wannacry | b6e0541f88b2f91f92b7bcb4928db794f406e822802b1516b804fb1e2933e75e

Resubmissions

24-01-2025 18:33

250124-w7km6stkgn 10

16-12-2024 12:21

241216-pjry1szpay 10

16-12-2024 12:18

241216-pg2qfaznf1 10

16-12-2024 12:06

241216-n93b1a1kcr 10

Analysis

max time kernel
179s
max time network
180s
platform
windows11-21h2_x64
resource
win11-20241007-es
resource tags

arch:x64arch:x86image:win11-20241007-eslocale:es-esos:windows11-21h2-x64systemwindows
submitted
16-12-2024 12:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-16_ca4ce7114be6f14792cc77f2997fc7e6_wannacry.exe
Size

5.0MB
MD5

ca4ce7114be6f14792cc77f2997fc7e6
SHA1

f4ca2bdcaed8ccaf20536cdfce85b338b74ebf19
SHA256

b6e0541f88b2f91f92b7bcb4928db794f406e822802b1516b804fb1e2933e75e
SHA512

d92e534f9ca67397fc17b9b67dd7e3fcca3d8be81d8e4d6f6da5ccc2dd6bb47ac5aef3f78ab274b1a08ca70e2db0dff8944e0e9a0e85eb657b09bfeac3f1864c
SSDEEP

12288:GwbLgPluxQhMbaIMu7L5NVErCA4z2g6rTcbckP:VbLgdeQhfdmMSirYbc

Score

10^/10

wannacry microsoft discovery phishing ransomware worm

Malware Config

Signatures

Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Wannacry family
wannacry
Contacts a large (4178) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Executes dropped EXE 1 IoCs

pid	Process
3688	tasksche.exe

Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Detected potential entity reuse from brand MICROSOFT.
phishing microsoft

Drops file in Windows directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe
File created	C:\WINDOWS\tasksche.exe	2024-12-16_ca4ce7114be6f14792cc77f2997fc7e6_wannacry.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-12-16_ca4ce7114be6f14792cc77f2997fc7e6_wannacry.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-12-16_ca4ce7114be6f14792cc77f2997fc7e6_wannacry.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133788254153186121"	chrome.exe

Modifies registry class 4 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
2196	msedge.exe
2196	msedge.exe
3196	msedge.exe
3196	msedge.exe
2596	msedge.exe
2596	msedge.exe
5560	identity_helper.exe
5560	identity_helper.exe
5864	chrome.exe
5864	chrome.exe
4532	msedge.exe
4532	msedge.exe
2900	msedge.exe
2900	msedge.exe
3772	identity_helper.exe
3772	identity_helper.exe
5780	msedge.exe
5780	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs

pid	Process
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
5864	chrome.exe
5864	chrome.exe
5864	chrome.exe
5864	chrome.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5864	chrome.exe
Token: SeCreatePagefilePrivilege	5864	chrome.exe
Token: SeShutdownPrivilege	5864	chrome.exe
Token: SeCreatePagefilePrivilege	5864	chrome.exe
Token: SeShutdownPrivilege	5864	chrome.exe
Token: SeCreatePagefilePrivilege	5864	chrome.exe
Token: SeShutdownPrivilege	5864	chrome.exe
Token: SeCreatePagefilePrivilege	5864	chrome.exe
Token: SeShutdownPrivilege	5864	chrome.exe
Token: SeCreatePagefilePrivilege	5864	chrome.exe
Token: SeShutdownPrivilege	5864	chrome.exe
Token: SeCreatePagefilePrivilege	5864	chrome.exe
Token: SeShutdownPrivilege	5864	chrome.exe
Token: SeCreatePagefilePrivilege	5864	chrome.exe
Token: SeShutdownPrivilege	5864	chrome.exe
Token: SeCreatePagefilePrivilege	5864	chrome.exe
Token: SeShutdownPrivilege	5864	chrome.exe
Token: SeCreatePagefilePrivilege	5864	chrome.exe
Token: SeShutdownPrivilege	5864	chrome.exe
Token: SeCreatePagefilePrivilege	5864	chrome.exe
Token: SeShutdownPrivilege	5864	chrome.exe
Token: SeCreatePagefilePrivilege	5864	chrome.exe
Token: SeShutdownPrivilege	5864	chrome.exe
Token: SeCreatePagefilePrivilege	5864	chrome.exe
Token: SeShutdownPrivilege	5864	chrome.exe
Token: SeCreatePagefilePrivilege	5864	chrome.exe
Token: SeShutdownPrivilege	5864	chrome.exe
Token: SeCreatePagefilePrivilege	5864	chrome.exe
Token: SeShutdownPrivilege	5864	chrome.exe
Token: SeCreatePagefilePrivilege	5864	chrome.exe
Token: SeShutdownPrivilege	5864	chrome.exe
Token: SeCreatePagefilePrivilege	5864	chrome.exe
Token: SeShutdownPrivilege	5864	chrome.exe
Token: SeCreatePagefilePrivilege	5864	chrome.exe
Token: SeShutdownPrivilege	5864	chrome.exe
Token: SeCreatePagefilePrivilege	5864	chrome.exe
Token: SeShutdownPrivilege	5864	chrome.exe
Token: SeCreatePagefilePrivilege	5864	chrome.exe
Token: SeShutdownPrivilege	5864	chrome.exe
Token: SeCreatePagefilePrivilege	5864	chrome.exe
Token: SeShutdownPrivilege	5864	chrome.exe
Token: SeCreatePagefilePrivilege	5864	chrome.exe
Token: SeShutdownPrivilege	5864	chrome.exe
Token: SeCreatePagefilePrivilege	5864	chrome.exe
Token: SeShutdownPrivilege	5864	chrome.exe
Token: SeCreatePagefilePrivilege	5864	chrome.exe
Token: SeShutdownPrivilege	5864	chrome.exe
Token: SeCreatePagefilePrivilege	5864	chrome.exe
Token: SeShutdownPrivilege	5864	chrome.exe
Token: SeCreatePagefilePrivilege	5864	chrome.exe
Token: SeShutdownPrivilege	5864	chrome.exe
Token: SeCreatePagefilePrivilege	5864	chrome.exe
Token: SeShutdownPrivilege	5864	chrome.exe
Token: SeCreatePagefilePrivilege	5864	chrome.exe
Token: SeShutdownPrivilege	5864	chrome.exe
Token: SeCreatePagefilePrivilege	5864	chrome.exe
Token: SeShutdownPrivilege	5864	chrome.exe
Token: SeCreatePagefilePrivilege	5864	chrome.exe
Token: SeShutdownPrivilege	5864	chrome.exe
Token: SeCreatePagefilePrivilege	5864	chrome.exe
Token: SeShutdownPrivilege	5864	chrome.exe
Token: SeCreatePagefilePrivilege	5864	chrome.exe
Token: SeShutdownPrivilege	5864	chrome.exe
Token: SeCreatePagefilePrivilege	5864	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
5864	chrome.exe
5864	chrome.exe
5864	chrome.exe
5864	chrome.exe
5864	chrome.exe
5864	chrome.exe
5864	chrome.exe
5864	chrome.exe
5864	chrome.exe
5864	chrome.exe
5864	chrome.exe
5864	chrome.exe
5864	chrome.exe
5864	chrome.exe
5864	chrome.exe
5864	chrome.exe
5864	chrome.exe
5864	chrome.exe
5864	chrome.exe
5864	chrome.exe
5864	chrome.exe
5864	chrome.exe
5864	chrome.exe
5864	chrome.exe
5864	chrome.exe
5864	chrome.exe
5864	chrome.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
5864	chrome.exe
5864	chrome.exe
5864	chrome.exe
5864	chrome.exe
5864	chrome.exe
5864	chrome.exe
5864	chrome.exe
5864	chrome.exe
5864	chrome.exe
5864	chrome.exe
5864	chrome.exe
5864	chrome.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2196 wrote to memory of 280	2196	msedge.exe	110
PID 2196 wrote to memory of 280	2196	msedge.exe	110
PID 2196 wrote to memory of 4160	2196	msedge.exe	111
PID 2196 wrote to memory of 4160	2196	msedge.exe	111
PID 2196 wrote to memory of 4160	2196	msedge.exe	111
PID 2196 wrote to memory of 4160	2196	msedge.exe	111
PID 2196 wrote to memory of 4160	2196	msedge.exe	111
PID 2196 wrote to memory of 4160	2196	msedge.exe	111
PID 2196 wrote to memory of 4160	2196	msedge.exe	111
PID 2196 wrote to memory of 4160	2196	msedge.exe	111
PID 2196 wrote to memory of 4160	2196	msedge.exe	111
PID 2196 wrote to memory of 4160	2196	msedge.exe	111
PID 2196 wrote to memory of 4160	2196	msedge.exe	111
PID 2196 wrote to memory of 4160	2196	msedge.exe	111
PID 2196 wrote to memory of 4160	2196	msedge.exe	111
PID 2196 wrote to memory of 4160	2196	msedge.exe	111
PID 2196 wrote to memory of 4160	2196	msedge.exe	111
PID 2196 wrote to memory of 4160	2196	msedge.exe	111
PID 2196 wrote to memory of 4160	2196	msedge.exe	111
PID 2196 wrote to memory of 4160	2196	msedge.exe	111
PID 2196 wrote to memory of 4160	2196	msedge.exe	111
PID 2196 wrote to memory of 4160	2196	msedge.exe	111
PID 2196 wrote to memory of 4160	2196	msedge.exe	111
PID 2196 wrote to memory of 4160	2196	msedge.exe	111
PID 2196 wrote to memory of 4160	2196	msedge.exe	111
PID 2196 wrote to memory of 4160	2196	msedge.exe	111
PID 2196 wrote to memory of 4160	2196	msedge.exe	111
PID 2196 wrote to memory of 4160	2196	msedge.exe	111
PID 2196 wrote to memory of 4160	2196	msedge.exe	111
PID 2196 wrote to memory of 4160	2196	msedge.exe	111
PID 2196 wrote to memory of 4160	2196	msedge.exe	111
PID 2196 wrote to memory of 4160	2196	msedge.exe	111
PID 2196 wrote to memory of 4160	2196	msedge.exe	111
PID 2196 wrote to memory of 4160	2196	msedge.exe	111
PID 2196 wrote to memory of 4160	2196	msedge.exe	111
PID 2196 wrote to memory of 4160	2196	msedge.exe	111
PID 2196 wrote to memory of 4160	2196	msedge.exe	111
PID 2196 wrote to memory of 4160	2196	msedge.exe	111
PID 2196 wrote to memory of 4160	2196	msedge.exe	111
PID 2196 wrote to memory of 4160	2196	msedge.exe	111
PID 2196 wrote to memory of 4160	2196	msedge.exe	111
PID 2196 wrote to memory of 4160	2196	msedge.exe	111
PID 2196 wrote to memory of 3196	2196	msedge.exe	112
PID 2196 wrote to memory of 3196	2196	msedge.exe	112
PID 2196 wrote to memory of 3964	2196	msedge.exe	113
PID 2196 wrote to memory of 3964	2196	msedge.exe	113
PID 2196 wrote to memory of 3964	2196	msedge.exe	113
PID 2196 wrote to memory of 3964	2196	msedge.exe	113
PID 2196 wrote to memory of 3964	2196	msedge.exe	113
PID 2196 wrote to memory of 3964	2196	msedge.exe	113
PID 2196 wrote to memory of 3964	2196	msedge.exe	113
PID 2196 wrote to memory of 3964	2196	msedge.exe	113
PID 2196 wrote to memory of 3964	2196	msedge.exe	113
PID 2196 wrote to memory of 3964	2196	msedge.exe	113
PID 2196 wrote to memory of 3964	2196	msedge.exe	113
PID 2196 wrote to memory of 3964	2196	msedge.exe	113
PID 2196 wrote to memory of 3964	2196	msedge.exe	113
PID 2196 wrote to memory of 3964	2196	msedge.exe	113
PID 2196 wrote to memory of 3964	2196	msedge.exe	113
PID 2196 wrote to memory of 3964	2196	msedge.exe	113
PID 2196 wrote to memory of 3964	2196	msedge.exe	113
PID 2196 wrote to memory of 3964	2196	msedge.exe	113
PID 2196 wrote to memory of 3964	2196	msedge.exe	113
PID 2196 wrote to memory of 3964	2196	msedge.exe	113

C:\Users\Admin\AppData\Local\Temp\2024-12-16_ca4ce7114be6f14792cc77f2997fc7e6_wannacry.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-16_ca4ce7114be6f14792cc77f2997fc7e6_wannacry.exe"
1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:3032
- C:\WINDOWS\tasksche.exe
  C:\WINDOWS\tasksche.exe /i
  2⤵
  - Executes dropped EXE
  PID:3688

C:\Users\Admin\AppData\Local\Temp\2024-12-16_ca4ce7114be6f14792cc77f2997fc7e6_wannacry.exe
C:\Users\Admin\AppData\Local\Temp\2024-12-16_ca4ce7114be6f14792cc77f2997fc7e6_wannacry.exe -m security
1⤵
- System Location Discovery: System Language Discovery
PID:1756

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:2636

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:3964

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,Control_RunDLL C:\Windows\System32\srchadmin.dll ,
1⤵
PID:1488

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbc4393cb8,0x7ffbc4393cc8,0x7ffbc4393cd8
  2⤵
  PID:280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,13519679398144753448,18097822669160080134,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,13519679398144753448,18097822669160080134,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,13519679398144753448,18097822669160080134,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2544 /prefetch:8
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13519679398144753448,18097822669160080134,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13519679398144753448,18097822669160080134,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13519679398144753448,18097822669160080134,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13519679398144753448,18097822669160080134,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,13519679398144753448,18097822669160080134,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=4732 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13519679398144753448,18097822669160080134,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13519679398144753448,18097822669160080134,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13519679398144753448,18097822669160080134,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:2532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13519679398144753448,18097822669160080134,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13519679398144753448,18097822669160080134,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,13519679398144753448,18097822669160080134,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5920 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13519679398144753448,18097822669160080134,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:1
  2⤵
  PID:5636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13519679398144753448,18097822669160080134,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:5644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1924,13519679398144753448,18097822669160080134,131072 --lang=es --service-sandbox-type=audio --mojo-platform-channel-handle=3292 /prefetch:8
  2⤵
  PID:6056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:576

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004B8
1⤵
PID:6104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbc55acc40,0x7ffbc55acc4c,0x7ffbc55acc58
  2⤵
  PID:5912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1944,i,875317104643296887,6467859080400300950,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1940 /prefetch:2
  2⤵
  PID:6040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1804,i,875317104643296887,6467859080400300950,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2056 /prefetch:3
  2⤵
  PID:6048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2204,i,875317104643296887,6467859080400300950,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2216 /prefetch:8
  2⤵
  PID:6100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,875317104643296887,6467859080400300950,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,875317104643296887,6467859080400300950,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4368,i,875317104643296887,6467859080400300950,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4480 /prefetch:1
  2⤵
  PID:5556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4488,i,875317104643296887,6467859080400300950,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4756 /prefetch:8
  2⤵
  PID:5388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4756,i,875317104643296887,6467859080400300950,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4776 /prefetch:8
  2⤵
  PID:5244
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Windows directory
  PID:6076
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff712b04698,0x7ff712b046a4,0x7ff712b046b0
    3⤵
    - Drops file in Windows directory
    PID:5660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4816,i,875317104643296887,6467859080400300950,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:1848

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2936

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbc4393cb8,0x7ffbc4393cc8,0x7ffbc4393cd8
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,2435400711651532215,17491812655192585042,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2016 /prefetch:2
  2⤵
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,2435400711651532215,17491812655192585042,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2116 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,2435400711651532215,17491812655192585042,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2152 /prefetch:8
  2⤵
  PID:5544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,2435400711651532215,17491812655192585042,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:5904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,2435400711651532215,17491812655192585042,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:5924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,2435400711651532215,17491812655192585042,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4360 /prefetch:1
  2⤵
  PID:5756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,2435400711651532215,17491812655192585042,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,2435400711651532215,17491812655192585042,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,2435400711651532215,17491812655192585042,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:5968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2008,2435400711651532215,17491812655192585042,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=4368 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,2435400711651532215,17491812655192585042,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
  2⤵
  PID:5360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,2435400711651532215,17491812655192585042,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3840 /prefetch:1
  2⤵
  PID:5964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,2435400711651532215,17491812655192585042,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:6000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,2435400711651532215,17491812655192585042,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4376 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,2435400711651532215,17491812655192585042,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,2435400711651532215,17491812655192585042,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:4160

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3156

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Service Discovery

T1046

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
1c282a6eb54d8174af98cab34b02f37e

SHA1
bbf81d584a95e751b634fb2842d8eae904efccd6

SHA256
1dff95068e3d931546d4a62ae31d902fe0fd9cde9f97dfafcbf155e134b82212

SHA512
917038ca3e733a605e02648a21bc39a6b81f832e43f88ce150ee13f8ff24c336a63dcd661a52cbe5193f6cb3baac86ee8cfb17e548f923287069fcb4036897f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
720b4a922508216073aecc77593844e7

SHA1
7c98ad8d5ee3c0189389475da4b802a41bb2e6a1

SHA256
36e213aad89f6a018632b600b2508e167ddedfc4b810be1519a4dbfe0f9c9da3

SHA512
ac48cc3a93a6f92fc70f42a5fbaa131bbbec29efd3bbd539077abd88794c1ae394260ec0edf906c17ffb60d77cd1f74dc7d3a32b1262664eba1b641fa4e557b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
27320f426d3282f46620ffabc6af274e

SHA1
3d706f53aba32b84fcb81a617126a44e36f3aa09

SHA256
6da1628c9053e4037e23d5fb987103ba900154f3a1173e4e0e3e90194f836f72

SHA512
f5191c959ae8ecce5b4ec9c20eb947c836fcedeba19b585ee208421682ab620d0fe35beb7892f427ab813c3b9db536090651cef3d25bc15f8e22abd18db83c61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
c6cc64c8ece74f8d6190150b17e741da

SHA1
c0227885d4c9c65c5ba8e71464e5d0141112d18d

SHA256
41615f73b434999a6638a5afd397f0529c94417f45f4be099f037a2ba231581c

SHA512
3d829b10ec4db6ee0995e501fb252a28facffeae9b62bf2d8d5897ac1d5cb9716d0d8bd8fc9a1c4a5e364910e229301edaf804c5afa0ac39899988b1ef4bf8a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\e6f4600c-87a7-42e8-904d-843de6edf748.tmp

Filesize
356B

MD5
bc641bc1000d782228762d70f022ebfd

SHA1
6d086741be527260ad929ba2db7d5ccaab252b10

SHA256
c70fee66f24ee3147b4d1e551c6e5a8469758e5a0f6f45c35f17576b3b58c863

SHA512
e668795971c817a64b00860bfcbbe957be48bb7e9b6804eb8d7d44e0da912169dadbd261736928d73b0a951e73ea17fae759c6d08cb1a11bec89907d3bea1f87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eb3bac666a784e744e88950df2bf5c63

SHA1
3602d82841eb86d4f82376b91bbbb915994a013d

SHA256
ad4ff72e45e624140db70e97b70a379aa9b794572fdd29208c0b85a2a6909e1c

SHA512
86b8e630ec9a3aa80a22ec8ddf1915bd825fcf4d51770188ca7457aeb261aece4720a224a86be006348f14c3e713b9c5a23907c71ffc8dff3dcf8fca5a79725c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
561dd9c10fbf90429efd42e395d0d506

SHA1
3f18dbc8731a0ef24f920323840b3ac8a0847c2c

SHA256
d3ddf74bc78a956bac1ab9e1b1e47eb3366e63d97ddeb8f1dc131d7f092149d1

SHA512
08fa991a610b36640f7497a0a6c02d935a70dd0127c49edf44bdb5ada3ce2f0cbea150154e76865c233ce77cef54369ab5f2aad2869d557effbdfbfb93eae2d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c35617d6e2b118b557bfe29029371115

SHA1
b8334e2d4b4698a53a305bc32551e62689674ff0

SHA256
9377c34cd1e97beea66d281a172583aaba04f45f51291d80cdd59d6bbc93cb9c

SHA512
879ba35faf8fae5663b3078678f9b5f25c1795a7cf0e200e066e844831acc89f059eef477e35562cd24fceff6a73d9d3b0c9e85f430cdae900c3378509d43d97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
b27a0e4129d8dde3a0b1a56976aaa84b

SHA1
a6bae7fd1d8b8aeb2a3a0e894553a3f746867b68

SHA256
294f9e8ae1456f1c8dcb10a0b1a5dd0c0925d9da631dc6d7c4df88ac23cc2f88

SHA512
e48c5c2c8592674ed983dc90cf52475d6f2849674155e984d1ae0426a69dbe89b0d1c150ccb27cb86a9c293ed06f846acbda998037dffb7dd3f373c0eeb122e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
59028617d0a4ba7dc87df7b09aa9a419

SHA1
f1f0f29425db31ae9bfbd989ebe48924e8d369b0

SHA256
e75083cf48d7ccf799e4f60e31834f2b74947b7bbc936d8488d6ea8c1b5826f1

SHA512
dffdf9130cbb32f9760eb476ebb6cd4a6f6534b4e4b6beea36016a9db86113fb2e8e1b80d2e4bd9833ba31de0e6af66b3dcec03a9a67f5609bb539c4c6ae1c5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
b7c6344ea0168624cb5057077a47ada6

SHA1
bb21aff6871a8ff091f259b1c95df46713a6e60a

SHA256
0b6c29af4df56c0c68011d899087bcdd1c4e9037af5b45eac592bab03f274370

SHA512
e299f0574af1b0e46ecd77c4f65a795f17da825c94b7f4f5a9821e6ce303c85f73899aeeee6593ed871f38ff189c469022f48dd45fa9d712fdacdef91b4476c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
46e6ad711a84b5dc7b30b75297d64875

SHA1
8ca343bfab1e2c04e67b9b16b8e06ba463b4f485

SHA256
77b51492a40a511e57e7a7ecf76715a2fd46533c0f0d0d5a758f0224e201c77f

SHA512
8472710b638b0aeee4678f41ed2dff72b39b929b2802716c0c9f96db24c63096b94c9969575e4698f16e412f82668b5c9b5cb747e8a2219429dbb476a31d297e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fdee96b970080ef7f5bfa5964075575e

SHA1
2c821998dc2674d291bfa83a4df46814f0c29ab4

SHA256
a241023f360b300e56b2b0e1205b651e1244b222e1f55245ca2d06d3162a62f0

SHA512
20875c3002323f5a9b1b71917d6bd4e4c718c9ca325c90335bd475ddcb25eac94cb3f29795fa6476d6d6e757622b8b0577f008eec2c739c2eec71d2e8b372cff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
07fd01d492742b60a16fde0481a61103

SHA1
567de586760a629cbd60ea09e20721d49a7ee28c

SHA256
c4725bd3586ff4c9cf7ae4bd9078cdb58b5634059e79acea727a75b26ccac5a9

SHA512
a76a511549abc493acf2d8475eba6160f7670fbe539e9f901be0b5bcf165e4f9ff7c6604bbc8c8184d33522a5c88fd4b8a99b9ad976be61c4bb55a539cdc043f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
24945104fc04a4953f05407e71df7533

SHA1
f20efff1d294ec306fa5b367ffc2b96c69c9fb1b

SHA256
13f3f502278dc178379e2720017ccd5d13d7fc11d253907795bcea7c30b160ac

SHA512
f24e37d054858b3a9a80f8981c6c841e0c3cbe7aef9eddfacc24c5ddf8d2d084bc1cb1c5dc99cbb79cdcad22dde4ecb4c602f0defa7202f732eb602886fe6b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
b1377b0c54a8c1bc8b707156a3183874

SHA1
c14669da422ce13ef690a144877da8ce25ab2bcd

SHA256
dac080f5ef4516d123fa6a61e6dc937269b4c3b17a898e1c2d5f3babe33d2b7f

SHA512
da56f405ed0b74efe3483ab7d26fbebf04dc73930d53d5ca691601e8d198bf32d97856e673789698b8f8c3f90c8aadbd0492f1906e8490605193c2530a0a5624

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
0def3f85980c1779d5aec406f2aeeb27

SHA1
4385284de98cddd16aaf2dafff76318ef8e366bf

SHA256
9e3ed664e5524baa112844928baf290623cd21da55a9a3b67a1005d2bed95464

SHA512
3953eb70afe2d6d9ce6a536552ec233718d1286214224024e4118b89f58496a841684b2c96346eab43cf43b3584857cf308165bab53681ab54f9bc9f5c6f65b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
812536e2f2ffef8efca5b7d23d481346

SHA1
1e5527e05bbb24a61c0addf7f8b31478cdcc92c6

SHA256
51e72270d4e3fbd06565cc7a4d901f6785b359e5290ac413a55d1438d3edb73e

SHA512
af9475a35e3b8e1b9339ca03f86a99307ec1e41c5ff786d3d1fee7530d31a4bcd492666ac376e63eda5364218e79eb6e819096ae084518c0649cef9bdd0808a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
93bf82bf453ee38bd4751758b62fc218

SHA1
58d7f3d7794bd492a25ec798c37424a24e8d2765

SHA256
c2b825f741ed2e05746d43ef80e934202949fa3d063942e8f6f6ae2a07b37f11

SHA512
04053912a8a7d073c378c6bdd5d2d7b09d4f1722ba4696928d77fb2ee927ce9fd8bbebc8d74f9aff11b029f5080086179e2c3c34f0ef73a51f668b3d71fe0101

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
9dbb192e197038feb599461c71fbc20a

SHA1
b73d598b2cc9c72ca1a0601adb73c81f78266c07

SHA256
01a91a9d8a495a4b480f271bdf13f0c006935c0a3629782a062799810c7a252d

SHA512
956133832a1589647efe6bdc319154c1df69c843c7836def5ea2e4078c625adb617cb4d7877035ea659099b3abf74abc5a543ea9447ae240249118e2ebb50c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0422ebb2935000584af60c62c34653d5

SHA1
c483f06b5933742e4e23b2fb88be59be4c733308

SHA256
0300cbf7ef20430a05263d14b48b0d2f81f957497654e2eb7d64716e6c00dcfa

SHA512
4bf785e5ee85545c2678fccb6d2d4151e133c06d9a460e28265f14dd1bc3f98449ede1b8234ef9af7833b37b4497bef6100be89e8e10416fbbaec792f33b3f4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
28KB

MD5
9e731a735a82d1ab9c2c0b4f34c538ea

SHA1
6ee4e40c0b84d8f3873b9fb2fb8cb1eba8e73b31

SHA256
af6303e218951fe2e6b0433ad3f944eb5464f49aa935656d5e3f67564df00879

SHA512
c8facb77ea9e602383629a774f022df0d950519112c6ce1da6f685c4228642f60a2e3a56c4959dd9019d07b87696e36c7c1a63a6d924a4d7d464a95bcb251347

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
9ae2fb8fccfbd435d469e4f162b336e3

SHA1
6225a0bc8826bdb13e11a2d728d0cde1341923fd

SHA256
e76ae2b9078ab92a7aeb57797171765d0d2dcb48f61010342e7eccf12ca8e555

SHA512
49aceab91e5b81aed9dad17790aef2643148efbbdbc5b88e0283f8ca77fb4b152587b9578894eecfb90be7332bc66e0f3da7cfcf5d3f26d5a51184022f32d7a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
c88dabdb8439aa3ff30d3747890545cc

SHA1
d977d5a10443f86a703aca6d793c5901f693f18e

SHA256
857e494ed9fd90337b0f02cd025500e70fdd161c39051e7efc57d032a91f7bfa

SHA512
3a71287aa744b3519afa9cad8dac13682d3832f96b24c57917f52f494104fc7fcf9a2e794b8c4af70f12a379596cf369ff57307859437f5e58f9e6ff75dc4c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
1KB

MD5
abd1ab20c1e12c478a9b4588d2a51506

SHA1
21e3a88d864589e3f6d07c201af3b4564d10e646

SHA256
4abb724f646b962af0964b22c71dc9a954dc4a4257e6f07351e0e18689dfda3d

SHA512
839514101771979404ad079292cfe36ac5338e17e994cca56274872232025199910ff0a31e04f3bb81c068dae8185652c055a2ec5075aedd20b271efbcdf0171

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
209B

MD5
2ceceec32ecf3abc531c179240a6d348

SHA1
bba9448f37ab1f03bec8b89e467b1aff84f86cb2

SHA256
f9587fa6e088259db7190ed6afb203d80b828a041b1644cdfc859ec848cce71d

SHA512
2f619fb084c95249f2d5a1bd9ce2b637c31f7e24963ec58f70905d28e86481e5bdc617e3a8573f00b52d104492a37afcd6ce01d28315c17793ec37bcf9b8270d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
9e79e4f3def1670356fe0d6c60559cde

SHA1
f0800a85fb878ee3839e8802a9d38eae56c4cb84

SHA256
83f5791b2349971be12bf739e2d1782acaf40529848ce9e3500237a02d6956e9

SHA512
2ff3e7fae98be8f69426c6e85674dd0256d222ce24ef8fadff0b127283111022782dcb928728b708ce9e79c940936e0083bc5c4b86bf34ce1ec575f3eedd33ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
624B

MD5
0423a21e918e83b99ae3c81fed8c8da5

SHA1
c0f835f04bafbe7660885bff397e018f093ad72f

SHA256
39dd0b114c0713e7a28521a41d57c4c8882b99a67297351896b473a94bae2627

SHA512
2b8d41c54c6a681f2d084b1429a22f6631d5246fee9299708f6f2d14b5510a88184cc5a71095e0857607cf13ddbb1ec11a04455e03617e77f642c9d73afa5e82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
545B

MD5
31078a3f4a3b9449f4d814d153ecba9e

SHA1
fef361848e7601a9145a733797c533dd8fcb08d5

SHA256
72f422521a9b367ad0c577f2f7df9d05554e2b82edb82bb17a1f5df14bf817ea

SHA512
a0dca363a94689898a7349f2ea6a8e734edfeb999679e736059029d1534fdf680519b579eced53c5dfcff191a924e6568223b9eeb9134933c83b7988cff3faf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fbbd8d6a5e23588c2116ef416e851fba

SHA1
5ebb9b3871d3e4982879a5866e03bd35a451cdb8

SHA256
2eb4a5d19f879b3282e20a40a9bae000eb868fe6c69b806d685a8ab4b6aa14f6

SHA512
cc293f6d4126bd1771b64ec3d1a1d6240c422cea57713aed2e00e78d876be845d47cde7f9b0a691dd1805b866918b620694a4115242b8f743e29132a12fd54d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
07d86c4c25f3032f6e0d67319e7b37d5

SHA1
6579fcd5b7729e8aa585e41f911790acb575c47b

SHA256
c3cddcd2c1cfd7d79197d160659c6750de24e96beb11be16459433df73a407ba

SHA512
2ee5dee9f8377b24502ffeb5c8c42e745b642def95bcfe8587f677c6415eedaa41a640f93a5436cdc0e2976ea5051d50761ef569335d1dba3ec8035e5577369d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d41315f2d7a02f267de7600d68ef4fe0

SHA1
cc6d80064b656cf0ff1959a2daa445f257442c2e

SHA256
80e2cfa38d843bb36a3962491e178e00b94606338feb8edbd7a5314ec959dce0

SHA512
e991677ae07a1c84e5f7c5878ef964e315d33e8f748b25a78731887ef0e43473a4f680542a0cf72eb826284d801ae0b2858429de6ac01e6d64e1a53323259aa2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8ce675633a71bca9da6aef3ecde07c09

SHA1
ae0d93eae934d2ad3cb565eaa8d0da62ae6ac92a

SHA256
5f29772515f9ee678d19e7f2badc3e51e822d5f8ddb75826a9fd5a23b66a69f7

SHA512
fb510199ba318913e3618074fe3b33be26a66ad0d05c7ed5ba14db60beb279e07927076103156db7f856c21f939d5d2b4d08065c26c6561df15e4e35798e6a25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
750baf5bd2fa9cdb9e639bd94de4a232

SHA1
22f03b476049bd9609807b125309715329fb361a

SHA256
61ba56f5f1bc4a8a39e17f832f0e7f583465effaff66f66bf7488f558837c9a3

SHA512
9f2cb2860b5944f4f7d7b605c6d7a53acf467feacba17d597323e86658778e78c493355d3cfe5ceeab24ef2037d602ddbaaff0e23ca023ffd230b303b46b5a58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2f8d9f33299b0669f358432633205e13

SHA1
0b152310120e8026d5f01236803ce8d76f3c4687

SHA256
f23cdfcbd646fc76f958a26a374fe40726be66e627b211f8ea529b6e0b6a90fe

SHA512
65807a0df6ce639752e15af192a53a1da93a4f6bc2b6d9e932a414a9d421b1dcde370587d0954df3b93b0290c3ce594855a591a2ddbc68e3eda5548fc71f366a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9942300aa004d3a0dadedcb3e97a4cc3

SHA1
b65400900a46fecc8e116ce981dcee52b40fa36b

SHA256
e1a5409425507942f3f746fd7dd28894c4cf398429c24f7f02bdec1a61c97e0d

SHA512
b29762d5df6c0a7943b046a5aa97a57efce1fecff5794e544a900c559b971ee095f9b67ea06e1b13dbb4ac97be87a110473bce6e761926563a2eac15d24d632d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
556B

MD5
e451c87d3e5315998f85fc78e8e0819a

SHA1
8c024eea75621ed46ad8ad9b25463b0d34183939

SHA256
a7b6b8fe0f02688c053a9b9df8898ac01f539f2982906eaf612b8809bf16f4d9

SHA512
f9dc9103a7f1d7d80f3f6c714c4ca360ec86330988a9c9d70fa9e89803bfb4eaefe065c02cb78be672c1f40b85cffec09fdb27c3982ea83b6c65ec5387e004b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
322B

MD5
1cc114fe562044e1d75097c978869da7

SHA1
1484477b83b73f1c5125544c049b1eb0b5e947b3

SHA256
0ba42a4a84b385c7b2fd38fd3fa93d12f04bcb05bc026f398fd872827f570518

SHA512
4d986333ea3162ee95f826d3dd544881770487e47abe4ad81328bbad1c5f6e75572685e812c7caeeb32eeec14adefee42a91842db045e9a564eb9aecef2c9473

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13378825391235381

Filesize
6KB

MD5
13f05050612740c6e2728f95fd566905

SHA1
d3a7086c42ee60966cc4b3db722718f07ce8523a

SHA256
f7195a8733a93a36c271a3165efeedf44f49220b4913db5161d0ebaac2fbd445

SHA512
d5cb46dafbb5f408c8350d8ab07240b0ab768835266cb091dd36da9317c3919dd465d7de530ebd8f58767511bf11f23ce58abf3635a23aeb203304e8f2d51dbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
458988108b99d555f6758b47389882e2

SHA1
7384b549bb90ad07c060082281fc6fa1397b6017

SHA256
e23010c0716e17ac13d68070c9926aadd807969cff87f6ac9730a60e344b83bb

SHA512
2e68eaafa2aa4564c09307869b2c422aa17bcd79ee69b6269b70f2bc57f83f1d1bc46e0b1d2a5ec391889bde605bd2d6291e1ffa508fa798340e34420ba4283b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
1fa19646356c3eee73e6a7f35f90a6d1

SHA1
8de37d3c0c04a8d77afa7eaa11bd7e1b6b2dc5e3

SHA256
b15ce1fb144a096d6bc8060aa316ea0d697c773284bdec9209062d86fcc6eadc

SHA512
8a493b4668a65e52f19c643464f51910d35c4edce627a57d4ba75b28c95840cc73b463dae97044ffed559cfc5895964eebad2431b8bbd668bc185daadc02bb8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
1e16a72e49b4ae5993181ec4ae599d14

SHA1
ee3372be3119299ef4daa0df2484501bf30681d0

SHA256
8b7d3078dde51c39f979430413e2124e85fd286f9ae7f9e100c5f254853b0e9b

SHA512
a547b4f87e9b8ea970f32487b9c58c410fc072389be5a12f478ac6915b8d87171342a2e3998a3bbc922b601a866c2f83cbeb8b999c3cc731cbb20bf564258a8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
0ccc1ac860b236fc685f0b85e91dd307

SHA1
4a51d81510ab5dee9a04fb139eeaa1de50874619

SHA256
2cbd10483c94d25bc0a28da345c6cd92820053ed6e80a26bf16d1ee70b791e65

SHA512
d69b07a9a98fd36e9431a18643724f9489e6c8f73587a013e5b29de996ca4748f2d7a34f55b2ff688f5ae71f2c9b27130314edfec245fee5473a66d83bd04eb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
381c4ab4fee011f34ab525ea6f143008

SHA1
5b21b83a65f510486e7f8ef2205b42b913205328

SHA256
1be068efb4c214a369959baf54a11ecdf0e61da595d54fcf0871493b32fa6cd8

SHA512
70e85982b2d0feb45d01a3d9bc0856b941d1553bfb08f87307f852c7cb34c491fde47bfc8b4016d37d2bc28024646c03241860b6c86d4eb5c9e39208965bfed7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
794a9c276d3073f096e8cd588f81a5e4

SHA1
5002cdfd11b6f2cb362ed7fbeaeeb3cf9bde19e9

SHA256
ae1a5dada3cabf53b3050458b2343f4fd23c14a0aa220cb8c5958d9257e8c641

SHA512
6bebe61f5c27bcc9d6d9d4c113388328a39f4ac2ab7397b3c66996ce034cf76c402d4397a3167d83c957a014bb6bb6ea0c7a99ee91d15428027a1c65b92904fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
112KB

MD5
7a45e5924ad0e05857d4dc4799d68ae7

SHA1
01e13724fdded9a2beb45d4588247f920fb05e3a

SHA256
8c106fe82ba625bd4d07165237d3b4a4c2ba7f8a04d104df0ab7a54c4320eda3

SHA512
a20b88027551d20bbccf885b4fcdb362a4aa67089ff8bfa0d27b88cf9e3f62fdfb7a19d914ec404abf95eb98b24dc4dc75d756bc741972e088ed99e66a23858e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ec036da2-3b12-4432-94b0-1ebbc52be303.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
09e245782fed4aba456c33db7abcb363

SHA1
874816601e81a3b1e5dbd55b3c1db4416b17ff9a

SHA256
5b2ac6c32af2dd49d432c520f973095e9260f09c6d3ee8e3d419a5915c81883b

SHA512
10e6072da662e2a1a56b833ecc3e223dbb6fb933518f60bf4b92f706570adb0d3fa33f53c68a8943011efa3812b634edf99dd1fb152e8f755e6397d936a1f9a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
38B

MD5
51a2cbb807f5085530dec18e45cb8569

SHA1
7ad88cd3de5844c7fc269c4500228a630016ab5b

SHA256
1c43a1bda1e458863c46dfae7fb43bfb3e27802169f37320399b1dd799a819ac

SHA512
b643a8fa75eda90c89ab98f79d4d022bb81f1f62f50ed4e5440f487f22d1163671ec3ae73c4742c11830214173ff2935c785018318f4a4cad413ae4eeef985df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
efefde8d2c1b03c865d027352967b888

SHA1
e3d3c7cd322600cdb12c2a93289e1f3d62e879b9

SHA256
36820c0ecd52ee5365deff3cdc784fb476b75ffec7444a9714c57932b9b9ef20

SHA512
e3e9a79e032bbf1fa5db91dcdb5cb840f2c3843170237abc38dd24429db933f975f497edbdf9dc818ce5809761372ade0009ba0b16dfcd7389ce042b3ef0216c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
8b6ca3e5e09db1c7ccb2440c27fef565

SHA1
57f62c716f549d94d20c18ebd5ed069cf8c4587a

SHA256
8e1279fa5896e99b0c29c4e874fc07fa40e13291afdd0ff633337a298e509f9f

SHA512
77c452444fb33775f3d1241e406366874c8f860574fbc5ac391c8634a9ca8b462fd7586e70f7d81a422e965465ced5e7cd788ad715770584c1077e1a6a7087ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
73166f84dbdbf43a4c679aafbb1aea29

SHA1
f9f7719e407b67b1887de8d7b542f6210a88c722

SHA256
341a60366ff9af89d113d5d17ba6e7935f1bfbb981abdd2d61063fedb1fe194f

SHA512
cb08127f2669221ac98f8cb6fded7cd3d7af9223966d028312ece8709a7fe159e04403f62164f660b55604485bcb0302a0b18dfde3bfd2e9bd1b0040312bbaef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a3a391202e304eb38a8eaf8a97336b86

SHA1
fbb384ccac426b66979b0743938ef074dca86a23

SHA256
1766531833d03b4d94cf475e44aef8c44ba71d65547277bc0bd6ade52f25d924

SHA512
54c9d5b32f1c4c8b2460875ea44ae4ab3cb7388c4a2e8f67ee4f46001450fea959374e01dfd6f3ac9274d2ca0f047345ea0703b7f37b809e044e58213c65f803

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7d4817efeab544c1344ca43497456426

SHA1
997604124afa3dd853e1ed6fa57dd2dd818be307

SHA256
5108493f48cd0ea92f82cba0286cdd78de3b3135b7d0f50f63dca5ac16dfb860

SHA512
2ad2070807ae049fa9ed1e40df22f3cfadd57ce2dede1f0b29c0d0d97f50ff4f5e53cc093aee4c0fe65bf9d4b42da5fba1838a9de0cd2d9ed6f5c660d9a6722a

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\40d4f0a6-220a-46a7-8213-b4a9a8f2f3d9.down_data

Filesize
126KB

MD5
0a110bd321f114ff8727674eee2a490f

SHA1
ed3eed0bc086ef1df640064d483e20487182a215

SHA256
f1f611b30db0431160b742fb7b8a5ae609a7acbd3724810d92e186c65c14c268

SHA512
3c08d7c95e5bb0fbdf87cce4fbf7cb10db1f2d5df8cc3e8c214ae064d1e0a0bbcdb1d599605a04dd0ab8c0c3fe5401e5a75ee8620d219e4e0da0810693bef728

Download Submit
C:\Windows\tasksche.exe

Filesize
3.4MB

MD5
d7eb5e5aab394f614ec0288046e790d0

SHA1
0dbb29a44164554d592fb699d77feeda780bec0c

SHA256
ec0bfa7cc2780afbf1138d9d3c0dd9dd789f61ba6823acfee46de77b31f5202e

SHA512
d912195f0f64a83216c4932f5f72219b55abbffa83c29d7a005b0305fc48dbbc17b2da773bbfcbdf0364196aa4655a4b599c7670448cfce551e48186bc91733b

Download Submit