247760828708,14304686345247787318,131072 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4380 --field-trial-handle=1824,i,10292272247760828708,14304686345247787318,131072 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3980 --field-trial-handle=1824,i,10292272247760828708,14304686345247787318,131072 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3140 --field-trial-handle=1824,i,10292272247760828708,14304686345247787318,131072 /prefetch:8
  2⤵
  PID:3272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4268 --field-trial-handle=1824,i,10292272247760828708,14304686345247787318,131072 /prefetch:8
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2728 --field-trial-handle=1824,i,10292272247760828708,14304686345247787318,131072 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4616 --field-trial-handle=1824,i,10292272247760828708,14304686345247787318,131072 /prefetch:8
  2⤵
  PID:1156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4904 --field-trial-handle=1824,i,10292272247760828708,14304686345247787318,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:908

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1412

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe
"C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe" -Embedding
1⤵
PID:1156

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:2932

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:2928

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
PID:1360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
49b129f2bb20464396ce5468aabdf93a

SHA1
c6665241770a690ac9cdb98a83c0b25a4f165136

SHA256
0921cb6a9dfd140b8bd9b5bb6ddf7967648a31e4bce2a0ac5ea66deaaf02c589

SHA512
81f41b5958a31e2eae8e59c895545503e3cdf7c77aa48144c9a7ea005b3930f2142316a79b8f26fad6a30d35d03fb54b3a00df3897d42093568cec326a4be18a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
169f393352c9c2213253cdc8a8f7e521

SHA1
76179783f9fe9f6a1c348d8f5e9af696d4cd5a7a

SHA256
cee1cb0091a7970e4017c591ad8f679f7e5f20f739f0e3ef8b9d6375b21df517

SHA512
69c2ccae84bbfc5d6731c60c63c1841e4054285ac769ed73fdaac77981301965cb2fa183ccbe320b3e6a3cd07cb0edada3f414ac540525395baa9eb79f9d6046

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
6fafbb7b04cd691911c86e8812eb94fc

SHA1
b318367219b13e49da70da04d22aa8899d846b97

SHA256
79107abfc3b358d23e56b735cdc6e142508267250375e1d69a5b91559da6975a

SHA512
d7f779dee7556741f1e47e529fd266dfb72eb75a6ab600f0eda56b3d12fb3e7e66e1a8797ba377b516f08d382121dca0d717c109786d2585b94b0a706cb4b2f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
96b74d9dba417b4af5be8d585dc27dc7

SHA1
42ff380a6f1e5c584ecf57a93492d44d3e46dcb8

SHA256
0a782b9acf056508cd30d9e0410743be23e87f31a5b54f3459ff9721ed2a42b2

SHA512
a8cba108345d56dc2a8249508ae032daa282e2832a35666f11155d5e9edbd92111dd0267ddee8d3aa07e060d9f28413cf300baa46c6dd5bf9635b0cf937975f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\eeaba85d-48f5-4ca0-8311-9b0316ec9221.tmp

Filesize
524B

MD5
84a8dad60eced25190991ab10b0fc9db

SHA1
60a0b1589b31be2c0ff8278dbb0b66c2207d688b

SHA256
f112dc03eaa12f3a7c892a50b77c3b620c80faf8e60896beaf812b0e1688b0eb

SHA512
aee983654ea6264cb3163d58bce46b77dcdf267152641cdaea1bfaef63636c98fd688aac780b96068e4dd0c7a0ed310da3c31b61ade890e61eb86c893b2d0331

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d056fdf4b56020a2e2090ad9ec9a66b7

SHA1
1726c6e3493757ed9b0f4c2b8bce8504bdc6b015

SHA256
25e6e172b6e2654980a2ae52013f93665ba4ff7af7b3a3ed467c655eabfa1661

SHA512
ad814bb92225b15dc2df4a74f4bc79c940621a5d3a490c1fffe67b35b00530ed3e81d6a54ed4642b1c69885dcda55ee461c87cec685ca188140e47233b32b05e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
136e9a24c1531ef5ab77f933ffc4d8a5

SHA1
0c65f1bb984178c2c6b8331853ff5b5b2bef9b8c

SHA256
681b267ae1648446573d7a1eb81a146089bc88f85f5b2ffffb85e853d4c218ab

SHA512
0ed8a8f504c8b66e251745b421595bcfbce520708ad3ad9e5196767e8446ea7b3aec44b394285a72874bb8060b9bacf8ad146513eb32ae196c8d68de2197541c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c1651cbd06bb13f169fa80504dbb4b68

SHA1
168dc8d52c1cdaaaa5a7896a61fc19f5bab1ee4b

SHA256
eb3d77afb3c027f30597f63d29f5e23be47ffbbc8cee00d07049c79dcab6f09a

SHA512
78a7a35f5a48d8bcc921c7094cb6429fa9b371160d5387575e940388a0b32866da84d1a7eb53b7ef6e6bce73ad4880ea4bd093440d4205359f03971efeb9337c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e464f3a5b31350f55c6d06b97bdf5c87

SHA1
1326aedd1ee332fb272bc7fe98bc1819ebd094e5

SHA256
631b77be512f62db7dd14764001cbab498c4b5c2bc925fde7fb6adba10830640

SHA512
52e0c928cccae1a2cef0e587dbfa7857de07294858bc3f5794b0c07167037ebdba3af521dae2d058d563b5f5ebe8ca14a2548fd664a239ed4129d22b97ba1cc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
0aa5119a9fb86bd8742640aa3e7dc6fa

SHA1
fb63c170d9f4cde3f0a272337b801daec49c8e8f

SHA256
53b7a020717dde82ba143147afc5409d06dc5da4e5ce04e2d2abe2f47784329d

SHA512
db9c368a661f6d214948882b97754bc9cc17ef6bd26fa621e76b77dd72ec0876b7b1cbd876834fed290d7667543e93e59b771ad8266ef7f48e1fb2c8725e0d81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
823fa34dcb53d861a51e839e6425bda6

SHA1
79902145b6dce4fb1de42013df65cd5282d4a0bc

SHA256
7bd040f0368743cd2f6695f388b0231ebe392cdef34add2fb75b75dc2fad9564

SHA512
59e073c7c82ac786846da0e353801b17de6bc936e2c1be5a049078c89b8a667e0bb8987892ecab2c7f84d87b98b0d8d5d0732e508ec0640dfc0b3b680b94ab05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
ad717e72d6527fe0b2c53937d00fc31d

SHA1
3f94158dcce4e7f43c32762771c2a003ab99709f

SHA256
d7d5ce05cfc2c105406771efcc636a71b7f3edd9a26466bf528bb82a999a60e4

SHA512
4f9ed64998dc6e491ce155a4021f589d152eb9d25d36c5f5bc8110404039420d54470f05b6601432e7f412e9a5df2e62ae45df09f6f7d14cd4e3f194345786ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
b73716123efcb11facbf539757301299

SHA1
49b2ed3f967bfd39fda0ddda84dece0e2d8e69ba

SHA256
4970584f820205f7755d98ae27f06645e7577b529a86c10bdd30bfd9718dc20e

SHA512
31eb064dc6abddd02607364542768a32e561ff6250417fd205d1c2adc761c58f61d963463893e7a1769233976627e5ccd53e711062a57dc7b372c08520c5ceb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
85KB

MD5
3b6e124e0672e20104704649cdf97846

SHA1
947b61e3006f349207d97699fbf466927393425a

SHA256
101fabe10634eb6097bd012acd52f69c616e99e78e8ac52063fe40b9f9368de8

SHA512
e0138aa8c2594eeb0853addc6b8749c37d0e206c806683da72f9e4d17ecd269cfeab10c1fe8b5d477756559346f3d34c3820c4ef6b612901779b3a13aea8611c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59ad8c.TMP

Filesize
83KB

MD5
26cefa89b6f1d508dc442386f98174df

SHA1
357469bd3d3766a131c05ff689775a41f38887d5

SHA256
038cf8ffd85eaaff8137aa2355c293e2c2b60b5f3a74ed8291a3a8041e156411

SHA512
19a9d9312e352b2b35e4ca9243ea2206af0f70ef9ca353574c683099478d521243cdd85963f747030bd58acedfbc29d95da43e172518df7bf605844c7c05f82e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e4bf11ed97b6b312e938ca216cf30e

SHA1
ff6b0b475e552dc08a2c81c9eb9230821d3c8290

SHA256
296db8c9361efb62e23be1935fd172cfe9fbcd89a424f34f347ec3cc5ca5afad

SHA512
ce1a05df2619af419ed3058dcbd7254c7159d333356d9f1d5e2591c19e17ab0ac9b6d3e625e36246ad187256bee75b7011370220ef127c4f1171879014d0dd76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
23da8c216a7633c78c347cc80603cd99

SHA1
a378873c9d3484e0c57c1cb6c6895f34fee0ea61

SHA256
03dbdb03799f9e37c38f6d9d498ad09f7f0f9901430ff69d95aa26cae87504d3

SHA512
d34ae684e8462e3f2aba2260f2649dee01b4e2138b50283513c8c19c47faf039701854e1a9cbf21d7a20c28a6306f953b58ffb9144ead067f5f73650a759ff17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
180B

MD5
00a455d9d155394bfb4b52258c97c5e5

SHA1
2761d0c955353e1982a588a3df78f2744cfaa9df

SHA256
45a13c77403533b12fbeeeb580e1c32400ca17a32e15caa8c8e6a180ece27fed

SHA512
9553f8553332afbb1b4d5229bbf58aed7a51571ab45cbf01852b36c437811befcbc86f80ec422f222963fa7dabb04b0c9ae72e9d4ff2eeb1e58cde894fbe234f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bd026e6e470585eb4200fd472fc16e46

SHA1
80b7933db84de510214fe16f04d68af55fcfec7b

SHA256
5aa424b1c59be8f4e4905b472d3de13280395b58108a3d8707297d22d67fe417

SHA512
8540c4a8dd8569c8033787ecda883234464449b4bbf674d32f978cd8dd441e05848afd65e5bc20271d7eb1d96370c21a35c06169a19e8c0dd197eebf0ed355ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
36d88531f786a7a2726bcbbe839402b1

SHA1
a8f845907be9b9ba52a0eabe2012b3c4a12592e3

SHA256
c86cd2ee769e30929d7c905feda4f3081e662f7f8e6e11bb2328446318cd4901

SHA512
c26611e2e89376a586c359cb6d34524458e70a2d9007ad77ad2220c164e73993ae19ccc9ecfdcb5de7dcfbbdbe16e2a438aff23124f8c194da5772ec43c5b37a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
17032fa580fc19b86c63f19b9ba69636

SHA1
4e3cddf41441474a49e078f8ffac0afafbbb53ed

SHA256
bb703adbb4adc55f593d8ec3661803e307cb5bcef4af4924efcc0f2f0a7a74f6

SHA512
18b7fdec48da944845a5657a73eec3469a9d9a99bdff5e4c4d872e4ef0d145c47a71c042568c35b57609554214c145a32a37b6986e9870919ff4c9f28c7418d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8c32468b2c2c6568aa9b7e6386f31c40

SHA1
9d777ce0a88365b488861bf4c25ae11ebb3f26af

SHA256
4716cbc814b1cf541eaad30e300387d9227610c5a930f7bda1d8af0a9bffa8e1

SHA512
8af72f6bef61f9fadf6b92336510e9ea451ee02d1fb5ce6e09cbe7ddb82bc58d3748927cc1614ab15c58fac42c4086404e6e9577bbb9984519e2f072a1c2a606

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c2d8581dcb7f6a817822f59427c472ad

SHA1
da90cd970806de84955a753acb4b6ce54dd4e92a

SHA256
006ee4167d89ffa271c8364e8678ccfebaff7a6746b2797aab5331f1d0f7dd91

SHA512
6a34ccf4b08ef283f639e47ce89a0c6f3f08707fc613018034e8e171ea73554f1329236a14d64d11ea24d8d8a6468354a13e704e0ec442479639b10a2b8353a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
db833e2504a64204577d9e16f04930da

SHA1
24c94e61490e553ff87398102e45de3819da6ccb

SHA256
514d108659908588346f94be6ea9963de66d92bfd26699125b266cde4da64c3d

SHA512
a2919a84e2bb66edf1019354a817d7a457ec9de0e2364f4c62f8c4ba6c985f93f3cedb70ef4263957b9cc9eb80a1e85c69abd40c9b459ceb9cbf36a08c1898e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8da4d8e40ef668d114c785dbfb065090

SHA1
73d7d36f5ff5e6b6a544ac61ff27ff067df1e284

SHA256
1b773c9c6588d20a47ff34ed27403d4722a4b7ffe80b08e132faf36a64d8d91c

SHA512
f288e5f0f64c8a351ecc1a60bcf6c1c87db435fb3cad083564a9f86cab053760d6b66fad1f842347be81fff71f9589bd4862da18b118fd1fb2b0da711d6a66f7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit