d6fca384eeb3bd6702537527bdd3ec5509d59185463feae0d684654d37854d95

Analysis

max time kernel
1680s
max time network
1686s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
01/07/2024, 10:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

493KB
MD5

5ed7d0afaf6f5a29a02f6c516558025a
SHA1

a2c9516d24686e08077df342c009f3fa9063b216
SHA256

d6fca384eeb3bd6702537527bdd3ec5509d59185463feae0d684654d37854d95
SHA512

08dd801ea821d968a708ada461121fe657894524e0f46599f6163f3dc3fcc69cf227d332458a0e3a517ad6723231ba551b5354e86724980d873558d5d0548f38
SSDEEP

6144:eK0A8oA8UA8PA8SA83A8fA81A8MA8OA88slMb5:efALARAaAhAaA+AWAfAHARslMb5

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
43	raw.githubusercontent.com
75	raw.githubusercontent.com
80	raw.githubusercontent.com
86	camo.githubusercontent.com
3	raw.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2198854727-3842442895-2838824242-1000\{46C146BA-A941-479A-9742-F7126022E685}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings	msedge.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Ransomware.Jigsaw.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Ransomware.Locky.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
4604	msedge.exe
4604	msedge.exe
2904	msedge.exe
2904	msedge.exe
4672	identity_helper.exe
4672	identity_helper.exe
2220	msedge.exe
2220	msedge.exe
1252	msedge.exe
1252	msedge.exe
2292	msedge.exe
2292	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
4040	msedge.exe
4040	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe

Suspicious use of FindShellTrayWindow 41 IoCs

pid	Process
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2904 wrote to memory of 4252	2904	msedge.exe	77
PID 2904 wrote to memory of 4252	2904	msedge.exe	77
PID 2904 wrote to memory of 760	2904	msedge.exe	78
PID 2904 wrote to memory of 760	2904	msedge.exe	78
PID 2904 wrote to memory of 760	2904	msedge.exe	78
PID 2904 wrote to memory of 760	2904	msedge.exe	78
PID 2904 wrote to memory of 760	2904	msedge.exe	78
PID 2904 wrote to memory of 760	2904	msedge.exe	78
PID 2904 wrote to memory of 760	2904	msedge.exe	78
PID 2904 wrote to memory of 760	2904	msedge.exe	78
PID 2904 wrote to memory of 760	2904	msedge.exe	78
PID 2904 wrote to memory of 760	2904	msedge.exe	78
PID 2904 wrote to memory of 760	2904	msedge.exe	78
PID 2904 wrote to memory of 760	2904	msedge.exe	78
PID 2904 wrote to memory of 760	2904	msedge.exe	78
PID 2904 wrote to memory of 760	2904	msedge.exe	78
PID 2904 wrote to memory of 760	2904	msedge.exe	78
PID 2904 wrote to memory of 760	2904	msedge.exe	78
PID 2904 wrote to memory of 760	2904	msedge.exe	78
PID 2904 wrote to memory of 760	2904	msedge.exe	78
PID 2904 wrote to memory of 760	2904	msedge.exe	78
PID 2904 wrote to memory of 760	2904	msedge.exe	78
PID 2904 wrote to memory of 760	2904	msedge.exe	78
PID 2904 wrote to memory of 760	2904	msedge.exe	78
PID 2904 wrote to memory of 760	2904	msedge.exe	78
PID 2904 wrote to memory of 760	2904	msedge.exe	78
PID 2904 wrote to memory of 760	2904	msedge.exe	78
PID 2904 wrote to memory of 760	2904	msedge.exe	78
PID 2904 wrote to memory of 760	2904	msedge.exe	78
PID 2904 wrote to memory of 760	2904	msedge.exe	78
PID 2904 wrote to memory of 760	2904	msedge.exe	78
PID 2904 wrote to memory of 760	2904	msedge.exe	78
PID 2904 wrote to memory of 760	2904	msedge.exe	78
PID 2904 wrote to memory of 760	2904	msedge.exe	78
PID 2904 wrote to memory of 760	2904	msedge.exe	78
PID 2904 wrote to memory of 760	2904	msedge.exe	78
PID 2904 wrote to memory of 760	2904	msedge.exe	78
PID 2904 wrote to memory of 760	2904	msedge.exe	78
PID 2904 wrote to memory of 760	2904	msedge.exe	78
PID 2904 wrote to memory of 760	2904	msedge.exe	78
PID 2904 wrote to memory of 760	2904	msedge.exe	78
PID 2904 wrote to memory of 760	2904	msedge.exe	78
PID 2904 wrote to memory of 4604	2904	msedge.exe	79
PID 2904 wrote to memory of 4604	2904	msedge.exe	79
PID 2904 wrote to memory of 432	2904	msedge.exe	80
PID 2904 wrote to memory of 432	2904	msedge.exe	80
PID 2904 wrote to memory of 432	2904	msedge.exe	80
PID 2904 wrote to memory of 432	2904	msedge.exe	80
PID 2904 wrote to memory of 432	2904	msedge.exe	80
PID 2904 wrote to memory of 432	2904	msedge.exe	80
PID 2904 wrote to memory of 432	2904	msedge.exe	80
PID 2904 wrote to memory of 432	2904	msedge.exe	80
PID 2904 wrote to memory of 432	2904	msedge.exe	80
PID 2904 wrote to memory of 432	2904	msedge.exe	80
PID 2904 wrote to memory of 432	2904	msedge.exe	80
PID 2904 wrote to memory of 432	2904	msedge.exe	80
PID 2904 wrote to memory of 432	2904	msedge.exe	80
PID 2904 wrote to memory of 432	2904	msedge.exe	80
PID 2904 wrote to memory of 432	2904	msedge.exe	80
PID 2904 wrote to memory of 432	2904	msedge.exe	80
PID 2904 wrote to memory of 432	2904	msedge.exe	80
PID 2904 wrote to memory of 432	2904	msedge.exe	80
PID 2904 wrote to memory of 432	2904	msedge.exe	80
PID 2904 wrote to memory of 432	2904	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd44c53cb8,0x7ffd44c53cc8,0x7ffd44c53cd8
  2⤵
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1736,7127941752145731492,16231319036714081745,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1736,7127941752145731492,16231319036714081745,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1736,7127941752145731492,16231319036714081745,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1736,7127941752145731492,16231319036714081745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1736,7127941752145731492,16231319036714081745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1736,7127941752145731492,16231319036714081745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1736,7127941752145731492,16231319036714081745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1736,7127941752145731492,16231319036714081745,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1736,7127941752145731492,16231319036714081745,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6012 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1736,7127941752145731492,16231319036714081745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1736,7127941752145731492,16231319036714081745,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1736,7127941752145731492,16231319036714081745,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5692 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1736,7127941752145731492,16231319036714081745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1736,7127941752145731492,16231319036714081745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1736,7127941752145731492,16231319036714081745,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5416 /prefetch:8
  2⤵
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1736,7127941752145731492,16231319036714081745,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3292 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1736,7127941752145731492,16231319036714081745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1736,7127941752145731492,16231319036714081745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1100 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1736,7127941752145731492,16231319036714081745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1736,7127941752145731492,16231319036714081745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1736,7127941752145731492,16231319036714081745,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6316 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1736,7127941752145731492,16231319036714081745,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4760 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1736,7127941752145731492,16231319036714081745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1736,7127941752145731492,16231319036714081745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:1204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1736,7127941752145731492,16231319036714081745,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3408 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1736,7127941752145731492,16231319036714081745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1736,7127941752145731492,16231319036714081745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1736,7127941752145731492,16231319036714081745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1
  2⤵
  PID:4952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2152

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:280

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3066a8b5ee69aa68f709bdfbb468b242

SHA1
a591d71a96bf512bd2cfe17233f368e48790a401

SHA256
76f6f3fcef4b1d989542e7c742ff73810c24158ac4e086cbd54f13b430cc4434

SHA512
ad4d30c7be9466a797943230cb9f2ca98f76bf0f907728a0fa5526de1ed23cd5cf81b130ee402f7b3bb5de1e303b049d2867d98cf2039b5d8cb177d7a410b257

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5c4605aed5013f25a162a5054965829c

SHA1
4cec67cbc5ec1139df172dbc7a51fe38943360cf

SHA256
5c16c584cda1f348a7030e9cab6e9db9e8e47a283dd19879f8bb6d75e170827f

SHA512
bf2a5602fde0de143f9df334249fef2e36af7abeda389376a20d7613e9ccad59f2ca0447576ac1ed60ecf6ab1526c37e68c4614d79ae15c53e1774d325b4036f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
36cd12b3afa756246d8b1750fc062ff5

SHA1
c810d81ba7528219c4a05eb9c02b172bf300e3a1

SHA256
1b86583f5a9545e70e0ab8d4f45ef3132dcfaa5a82f64e9589602eec453aa96d

SHA512
1e0962f821ee30233c84fb132e74190db53022a1d1380c40bb0012d27a67285c8a9431c4190c7e9393f5c38d4a927de4c1697420339b31b78aec41f3f79cc5a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
6fe2da4f9afdff8f6eba0551f9974231

SHA1
070fc36095f7eb5ab9e5a69c0b6c6fc47b522953

SHA256
a00818b26ca07e889177ff9faee6ddf703bef7684b397141ee78df4e5f6238dc

SHA512
80efe30fc03022e008abc7d19ccba39d7ec98598e12721df30b35f9061858afea960bdf3bfc0c9f7773f367d91cc7c80d5de263c4ca3ebc6650a4c777a8a6f46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
867e56637dd28f11bf203888216a5c8d

SHA1
0dc1c487bb8c12af81fac587e6a94953b9d7ff78

SHA256
4b14bfffadd53a49c6e1996a0703e97ed63836cc0f3784c299b01fa482de8309

SHA512
3a26fc22bfb98f575c429691fd95366731d1e26469c560dc8fbd476fff0800d01661e21408c73c123b86e15b866a86b7762ee32a1cb97404325a99acf38689a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
84471da697397234b2b9aa62dafeb435

SHA1
a4928323da2eca4b7c7e662731cdb30472fa3f75

SHA256
f779fc53583f1db15bf97777993d23b97ed76f8b8d57b3b77b362799d1f7cdd1

SHA512
3db96871b8e1042ab1964bcdce334cbc617e2e0ee3ad94683aad60ba59c3a641b6f1be736b688ec511da896c4793063d641ae91d8d30b25d7d9a9a42fa4186aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
38c86299780badafc6430eab11d683b3

SHA1
b4c102acc6b081af50b145549686de4065e1d248

SHA256
4a1fc1f95e7b3e85a9a8100f88fae12fc539eaffb5404f50c3d1c1632d57a424

SHA512
1f0c8f831d4770e57285ca384867802ea1e8333e2ee9eaf48733dc74a212f6dd825958a35343938d17413e4bb5c3edd86183ca6804e3a08ffccd0976ff1ce684

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
382dffe1d617a17cc270edc036535a26

SHA1
e2eacb08fb6b07ba713f8ef5990371e5e48c1c3d

SHA256
cd72e4d366253bbcb72d58d652532770b532ad36d892a12ffb2b8e5f67496847

SHA512
b3a5c73265860c2c8e04c56cc9f8c2eeacef1f4915c7116c9d32209d29c28c247fef84c327a39fd1e3a2884d84190a47ade277766f64466f6d0072d982868bc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5a55d6bee36da6d2a90eecc9dca45302

SHA1
82ab7f1057741db88a80566d832d7eb94ebfb83d

SHA256
b922e8187c2491784cc9ea6d66af3779d051869bb023c7974fa06670cb0699cc

SHA512
f7590edfd0ccfa88f305acf33f149736db23b44297655bc72bf89a41c926374f584638c8ca113eaf3fa927e0930686b865df92e4f901a1b0db4c991a7d6adfcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
935ffaa266157105517ca98b00d7ef4b

SHA1
ff16b3ef0500b17a41c5a066634a210b04894229

SHA256
4e4597895ce6d8345c27f83c4b29325593fe76be211e986c19287a72db5d9f5a

SHA512
124ab0bf90a5ef20ac8a1fbe31bf7f15becdb0613b82440a2487ae916f0a6a753c03c0a3ca8a96a5ddefbe6fcf0894800e72555f0e341efa3d7a6eeed037023f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
96fe2ee478a492e085a4435d4638f98a

SHA1
58a47623e1460335ff950e1e18c2ef02e4c33248

SHA256
03f0edf3c0196bf29ee1dd0f434855e527985e8c7ad17feadfa1a383829ee59c

SHA512
02b0437a5159af8616d8b75cf3a5176db679a0c4d893c08f22f2263cf55a5280e2a57d6488732d189f936beedf92137d66de6545f1d71c3f188ca6b33a953bd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e9f9aee1a0e2f68d9d31aa09e3a30fd4

SHA1
6bebb27b7a31a580c4a6e28da2d2bf47c9de0759

SHA256
9257e37a2b3d3a8f6f44bd8cd79309859ecd0ef0c44579f9c8c123eb7dddf956

SHA512
e4206c16946cc3287fde28d9899a9faf225fb811b8110dae7782fe8ea60c3cebbaf4e19a0ab8748b4d83e27aab1298b7f9225371cb3ff4549aaa8ddafc74d86d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1be776d391ca93a29936efb5b0d97e57

SHA1
f9cb793ec060bcc53b0343f6e266560e8ad7497e

SHA256
62c035f1f6b482de1969856321957d248651ca8de44f31d29497ffab6335b4de

SHA512
4d24cd91dcae0413be93a02e4386ce09251d9f890f53e033ea0e4dcbb8515f3eb1d1ab394e2e3cc0ac2948326c9d0c8b9cd05cfe88a62c1a9ca74dbb1abe3847

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a9462b762503d2541b857193be6e0467

SHA1
4db3a187f5cdc9075d491159095310a7b437629e

SHA256
25606d8a6a94e8ee1faeb4af066958ab4a703ed3c9116adc64f7474d49a57001

SHA512
c1a700e97319c1de4982106350dec1019c5eb8117a5ac53961d8a544131b5c74bb9448ebbcbf21e8fe8f43e9eea0c3fbc9286279e3c9d544bdef7914a59a12db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\62e7a993-85cf-437a-bf1a-170e20f8902c\index-dir\the-real-index

Filesize
1KB

MD5
392ecef7d53c176b10f51e32deef75d1

SHA1
f2e216b58b2390f6031ad109967d148552c2fb1f

SHA256
c9e7c9d554840e5f262b945649d330c2ee309062af1a0073665788fc69b44202

SHA512
f6e7b61c065e93ffe27ef8d4ae26eb681d831243a8fa8db28954f8c46a83b74c585cabeec38196cfc2a6a2a451c5bf87e5313b327cc179f58c92d419318a3b10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\62e7a993-85cf-437a-bf1a-170e20f8902c\index-dir\the-real-index~RFe591f36.TMP

Filesize
48B

MD5
a8b36e45b5259d396ca2dc0ee1594db0

SHA1
265223078a4b5951bfe212ff7c13bfce9905cb12

SHA256
bf45352838ab63e0a3e3d005857a14bc0910175df8c5767fc1df64e492152dd3

SHA512
ae4f509c989a5f378a11cfdaef7f91657287bc20944a66a9c228f7c5192819b52676d03e07396913b3b7422d8d401bc72067acd4b5c2a1a189a121a56f033ee4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

Filesize
73B

MD5
867c5624fa90dd6e8b3e14e69a058dc7

SHA1
0fcddc2b49195d63d6a7a2bf2de3a35f7331dd86

SHA256
892486aebf20832b1093c6c19fae59079ebb49ba5ba879ffef84b05f20412af5

SHA512
5f4a621d62384c51a30acc270682ef015bbfb058cb0e03a24e1aab376220b03ff4c23faf300f87e7a9399ca5c9c97738196db54eb814d47665b2b520a7a80cb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

Filesize
130B

MD5
363daa5d73d19cf517e32ef10ad0fdd7

SHA1
3b557eef887f0749e79ac3249517ccadaae3687b

SHA256
ce65e1853631161405856f639ea29c1fdde0c4f6f42851363af2e1c30759c8d3

SHA512
baf2ab3e13fdee332402dfa34403e579413a43b9e56e33a40fd34615d60a907db2473070821245dea3a36c9d9f36fb914a077bf019c04bae92154e9eedd38b8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

Filesize
68B

MD5
17e4ecd14ad71c377f96778a78ec6df5

SHA1
539b629525ccaacb04a6fcb96ef520ecff4b9956

SHA256
7fc01594c6d7fa92e4c30872bf7f365061181a82df830b8f7ff08905ce75cd37

SHA512
555c0cd597a407aacba04a87fc8d20e3f24e31c029909b1b10362394a5e6ae8721aab4edc51097bb78afbf4deca458496e048c5c668f1594e749d5f02734c206

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3e8ad32ef6e0ff2c8dfb0722a7a862f0a1038fb3\index.txt

Filesize
66B

MD5
1776ccdf9ecd232e58384b8409e805b7

SHA1
aa1ffb572051b964c0b670e0aa95e86b850a0b0a

SHA256
a19da6c91ca7d1a54ea7b840eff46d42e72cb62bc64bf176ad2dab146d715ee0

SHA512
bc0f9e7d1c5aa176918b7822f3c9eb58fa864830aea96123c437cb753da05aa20ddd3ee51943d6c75f08b39e198c5df3163ab7ba5a43bce6a7accdf8d5663a4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0d81895d72fc7edce85e3cbbeafff68e

SHA1
4b0e2eaedd75d329b8366d4cd93bec2925155823

SHA256
56eac87b88a39fe99b784cbd1f3ab12799016b2200cf62e67241cf47b7b162cf

SHA512
00053aa2c86f61f6695f96e20e7182e8762f2f2cf1c50a13f333fb3b8a531c97a7b52e8a87e15d3a0b06161febda0c6bc64871e806c70f6e319314824eddddb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
98a838673cb2713c0272517243b29088

SHA1
2fb9712eeda4673832df7856fcbe8ca43fbebd4d

SHA256
5b35e71ecd74d882859ec58a28ae66cb7eb76ff34ea735f353f68b96d97c5eb4

SHA512
d3964e744050066544018e82ea1d66bbf1bf0fe22a3989355206cc4116a9768c3c6aa1e6cf4b741c219bb63b265bed7fb681a4c0fd00193d35b04ff56c3d8a4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
caa52ef84957e8ef0a010a34607b4ccc

SHA1
b304af9dfdf394bec06826677852b8343acc5d59

SHA256
ccf3fd0234c276d14e336546bac9c0093e85a729df2b5dcc8f60de4c7b3e9c4f

SHA512
4cbb999563097874508851e249f6eb73779f81c92a8664a2647230ce273ebc6c21c3389623d8febb78e88770d6e9cec9a41fdb3e4ff501c00f5c3f49b013f022

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ee9eaa1cd95e927929a948de2a34dfe4

SHA1
4b0902d5cab261eef39aadd74ea320827a4a6d48

SHA256
475a36b6b470a3eb00660457f5a84c7133d5d9120a60b2a94b0c4537fb0419f5

SHA512
c91593bd74ab0b5934dcaaf74c47f99e1e19a9c91eec729e0bc87dfe7f630486e9e3cca43d2fc294c99ba03ed99e680359007123f3e38993a39ba00d4943a6d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
715da28e85a5f12db00d8cfd4f92812b

SHA1
e73850ffe099b7706be39a6d0a80c4df0121952f

SHA256
bdfea1a3f6d1144dc9d5583981f4190ca8182037a028506a9b2e143f0687b929

SHA512
4089ef8e411d942b380a0c08fc85e42e243c45f4b44cdfcbca5a6c3049603fe5efff3729bdf3d5ab9058fcad64eafad251f8b4b4148e880d11793c38c5415253

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0c07424cbd2786f57d3955517ad94a8b

SHA1
9f938a0150390932804c078df194672887b0fe5b

SHA256
c107c69ed93870ed39acad0099ee09ccf5190a12ad01c3b1158be17c37470249

SHA512
c2226930d0752ddffc3f7d3ff471f713fd0b4cffcf680c11c035fb517a8c8129cc8b62afc752f66089736c5487c4e7a8598f6c7e6047e84e970b38bfdf9371ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
838ec217f28e38d440aa8f84fb730269

SHA1
6fa23d63424cacf761da44095db1bc9f77379b38

SHA256
9ef2daa7e98c8f95ce2068e6c478beddfff6453d38009bc6135df833e143d504

SHA512
5d99e4f28757d0726731467faf70746987f0b62fb63c2ef0e7bd5e76867e2121717d11d5a68f1a692aa1977d5ebc37d73c879875144cf0df8286521892877ead

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d1c392c9e85b514bed7e2b0dffcb7efa

SHA1
769bdc615a137b4cc57c1f65463590dbd5fc0aed

SHA256
4b3ce108aafa285ef7c7328e225f842dd9b61acbcc05b399197fffda8798a976

SHA512
d4b929b074ef6a8f8eabf361e4559053613f4dc230e5ee6457d88fd3876bc034fbf30316e735f7f3c00dfdcf18ed3658a9d363349406373506cfcfc88dbd0251

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a0c15c8d829a4a270e712768cf770144

SHA1
2e3f16e221b37e806015674843d38894ccf74f77

SHA256
82332dc15a3918c497122d6b63d4155c367d57d5cc482bc02f649bc7fb990305

SHA512
470a0ca5e7547bb700f88df106c286ced8a6b5bb1b110c64f6c13982653d056e70bb84ec93bde0afb180ca7571adbe4a8bb35623ed908e3153ea1ad2d1a378a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe599f72.TMP

Filesize
538B

MD5
5035ddb6a501af36bfeb4b96b640d57d

SHA1
32fac184d825c6c7cb66585a80d4f7a7a6a7aa0a

SHA256
2ba3a3a3249274bd393f563a9eead31257d824d7039931db72abc1b2759de73f

SHA512
9d504128ee007c963962531b4483b460aeb7f2d792c6bd73579c881686d74c7c63f8eb35f06319f7ef7a352e413af435e3cc0ef01177b7e908a4b16bb40ae56e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
513d149e69246e6790cbe2a579f18b1c

SHA1
cf1d564939fa1ad9825c3e85bacd81be4f20d9c3

SHA256
cda644b60e3558f82ed1a63bd8efdf9d12eacba344655967fa4436862f321649

SHA512
99f44bb3215241ed25b3b97a7696838efe1c8c8dd619357a040bfdb589c9fabff67bae987329666e5d6c8a1c95a7777e9e3a819dabed772830c8c56527892c8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
01abef9f68de78a5dd0fa6382a441337

SHA1
ac5f04c3120116883a18f86b4f7f0051802b101b

SHA256
38876ed38759f70ad394a7d7ec9b2313798afe415b031d861e24cf65f65c7206

SHA512
8ca957153ba489706e4f4adb9bc2733c98889b966a9dfe72a8389081cca0910fe6f21e1f6a1d8e9fa537dccfb1552154cf779301403d4b653e0fec65c68ca906

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
6c1efad745d4bc1f5a87c448a919598f

SHA1
994b841e579ccd375dd973ce1db739cf422ed1cb

SHA256
9ce10078eba39032e2b9d4a66059dceffb7dc507621e28179389d695a503cc2c

SHA512
284f14cd87c8d57d6ece6ec1c70ecf0665d053c1a9c768cd445fa91a2ee9b809b5d731d4da24facb9a26400d3c55e11b07466ba19f2366305f8d291f7d26d5e9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
5a5f9d3015065714d45eed92a055a097

SHA1
36453b6daafbc8f21c82c24bcdc15896dc0dd1d6

SHA256
92e2ae05b180dbb7d6d3f4a9dc408cee8a1dad8d5d23aaaf1cf03530794ab54b

SHA512
ba5b2961bd28b4b0e2abec8dfb953b9d39ee76071d3c474b420021f360478b924626fb9d1b5183565edc66dab578312a2017d6cad5f8b257be3629b697c12e47

Download Submit
C:\Users\Admin\Downloads\Ransomware.Jigsaw.zip

Filesize
239KB

MD5
3ad6374a3558149d09d74e6af72344e3

SHA1
e7be9f22578027fc0b6ddb94c09b245ee8ce1620

SHA256
86a391fe7a237f4f17846c53d71e45820411d1a9a6e0c16f22a11ebc491ff9ff

SHA512
21c21b36be200a195bfa648e228c64e52262b06d19d294446b8a544ff1d81f81eb2af74ddbdebc59915168db5dba76d0f0585e83471801d9ee37e59af0620720

Download Submit
C:\Users\Admin\Downloads\Ransomware.Jigsaw.zip:Zone.Identifier

Filesize
228B

MD5
fa3374f52c14a969c628a0b9898935ba

SHA1
2125b2297e81491ff74004202a697fc560030f40

SHA256
f4f781121f08d2b7264b09bb87c50a5afc0de6268856be4227d19de331d59cdc

SHA512
93fb5d4d7bdb87aec0929d27032416eaab30dc300544cb845f292c2a216793ce724729e2c1327103277fdbe1d05edf8cfe016519213e1f79760c6faa1e829a82

Download Submit
C:\Users\Admin\Downloads\Ransomware.Locky.zip

Filesize
125KB

MD5
b265305541dce2a140da7802442fbac4

SHA1
63d0b780954a2bc96b3a77d9a2b3369d865bf1fd

SHA256
0537fa38b88755f39df1cd774b907ec759dacab2388dc0109f4db9f0e9d191a0

SHA512
af65384f814633fe1cde8bf4a3a1a8f083c7f5f0b7f105d47f3324cd2a8c9184ccf13cb3e43b47473d52f39f4151e7a9da1e9a16868da50abb74fcbc47724282

Download Submit
C:\Users\Admin\Downloads\Ransomware.Locky.zip:Zone.Identifier

Filesize
224B

MD5
18b61577edfebadd3d8d153c209168b5

SHA1
8a42b40943a6ee8d2168f43617432f4388489b33

SHA256
de9c046944b7081dfceb743d8c1819a87258801088ac84058705955aebe799f7

SHA512
d88efae2b30cffe5c502812283e6ad8800baa48bf810d6685103f36bbc942fb98382a027f56f18e2f77125f5819a589a65daffd2cfd081e7db9df2ffee541e40

Download Submit