23c75e988d1579ade684b8fc3e9ebea0f2d62b955d190c974c4a47112681048a

max time kernel
903s
max time network
913s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
01-07-2024 14:10

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

sample.html
Size

493KB
MD5

937cffd4aed2741d390f12cdaceedfe6
SHA1

6e4053037c6fb57b01fb8aadd59f1b4bab4413dd
SHA256

23c75e988d1579ade684b8fc3e9ebea0f2d62b955d190c974c4a47112681048a
SHA512

8296f202f1538be8425c725e8be4816e692aaec686c89b525c67d2911c4da968047676f3801bed62f7bd95f54d258d775ef42dfa54d93978981c5a4a4e58d444
SSDEEP

6144:5DoAwoAwKAwtAwoAwtAw5AwBAw+AwMAwpbQ:5EArADAEALA8AUAaAFAJA2bQ

Score

8^/10

evasion persistence ransomware

Malware Config

Signatures

Disables Task Manager via registry modification
evasion
Downloads MZ/PE file

Executes dropped EXE 3 IoCs

pid	Process
1884	YouAreAnIdiot.exe
2812	YouAreAnIdiot.exe
928	000.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\V:	000.exe
File opened (read-only)	\??\G:	000.exe
File opened (read-only)	\??\I:	000.exe
File opened (read-only)	\??\K:	000.exe
File opened (read-only)	\??\P:	000.exe
File opened (read-only)	\??\R:	000.exe
File opened (read-only)	\??\U:	000.exe
File opened (read-only)	\??\X:	000.exe
File opened (read-only)	\??\Z:	000.exe
File opened (read-only)	\??\A:	000.exe
File opened (read-only)	\??\H:	000.exe
File opened (read-only)	\??\J:	000.exe
File opened (read-only)	\??\L:	000.exe
File opened (read-only)	\??\W:	000.exe
File opened (read-only)	\??\Y:	000.exe
File opened (read-only)	\??\B:	000.exe
File opened (read-only)	\??\E:	000.exe
File opened (read-only)	\??\O:	000.exe
File opened (read-only)	\??\Q:	000.exe
File opened (read-only)	\??\M:	000.exe
File opened (read-only)	\??\N:	000.exe
File opened (read-only)	\??\S:	000.exe
File opened (read-only)	\??\T:	000.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs

Web Service

T1102

flow	ioc
15	raw.githubusercontent.com
16	raw.githubusercontent.com
77	raw.githubusercontent.com
139	camo.githubusercontent.com
217	camo.githubusercontent.com
224	raw.githubusercontent.com
225	raw.githubusercontent.com

Modifies WinLogon 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell = "0"	000.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Control Panel\Desktop\Wallpaper	000.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1464	1884	WerFault.exe	204
1212	2812	WerFault.exe	208

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Kills process with taskkill 2 IoCs

evasion

pid	Process
952	taskkill.exe
696	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133643171973895348"	chrome.exe

Modifies registry class 10 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\icon.ico"	000.exe
Key created	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2394516847-3409208829-2230326962-1000\{C8D2E952-2BC9-402B-91B9-FDC29DDA9E25}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2394516847-3409208829-2230326962-1000\{FC2FCB1A-4737-4672-AD79-0159AA444E89}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon	000.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile	000.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2394516847-3409208829-2230326962-1000\{C2E44D49-FB4C-4285-A3BB-DB462F0071E6}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2394516847-3409208829-2230326962-1000\{B4430ABD-2322-44D8-9402-FEB91D3E2887}	000.exe

NTFS ADS 9 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\YouAreAnIdiot.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\You-are-an-idiot.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\ChilledWindows.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Melting.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 8373.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 711898.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\000.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\WinRGBDestructive.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Avoid.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 56 IoCs

pid	Process
4884	msedge.exe
4884	msedge.exe
2240	msedge.exe
2240	msedge.exe
2600	msedge.exe
2600	msedge.exe
2136	msedge.exe
2136	msedge.exe
3436	identity_helper.exe
3436	identity_helper.exe
1112	msedge.exe
1112	msedge.exe
2612	msedge.exe
2612	msedge.exe
1012	msedge.exe
1012	msedge.exe
3836	msedge.exe
3836	msedge.exe
1248	msedge.exe
1248	msedge.exe
3628	identity_helper.exe
3628	identity_helper.exe
3340	msedge.exe
3340	msedge.exe
3340	msedge.exe
3340	msedge.exe
1380	msedge.exe
1380	msedge.exe
2452	chrome.exe
2452	chrome.exe
4992	chrome.exe
4992	chrome.exe
2484	msedge.exe
2484	msedge.exe
3020	msedge.exe
3020	msedge.exe
1800	identity_helper.exe
1800	identity_helper.exe
468	msedge.exe
468	msedge.exe
4044	msedge.exe
4044	msedge.exe
2084	msedge.exe
2084	msedge.exe
4712	msedge.exe
4712	msedge.exe
4496	msedge.exe
4496	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
3612	msedge.exe
3612	msedge.exe
4448	msedge.exe
4448	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 57 IoCs

pid	Process
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
872	MiniSearchHost.exe
2552	Google Chrome.exe
2552	Google Chrome.exe
928	000.exe
928	000.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2240 wrote to memory of 4816	2240	msedge.exe	79
PID 2240 wrote to memory of 4816	2240	msedge.exe	79
PID 2240 wrote to memory of 4072	2240	msedge.exe	80
PID 2240 wrote to memory of 4072	2240	msedge.exe	80
PID 2240 wrote to memory of 4072	2240	msedge.exe	80
PID 2240 wrote to memory of 4072	2240	msedge.exe	80
PID 2240 wrote to memory of 4072	2240	msedge.exe	80
PID 2240 wrote to memory of 4072	2240	msedge.exe	80
PID 2240 wrote to memory of 4072	2240	msedge.exe	80
PID 2240 wrote to memory of 4072	2240	msedge.exe	80
PID 2240 wrote to memory of 4072	2240	msedge.exe	80
PID 2240 wrote to memory of 4072	2240	msedge.exe	80
PID 2240 wrote to memory of 4072	2240	msedge.exe	80
PID 2240 wrote to memory of 4072	2240	msedge.exe	80
PID 2240 wrote to memory of 4072	2240	msedge.exe	80
PID 2240 wrote to memory of 4072	2240	msedge.exe	80
PID 2240 wrote to memory of 4072	2240	msedge.exe	80
PID 2240 wrote to memory of 4072	2240	msedge.exe	80
PID 2240 wrote to memory of 4072	2240	msedge.exe	80
PID 2240 wrote to memory of 4072	2240	msedge.exe	80
PID 2240 wrote to memory of 4072	2240	msedge.exe	80
PID 2240 wrote to memory of 4072	2240	msedge.exe	80
PID 2240 wrote to memory of 4072	2240	msedge.exe	80
PID 2240 wrote to memory of 4072	2240	msedge.exe	80
PID 2240 wrote to memory of 4072	2240	msedge.exe	80
PID 2240 wrote to memory of 4072	2240	msedge.exe	80
PID 2240 wrote to memory of 4072	2240	msedge.exe	80
PID 2240 wrote to memory of 4072	2240	msedge.exe	80
PID 2240 wrote to memory of 4072	2240	msedge.exe	80
PID 2240 wrote to memory of 4072	2240	msedge.exe	80
PID 2240 wrote to memory of 4072	2240	msedge.exe	80
PID 2240 wrote to memory of 4072	2240	msedge.exe	80
PID 2240 wrote to memory of 4072	2240	msedge.exe	80
PID 2240 wrote to memory of 4072	2240	msedge.exe	80
PID 2240 wrote to memory of 4072	2240	msedge.exe	80
PID 2240 wrote to memory of 4072	2240	msedge.exe	80
PID 2240 wrote to memory of 4072	2240	msedge.exe	80
PID 2240 wrote to memory of 4072	2240	msedge.exe	80
PID 2240 wrote to memory of 4072	2240	msedge.exe	80
PID 2240 wrote to memory of 4072	2240	msedge.exe	80
PID 2240 wrote to memory of 4072	2240	msedge.exe	80
PID 2240 wrote to memory of 4072	2240	msedge.exe	80
PID 2240 wrote to memory of 4884	2240	msedge.exe	81
PID 2240 wrote to memory of 4884	2240	msedge.exe	81
PID 2240 wrote to memory of 4856	2240	msedge.exe	82
PID 2240 wrote to memory of 4856	2240	msedge.exe	82
PID 2240 wrote to memory of 4856	2240	msedge.exe	82
PID 2240 wrote to memory of 4856	2240	msedge.exe	82
PID 2240 wrote to memory of 4856	2240	msedge.exe	82
PID 2240 wrote to memory of 4856	2240	msedge.exe	82
PID 2240 wrote to memory of 4856	2240	msedge.exe	82
PID 2240 wrote to memory of 4856	2240	msedge.exe	82
PID 2240 wrote to memory of 4856	2240	msedge.exe	82
PID 2240 wrote to memory of 4856	2240	msedge.exe	82
PID 2240 wrote to memory of 4856	2240	msedge.exe	82
PID 2240 wrote to memory of 4856	2240	msedge.exe	82
PID 2240 wrote to memory of 4856	2240	msedge.exe	82
PID 2240 wrote to memory of 4856	2240	msedge.exe	82
PID 2240 wrote to memory of 4856	2240	msedge.exe	82
PID 2240 wrote to memory of 4856	2240	msedge.exe	82
PID 2240 wrote to memory of 4856	2240	msedge.exe	82
PID 2240 wrote to memory of 4856	2240	msedge.exe	82
PID 2240 wrote to memory of 4856	2240	msedge.exe	82
PID 2240 wrote to memory of 4856	2240	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcd52e3cb8,0x7ffcd52e3cc8,0x7ffcd52e3cd8
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,14224201249669837933,4040244055524469317,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,14224201249669837933,4040244055524469317,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,14224201249669837933,4040244055524469317,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2536 /prefetch:8
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14224201249669837933,4040244055524469317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14224201249669837933,4040244055524469317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14224201249669837933,4040244055524469317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,14224201249669837933,4040244055524469317,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3508 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14224201249669837933,4040244055524469317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3892 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1920,14224201249669837933,4040244055524469317,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1920,14224201249669837933,4040244055524469317,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14224201249669837933,4040244055524469317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14224201249669837933,4040244055524469317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14224201249669837933,4040244055524469317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14224201249669837933,4040244055524469317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14224201249669837933,4040244055524469317,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,14224201249669837933,4040244055524469317,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14224201249669837933,4040244055524469317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14224201249669837933,4040244055524469317,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,14224201249669837933,4040244055524469317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1920,14224201249669837933,4040244055524469317,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:652

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4956

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:872

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1676

C:\Users\Admin\Downloads\You-are-an-idiot\Google Chrome.exe
"C:\Users\Admin\Downloads\You-are-an-idiot\Google Chrome.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2552

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\a5559688d3c34048bb79e54a3606081f /t 3344 /p 2552
1⤵
PID:4544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcd52e3cb8,0x7ffcd52e3cc8,0x7ffcd52e3cd8
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,14784744497667875186,9736558072983067786,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:1320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,14784744497667875186,9736558072983067786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,14784744497667875186,9736558072983067786,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14784744497667875186,9736558072983067786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14784744497667875186,9736558072983067786,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14784744497667875186,9736558072983067786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4400 /prefetch:1
  2⤵
  PID:692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14784744497667875186,9736558072983067786,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4432 /prefetch:1
  2⤵
  PID:904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14784744497667875186,9736558072983067786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,14784744497667875186,9736558072983067786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1912,14784744497667875186,9736558072983067786,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4020 /prefetch:8
  2⤵
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1912,14784744497667875186,9736558072983067786,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4004 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1248
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,14784744497667875186,9736558072983067786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14784744497667875186,9736558072983067786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:1852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14784744497667875186,9736558072983067786,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14784744497667875186,9736558072983067786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14784744497667875186,9736558072983067786,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14784744497667875186,9736558072983067786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14784744497667875186,9736558072983067786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,14784744497667875186,9736558072983067786,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3820 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14784744497667875186,9736558072983067786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,14784744497667875186,9736558072983067786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14784744497667875186,9736558072983067786,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
  2⤵
  PID:1500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2220

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:2452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xe4,0x10c,0x7ffcd570ab58,0x7ffcd570ab68,0x7ffcd570ab78
  2⤵
  PID:3544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1564 --field-trial-handle=1812,i,3596441138747071137,7354000096374803214,131072 /prefetch:2
  2⤵
  PID:1796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1812,i,3596441138747071137,7354000096374803214,131072 /prefetch:8
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2212 --field-trial-handle=1812,i,3596441138747071137,7354000096374803214,131072 /prefetch:8
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3148 --field-trial-handle=1812,i,3596441138747071137,7354000096374803214,131072 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3232 --field-trial-handle=1812,i,3596441138747071137,7354000096374803214,131072 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4144 --field-trial-handle=1812,i,3596441138747071137,7354000096374803214,131072 /prefetch:1
  2⤵
  PID:3304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4440 --field-trial-handle=1812,i,3596441138747071137,7354000096374803214,131072 /prefetch:8
  2⤵
  PID:3040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4576 --field-trial-handle=1812,i,3596441138747071137,7354000096374803214,131072 /prefetch:8
  2⤵
  PID:3828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4568 --field-trial-handle=1812,i,3596441138747071137,7354000096374803214,131072 /prefetch:8
  2⤵
  PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4488 --field-trial-handle=1812,i,3596441138747071137,7354000096374803214,131072 /prefetch:8
  2⤵
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4880 --field-trial-handle=1812,i,3596441138747071137,7354000096374803214,131072 /prefetch:8
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4912 --field-trial-handle=1812,i,3596441138747071137,7354000096374803214,131072 /prefetch:1
  2⤵
  PID:4240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4744 --field-trial-handle=1812,i,3596441138747071137,7354000096374803214,131072 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4732 --field-trial-handle=1812,i,3596441138747071137,7354000096374803214,131072 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4592 --field-trial-handle=1812,i,3596441138747071137,7354000096374803214,131072 /prefetch:1
  2⤵
  PID:1180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4556 --field-trial-handle=1812,i,3596441138747071137,7354000096374803214,131072 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4848 --field-trial-handle=1812,i,3596441138747071137,7354000096374803214,131072 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5000 --field-trial-handle=1812,i,3596441138747071137,7354000096374803214,131072 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4940 --field-trial-handle=1812,i,3596441138747071137,7354000096374803214,131072 /prefetch:8
  2⤵
  PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3408 --field-trial-handle=1812,i,3596441138747071137,7354000096374803214,131072 /prefetch:8
  2⤵
  PID:3960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4092 --field-trial-handle=1812,i,3596441138747071137,7354000096374803214,131072 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3432 --field-trial-handle=1812,i,3596441138747071137,7354000096374803214,131072 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5132 --field-trial-handle=1812,i,3596441138747071137,7354000096374803214,131072 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4708 --field-trial-handle=1812,i,3596441138747071137,7354000096374803214,131072 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=1600 --field-trial-handle=1812,i,3596441138747071137,7354000096374803214,131072 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2684 --field-trial-handle=1812,i,3596441138747071137,7354000096374803214,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4992

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcd52e3cb8,0x7ffcd52e3cc8,0x7ffcd52e3cd8
  2⤵
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1840,4404931050490836399,4708761525446672606,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1840,4404931050490836399,4708761525446672606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1840,4404931050490836399,4708761525446672606,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,4404931050490836399,4708761525446672606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,4404931050490836399,4708761525446672606,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,4404931050490836399,4708761525446672606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,4404931050490836399,4708761525446672606,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,4404931050490836399,4708761525446672606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,4404931050490836399,4708761525446672606,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1840,4404931050490836399,4708761525446672606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,4404931050490836399,4708761525446672606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1840,4404931050490836399,4708761525446672606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3428 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,4404931050490836399,4708761525446672606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1840,4404931050490836399,4708761525446672606,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3452 /prefetch:8
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1840,4404931050490836399,4708761525446672606,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3428 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,4404931050490836399,4708761525446672606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,4404931050490836399,4708761525446672606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,4404931050490836399,4708761525446672606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2528 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1840,4404931050490836399,4708761525446672606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3532 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,4404931050490836399,4708761525446672606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1840,4404931050490836399,4708761525446672606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,4404931050490836399,4708761525446672606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2632 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1840,4404931050490836399,4708761525446672606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1840,4404931050490836399,4708761525446672606,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4968 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,4404931050490836399,4708761525446672606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1280 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,4404931050490836399,4708761525446672606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2068 /prefetch:1
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,4404931050490836399,4708761525446672606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1840,4404931050490836399,4708761525446672606,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5532 /prefetch:8
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1840,4404931050490836399,4708761525446672606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3528 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3612
- C:\Users\Admin\Downloads\YouAreAnIdiot.exe
  "C:\Users\Admin\Downloads\YouAreAnIdiot.exe"
  2⤵
  - Executes dropped EXE
  PID:1884
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 1228
    3⤵
    - Program crash
    PID:1464
- C:\Users\Admin\Downloads\YouAreAnIdiot.exe
  "C:\Users\Admin\Downloads\YouAreAnIdiot.exe"
  2⤵
  - Executes dropped EXE
  PID:2812
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 1204
    3⤵
    - Program crash
    PID:1212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,4404931050490836399,4708761525446672606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1840,4404931050490836399,4708761525446672606,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7052 /prefetch:8
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1840,4404931050490836399,4708761525446672606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4448
- C:\Users\Admin\Downloads\000.exe
  "C:\Users\Admin\Downloads\000.exe"
  2⤵
  - Executes dropped EXE
  - Enumerates connected drives
  - Modifies WinLogon
  - Sets desktop wallpaper using registry
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:928
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\windl.bat""
    3⤵
    PID:2164
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im explorer.exe
      4⤵
      Kills process with taskkill
      PID:952
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im taskmgr.exe
      4⤵
      Kills process with taskkill
      PID:696
  - - C:\Windows\SysWOW64\Wbem\WMIC.exe
      wmic useraccount where name='Admin' set FullName='UR NEXT'
      4⤵
      PID:3172
  - - C:\Windows\SysWOW64\Wbem\WMIC.exe
      wmic useraccount where name='Admin' rename 'UR NEXT'
      4⤵
      PID:1328
  - - C:\Windows\SysWOW64\shutdown.exe
      shutdown /f /r /t 0
      4⤵
      PID:2324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2160

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1884 -ip 1884
1⤵
PID:3532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2812 -ip 2812
1⤵
PID:4888

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa39f5055 /state1:0x41c64e6d
1⤵
PID:3548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\7b898fa6-8b71-4ac3-8991-119454766442.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
69KB

MD5
2280e0e4c8efa0f5fc1c10980425f5cf

SHA1
1d78ccb26fef7f1bf5bf29de100811e1ac8bda23

SHA256
b9225cb1f0df94ebe87b9eb2ad8c63cf664d2dfdb47aeaff785de6c7ce01aa74

SHA512
b759fcbf578947c0290ab703652df9f37abb1f9f5cf6140acaa8c4d4ee655ee0ee1f9bee9d4fd210d9e12585a51358b52e0e9c0878abf2713e6fd69a496ac624

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
329KB

MD5
4bdb35f3f515f0cf3044e6a9684843b1

SHA1
12c960465daf100b06c58c271420a6be3dc508ae

SHA256
b835bd77e17447a2dacfce2645a5e812733fe5a777a5e45d9daa56d28675cbef

SHA512
9fa600b87843759b632c2d384596109cf1fb149a5ab38524cf43cab5833cb25c355479aee90d60462764200108cde5ec71f0988504c97ad09e25975cac65bfe5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
105KB

MD5
b9295fe93f7bb58d97cc858e302878a9

SHA1
34c6b1246cad4841aa1522cbd41146f9a547e8c5

SHA256
c0233c9b273aae7df532a992e710aaec409455b4b413b89a25854e9fb215c36c

SHA512
4c44ddbd35807653a60e2718dbd2ea85f09d7107b270045bcc2484e2a0ba977fbbb5739236ce7edb71d584c8f68df31fa3bdd03229eeace60c19662469adafc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
190KB

MD5
5fa6d6c5283b1b8a3e7640a0844beb67

SHA1
ae48434c3b09b6e99b76df79ea8747952ed46d22

SHA256
d9b4c7088716700cdc39d7dbbbb7ea34371985d23f5bc89073f5872faa645c69

SHA512
dadc435b349d00b85ba0e47657f438fdc59bb86283c841f39d076eb3891a0e0c6ec9ebf2159f0775066c79dbb36ac17ed6d6c7ba381c20c6e7ca0e106df2ab35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
36KB

MD5
c16e1c136cf1145dc9f9c316f7202ead

SHA1
03702b11db49b08a0e18b456fbccd7acdf694d2e

SHA256
13b146cae0a6f8cdd95c6b03483cc52fbea6dbb1ba1b70a07ab101b1a6c880c0

SHA512
22dd54f959ab1050b4585128d3df63ea64ee13eb0f92e254795bef75642452e36dbbc2c0fceda2a8090b5b2a43d299a94c59a74aaba67af4f4b2e6895a4664d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031

Filesize
21KB

MD5
0e52c094a93d5bcd8875cce575d7da9a

SHA1
de9ecbf399f77a497c96c1a4b3509153ad9751a2

SHA256
abafb66ae53e45e075a02ab40e19bc2dbb0126d83f4da5f1fbd3bed1a4b4fdce

SHA512
b2cbb5075eb1cf84b9b24c2a2f3165675496d506d5e98a8868c18514c5740c366b5a29a925dcf6f6cacdb8ce6e39eb8673b15ebb55c5e9078e0d7eff631905cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000033

Filesize
18KB

MD5
41aa1302e61cdf4f5f01a713101f9e16

SHA1
37ebced00331767d769990b89001fae62fea7241

SHA256
774b0bd311acd765c82224148a83bae0e360f9216e31a8430f8715246bbc4f92

SHA512
05804304bdfe0ea24d79c03e4fa8621b915a1f58b91eacdccce50a0706fee31e372357bbfdfa17415149096fd149bec32eb6fdb009c8337d87b2cff319c5bd8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
b1df5d0e6f9f84ef7163c4b4727ab962

SHA1
a99d5346b9315bf6b677c35f6a77db744cc7fddf

SHA256
05122103f12bd613ec3ed5499636355167a0ba2bc4280e5bf78de8e44a78cabe

SHA512
467fa67310e7bdc55bb28d89d6b54428ff5d085f957a0eead38ccbab06c967de7bde5c03af6456d2bea0fadb2fe26a941d7129c10c883f09ced488dd3861152d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
a3cb374e63655e1bf545a46b6033b0f1

SHA1
e8f40509d963df23917974dab6cdb0b917997aa8

SHA256
0b66db3a339b982477840f0171d06968c775f526de6499e0c3c9579f297c6714

SHA512
30a0fd6ac2a12ba78f0d3b4e453bfea0e63f2a3e973b51661e5a6255ccd196301e0c73beef83708148a981d80c5ef1ffb79fec3d19b60fb383c94963197645d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
ba2ae9abd474a551bebdc8d7b09b0004

SHA1
42f572aaa33708f2160f45cbd7a9de980a88b638

SHA256
907e348316807751d46388083cab326bb5e919fd7082f47d83949b81fa208f2c

SHA512
1ed455a32c4437f412dd7398137e28d7bacddf8e7e0aec51eb527c3ad778c97fdfff9cbfeb5b64f2ee1503d6685fcd2a1ad27118baf16a66f2d108a58b57f0dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
cdd44c0ed3fbe45f1e51faa98ba3d35c

SHA1
d932e78acf31d779a4cdb0b4e8a54358b787b803

SHA256
6caa5f951371b1c291315f4c2d54bdc4f0c1e5366fc56095f9ab61fecc0e3393

SHA512
1693c6a016f94e0bfe57d0f8b1e8d6340e926a56dc9117f5b5f9f299902a675a921c5fb77a87aa446577c4826b12d817947023e8457e8e173d9078e2e1463ced

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
326993f68f645b7c879655cb910a481b

SHA1
95717db0b6a85ba68e9d951e3db4b701ee67c9ae

SHA256
594e8e82ad685cf1e72d28a953bb31d19eb32a5b227666f2d038dfac92b49612

SHA512
cea2693a30862a72874906964a448559db8f5ce3bee56cf5cd73877d3337006d1d6d590ae1c558f05c030f1b63cab76d54b8b18e3f4c06eb3c95fd1649bdb7ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
e87027f71501b35b6f43e66204e33b46

SHA1
e017581c055a4fa1ebf0ffee0ddefea201703a23

SHA256
3c69f8aef819f8d722ed7b44d57de98e79bac7db184ed32ff526e13f3c7cfbad

SHA512
f8e785508a81019be62a8242e9f664527a5bae9460887f3af542c01e9e3b072b8026252f888c68f0ee8cf32be5139fa42f1cf691cbc549cebd6e250acf35e3f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
80395129670b9d6cb7555496ebb6193a

SHA1
a40211334f3c667ab1ac6cc2090fb0482de8e29e

SHA256
8752fab55a1477a2a70bb0734cc5379866310fa423f528786a21cc5ac60705cf

SHA512
2a2febb1b1514cd4ff449d3308df54cb9f00519fde0dd54e23379b001a370bd69a2e96e10d85eee14dae4428084fad7f0806364a54fa82c1d97ba7ec00b2afdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c982b5a9cd4d1cf0eeafb587396dfd57

SHA1
a43679c52cb6fd4561405d1649fd1c963be66baa

SHA256
469b90bfde9d04051062cc2cb983e9679c9c3c503cd77fd4eb5094bf9bd18b12

SHA512
6e790e24044453eb41948c93a3aee394cf791d1f82b529abf66b3a925a5bd0432db0d53ab3538cab936acc177af40d8f06b13a3c7d8ec878b065e75d88d74e79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
64254ab3d99e3fe6360362d829b8a2a2

SHA1
90ca01a98e989926e1a6b9e34f714938aa44d8fc

SHA256
0d04940963092a505f441217e7cc06b1f60c096da68edcdda90d4c227a86a94a

SHA512
97678925aab6ee6bce9dd92063cbe52f3ea003f2cb923e6340928ecffa6de671482fe0457aedaf32c037b1fb685a2310767430dcb1b78ad1ea12253092b5e74c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
0143e0e2f15446be11e0f84acfb914f4

SHA1
7d9af62f916110eead91c03935cc8cf9110e61d0

SHA256
52f6fa58852b387d2455ddd5887f09dbe776cf02e6a3b8c0cf98c177d66a9e49

SHA512
b5832439d465909bab2289e1a98b117609a60eff4b15f9f3f5c3e845fe1f9c0ad1e2a8587bf345a14e0b0eb64f72c40ef899fc71d70bce794b65f6a85eaecd0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
7f77a7c69220c0fbd58d4a34fc4c9b5a

SHA1
98d18f42e3c74dede9ccd6aebf3d6f02d84975ff

SHA256
d0c6e64ea7f87e0e91c899d8048a35b09c32e0f2d8796cd96e171b398b75d054

SHA512
acea2c7d22e4252ed70f62d6105be2ef32ff90f52fd58f1d8f29dceb133b4b4c76cc4f2945c44fb2fbcd9c845b48a5467ae2440a8a9cb3116f10076eb1ade4f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
3cf442a3a7289a50d35c0ccc07fea869

SHA1
7e7555cac9a1fb520293fe7559742d05bc9f6188

SHA256
353761bb58cc1d5df859f98117128f72f81c245459412a651e232690da332786

SHA512
747249dafe8985ec378bf30e099af7f15bc33f7b40420139a2f4e8b8830bd043288c0710c6ab5c91afdaba2235688b59417c5411367b36a197b081a30f1abdda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ec4bc9f844e9fcb83c27ead818341683

SHA1
54b91f55e92032054491edfb66d2ba7687a5e76a

SHA256
be575dcc3b9daf9e9e2b2839918d0cdcffae046a64525079c4d0182a59464028

SHA512
be54f309471feb29b94f1b6c9c7994558cd8fe5a3b9ab53e8ea246ea69e003f0b9471a1e3f806fdf495b251db86ee665e182a6b1d4738d60ad6bf5bd7413f8db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
edbf9beb56d164c98d7c91af3f73048a

SHA1
e9e31896b8182f4f9606e08c7d23df3227d8c770

SHA256
043b65b069a06cb072849f001b12803bf6f647df12fb6711a996e4c4f89d6035

SHA512
574af32006abd1460e60826e85dfbd97b37437c1c95430fbb83d9a37d8db4b8ac46f93e3975a478e0f9e00e22539b9ec0fb0ae92d35aa8dda116a9148eb9846e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
783402983e5407fd97ae329bcacdbfae

SHA1
9d32ff816e1b6547895f3eaeb93ad3e13e551165

SHA256
eee0f62ab0053d756bec180c76adb6c0e67fe4c406860422a75ffbcc2c57f8c9

SHA512
fa68310edf53ecf197a956c8121143e2d202fe5f94bef08021fbd66d37f5346a151354d7ad9c0c9af35e1ea81246e6827c3f8964393e0c60ceaa2609426aea26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
7abf0caa7a1d59de110c9e8e96fcb69a

SHA1
6202d9f391709c0c4384c737fd9d4afce7af0b09

SHA256
64fcd930985f0d90c20b39bd5ff8eb2839b47b3ae7166d671b4bae49a313f3c5

SHA512
513110f1788653b970778c091c7d76be145b8ff3101442f3192239e316d50be19c5d58da8a62220f99fa9c6c90d7e45a0536c7142d9a8b0263045107632ad275

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
5e648b33f9de9888c8b4cd6aee67f21d

SHA1
df796fb7d1487072db4d509a273445d8c8d20e13

SHA256
da9459789db38438bbed52a1fdee7a9dcc96a1e7c164970bcbd9ee7029a25ad1

SHA512
cd6bd20b538a6747b8ccb86d0797bde8104366abae654ac64c4a91b2a3cba7e69e08c52b23f53def443e61d16a86dc61d6cfb9513df6896bc0c1bd9ef65f9c19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a60a98c838212c811c9c33b74426038c

SHA1
a0195a34150cdf1c767bdf468d5eee117893a317

SHA256
7ce0c0c2db511a4c2672122f856be9db7953b15baf69208a152ce471207944e6

SHA512
82b258f9787906c245d137a1b1aaf5f25437454cdac260ca5f7244fde69f791c739af8f84ed1fd23140b154298ddcd3db7c5ec1ca0beb502fd148da892ffcf9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
60b58f9e75e0149cb0313c60acfa9cba

SHA1
09d7bbda0aa4422fc2d347e85393c40d3b9dc168

SHA256
33b68016b2cf7ab793f43b451af0db2a6e0cc7f31842648777ef8d5620953834

SHA512
f048a7797a717cc87d42f46bd8b2da1683077a177f697982f0bd51b7516d5c9d5f5500946e08f91cf5ad162b6733248fbcc9e38527e4c4f4dbbf9533158d36c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
278KB

MD5
dce1e6289f5eaacc5392c2541619793d

SHA1
ef1d699cce26c2eeb1d7b8aa93d5955cfab7ee98

SHA256
e2effb8c735516c82ffe4b9b21853a83776dbf8784047d39de90b473d744c8f1

SHA512
60018281ed00518d388abd4d410358ac3b3480dc7e2f514bdcc09c15447557498ea9f70ff19a7a4523f2e70568054554d2f0c06d9435b08c6dcd82d0251ac1a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
278KB

MD5
683f52e28de88ad2f163395481f1727b

SHA1
dc68b0fff31442e269fd46efb030bb59e1f901e5

SHA256
ebc86d010315dd1ab09ac64bae9c11124a0a3ad2cf1c213743dc1d2552246c76

SHA512
18968c23fe90f7cbbd5005aa237399a414fc119a0de232f8d6745e81126b8609833284b2ec62d6432772313bfe4cece6e542d00c97368fff5f9132228f248ea2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9a91b6dd57fc9c4880d34e9e7c6b760f

SHA1
77a09da6ef4343a8b232386e000cd2d6b9fc30a3

SHA256
0170297f0103d4e415653f86dedc31b0827580042f86862206fd3f6f135b543a

SHA512
9fc3b9be931b3edebc4a6809d62d805046bdceb4c27a7db21cfbbcb0e5e253ab529c54d64e465e60904a6ab3b83156e26b97f852c9526f46f037944f806a7f0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483329f245ce10efb1c76b473f14d61d

SHA1
6937cf5bfa5600b72a1584f797bc15c5a00b1099

SHA256
c0ee26fe7df90cd8133df82b8cc784a93730eac718442990b826320ebab8b450

SHA512
c3e6ed7d66b8a158f4552a66cb5794e3b4d45a4fdf40de6407e0b770a691b6b0599cd38697ae199ec88daf929dc9c8929ca5a8a8c1e171290580ba0eedeae725

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bbfb66ff6f5e565ac00d12dbb0f4113d

SHA1
8ee31313329123750487278afb3192d106752f17

SHA256
165401ef4e6bbd51cb89d3f9e6dc13a50132669d5b0229c7db12f2ec3f605754

SHA512
8ea206daabc7895923f3df9798bfd96f459bf859c78f3e5640fad550678b5090539f2a1b590883cd9797efee999acccac16d499772f61f5390e91bcc44d60560

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
beb661c17226a15cd98d3f4988d75387

SHA1
829eb5e763c1d4e6d6f9491fc42005b50d23371e

SHA256
93642558c2215f6d1d3f6830205514bf53b5973defe14be41d6d835cb450d12c

SHA512
5a4422a3fc042420b8a18109aa72237051d35bd8b1c6ba2c76cd52d83605b748a1b21f52637cf6aec881bb79fcd30f94a3056d6915a7496d49c4b8106e5fb24d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e910a119fb95f76edb6e8c5957113487

SHA1
f15855e50820c7c7ad8ccdaa79706264549cc6cc

SHA256
48c488200d52fd70733f0c44df584a157b632e9afb7c2420f40bfc0ff32221b2

SHA512
07e55d718e9f45989f2d0f9a3ffc996a3f95dcefab523fc162aeabc1baa8a9fa4c313006a67b3b5e8cb26829d042931b9627c278c175dbed2c64fca2936aff23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1d412fc1-014f-4d91-873f-80a5d91723ce.tmp

Filesize
7KB

MD5
2b323c2a116b29c5e4a6fe1ab056925c

SHA1
8987b211ad80c68ba1ab3d5cff335e55f37e20ec

SHA256
9e1e17b9b017a22966e5f019800809746c0ee6f9c6b0b191b76514a784b18122

SHA512
ddc7caf4bd0f19aaa51d2af2eb20f0007fe937ce7e0fb2ccbf932ec29c15ff4c5864bc64cfb66ae1f2d145a73010b6cc39b808e8f51732f895afe53853ba2387

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
09dc42dbf44b8066097daf0108d31330

SHA1
0f1d1ce0c8ca91e46b4080ffcd7a693868b6c643

SHA256
489a44c5a9d9f654d9851f9690884e74e411dafd662de286cf7c83c59ed57af2

SHA512
0b00fbb096e0df306452dcb660665d73c644bc972c34670040990a3f755b9498a05bb938a28613dee6f3190c54f24e99cad6a77145b506c1c7355141f860610f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
183ee48ebd56f0cf5329702082994c1e

SHA1
16d593eee2992c62ba42d5b567454fb4ccd3fcd0

SHA256
76e0ad362054c28450866285152b38a92f2190e4c084f25a1bcc8f01369ffd97

SHA512
bcf7c44d2074fd6a4b1082b7c9f47e582d5c0d61ce496cd288c7d95ceb25c1673cf005fe1e61a3e3b2d8084a1ae41d9fa7d8a57b4c0df49b9a7a5b40ba6186c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
adfd0d7b35de5aefe6bd87a721e4a81c

SHA1
b2042391dd71723c2782054bd2955c518d07ec6e

SHA256
7f36b28eaf2e9b0a4503bd938fd60286e70ad6284b720fc21f10073391c27fbb

SHA512
565d937b94547bdf3ea0e9795d27fe8acf6c8536627671843708245e7b34ad380b643210069cb2138e71b4e24986b95e1b3e6308df84e4b31fa7fe0dacaf327a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
d034a2fd0a0e7a8e7ed884fc62bb1bce

SHA1
34c18e1cf98e692bcdf90d50555ed1a84b8b7400

SHA256
c5bc4972677bed38857d46b876a999cedc2e1339a5b5f4c3953250ff1695f7b5

SHA512
20d9bf3fe8dad80870113881f3fd37bb28c47fee6a05c26acdef3cd856fbba241e7ffb04fd3f3c3ec96ea1834562cf6d91c24882396c8ac44cfc15ab6165388d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
17KB

MD5
bbc630407f310ed54a80221483990cf2

SHA1
3d59203b2497a73677f5e2d6538212bdfa166600

SHA256
a3c450529ce95124974e17e15557a59b98355c4d4a5260e9d146abc1997131a6

SHA512
1cffe622da5a48dffec02cce8d3ecf55aeb62fe8adb4c618b7db65ab45a115e00ee51990b026998eaa06686aadc861cce76c042ee7a2eab54f48a5287913747e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
18KB

MD5
d310da8efc9ec9529bb7c7ba3af4772b

SHA1
f0ad039405299edaad803014521928ffed7d67f6

SHA256
c5bf2c018fae2749995916180c081bb5e03bd585c5e2d8f07daf5b1531712989

SHA512
527c1894e7dd76ade6ab7f86e54d7b2ec160d106839afa077a60b70038fb39c11bf775909a475ecbdbde2e2f0224c900c849a4319ab912264ca8f44f7936cb87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
3797b0379b3451c0bb172c05a17baba1

SHA1
c730c15dd45cb44e544e767359db25e27eb40c4b

SHA256
6ee30289a9a50d5cfd45d2f3fbf2676f13c49d6576bd1eb1d32a47edc15009e5

SHA512
df4ccb3a0f0ccd63eff80edd2e35dfaa2a96de7d0d461ae1b910b1497d9f83b78a1e9f5d36f48aa15702bd88a4126b1a85843810ff0f97971a5a59fb540c95a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
d0d50df749038255467dbc1565ca5079

SHA1
584fd4dad8ec09d54f77fda0da3fa83596984ab1

SHA256
5a4053934460248f985ea7695fc8d025b36d928db44f1884058d909948b658b5

SHA512
1ff7cbb63f8ec16c20ab42f65ac4464f735aa640cbd0aac03acf0476a09a562a38ff5c69a7cb73907cd75e2422df2ad56e7bdcfb594e935738b01d166bb5758f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
d7d48306c9072f62deb86866cb376334

SHA1
ef649713b4ab6f74591452f04cb3f1c0b20f1494

SHA256
37be9be8fee94852142c245b7c2ae487ab247ef4c72d1eb5bb94a597e3e1e57f

SHA512
570a6ed8512f0b10a23dc09f7e76aa5a05cbb1271f2426f5e4c9033a249649468dc15d672a16f5c0512a2fb577d02e0b9955b0a48bf20c553bc1dc4b261e9afe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
80cbcc5b6d53abda747756f2cae03f09

SHA1
7fe29232197560724b35c9a6301c1ba916753623

SHA256
a76e895570fc28e6445bc562b9d4e838d17f7296739c5930d1dd49486a6a5fe1

SHA512
13f44e13cf4d2712f2b3274127400d33b71a22ef170d07464d748843e40f93e78a400a4076a2b3aedd07063cf9629530518f44c77d79ea41c68d1f83dff35d90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
5f31b3278166c398bfe57c3e2a5a1b26

SHA1
52ed6b052ddcd508be1c8140972973f0f179f1b6

SHA256
e3bb0c7c167062f6786bcac7689eb4e8ba9b24a3f654f7b52dfbb3b4955ec052

SHA512
b1edcfaefb01d005779aa3d94241a092fb101d5abc25768a2bbe0ef6d7f34ea69114172a56b73cc559d45016f7a3bd04ef4eed0927155d9fdf0c5135bfae2987

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
28KB

MD5
1c38192a84618a83cbd80e2cabbb386a

SHA1
9782c3ec6d1688e23519b0bca4e9f964074dc511

SHA256
7fc5c684314020e66a02fc458e0e74d1f64cb4f1e11733e5b836616b0eea083f

SHA512
5d49de02949a8e325811fab841e1cebebbf902e55495d7ddbaab862280cbfe9a459b79d0a5a67ab5b34bb48020df6bb00a8e47440bf95bd1182772b5aa6e33e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
28KB

MD5
a92690f37cd49400e4af546d04797564

SHA1
7ca37cc3d44c3284503ffc5fd8bc730c399d3df7

SHA256
b0d7ee62fe785e897b6321d3a15925a6271d7104cf6b788b0e18659857d9ddea

SHA512
69e2ab698232d512dd52a0cadacf462e661005214f8197634999f8b93e58e6e14ae4dc7045511e3e30e7a43d910fae7d4052caa1e4bbc5c46a125a59db36f63f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
8879114480a93c6710adb0dfade85f46

SHA1
e3903d945f9f3f3d2fb6d1f5a137129193045bb0

SHA256
243a7d2c9f860bf06eedc5c2f12e4253077d8f6874e6ea9a1cf5f9b15c6263df

SHA512
1a9be4763831b47c69d6ea4743543dcbaa33fa77c7536126e99eb520e42667ec004d26baf3527b9d07dc6ebd304e80e7bdc0683ae54729cf6ea8839980336300

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
40a6764860266698e468a55bde5cd434

SHA1
e0d88c2a6666ddab8804adecf9570a30da7da106

SHA256
857c45e01a6fb85f31fb3f0607ea10a1014cd6f1a33a4302ee2a2f03563dd741

SHA512
c9ecbe2871f8628f7c9520b252e81b00277bd02a9aa8a2cc1eb50cb305a84e2cb533e9768ffd8105481d1055d4ef6da68f5e5b5a8a8bce039eef229bb26cd11a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
f654bb06c187079a4b36c6daa6048e08

SHA1
00cc36a2cedef51e400b39d277e5378e53651bdf

SHA256
67d7eefc274dea66486818c0c3baa720602cf953d490b207f156f52e6d49ae5a

SHA512
5f09a8b22d255c34cde7a3166355ac960f12553b716ed0b1fcf303549b1f4eee3a1a73f0c5cb91a3ca056fadeeb43f09126d6475e434dfccbf1c4abf300050b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
4KB

MD5
f25e5afb7ae67662ba4b297fb5d1b983

SHA1
4329a61586434137b3514b545dfa056f5a993caf

SHA256
cd29ba4c541f64a5b083d31767bd31a79df256f6a095a0979f75b86414ce3445

SHA512
d503678fb80bb3a78a7819905ff50bd900590cc3dc60321f528b69cddefdda73c538a02273aa00df1b09ecc7e6a618dc65d2057d1fbb5741a020ea38d306b504

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
15KB

MD5
11443611914de9c146aee6b096fb0161

SHA1
99ea617cfa4cccc18a4491d2a771beb94db4ba2a

SHA256
4706a3a8d701992d89adad259c51589b73a2933e517fd45c26e61c2dd5e3c730

SHA512
98d7c4b40c14d0cefc0dbfa6e0b2fe9917ffeb9ad973ca1a5b8a1b656becceeeb3c9d4ce7f7d9a8c58c3b3319488b3016762e60bef12fe394c82aadd7479668c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
354ed39de5f5e0cde295243746639f7c

SHA1
91a9cfc377964050bfc05d92c98d1fcfd696e236

SHA256
8fd46ecf30358ded8b952a193cdd5bdc9dc5bd4b1f4491805df1c097f1784ff1

SHA512
06d0dd4cd222930dbce7eede3ef71547dcff9fb6e28668ce2b1c8f17a546c278968b0b5922d01187da6a52335d354264fd5624d23ced20d07f3de4c78c485092

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0a029303e561d4312093ada015b39d03

SHA1
ac507bdb3cb758f3f0e68a05be0d9c700cf71d81

SHA256
22db487e09afa8f1488e1577ac3631a0f8daf55f0897c832a565ace0b6c4a6ee

SHA512
283e6a959121c812fe5ce0687254a4ca3b09f3d193c861e783c59ce4be5216882f951348e83a4e491935a34973617ffc17c401a32db946dcda840de3afa24167

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
2ec9c5867ef098992bc05cc14931ac5e

SHA1
233a2e71a8192179b809c992eca859c0d23ef90b

SHA256
5570043d6d2986a73a6b9a45ffd3878f041497ea5676e7712f7f6762e75e877b

SHA512
23d0e44c74968c6be4f4d97ee05b953c8e9da359c8b73ea86696dd2a13319452dd6deefed2a4473150b4bffd3b5e27aefecba9d14942390ac1ae7ac640c39d85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ad91f17f8d62ae69e11644700f9cc7d8

SHA1
76b659694ec6376abb643c279b1aa80b751b07f1

SHA256
5fee0797abccb3bdd957f3f9252e61ca6edf941389092ce54d1b098be1d7173e

SHA512
22b474988ecd7f987dcfca2f608b9782b134dce604882d04b4c9d35aeb72c919478a74f789cccd60b5e11dce0dbfce7cb1845783560add4b7617ba326807cdc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
652159d797fabcb70269a8c766c88830

SHA1
85fbe836062b7e158c542309797e369dc0191f7c

SHA256
cfde3998df61ee54fb60027955d98133301be5758d63e1dcbd77d906b54162c5

SHA512
30b7c9fd1d6655d9401472dac1b08039fcdd762997169b3467e3b7c81b24f5db2f596617ae74285f71ce0ce2e2ca303bbe3c34e4cdddab55381e242ae40ac4a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2d5fbdd8c2e7c1ce71039310d0a027e4

SHA1
b08ae0b2ecd05301bf139fda9170abb786a5683c

SHA256
2d409024b4d434f2ac2ad44fe843106a61d41f9ab31de76e6bc881a53b163c30

SHA512
ce327dc7d496d286be2fa35cc8278d04d079adebfd09bfa50e5d1b545d00f8ee1134403cbc9fa19093d78ff867f6d2f66a206580230408afec8e8b1d242bc1d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ffa0ee7079ece091b1bf2f91ecbb139d

SHA1
99337592ce96c256a24e1ad948fc0da6630a9c16

SHA256
ff14da0b1f13412825f33b6517a57ac2da51af312b34aa10bd016efe5ebff768

SHA512
2b0fe3a1a8deb245615667d15ac44ea231af3180e6d0a8676de4f60cd289b2c8604b7aa67d91752739ac5669d2c14525db1767e7d4ce2439519929c101588f42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3db33cd8e3d880e9b13f678bb0bcefe6

SHA1
9b4a33418ca5bf324fef6b447fae064f7d1ed56e

SHA256
d56b8e20e280091a818867766b92e209cb209222a2377f165ddfffa235079279

SHA512
abc6ba5b1c4bac6d118179492676c299d04c9480c2297ed1fde3927bc83e27087a4f0222b837858061be664da7be0bf9d35869690e6913cbe856a1aca52e1873

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2991a9d264cb79ea5c10e93cad021f74

SHA1
f55c17cdedb1a49d94dd4691855628f25b4db9ed

SHA256
6873540ec17cad8ae8e27acf4443d037530a23cc24d29bd7ac8a3523de90f370

SHA512
69f8dd70d5788062f1fa88ef4da2fed575fe429768988e9c8008d7906af387707d166f953652ca949110da9cc28218355da3ef306c8b456a06b916ba818d635d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bef963c511ae285048891ca7c2657af8

SHA1
965e1bb4785cb335dc8037c106aa10a065b46bec

SHA256
1d813796253a24b4e3eb080691ae8a9b4802c0cefe9113dcb7bdaa332e30616f

SHA512
d45a7ad71b5e503039c563567055f8acc09e880dfdea06080ab0829ed8a7111e5d9eab81a43176ce29aee64d9b4e4cba53460de9f008e68b51c3bc7942f837d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b6e7a7d7261437bff3ec7c4b9b1945cb

SHA1
d46551c39a19f17e2dbf444c74e2e187088524e1

SHA256
c788d68921ad48afbbe82b3b4ab045ebba873493cd35aa5f13572fc67f24b8cf

SHA512
3082f5abf946f3dc9b3c29bb0875ace46d2937124d95f0bc0a675d9a21f88ab8345dc5d4cf0140cb666a841a3ec891a93ed7e55aac2283706bab9e93e99049a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1b0f1a5e2d1f125c2976aeb5940a5ac0

SHA1
8e15cc490bd6ee096ca6109f442f1ad2f35b1850

SHA256
4c90c392ad5208bdcaa576fb1caeb11dafdce226f7b4c18a0d0907a40d992a7e

SHA512
3d87aae9e820d158769ee83f6389dfe122052896f5ab15322d499ecd1494519a0fb3d1c989490cd4cae5d901500a933892eb9104d43988bd12695e14b753ded6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
dfa2d60a0658897215568fcd0f8c65dd

SHA1
44e6ef2c21d5e29b6c71cf03f7e0182573f70dec

SHA256
6587da7d066383bab5c53f1d4375036583d9c439fbd23ee67e921a15333fdd9d

SHA512
1d2d1cf165e0b2262e9618d724374886407bfbeaa5850783b0703baff68060521584f6f8e59c6791136ec3a75ecf3da559db0cfbd8c31e35f134e00689eec034

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
71d7aff55ca133570bad7e04e7cc4331

SHA1
0d5b14d0156dd2c1ab64916f194261aea53beeb5

SHA256
c58dd88fc294635a9aed5911cc86c3ad78f5b10191db92945b31bbdd80c611ad

SHA512
615bfb36a88f48b720ec7b2a7fde30504db0d7d5c863d57be58607c35c490809f3e310b7be166c59c2afd9524c851b5099afcb6a21119df91988819deb85c338

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e3c46c90fbea347dfdf6924223c7ff10

SHA1
7f200eb6fe88fee77a34604021bd36a6cfb85ff7

SHA256
f878c47d439ae715a60698499b9480146594d1f2ab143f274937f665d9b8b5eb

SHA512
dfd72c8b262b80b6a3da7573ae1e9b20fc038e76449c066ee5caf64a302526f0b0c7e84d32185cae0f8a2c2e506fcf8363ccbcac1af3f316768a2957f993ddab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cb7029b046b8f466b93a423cda4193b1

SHA1
b5d0af7e3baed7bf69f42b0d19b133ea61d15cc2

SHA256
e3f05d5ad439201c2e228e65c1f29315dcfb0517d121aa4e00bb4ad2176cdc2e

SHA512
aeadc28cf7a996ad187923010b8413b6865877c05953bc60cffc9c8d76cee72b4fa61ab1d2b06ebf9084aa3d56eb867ec8427715063aeda64ad7b68802afc030

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2fcc111bfd89c099ee58e74ed749d242

SHA1
00ea29966c6d69f3bea7524e3462d7720abe704e

SHA256
70e628fb8be547bad5117a28f99d19aa33caf9b44f1f5abd49c8b5d92a4d118c

SHA512
0d24ab83b5bb8db6f4b1fd13b9c12cbe98445693050beebf01825bc60f3a08ec5ea1b8c7659f567ca2fca4cd7bbbda0db148ee5b87697da85f07e24609179869

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
1.5MB

MD5
851131cccc2e5949cb463f0e4a84f517

SHA1
25a22e20850b4fb1b79a19e6daadee432f122499

SHA256
156e673c82823df56149992f1ad2d74baff283bf0b336cca3c7e0af91337200f

SHA512
3c5610e21bfde6548eb1365f66f4437201bc9838740f0f34c725c9ce6dc117ac51884881283ece6b63bc22686833c462bb1273e0f8c62196d302e756103f21b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
aa47da8de67af7239cefa16ac6ee5ef0

SHA1
f7aa2f3a90cde1954da641e5015c4ae470dc445c

SHA256
000fd37f4d7f4cfc5bb43906470e2d7c895a037e3c94d9a217683347c9d80dbc

SHA512
ddddf19933d32ba4ff4c1820863b3dc355495e99f6f16b5d3e1efe72a82cf630694d2b63758caec24e88e873ae729d98192e6ee18320bcd3fc8222f4307e7f18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13364316638351272

Filesize
12KB

MD5
e8e8dd0a3ed52a5ab53e7f119a72eb27

SHA1
7862ce099b235cbc9bb3fa7bf5cf8014edabcc78

SHA256
fe8b8bb53337167ffddd1fbb2f7029f21d8c96d0b8b18fbec8eaf7d571676962

SHA512
d6b2ffe282044e34708c057e37e124d2d5d80c643583a570b063e794e816fba966bf9e6a5c955832e68484d4d3c8ca81c123e60856335105760ba34be6e864ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
184B

MD5
ed46ef8da7c1147987a34a81009026f1

SHA1
f86d09b48fdd1803098d1cce73181a8a50398b2c

SHA256
4318dcad82aeabba605ea007ac6b4026800c0b9dfc06f33ce3a0e9654bd957d8

SHA512
1079c3d441ca81bdccd8b3aee139af99b22e1301e3c952a2e4373dfbc646c626073095fa6a69a320916d5b185ee7dc7c9cda0fb2e0d452e7d664f4ca2116ce1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
344B

MD5
46940777e66ce5d1157fd86e3830064f

SHA1
84f993a14e8bef93b3ac365973e027a40f435531

SHA256
6cdd3957834b614516bb0788d8b1b869a14ff1eb3901e6a3e926c412d7847b3e

SHA512
11a6c6d708a03437418c85db7711b3cdae850c0b481eb698f750e512d6f3d6bb2465705254ec0d1a21da2569d6ac41ab8ff0eb3fc723568706a97f90c326af52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
8762dc7588e9a1325b31db22a1630dd4

SHA1
5c98555b5a6f1191b88a0ec2e21f9a6b754f6f02

SHA256
dfda8de09fc50ee29eaa8f38bab7dd14e63df824d10f2806a9e02637715c0abd

SHA512
9681df7f6dd61cda6c55eccbcabd2cd9f117524a24b4c14c4d54c5b643b9034b45263c467b9b58d954dfebe7ac1b3c38dfabc65a7a63bd6a53a6cd34db0ed461

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
35a3e69b5eb3e227aaea798328538b2a

SHA1
204463d18507e719a22e7039ec901f5ebf16704b

SHA256
5778c61946c961d84b168f67d156ad3d320beadc352d97372dc995492ec799b9

SHA512
94058fd188d2ea89289572c5e1c1b8dfda4a2b99dd50621ee2c0d113eb96c40d67806a99bfc15f3e54c4bc455b777a8e26bfef79f701a06f1fc0cc9bcdfb605e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5bc03e223f43a50ddaea5b0a53a19fc5

SHA1
952bc5720b63f163cf27976957bb88a15626bc08

SHA256
57424d9f09dba4e36d1e0b163ac4bd7025d7ecb30b457659cc9f6c7a6902e658

SHA512
7855e60d23b9cac5e9d4e3b2db05344a5aad3a89e0b9d633d9b7bee99e9c90c3c87c8e0b2e51ca98328c39aa85f035f9aa3b54fbeb007e59d683c536ae1e1bbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
62dd487cc5c5bbbc5a7b5bbff72d3f42

SHA1
b1d9bcbb166160cd75a0f0e1bf72ed4f8890a138

SHA256
44d5250ba6330c42e862b028761a831353689ba42c13ae2e84634835a5d484dd

SHA512
67912ca2e7cd4bf7d240e77f00c3dd53b4b4f93990b0b14bb0bd71e6bca92b37a918510a84fdcb7cfe34e41c820f399cf6a85add4aafd2c962acfb9299e5b167

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c52516ae38dd3eceabcbbafe31106d9a

SHA1
ec8baaa33b8e721d33b0672ed4ae9f0f4201368a

SHA256
b124e92775a51850121e533b8c3febdf2ececa45467df5c334865637cfb73e61

SHA512
51b29dee7edf3ffd68529be88c1c0bd8e75b56b7f4e2abcb34925f82976f1d949d7bf36675786b58d61b93eed2495aef2e4876cf41c14efaeb11bbb68a774925

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c5686683fcf181539d3f1b253041c6f4

SHA1
02db6a68c843e6aaccb8f4874795678bc59884ef

SHA256
1c61d95e06ec6c92eabdad82c02635f020900c1c584585cc1ca38c8e8ff19bed

SHA512
3b877593e012d7f1f6f2dc61b87c45ec12424df1592385dfcaaac1a9ced9896c845dfce4bab0a7a09b3d2992357e305ac61a99a73be86a243b11a5f315e8df15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2b345241afe976755aebfc2c64100698

SHA1
1b6d4d2dad51e572932a827e41b05105a33ef1ca

SHA256
d9b4181d0f09d772b969526e8f16a7ea4add4bf02fda90c0eb06f050920346a9

SHA512
989a8362d0f93aea22d218fb6571b10275e237e679a7cf43383ca8801b88a7715e98ac4efa7c0bf07660780baa06d2e1ebca2302ca0e7514f0d2ae8323a09683

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
07f6ca20b0944564715803e4e4182ab0

SHA1
01876401c3688ee7e88d5ebe9be5dd01df028616

SHA256
762a9f5c4957949f1a405a161d603b80e59f57a7c7ff99117640872470afb785

SHA512
40a36256fd21b19d68e96676a9e4e859d66e76871bf122655a80e5d8d5af625c831a2f4b060fef423453938a06065d4f415a1dab5cdb76916dfd2b3486fc68d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b0c81e5f84a54ebffa99723089bf5c96

SHA1
985d105f0ffbba31c0807da2d18cfb11a9e4f447

SHA256
21c042785722dff0de90ef9d2262de625c9980182b1b3af9d5c9ef65b2de80b7

SHA512
317bee7a5f7be8ecc733df4f62d6a886400e3b20296dceda76f2907604c12d8c0fb0a260405b40705dbe1cf7b0df3356e13a778e934314bfdaad772901dc72ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b6095702d80a8c2957e942fab258d912

SHA1
c59a4b32afbc15a3e01899638760f6b9c3403f72

SHA256
0b2840af3cb64590ed2a32e6f205d70f4715687c2ac78295ba72317d0fb93e4f

SHA512
ec8e2f0066146894454159b5a69874ac842bea0c297d74373b915eab683c8d97ff9072fe3d5a039a6e382c9043036b46848c557353624efd71c7b2f6b94ab71a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
29230597763f806237ce6facc5f3916b

SHA1
3f72f9925eef8a45161713920e95b787ab17a778

SHA256
66a9cc5073ef666d15c8eadac646dcff223be45cbcabe3c604faeeac9acff7a8

SHA512
95287279d88c10e6fbe5fb646cc12620413674bbfe54945c0f90b6ee130f571043fcbd3da80cdff3447a08cecd0714bd0bd0bbdac683c6659a05fe19fd1c3cb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ceec93255bfa1f17a2b17ca9be988a1f

SHA1
ebe400a52340834acba4d080e8cbd63db8f5d1e6

SHA256
15da167c826ba28899aa99e589a80a5f9157e55da7d594e740e63ddbcc45fe79

SHA512
6ad779683c1fa26d1266544548bd1762618acc2af94f17d32482c948eea042d93ef1d0804a4499bdca4285356fdd43fdee3978d805108f8dfb7491eba5671b95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8aec998678c9deff1d8b5c3c495bf69f

SHA1
68695b327e8dda17bc5fbdd5fd8031658ba1c2a7

SHA256
ac0e6fa25ccc1b489a9b890fe08f871ee369980f0bbb79d8afa6e114ea925061

SHA512
649af12b25a4203436540a314bdc9fa6697ff8bbdbe93671f46d9fdc6f8720bf22a29ba5fc81ff978f8df070b6b3c68180cbede4de32f3bcf1f862f10118c350

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7deb3987ce0e7551fcef225118e2e1ae

SHA1
811ac683cb00c63b37079acd527093e509c0b421

SHA256
405011797e53797d06dbab03324e6159c69fe01c0e3ed63be98e55cb231595b8

SHA512
266c0bb1f9bc34ba75b9b5df82a406cccc2177b2a95f31f39c84f6bfaed98dfc16e190be30e5c96e026c0a1bbea9dedffb5544cdb6cec08bc163ccd6416353e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1c27056af99f3aeb6f9ef0932c3076ba

SHA1
193585948323cc4487f6a25c3a5b2ead32bc8664

SHA256
6c7f8185822d7e12a7ac11bbc25988ce54317dcc47f16c9c3137b4b04083b361

SHA512
a2c3190255f563a08777b1a8701fb8828b3198dedb82509f05cb98bf13b277a444246b6a4d42e1c8a6941426b85cebe19fb132c4fe836a02bcc5af3ee45b4088

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581cf9.TMP

Filesize
1KB

MD5
9d9c1d7fdb95981371cb8d0f47f52d5e

SHA1
b26bb2064902716c3f0ed4ea72eae3b8ba81d8c2

SHA256
935a01fbdbd858e3f76963991a8d9147926320f3105a8e5467887c8ec311b7f2

SHA512
c7024184c795d0ce539cbc45a952fd00cd0a45f89bd32d0cd5bada1dedb9de56f8566fc71e55219d8a5dbba32ddade46698a8d8636dd5d6830ab70f4f304df97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
eaf685feac9383a1a93a4ae1cce2467e

SHA1
03e179212858aa7f3a73f98111564751dfb9a7a6

SHA256
e33cf368fc8342e4d78c4847fba54871b7c70a870a59bdbf6e7082a41d5ba972

SHA512
27c9b61fea89c6ff9a431df4ed294c4a40fb0cb725a8918b52035957a105e4811ae82d40c97d0056f6a0eb34a1765a60e1ecbca70c8c625bdf29f59297d45f9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
112KB

MD5
73d5da08b49725ba99f93518e19a98c5

SHA1
56a70c8a30602c5951a2da3538513c57c54e0d10

SHA256
fd7341612d8e8d1474f32870a798641912b1848c9aaad3d0b19b67856ab31ce9

SHA512
b4acc4a211b09810f489407714eeda28f121ff4a2c838272315e583f18ea17930ee6c872226b48ac91d56a393096afa94952a3872b5d30c560bb485cb32bce69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
72KB

MD5
58ea085adaa1a97b709f509636284ba8

SHA1
e4232747f0a72f15ecdad9580707a5f078be526c

SHA256
6eb09a85509c94fa10a38eb33bb9e59a1cdb288cb4a248dfbcf239e22e06b0b1

SHA512
87e9d2111b3b32840b8bf6009783ca057869389a32535fba5f99900c837a1cadc7acd14d2defe76b2b935751af287dd169c5aae95ad110cf8db2daf69054d7d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
5KB

MD5
01b6ed6eaa23e41e1289c3087743bda9

SHA1
e1b2775ace6c6f6fbecb1e979e5f7182fe3c978c

SHA256
9657ce7ce7f5e758a271978110a925934409307d21777b1c8a9ef7a727e315ba

SHA512
224c9fa9bcc35a8c18944d2e92199fc7522bfd9e25fa5f8c5ca587041b14807d4d14acbab1b86e848decccd8ee7a70ddb4a00a8f8545cd5938b297c5db211427

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
dd465e28cf08e278b0a87d929d4c5ecd

SHA1
0b99e29f7a02af607b73cbbbf19714e39d3ae3f5

SHA256
63c59d969a7bb673280a37b341ef219d7db06d225e12db0315ca67c6b0919dd7

SHA512
ddf5bbae44522ba8f4c311e0cb4976bf8dd2322f3e00c77f1e3c21e54e35bcb58f439710ffa2ffe045f1ff55d9867f94fd4a316237f9ddb9c7d8026bf2b0eb3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
318B

MD5
cbc17bb48b28c8d0752a359e46e926d6

SHA1
c9b5abde39d0eb13d64225faf38e43c6dcf7f542

SHA256
5cb50a22d12ce65995c55f6a490ae995ac850cbf8caac58540f01ce8db40c19b

SHA512
f1cb51a1ca1ab0d19633ef07879e5f58dc1394168c3003bcdbedbc5968a9bd45e53cfc48a35951dbc9b15e62c40f64e5cde8add60784e70d17d5d5acc059e89b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
94974c520bda98ec12a6da95e76a6d7d

SHA1
19ef493f86e466917fc30314c03333ad40b2b234

SHA256
7c543027618ae44ab32838b1439dd28e47d17b849bd6e7e7a20f9b9646d7ff83

SHA512
20a6739902dff134fdfb761e3b1805d0b797f96158ef70bed9ff71664515c20cbb2c6f88c797d8ef9a1c5c2e59305dbe2031abd4420c730d2ba00875d9d4225c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
4375a38c70e9df6a6659fd86011af239

SHA1
c9d57092713e80888bcdcb8c400ad5b433ebdf6a

SHA256
9ff497c716538fdc4916118e6af9712a15c7ecfef5a8227e7b669af36ffc5bb1

SHA512
84d6ad779c5eb9f72ec6fc1510a5b4dc0d260ef936e8bc88e4d5074a9e72d77b7c68679754de75d2c7982f263bce060e8eb1750d39b625b2a78abaae6ede8ae6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
1fe82b538b595c072b222d69336f6bb9

SHA1
4fb201490fda9d50a7fc1c79fad731707b2b15ce

SHA256
fac1e0ba9874cbfa949a023cae57e0cd688ec76f6dbba6784dcfea528539f608

SHA512
e52bc963663ecb802c23ba688fb45ca27d17e779c205a35b59289cbe7ddd13c8e03056ee96a85ff8786d6eb1f73e267c0bbc6045a2900c25fdbf041dd1e745a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
779e6c9a29ed4a2566a0327bf2cdc2f4

SHA1
28375aa075c1938dab7566e44ef3f992691ab3e0

SHA256
49ccb6b1d7fe02bdd8a0dd32e7b40213f18dccc0d7d5b7d3aa58536047e6b08d

SHA512
d75cabb6b23866f9c68d9ecc953d5d6f337dc48180a33ce9ed1ae12570be14d9521de670a8258cba02d5a45187d44f777b5e6d19a3537a36da00189bd613722f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
17KB

MD5
bb83b2d026e333e641463cd0b96609a2

SHA1
ce56a2c53eae00253f0995ce74ee6298797f5026

SHA256
a4e7e8902dc55d3d73c42b4a75fc714b648ea88907cac6188854418938901b77

SHA512
b82168bbabd92a017787e25e4d900efbb72037de59634a0a4f69af5998b383d5a7effd108d504db0f54e7389d475550a951d61b16fe93649c6828eb0fc2de974

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
26KB

MD5
8235f98068f731038d8520df4727c625

SHA1
6ef1e3ca36d59de490e593ec195b632e8e09565d

SHA256
98280dcf81e7ed7a29b2d383c12027481bf771aa6358012ee5ffcc8b3af21e38

SHA512
d75d4b688898ee9c9ee07f7be6e9dafd0154518ac54042270666969dd15dbc3b7c8cf92997c510f42f20a5ad8270d5324dd8f2ef91666a9d6d0450d60bacfd83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003

Filesize
26KB

MD5
ad2134ff16b8955dbcf63336d3e33d58

SHA1
1d818cc140127deca1fb5bbc4ff88fa3ff52d6df

SHA256
b0ac89e9f894fe05628c1bdead63741499df44688ccd44351d58feab09712246

SHA512
d540504b8e393cbe5438849dff802fad000227e114a4b2e155d39fe082683413c3b14b493ac0bd0e6bccf40b9a15a86b508aa76ca58a24a1a2e426b67030f09e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7b6a6deb89c454d7b13a068ca947e735

SHA1
ffd328aef0e2554b4e2adb184815d3f7ac3907e1

SHA256
6f7519d4c846e1d0d57690adc6c3b0e996b9ef344577dd61566d574112c3e717

SHA512
1c36c98326820655609ac048b93f6f90ad1e3ec0d534c5d38e7e5c1d8896dd5500083af05e26966b470c0ad068a1f970d345b7f94b3b4f8eed3e287bfca94c86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b10c2ff05854df9b7d2fbbf7a07ca749

SHA1
e54c0abd2593f1a2fc8cade42d2083591e30de1f

SHA256
da688397518f0055fddaa76bad5144981653a9c26bdc1646968cbd0a041afd3a

SHA512
629cb65a66f1d5cb3a509a81cf5d836a44be741174955d7722f1ef4875d5cb058cf3478bb89bb9b75c260c044917afe7855b50229dbe80d0c862cf75d90dfa6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9c73088e03fb74d47ca79b8c32e2aff0

SHA1
0b32b58971986edd69818da907c9b879010a2c45

SHA256
595f799a8803bf7892ef4568b5c70e5bff8416e55d8e88862d09a91e336beac9

SHA512
f78d557acf8f9fa0cd37b365b49ed3e83a42a362517f5409c5364898d40f1c712cad2796c3e01d6b166920ba2fc14af4124c21f51c7322dfc42abdde813532fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
1d4582ccc5096e0ac30e52e9426ba9a0

SHA1
7afedb307ac4fcc402a7310d6a4326ae41055958

SHA256
e8432ff2f2c5f9a8aaacd3fc8bbf0684d65359d930a27393bb328cd0f2c7b4a3

SHA512
3aceb0a2f876db3d7996428a7163e77bcbd53a198d99b309aeabc16f84b2020f2e7ad1d55c4d90de5ddb981171b0eff8177406f593292e240753223b3b190b06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2783d27a82717a6b136040a74589e2cd

SHA1
64565e6845abd8654d939629dda67aacb4e0c9fe

SHA256
2ee0223fe698ff823ab0e2fb5bea0fc222c97cfc4b50eef7759b2c788d6a2a7f

SHA512
79bb12578ea5fcb029544af8cf920009d821c0b9bf1719affa9453774ec7727b09acf7d294a2f57461a4bbb07fbdf3730047289a538b23e207ea3490f6cde756

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ddf14157f1f3c5e875bb5662b6936f9b

SHA1
a23689d9136ed399712214ffbee8764da5c1bf1b

SHA256
03cb3743bf2e25555bfbf3ba9a2680ed9eb83ebeda65b721e9693a3865844ddc

SHA512
3ea59d2da098c37ca36447e5a7d5e2c1a3e298c5d838d22024eaa9a19e81c37d53b3822edadd15ce7466a859124434989c949e2bd8b2346f0bca1814ac212670

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b849594a0abf939e15e08a61de770848

SHA1
9d901bd7d8e3c9c19d20c9b8a0ade61ab863a230

SHA256
99dc9d85093178028f5fd3836b0d3818425304d421780d0285058ce41015353e

SHA512
7b3da23c994258068a84c9d80afdc31c5e6675bd6cf28b4d6916283acc87545b009eb38eaa45e996f01d1610407fea8f690bba9076d4f4fd2163af84842f7977

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8f843b259eecb38a8df5622f3d4d59d2

SHA1
9d424f6e716a1fbc50084cb59c327125a3872fb9

SHA256
3f98e75d428c0deaa4f1db0e10a54d16ecf159e177bad413afb687a38bc2d876

SHA512
aedee2a6e539b402305437a66eb5e7e52c701503fc56783387f84972f2c6eacba9e1a8066e6db84e3d0c9418b2b125ee4c04af5800da3093045e737ba0e0d106

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1f6ef00ab5658dfa9fb375e87f9d3149

SHA1
bc9bd2c871bdb6871da43bb13f7477095930bee8

SHA256
14f8dda501463c0e351a7583dc9350043e6a2d503713ff171dc485e6c07e3686

SHA512
dd5c13469487224cd33f48b25ba48bafd0ad2ba546d18571101c93059c0e3bc042348604e387f36c9c3b1dfeb8b2ec9a225a219caf0bc942ae8ca0e70078bbb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
764db32871d13df16f9789236bb08631

SHA1
fe9ed3dd49b34888690f42c86369d917bedef319

SHA256
b1ee2bb1b8aaff7c1eb637304dcbd27032961323c842f9fc7f647fadaef78a63

SHA512
235b20a24df17e3a8213339045b48f88b9b22430adc2b97f26f184094a93f07a0977f975bd5ea796b01c58f79b2c48a3d9ef42be93cdd0e44988108d6e87a6a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
896KB

MD5
8a410ca32cfa68b6af87dd2a15895e22

SHA1
78218033b8278df0e23513baaffdfc346efaf5cb

SHA256
078710f879b2d154a2ca8d9983b4ba9a90fc0be52a52c98658ad9c2c5fa5592c

SHA512
de46b955a9e9ca25d045efae4f34367a5b5832d36e49291d0c5e237381af12045a479b0d53777ab135db15b7af09f24152d48210ba24e4ffe0bc815b9936972e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
ebdb4566a509bf737e7f3726b8e5d003

SHA1
bfabb2b07b9cad82a182d5564c4bf61a6a40d61b

SHA256
29704bfd9a2326469e78055f8e9b54d6e0affbc5982608478beeb1c91a4cb6f8

SHA512
30f4cacb2db6a19f221f90e1547d4ecea075de7f73dffb0573cc3a2971a2bf92f4c2ea02bc0b622fcc6fb5ba47a8f21d656dc552f676476e0abf779e8a52b77d

Download Submit
C:\Users\Admin\Desktop\UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR N1XT.txt

Filesize
396B

MD5
9037ebf0a18a1c17537832bc73739109

SHA1
1d951dedfa4c172a1aa1aae096cfb576c1fb1d60

SHA256
38c889b5d7bdcb79bbcb55554c520a9ce74b5bfc29c19d1e4cb1419176c99f48

SHA512
4fb5c06089524c6dcd48b6d165cedb488e9efe2d27613289ef8834dbb6c010632d2bd5e3ac75f83b1d8024477ebdf05b9e0809602bbe1780528947c36e4de32f

Download Submit
C:\Users\Admin\Downloads\Avoid.zip

Filesize
241KB

MD5
19851e369fc50763189442e3c6694712

SHA1
d2e47f277743f3c4253bc2ce85bb40cc67c87b8f

SHA256
8a9d0115b56f9a6a8ed231d3400e1362425e265e5944a0ec0903a70e888ab171

SHA512
f79ba6f1219f8e10cadc3a4a5c8ab2051affe3b9bf7a4edaed505dd3acddcd57327f6cb1f728e37a74a78d685a9bd244313a629cdffea58a219a7eb4615f31de

Download Submit
C:\Users\Admin\Downloads\ChilledWindows.zip

Filesize
4.2MB

MD5
5806c691583167135665b6aac348d3b8

SHA1
34d14feafac0946097fbbc03e3be2b235392587d

SHA256
00cf66b0bab94b1ae74d534160a801315df8a7efea764cda906af49f99be54e9

SHA512
dbcda2362ba5aaba904087a512e3423e2356f0e824e4bd4de99f277316afb32e03d6f8ea109d4d046ba9f14fc32f21a5d80cceb982fbce529c6f15abd7c6fa7c

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 711898.crdownload

Filesize
6.7MB

MD5
f2b7074e1543720a9a98fda660e02688

SHA1
1029492c1a12789d8af78d54adcb921e24b9e5ca

SHA256
4ea1f2ecf7eb12896f2cbf8683dae8546d2b8dc43cf7710d68ce99e127c0a966

SHA512
73f9548633bc38bab64b1dd5a01401ef7f5b139163bdf291cc475dbd2613510c4c5e4d7702ecdfa74b49f3c9eaed37ed23b9d8f0064c66123eb0769c8671c6ff

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 8373.crdownload

Filesize
424KB

MD5
e263c5b306480143855655233f76dc5a

SHA1
e7dcd6c23c72209ee5aa0890372de1ce52045815

SHA256
1f69810b8fe71e30a8738278adf09dd982f7de0ab9891d296ce7ea61b3fa4f69

SHA512
e95981eae02d0a8bf44493c64cca8b7e50023332e91d75164735a1d0e38138f358100c93633ff3a0652e1c12a5155cba77d81e01027422d7d5f71000eafb4113

Download Submit
C:\Users\Admin\Downloads\WinRGBDestructive.zip

Filesize
6.7MB

MD5
2ccf48c0f0e4379e7fe1290008e9e27b

SHA1
4841ae2ef01eb9cf6046034ee605eb0082efcd48

SHA256
f14dc938825e26808ceb544d8dbdeea14a3e88ee299d9b07f60b851e4f4b188b

SHA512
ead74378f562cf24cd9b52917a0a6dac93659f7714f6b5477ded57e28fb9c93a67611fec4744b4c63cc95f634e3520724775ec263498fc8e0c5cb77719aa0671

Download Submit
C:\Users\Admin\Downloads\You-are-an-idiot.zip

Filesize
33KB

MD5
4acd75f2bfeb99226a8c9cc721284208

SHA1
4c5fc527d8825952a6f45d4fcbab3bdb074e9713

SHA256
47dca4e070081df4b70053c858a851dbd720845d4ac579eb5e7334a44ffa16c7

SHA512
ba18b878ad12916ae75dd1f5fbee09bbdfef4776d243fa4e9d7b34a113978b529a242c66e868c52cbb0cab4198d0b356e83dc36355f9452e03e7fbd4e0f9f6e0

Download Submit
C:\Users\Admin\Downloads\You-are-an-idiot.zip:Zone.Identifier

Filesize
672B

MD5
94a51fed4a7a18919ee2019e40ddc701

SHA1
c614366b7275f8d31ff8496f83982d7a8acf7ccd

SHA256
f1285647a1f18f30882d863021593c4eef9877b1b5d1f0c8822e2c4abff98a47

SHA512
781ad8da039503ac0484c44c164e402edac260e356dc5330a1ade0c8fbf3ec4d0416389685bc33ba0d70bf7acdd34639caf69a17dad8b63cb36e6917fa33689d

Download Submit
memory/928-2587-0x000000000C200000-0x000000000C210000-memory.dmp

Filesize
64KB

Download
memory/928-2594-0x000000000C880000-0x000000000C890000-memory.dmp

Filesize
64KB

Download
memory/928-2591-0x000000000C880000-0x000000000C890000-memory.dmp

Filesize
64KB

Download
memory/928-2556-0x0000000000E80000-0x000000000152E000-memory.dmp

Filesize
6.7MB

Download
memory/928-2590-0x000000000C880000-0x000000000C890000-memory.dmp

Filesize
64KB

Download
memory/928-2592-0x000000000C200000-0x000000000C210000-memory.dmp

Filesize
64KB

Download
memory/928-2583-0x000000000BF20000-0x000000000BF2E000-memory.dmp

Filesize
56KB

Download
memory/928-2582-0x000000000C1C0000-0x000000000C1F8000-memory.dmp

Filesize
224KB

Download
memory/928-2589-0x000000000C200000-0x000000000C210000-memory.dmp

Filesize
64KB

Download
memory/928-2588-0x000000000C200000-0x000000000C210000-memory.dmp

Filesize
64KB

Download
memory/928-2593-0x000000000C200000-0x000000000C210000-memory.dmp

Filesize
64KB

Download
memory/928-2586-0x000000000C200000-0x000000000C210000-memory.dmp

Filesize
64KB

Download
memory/1884-2500-0x0000000005600000-0x0000000005656000-memory.dmp

Filesize
344KB

Download
memory/1884-2498-0x0000000000B00000-0x0000000000B72000-memory.dmp

Filesize
456KB

Download
memory/1884-2499-0x00000000054C0000-0x000000000555C000-memory.dmp

Filesize
624KB

Download
memory/2552-419-0x00000000058C0000-0x0000000005E66000-memory.dmp

Filesize
5.6MB

Download
memory/2552-420-0x00000000053B0000-0x0000000005442000-memory.dmp

Filesize
584KB

Download
memory/2552-418-0x0000000000870000-0x000000000087C000-memory.dmp

Filesize
48KB

Download
memory/2552-421-0x0000000005330000-0x000000000533A000-memory.dmp

Filesize
40KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads