Resubmissions

08/05/2025, 07:57

250508-js811azsfs 4

08/05/2025, 07:46

250508-jmc2dazsbz 10

08/05/2025, 07:41

250508-jh4crs1rv4 8

Analysis

  • max time kernel
    240s
  • max time network
    235s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250502-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250502-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/05/2025, 07:57

General

  • Target

    https://maconsmallbusinesses.com/wp-content/uploads/2018/08/

Score
4/10

Malware Config

Signatures

  • Drops file in Program Files directory 29 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 64 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of FindShellTrayWindow 18 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://maconsmallbusinesses.com/wp-content/uploads/2018/08/
    1⤵
    • Drops file in Program Files directory
    • Checks processor information in registry
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:4132
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x344,0x7ffd4ee4f208,0x7ffd4ee4f214,0x7ffd4ee4f220
      2⤵
        PID:744
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2096,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=2084 /prefetch:2
        2⤵
          PID:3120
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=2000,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=2344 /prefetch:3
          2⤵
            PID:3320
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2292,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=2512 /prefetch:8
            2⤵
              PID:3724
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3540,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=3580 /prefetch:1
              2⤵
                PID:4432
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3536,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=3576 /prefetch:1
                2⤵
                  PID:3996
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4188,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=4248 /prefetch:1
                  2⤵
                    PID:4656
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4264,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=4304 /prefetch:2
                    2⤵
                      PID:3552
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5068,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=5188 /prefetch:8
                      2⤵
                        PID:436
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5172,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=5156 /prefetch:8
                        2⤵
                          PID:5052
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5108,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=5216 /prefetch:8
                          2⤵
                            PID:4588
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5112,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=5236 /prefetch:8
                            2⤵
                              PID:1916
                            • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5908,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=5928 /prefetch:8
                              2⤵
                                PID:3736
                              • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5908,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=5928 /prefetch:8
                                2⤵
                                  PID:4968
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6084,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=6092 /prefetch:8
                                  2⤵
                                    PID:4104
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6236,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=6044 /prefetch:8
                                    2⤵
                                      PID:1728
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6220,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=6188 /prefetch:8
                                      2⤵
                                        PID:3704
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6212,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=6092 /prefetch:8
                                        2⤵
                                          PID:2680
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6596,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=6616 /prefetch:8
                                          2⤵
                                            PID:3472
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6768,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=6784 /prefetch:8
                                            2⤵
                                              PID:3172
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6760,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=6772 /prefetch:8
                                              2⤵
                                                PID:756
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6948,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=6604 /prefetch:8
                                                2⤵
                                                  PID:2460
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6012,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=5932 /prefetch:8
                                                  2⤵
                                                    PID:5788
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7180,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=6100 /prefetch:8
                                                    2⤵
                                                    • Modifies registry class
                                                    • Suspicious behavior: GetForegroundWindowSpam
                                                    • Suspicious use of SetWindowsHookEx
                                                    PID:5836
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4580,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=7116 /prefetch:8
                                                    2⤵
                                                      PID:6084
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7120,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=7132 /prefetch:8
                                                      2⤵
                                                        PID:6092
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7184,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=5924 /prefetch:8
                                                        2⤵
                                                          PID:6100
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --always-read-main-dll --field-trial-handle=6952,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=6996 /prefetch:1
                                                          2⤵
                                                            PID:1132
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6632,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=6608 /prefetch:8
                                                            2⤵
                                                              PID:3632
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4284,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=5256 /prefetch:8
                                                              2⤵
                                                              • Modifies registry class
                                                              • Suspicious use of SetWindowsHookEx
                                                              PID:4040
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --always-read-main-dll --field-trial-handle=5444,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=5448 /prefetch:1
                                                              2⤵
                                                                PID:5184
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7032,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=7016 /prefetch:8
                                                                2⤵
                                                                  PID:5196
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6656,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=7048 /prefetch:8
                                                                  2⤵
                                                                    PID:1784
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6664,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=6072 /prefetch:8
                                                                    2⤵
                                                                      PID:2028
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6288,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=2484 /prefetch:8
                                                                      2⤵
                                                                        PID:5224
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6396,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=2156 /prefetch:8
                                                                        2⤵
                                                                          PID:5368
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5392,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=6984 /prefetch:8
                                                                          2⤵
                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                          PID:5552
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5572,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=5560 /prefetch:8
                                                                          2⤵
                                                                            PID:4924
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6936,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=3480 /prefetch:8
                                                                            2⤵
                                                                              PID:1728
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6388,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=5584 /prefetch:8
                                                                              2⤵
                                                                                PID:3172
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4244,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=6268 /prefetch:8
                                                                                2⤵
                                                                                  PID:5896
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5560,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=5372 /prefetch:8
                                                                                  2⤵
                                                                                    PID:5252
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
                                                                                  1⤵
                                                                                    PID:2036
                                                                                  • C:\Windows\system32\cmd.exe
                                                                                    C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
                                                                                    1⤵
                                                                                      PID:3232
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
                                                                                        2⤵
                                                                                          PID:3004
                                                                                      • C:\Windows\system32\notepad.exe
                                                                                        "C:\Windows\system32\notepad.exe"
                                                                                        1⤵
                                                                                          PID:6000
                                                                                        • C:\Windows\System32\rundll32.exe
                                                                                          C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                          1⤵
                                                                                            PID:4000
                                                                                          • C:\Windows\system32\OpenWith.exe
                                                                                            C:\Windows\system32\OpenWith.exe -Embedding
                                                                                            1⤵
                                                                                            • Modifies registry class
                                                                                            • Suspicious use of SetWindowsHookEx
                                                                                            PID:5476
                                                                                          • C:\Windows\System32\notepad.exe
                                                                                            "C:\Windows\System32\notepad.exe" "C:\Users\Admin\Documents\platycranianjn.ps1"
                                                                                            1⤵
                                                                                            • Opens file in notepad (likely ransom note)
                                                                                            PID:2336

                                                                                          Network

                                                                                                MITRE ATT&CK Enterprise v16

                                                                                                Replay Monitor

                                                                                                Loading Replay Monitor...

                                                                                                Downloads

                                                                                                • C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1626178942\manifest.json

                                                                                                  Filesize

                                                                                                  160B

                                                                                                  MD5

                                                                                                  c3911ceb35539db42e5654bdd60ac956

                                                                                                  SHA1

                                                                                                  71be0751e5fc583b119730dbceb2c723f2389f6c

                                                                                                  SHA256

                                                                                                  31952875f8bb2e71f49231c95349945ffc0c1dd975f06309a0d138f002cfd23d

                                                                                                  SHA512

                                                                                                  d8b2c7c5b7105a6f0c4bc9c79c05b1202bc8deb90e60a037fec59429c04fc688a745ee1a0d06a8311466b4d14e2921dfb4476104432178c01df1e99deb48b331

                                                                                                • C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1847460738\manifest.json

                                                                                                  Filesize

                                                                                                  135B

                                                                                                  MD5

                                                                                                  4055ba4ebd5546fb6306d6a3151a236a

                                                                                                  SHA1

                                                                                                  609a989f14f8ee9ed9bffbd6ddba3214fd0d0109

                                                                                                  SHA256

                                                                                                  cb929ae2d466e597ecc4f588ba22faf68f7cfc204b3986819c85ac608d6f82b5

                                                                                                  SHA512

                                                                                                  58d39f7ae0dafd067c6dba34c686506c1718112ad5af8a255eb9a7d6ec0edca318b557565f5914c5140eb9d1b6e2ffbb08c9d596f43e7a79fdb4ef95457bf29a

                                                                                                • C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1974008789\manifest.json

                                                                                                  Filesize

                                                                                                  160B

                                                                                                  MD5

                                                                                                  a24a1941bbb8d90784f5ef76712002f5

                                                                                                  SHA1

                                                                                                  5c2b6323c7ed8913b5d0d65a4d21062c96df24eb

                                                                                                  SHA256

                                                                                                  2a7fe18a087d8e8be847d9569420b6e8907917ff6ca0fa42be15d4e3653c8747

                                                                                                  SHA512

                                                                                                  fd7dfec3d46b2af0bddb5aaeae79467507e0c29bab814007a39ea61231e76123659f18a453ed3feb25f16652a0c63c33545e2a0d419fafea89f563fca6a07ce2

                                                                                                • C:\Program Files\chrome_Unpacker_BeginUnzipping4132_334967490\manifest.json

                                                                                                  Filesize

                                                                                                  85B

                                                                                                  MD5

                                                                                                  c3419069a1c30140b77045aba38f12cf

                                                                                                  SHA1

                                                                                                  11920f0c1e55cadc7d2893d1eebb268b3459762a

                                                                                                  SHA256

                                                                                                  db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

                                                                                                  SHA512

                                                                                                  c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

                                                                                                • C:\Program Files\chrome_Unpacker_BeginUnzipping4132_512148278\manifest.json

                                                                                                  Filesize

                                                                                                  43B

                                                                                                  MD5

                                                                                                  af3a9104ca46f35bb5f6123d89c25966

                                                                                                  SHA1

                                                                                                  1ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8

                                                                                                  SHA256

                                                                                                  81bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea

                                                                                                  SHA512

                                                                                                  6a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1

                                                                                                • C:\Program Files\chrome_Unpacker_BeginUnzipping4132_688816062\LICENSE

                                                                                                  Filesize

                                                                                                  1KB

                                                                                                  MD5

                                                                                                  ee002cb9e51bb8dfa89640a406a1090a

                                                                                                  SHA1

                                                                                                  49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

                                                                                                  SHA256

                                                                                                  3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

                                                                                                  SHA512

                                                                                                  d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

                                                                                                • C:\Program Files\chrome_Unpacker_BeginUnzipping4132_688816062\manifest.json

                                                                                                  Filesize

                                                                                                  79B

                                                                                                  MD5

                                                                                                  7f4b594a35d631af0e37fea02df71e72

                                                                                                  SHA1

                                                                                                  f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

                                                                                                  SHA256

                                                                                                  530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

                                                                                                  SHA512

                                                                                                  bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                  Filesize

                                                                                                  280B

                                                                                                  MD5

                                                                                                  e3657a3e5af17025e5b20b4931cce12d

                                                                                                  SHA1

                                                                                                  7da44598dee34ea617c2b72a2548a0d67673983a

                                                                                                  SHA256

                                                                                                  27973aa04128f6fa460261f9f693e01c441ffec5803932411abdf934b1e8abac

                                                                                                  SHA512

                                                                                                  f18af8e2466cb85cb07b18126b14fb18fd954909737a03bed2dec4e7300b2ffb2e79d4e1c786f68cea312e9725cb6dff4c85834abfd797505197258964e9e11b

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                  Filesize

                                                                                                  280B

                                                                                                  MD5

                                                                                                  b99753da44b6438da8e7242bad3cff63

                                                                                                  SHA1

                                                                                                  ff0646d30233e2108edcbd98f5a185a6eddb8e07

                                                                                                  SHA256

                                                                                                  9ee28f735796661bd328fd87235ba49e01fc0bd7723d5e1660787b219b492f96

                                                                                                  SHA512

                                                                                                  55a6014a7cc40300f43e2e1338812b1aa05b7e2ceca6ef6afe09ceac160bd64a8aad34e189ad8c58524b3e1065eab520b34ff94324e34d1ca9ca419b084021b6

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                  Filesize

                                                                                                  3KB

                                                                                                  MD5

                                                                                                  5f30c4e28fd491ea580450083acbaa9b

                                                                                                  SHA1

                                                                                                  d76856a0377a1cc7d1cce6518781726205656982

                                                                                                  SHA256

                                                                                                  69f339cdc055eddcd91db2b1f4e60918b891c6793be664a374e7c106ea8b208c

                                                                                                  SHA512

                                                                                                  4f30424ebcb411234551f79c7573ab78f919d3c8d9729aa3eefbe6decb921ba3ebd8605be41b20160dfb930be2307fb421c87d02ed7b03473b86097be2766b47

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57e975.TMP

                                                                                                  Filesize

                                                                                                  3KB

                                                                                                  MD5

                                                                                                  04f7a2898766f48b93a4d02fe63db592

                                                                                                  SHA1

                                                                                                  2e17b99bc5b782bf1788b7ac6e61c5c71102343c

                                                                                                  SHA256

                                                                                                  60f39955ba6ebc07d147cb2689cb36f6ddb71b7c695b1992ccbf6889620d3538

                                                                                                  SHA512

                                                                                                  349f21400b061aa061f988c3228322a321c54ea394232072b6feb934adc449dc2a11a7456b1b8e1da0daedcb9870a9e3a5503b523684f2324b7de6f0606299cc

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

                                                                                                  Filesize

                                                                                                  2B

                                                                                                  MD5

                                                                                                  99914b932bd37a50b983c5e7c90ae93b

                                                                                                  SHA1

                                                                                                  bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                                                                  SHA256

                                                                                                  44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                                                                  SHA512

                                                                                                  27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

                                                                                                  Filesize

                                                                                                  69KB

                                                                                                  MD5

                                                                                                  164a788f50529fc93a6077e50675c617

                                                                                                  SHA1

                                                                                                  c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48

                                                                                                  SHA256

                                                                                                  b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17

                                                                                                  SHA512

                                                                                                  ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\verified_contents.json

                                                                                                  Filesize

                                                                                                  1KB

                                                                                                  MD5

                                                                                                  738e757b92939b24cdbbd0efc2601315

                                                                                                  SHA1

                                                                                                  77058cbafa625aafbea867052136c11ad3332143

                                                                                                  SHA256

                                                                                                  d23b2ba94ba22bbb681e6362ae5870acd8a3280fa9e7241b86a9e12982968947

                                                                                                  SHA512

                                                                                                  dca3e12dd5a9f1802db6d11b009fce2b787e79b9f730094367c9f26d1d87af1ea072ff5b10888648fb1231dd83475cf45594bb0c9915b655ee363a3127a5ffc2

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\manifest.json

                                                                                                  Filesize

                                                                                                  962B

                                                                                                  MD5

                                                                                                  e805e9e69fd6ecdca65136957b1fb3be

                                                                                                  SHA1

                                                                                                  2356f60884130c86a45d4b232a26062c7830e622

                                                                                                  SHA256

                                                                                                  5694c91f7d165c6f25daf0825c18b373b0a81ea122c89da60438cd487455fd6a

                                                                                                  SHA512

                                                                                                  049662ef470d2b9e030a06006894041ae6f787449e4ab1fbf4959adcb88c6bb87a957490212697815bb3627763c01b7b243cf4e3c4620173a95795884d998a75

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

                                                                                                  Filesize

                                                                                                  108KB

                                                                                                  MD5

                                                                                                  06d55006c2dec078a94558b85ae01aef

                                                                                                  SHA1

                                                                                                  6a9b33e794b38153f67d433b30ac2a7cf66761e6

                                                                                                  SHA256

                                                                                                  088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd

                                                                                                  SHA512

                                                                                                  ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

                                                                                                  Filesize

                                                                                                  1KB

                                                                                                  MD5

                                                                                                  564972261314f7628395a3a67b02d9e0

                                                                                                  SHA1

                                                                                                  f869b109198c468c9831b8a4d2040512f7411e08

                                                                                                  SHA256

                                                                                                  f00fcef617837bc50d2834b45a0a7f83018abac01c147369141df0bb55fb95f2

                                                                                                  SHA512

                                                                                                  81436fb4b417bb986cf8a781d86083b441567607604309eb1541a8367287c9fbf4348ce6aef33035b3253050ac46c52ebc2839a03df95e4281f7d325ed1f4653

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

                                                                                                  Filesize

                                                                                                  111B

                                                                                                  MD5

                                                                                                  285252a2f6327d41eab203dc2f402c67

                                                                                                  SHA1

                                                                                                  acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                                                                                  SHA256

                                                                                                  5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                                                                                  SHA512

                                                                                                  11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

                                                                                                  Filesize

                                                                                                  1KB

                                                                                                  MD5

                                                                                                  3f23d5364e2cb7bd3671030b0d74317a

                                                                                                  SHA1

                                                                                                  7f1d7e2dfb224a8678603931a1a6bdc5d7c56ca3

                                                                                                  SHA256

                                                                                                  1482e0c763a66cff8304fb59228e9c4ef878d8a8784bb3758855670021b1e198

                                                                                                  SHA512

                                                                                                  b182de903f8600dfcb7e2c09d8a3c056c13a8508d8ee24ba8496434d7390949c3a00dfa366899682772c9e795f337eb2d3114db065f9aab3cabf57b96564610a

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

                                                                                                  Filesize

                                                                                                  2B

                                                                                                  MD5

                                                                                                  d751713988987e9331980363e24189ce

                                                                                                  SHA1

                                                                                                  97d170e1550eee4afc0af065b78cda302a97674c

                                                                                                  SHA256

                                                                                                  4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                                  SHA512

                                                                                                  b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                  Filesize

                                                                                                  14KB

                                                                                                  MD5

                                                                                                  dca04d0928e0b2efd3794c0778e091d0

                                                                                                  SHA1

                                                                                                  55fd34726c10d3fefd2c38493a06ccba710736da

                                                                                                  SHA256

                                                                                                  80f6228f4441e57d33ea0839ceffc412741772c66864df3c5c449dd46488b7e3

                                                                                                  SHA512

                                                                                                  9b7af0627edaa089cf07cc12cb733eb5c3742782f345450201af43a91cc704b1079fb9e4442279353818bb3674ffe40c0d2d878530b92584836847575d34fc09

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                  Filesize

                                                                                                  14KB

                                                                                                  MD5

                                                                                                  9f804055a553bfc4b1ab8c53425d5e87

                                                                                                  SHA1

                                                                                                  10d3bc3cf5553cca53a8b6e48b7d3184a7a13096

                                                                                                  SHA256

                                                                                                  9c45aeb09bb67b884373e4b15541d3ae1864eb9782e33e492fdea1263d723d02

                                                                                                  SHA512

                                                                                                  549b5cc2f111efbea87a93a4763985c4c470762b8d46f2e6fd2afd8d9cefc46447c3b1d6b2cf0c0cd79cdeae5a262d70f8b84ec002c0490cf7e5f885e17bf870

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                  Filesize

                                                                                                  13KB

                                                                                                  MD5

                                                                                                  aaffa8ae2418033ca98e757c75c4e6fa

                                                                                                  SHA1

                                                                                                  adfed240a4393e1c8aecd7ac2f3ec4561fa62212

                                                                                                  SHA256

                                                                                                  a3fa45c6d4e7d38ba66627d149ee5cf24ca9f5dde0cf8fb49cdf9061f85aff35

                                                                                                  SHA512

                                                                                                  0d8b3fb12e8a260b5b006779e3c740257ade24010214ba8b127c0cb39c5f8646503bf2ba7a835caa97a3a622270127953e8b58458a939872556ff57b87e4eb13

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

                                                                                                  Filesize

                                                                                                  36KB

                                                                                                  MD5

                                                                                                  8de7850f52ace8caf4c1e4ca435f6afa

                                                                                                  SHA1

                                                                                                  a32e4a69ca8cfbdb75a6c4ee6f97d0cf6fc843bf

                                                                                                  SHA256

                                                                                                  e7d851768a7f089b4bd1573d060c1893c1ee08ec12c28cacb1387e7185bac456

                                                                                                  SHA512

                                                                                                  d608653c1953a322da6e2d2be3cfe1f810de7789be7c1ea509616acff4b67148ab8fd66daddfef6d1e619cd8ed9bcaf1a1eefc02ff9e9fcba9e7aa6358bb3ee7

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  MD5

                                                                                                  c986edaf2ae4c9080c623e3daa33e46c

                                                                                                  SHA1

                                                                                                  4e2800dea5a06b7896b9070239b515dacb2c7aaa

                                                                                                  SHA256

                                                                                                  efc7748814346e4a3f9a9c14207d6de0ebb7e7def3007576fe3b9d0163f9a7f4

                                                                                                  SHA512

                                                                                                  b06148421d315e694d4a62fde5280a304593af252a13ee0ecd36aa1acf6191ff93f6483df8a70fea764ab07de16cb3b6ee2aeed6c1988d87aef93ec619cb9923

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\120d2e89-7e5c-4646-9e73-299be6ad8e29.tmp

                                                                                                  Filesize

                                                                                                  22KB

                                                                                                  MD5

                                                                                                  3bca8411b45106afaa963d562c371631

                                                                                                  SHA1

                                                                                                  78857d33a65e7061ca18a3540c304f01e7e85325

                                                                                                  SHA256

                                                                                                  4503345ee70aa9ca0f90012b665743d7c13ec7052e7a943222287973b752b9c7

                                                                                                  SHA512

                                                                                                  a6a7e9af6613a30730a0b87be76f87144a3483afb756445d462de7b22543027e5e8f5822e0337ba2d7b65e413e526da962783d05d226c0d13d113d57d28b56ff

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

                                                                                                  Filesize

                                                                                                  872B

                                                                                                  MD5

                                                                                                  fc0ff9400f75d2ae82f516037823eea9

                                                                                                  SHA1

                                                                                                  2338bb020819582e84394937c0fd4bd54922adb7

                                                                                                  SHA256

                                                                                                  0d08993d04708821ee11860f974e01d5e737e8ab35d9fdb05640ede88bc89f0d

                                                                                                  SHA512

                                                                                                  93f323d8af1c8c52101d4c948f4113237b71d0b5c116f16f37d8ffbb694fd6b611c1d1fe72b63974c436805a9ed50bb91b6a5f43faa43681b6a1f58b90644ba1

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

                                                                                                  Filesize

                                                                                                  23KB

                                                                                                  MD5

                                                                                                  3a82d953960d8d6b56b86f1cb4f0dab9

                                                                                                  SHA1

                                                                                                  2a27840fae6a1f15d0522db77c991572fe06d89a

                                                                                                  SHA256

                                                                                                  c70dcd3fca860bc1206ae5f6ac2e19b3852592bd78816407d3353ae458987926

                                                                                                  SHA512

                                                                                                  890c0cc91e62bbf5a2238c0496b2f5b664819a29eb2f4bb80e924f4878ae8295ca808bac3b94383a03a23bf73d962b40028ec742fbd8025f2d3ded518b486dfb

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog~RFe5884cb.TMP

                                                                                                  Filesize

                                                                                                  465B

                                                                                                  MD5

                                                                                                  e20237ab1d85977d7950c3786e842dfe

                                                                                                  SHA1

                                                                                                  94f8f8ba80ddfcfd0b5120c52f3ba842dd45f690

                                                                                                  SHA256

                                                                                                  4f462cc5f1e53a141ddedbed714e16e3a49a2176e99d4353ca6c83a4a542b04a

                                                                                                  SHA512

                                                                                                  1df6dee63f28174fc38215f99847a2933d54c32bd460c7ae1adf06d60f17489b9eeca433fa6d8f889d4d9f03e7968ca0f16d684be3443c6dfcdb22e6b850874f

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Data Protection Lists\2.0.0.0\office_endpoints_list.json

                                                                                                  Filesize

                                                                                                  3KB

                                                                                                  MD5

                                                                                                  94406cdd51b55c0f006cfea05745effb

                                                                                                  SHA1

                                                                                                  a15dc50ca0fd54d6f54fbc6e0788f6dcfc876cc9

                                                                                                  SHA256

                                                                                                  8480f3d58faa017896ba8239f3395e3551325d7a6466497a9a69bf182647b25e

                                                                                                  SHA512

                                                                                                  d4e621f57454fea7049cffc9cc3adfb0d8016360912e6a580f6fe16677e7dd7aa2ee0671cb3c5092a9435708a817f497c3b2cc7aba237d32dbdaae82f10591c3

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                  Filesize

                                                                                                  20KB

                                                                                                  MD5

                                                                                                  59ce5cfb5050bca947031c4eece8b0bd

                                                                                                  SHA1

                                                                                                  46ae7e4293c3fffa77b0381569699aee1622ae10

                                                                                                  SHA256

                                                                                                  ff8b0e8b5f486382fc87dad7159986c22ea1378b51f3dec8c3a1c76cb1d6d080

                                                                                                  SHA512

                                                                                                  e1d3d46530edddbf6cb017f9d55c907ed4b33b00b127061e20e83200cc64ffd2618a5967b4d9d5a8d689858f275f082fef6c5d4169a124ae11fb86cc1991ad99

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                  Filesize

                                                                                                  20KB

                                                                                                  MD5

                                                                                                  b877b64cbf0ce3ede6eda471cf959faf

                                                                                                  SHA1

                                                                                                  3fda5dd58e81c317baba2b7ba23be2de07998767

                                                                                                  SHA256

                                                                                                  b3fa36de9ad28920686662fa629525d6d5506e0cb626f30cb9b7ce234958ceba

                                                                                                  SHA512

                                                                                                  47601e39b7475daea6a0afd524de1ce7d7124e53e7e011feffce8dfe5c0bc9c1fb568a164f13cd55d1617a840423d5562f8672c1353d706b5e5d78c2eb85958d

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                  Filesize

                                                                                                  11KB

                                                                                                  MD5

                                                                                                  11f10b3773c10214bd63d5b96622a300

                                                                                                  SHA1

                                                                                                  04e5da37c67546a7f516bb054bcb61a3134cb2b6

                                                                                                  SHA256

                                                                                                  db592956a32ed1c0e2cfb8daecd4a92170c2f7f8d838b1aaa740d4eb6e894d3e

                                                                                                  SHA512

                                                                                                  a16d7b7959fe4b8c377deef3f4bab03953d776aee5c2d9754786ecadac92c50d41af005aacf5be061c7023e2ba37e1d49ba66548e886876ce7bb3855acc527a8

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                  Filesize

                                                                                                  6KB

                                                                                                  MD5

                                                                                                  dcbbc33f50fb1aa8377416ebeda1d59d

                                                                                                  SHA1

                                                                                                  2147bab26cdf2f17740b344362412bd2d4e157df

                                                                                                  SHA256

                                                                                                  3175b81fd48ba8381d330dd2709c50a8f9863f7c216a546c9c6cafd73a168c13

                                                                                                  SHA512

                                                                                                  1046b1249145307dff1ea1985de361b959d4277fad2316d2c685344b036bc53c2312c6621acae39aef280c2c06655932bed94f28c704157858eb347bcbec82df

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                  Filesize

                                                                                                  11KB

                                                                                                  MD5

                                                                                                  708677daf2d2506204240ff1ab816277

                                                                                                  SHA1

                                                                                                  f351922068184c7fe3d8bd88312e582194f82051

                                                                                                  SHA256

                                                                                                  56146cdaac4b05fe85ff15dbed72fe955e85dc79d900642c75509aa69eb9dd60

                                                                                                  SHA512

                                                                                                  208382c57a8ee7dc027218890daf8c50e0ab8b191dc1db4b288f2a9232ccf4920c448c6edf61e684a64acd07c72a7b4e68ab60e3901a442269b9e3a7b9256ba1

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                  Filesize

                                                                                                  20KB

                                                                                                  MD5

                                                                                                  d803a24b2961aa143a0105fd9b7566ac

                                                                                                  SHA1

                                                                                                  4375a8ba6a2a37e34e7763217735d98aa452f1cf

                                                                                                  SHA256

                                                                                                  347d62347e774a1ea32f345c1b3283303d69579f7fb7b6ca9980a6d55617b474

                                                                                                  SHA512

                                                                                                  f227bc7824f9282e412c02f6747dd82381af24f104132b5c36f9e5463e9a8de152ff94d7e4770950c2e9801da017a4ff3b454a17555370f0b561ead4185926e9

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                  Filesize

                                                                                                  11KB

                                                                                                  MD5

                                                                                                  ef44dd71ffb6a136b028ca7162963e1e

                                                                                                  SHA1

                                                                                                  578e8989efa5f5ca50677b55549083296fab41c7

                                                                                                  SHA256

                                                                                                  e2e5e45f7078f3fc741c4ed85dd607a77ec3180cd94c9144fca515a63da63b40

                                                                                                  SHA512

                                                                                                  b1d731834d438ea90a9fd3dfe074dd2e8960ce09e2c385f6d8ae9fc76ae7f390a8eec26989d273e41190d8b95a5e3a7b6b04199d3f87dbc8584bf7f5500164f5

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                  Filesize

                                                                                                  7KB

                                                                                                  MD5

                                                                                                  05e85e1f6b689b1cf229b04980d2f3e7

                                                                                                  SHA1

                                                                                                  81a5e858d42429235d5b4ee4d7e56da332bbb125

                                                                                                  SHA256

                                                                                                  ec1c98b1b74f1486471c5ab146785602babaccd33297da73b49308e7b34ce46a

                                                                                                  SHA512

                                                                                                  3f143ba74975e19a1e52d9cfd468d7caa49a8ca1507ac2d63a8025db2e16afe06ba4d2bc3884dc679760ab21904e61f8ffdb6b3fe639b48dd4bf8759ea5f9d5a

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                  Filesize

                                                                                                  11KB

                                                                                                  MD5

                                                                                                  dc034f4f3013f93d0f10cb5589f495b2

                                                                                                  SHA1

                                                                                                  220bcf723eee92e29c12ca20f2ba3e356ff395d7

                                                                                                  SHA256

                                                                                                  3c201773aad60b6ad3e44288abe120daed92527e48c9a59d0e540bdc2d38a188

                                                                                                  SHA512

                                                                                                  17144c9de2c89a020887133fea3262434027706f42ad62a971ab62194a13e1f4dcff5576903d686f6603c7ab76e3fd73c8b7a7d544064974f6ba3d342ce73a37

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

                                                                                                  Filesize

                                                                                                  6KB

                                                                                                  MD5

                                                                                                  bef4f9f856321c6dccb47a61f605e823

                                                                                                  SHA1

                                                                                                  8e60af5b17ed70db0505d7e1647a8bc9f7612939

                                                                                                  SHA256

                                                                                                  fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

                                                                                                  SHA512

                                                                                                  bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\WorkspacesNavigationComponent\1.0.0.5\nav_config.json

                                                                                                  Filesize

                                                                                                  2KB

                                                                                                  MD5

                                                                                                  499d9e568b96e759959dc69635470211

                                                                                                  SHA1

                                                                                                  2462a315342e0c09fd6c5fbd7f1e7ff6914c17e6

                                                                                                  SHA256

                                                                                                  98252dc9f9e81167e893f2c32f08ee60e9a6c43fadb454400ed3bff3a68fbf0d

                                                                                                  SHA512

                                                                                                  3a5922697b5356fd29ccf8dcc2e5e0e8c1fd955046a5bacf11b8ac5b7c147625d31ade6ff17be86e79c2c613104b2d2aebb11557399084d422e304f287d8b905

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                                                  Filesize

                                                                                                  2KB

                                                                                                  MD5

                                                                                                  c6b9fdbe0913af65c42cb530f7040071

                                                                                                  SHA1

                                                                                                  858b0ffe6c043d19b7ad0aa534ab52ee6a02afe1

                                                                                                  SHA256

                                                                                                  5f214c1e6125e32af7983b45283264c8437725eb582e3def5d165d9d04292453

                                                                                                  SHA512

                                                                                                  fb02e9060ef6c06916531eb318b3a202fdf987a8aeda423a9387e02788123ce723093bb5af517241e249d80f8cdd005e9f7a9aa8ef75b9da44678927030d1b16

                                                                                                • C:\Users\Admin\AppData\Local\Temp\2e75c5e3-6edb-4aba-9bf1-1ae1ff711baa.tmp

                                                                                                  Filesize

                                                                                                  10KB

                                                                                                  MD5

                                                                                                  78e47dda17341bed7be45dccfd89ac87

                                                                                                  SHA1

                                                                                                  1afde30e46997452d11e4a2adbbf35cce7a1404f

                                                                                                  SHA256

                                                                                                  67d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550

                                                                                                  SHA512

                                                                                                  9574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5

                                                                                                • C:\Users\Admin\AppData\Local\Temp\903e0001-b123-4bcc-92c5-d68127238c02.tmp

                                                                                                  Filesize

                                                                                                  1B

                                                                                                  MD5

                                                                                                  5058f1af8388633f609cadb75a75dc9d

                                                                                                  SHA1

                                                                                                  3a52ce780950d4d969792a2559cd519d7ee8c727

                                                                                                  SHA256

                                                                                                  cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

                                                                                                  SHA512

                                                                                                  0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

                                                                                                • C:\Users\Admin\AppData\Local\Temp\scoped_dir4132_167457499\CRX_INSTALL\content.js

                                                                                                  Filesize

                                                                                                  9KB

                                                                                                  MD5

                                                                                                  3d20584f7f6c8eac79e17cca4207fb79

                                                                                                  SHA1

                                                                                                  3c16dcc27ae52431c8cdd92fbaab0341524d3092

                                                                                                  SHA256

                                                                                                  0d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643

                                                                                                  SHA512

                                                                                                  315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59

                                                                                                • C:\Users\Admin\AppData\Local\Temp\scoped_dir4132_550008302\a8ef57a8-4b36-48f8-898e-e41715bd84dc.tmp

                                                                                                  Filesize

                                                                                                  153KB

                                                                                                  MD5

                                                                                                  b0917d8e6c5b6be358bff67f84eb8336

                                                                                                  SHA1

                                                                                                  a6e221edcb19a1cc81575b4ddd927fd9a6fbdd6d

                                                                                                  SHA256

                                                                                                  dff2c9d9755f96713c08f4932a9091080808ec34c0823feac2206fa526f91e60

                                                                                                  SHA512

                                                                                                  cd5822bbf91e8f7f5ab2b471a4bf8b464bde95465e2fccc6a57e5a287ca55d5062bdd6d4b3cd76f8529ee7a9081b6a7aad7dc2a7581c344ce4fd2d3256bdf451

                                                                                                • C:\Users\Admin\Documents\platycranianjn.ps1

                                                                                                  Filesize

                                                                                                  7KB

                                                                                                  MD5

                                                                                                  64b32e80849b3a853d27bf4a27b2ac43

                                                                                                  SHA1

                                                                                                  a4d23ef37b4641b47829fb4c118620becc82ebde

                                                                                                  SHA256

                                                                                                  be742d5f7e6723a99961f7e2443a09552f0a08525360f4f84751c0773c93eb4a

                                                                                                  SHA512

                                                                                                  dfec9fd6b6ee0356398d9203dfc69afd746e19858c88d1db75d6b2f2a7bee5ad2c6fd84cb92b13e7afddab88a7402dca031c32edba830e5345f41eecf8fa8f51

                                                                                                • C:\Users\Admin\Documents\urobenzoicHQ7v.php

                                                                                                  Filesize

                                                                                                  202B

                                                                                                  MD5

                                                                                                  3407a07c85650e96c3e6ec56aa46ea1a

                                                                                                  SHA1

                                                                                                  cad92877b5a293aac54432bd9981d68d80aab31a

                                                                                                  SHA256

                                                                                                  d9719b4c842855ac5b7f8cbbe36b04aed226084e67d26d0c5f239d977f4a49a7

                                                                                                  SHA512

                                                                                                  76379e47eaa4f254b36595d43d79c0034b02b68015f958ef66fb6c04a83acd7ff3b039c16cdcd7de6c95350a382f18fc29723ea84b7e5151f09a4872f7946e79