70b68ac1477e49a4342383c6eff1056f6a18ff0727aa20630e9e7bc8701011f1

Resubmissions

05-08-2024 17:14

240805-vrzlqawfqe 8

05-08-2024 17:12

05-08-2024 17:11

05-08-2024 17:08

05-08-2024 17:04

05-08-2024 17:01

Analysis

max time kernel
149s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
05-08-2024 17:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample
Size

7KB
MD5

4b320922990cfb723b67147a7a97d345
SHA1

5d134dcee4aaeadbea36761640434a45c708b081
SHA256

70b68ac1477e49a4342383c6eff1056f6a18ff0727aa20630e9e7bc8701011f1
SHA512

b21548566a22c31ca19de100264d1c2cefe0c8d8a0361f325194e6514453813376da301b4bb71c9ac0e4c3c1c84589276af79e7f48dd4e6d8ae553590ac823d3
SSDEEP

96:SDQ1jWHRUV/okJOlIDNSW0S9I3gtYEMLX+jZEBZu:oQHokYlIVYFSjZmu

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
61	raw.githubusercontent.com
105	raw.githubusercontent.com
53	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4272559161-3282441186-401869126-1000\{AB3D4CD6-CF29-4B25-A24A-BFEBB835AE80}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\BadRabbit.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
4012	msedge.exe
4012	msedge.exe
4612	msedge.exe
4612	msedge.exe
4460	identity_helper.exe
4460	identity_helper.exe
832	msedge.exe
832	msedge.exe
4984	msedge.exe
4984	msedge.exe
4688	msedge.exe
4688	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	892	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	892	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4612 wrote to memory of 804	4612	msedge.exe	86
PID 4612 wrote to memory of 804	4612	msedge.exe	86
PID 4612 wrote to memory of 1952	4612	msedge.exe	87
PID 4612 wrote to memory of 1952	4612	msedge.exe	87
PID 4612 wrote to memory of 1952	4612	msedge.exe	87
PID 4612 wrote to memory of 1952	4612	msedge.exe	87
PID 4612 wrote to memory of 1952	4612	msedge.exe	87
PID 4612 wrote to memory of 1952	4612	msedge.exe	87
PID 4612 wrote to memory of 1952	4612	msedge.exe	87
PID 4612 wrote to memory of 1952	4612	msedge.exe	87
PID 4612 wrote to memory of 1952	4612	msedge.exe	87
PID 4612 wrote to memory of 1952	4612	msedge.exe	87
PID 4612 wrote to memory of 1952	4612	msedge.exe	87
PID 4612 wrote to memory of 1952	4612	msedge.exe	87
PID 4612 wrote to memory of 1952	4612	msedge.exe	87
PID 4612 wrote to memory of 1952	4612	msedge.exe	87
PID 4612 wrote to memory of 1952	4612	msedge.exe	87
PID 4612 wrote to memory of 1952	4612	msedge.exe	87
PID 4612 wrote to memory of 1952	4612	msedge.exe	87
PID 4612 wrote to memory of 1952	4612	msedge.exe	87
PID 4612 wrote to memory of 1952	4612	msedge.exe	87
PID 4612 wrote to memory of 1952	4612	msedge.exe	87
PID 4612 wrote to memory of 1952	4612	msedge.exe	87
PID 4612 wrote to memory of 1952	4612	msedge.exe	87
PID 4612 wrote to memory of 1952	4612	msedge.exe	87
PID 4612 wrote to memory of 1952	4612	msedge.exe	87
PID 4612 wrote to memory of 1952	4612	msedge.exe	87
PID 4612 wrote to memory of 1952	4612	msedge.exe	87
PID 4612 wrote to memory of 1952	4612	msedge.exe	87
PID 4612 wrote to memory of 1952	4612	msedge.exe	87
PID 4612 wrote to memory of 1952	4612	msedge.exe	87
PID 4612 wrote to memory of 1952	4612	msedge.exe	87
PID 4612 wrote to memory of 1952	4612	msedge.exe	87
PID 4612 wrote to memory of 1952	4612	msedge.exe	87
PID 4612 wrote to memory of 1952	4612	msedge.exe	87
PID 4612 wrote to memory of 1952	4612	msedge.exe	87
PID 4612 wrote to memory of 1952	4612	msedge.exe	87
PID 4612 wrote to memory of 1952	4612	msedge.exe	87
PID 4612 wrote to memory of 1952	4612	msedge.exe	87
PID 4612 wrote to memory of 1952	4612	msedge.exe	87
PID 4612 wrote to memory of 1952	4612	msedge.exe	87
PID 4612 wrote to memory of 1952	4612	msedge.exe	87
PID 4612 wrote to memory of 4012	4612	msedge.exe	88
PID 4612 wrote to memory of 4012	4612	msedge.exe	88
PID 4612 wrote to memory of 3756	4612	msedge.exe	89
PID 4612 wrote to memory of 3756	4612	msedge.exe	89
PID 4612 wrote to memory of 3756	4612	msedge.exe	89
PID 4612 wrote to memory of 3756	4612	msedge.exe	89
PID 4612 wrote to memory of 3756	4612	msedge.exe	89
PID 4612 wrote to memory of 3756	4612	msedge.exe	89
PID 4612 wrote to memory of 3756	4612	msedge.exe	89
PID 4612 wrote to memory of 3756	4612	msedge.exe	89
PID 4612 wrote to memory of 3756	4612	msedge.exe	89
PID 4612 wrote to memory of 3756	4612	msedge.exe	89
PID 4612 wrote to memory of 3756	4612	msedge.exe	89
PID 4612 wrote to memory of 3756	4612	msedge.exe	89
PID 4612 wrote to memory of 3756	4612	msedge.exe	89
PID 4612 wrote to memory of 3756	4612	msedge.exe	89
PID 4612 wrote to memory of 3756	4612	msedge.exe	89
PID 4612 wrote to memory of 3756	4612	msedge.exe	89
PID 4612 wrote to memory of 3756	4612	msedge.exe	89
PID 4612 wrote to memory of 3756	4612	msedge.exe	89
PID 4612 wrote to memory of 3756	4612	msedge.exe	89
PID 4612 wrote to memory of 3756	4612	msedge.exe	89

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sample
1⤵
PID:1732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xe4,0x10c,0x7ffa64903cb8,0x7ffa64903cc8,0x7ffa64903cd8
  2⤵
  PID:804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,6420775870719119919,7465298975303156499,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1880 /prefetch:2
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1856,6420775870719119919,7465298975303156499,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1856,6420775870719119919,7465298975303156499,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2572 /prefetch:8
  2⤵
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,6420775870719119919,7465298975303156499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,6420775870719119919,7465298975303156499,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,6420775870719119919,7465298975303156499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,6420775870719119919,7465298975303156499,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,6420775870719119919,7465298975303156499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:944
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1856,6420775870719119919,7465298975303156499,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3544 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,6420775870719119919,7465298975303156499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1856,6420775870719119919,7465298975303156499,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4564 /prefetch:8
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1856,6420775870719119919,7465298975303156499,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,6420775870719119919,7465298975303156499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1856,6420775870719119919,7465298975303156499,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3284 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,6420775870719119919,7465298975303156499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,6420775870719119919,7465298975303156499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,6420775870719119919,7465298975303156499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,6420775870719119919,7465298975303156499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1676 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,6420775870719119919,7465298975303156499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,6420775870719119919,7465298975303156499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,6420775870719119919,7465298975303156499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,6420775870719119919,7465298975303156499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1856,6420775870719119919,7465298975303156499,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6784 /prefetch:8
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,6420775870719119919,7465298975303156499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,6420775870719119919,7465298975303156499,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,6420775870719119919,7465298975303156499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,6420775870719119919,7465298975303156499,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,6420775870719119919,7465298975303156499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1856,6420775870719119919,7465298975303156499,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6456 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,6420775870719119919,7465298975303156499,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5200 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3548

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1168

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x00000000000004F0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:892

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0487ced0fdfd8d7a8e717211fcd7d709

SHA1
598605311b8ef24b0a2ba2ccfedeecabe7fec901

SHA256
76693c580fd4aadce2419a1b80795bb4ff78d70c1fd4330e777e04159023f571

SHA512
16e1c6e9373b6d5155310f64bb71979601852f18ee3081385c17ffb943ab078ce27cd665fb8d6f3bcc6b98c8325b33403571449fad044e22aa50a3bf52366993

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5578283903c07cc737a43625e2cbb093

SHA1
f438ad2bef7125e928fcde43082a20457f5df159

SHA256
7268c7d8375d50096fd5f773a0685ac724c6c2aece7dc273c7eb96b28e2935b2

SHA512
3b29531c0bcc70bfc0b1af147fe64ce0a7c4d3cbadd2dbc58d8937a8291daae320206deb0eb2046c3ffad27e01af5aceca4708539389da102bff4680afaa1601

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
47KB

MD5
1b41de287931f25dcfdb32b449b62dce

SHA1
e457bbc7784ceacbb11cfa3ff65571de5c0ff227

SHA256
c1fe59b2b1995ef9709e1dcc147a96774f04c95374ca1c4df0c41e1cfbaeb8e0

SHA512
4d1de63bd0e1d61375a72252f41be91a61d766b3b204a0e72bf6530195a3f26d89c8aecd75e175281287b3b3b56a71f964ced207a0037641ba8c893d2ef75c78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
32KB

MD5
9c14da42e50b2e167bec77d3ea93350b

SHA1
3134a533899708740220acb3108c47872e792a2c

SHA256
32836c50b4c42baaddb764ee10a9a895865ccebc9eebc66a3f0d47ee09131b4e

SHA512
f93dbf35d425a25ff4285228eeae0b43dfcd93a368d5a27cc8f4bb80759da8ecdcd26facc2d00722c8b3131051558747fbb9625113b161cc6253a7fa9fb8b3a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

Filesize
20KB

MD5
644f2b0ee81b56ac7303031ab3ca10e4

SHA1
7ca67423f0ded5ff534f0a0d42df416b44d36805

SHA256
dda33f363084c0f939d6daf5e648ede370fe5be24bd408a6ea0e6bfa1042e6cc

SHA512
461b910c1c3d43d5e62ca18d8a2ec7c9a3db196d649c08ca56d92a8a5e39a991fa5dc53ee20572ecb93b3315b0ba2e2a0ba9f5644c61b2d2c81ef74c05abc39d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
fb5577b667d8679ecbc466e5b502c442

SHA1
fe185c7eb5b22f162c1c23b371fae8f2e1ea206b

SHA256
85545755fa81446f279529e8534f6a7e79de01ad0b501ecc2cb4ddbf06cc9908

SHA512
a5f575b0f899566f23c946ff9da9a8add5e86d197a703fc0bb7f16cbd0194e983ca2d7e69c31571f12827b8f47537b4c992f85ea648a5d1a3be8f12978c72c2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
69f8a7b9b8b600b82ebfc743c66a5fc8

SHA1
47fa420e32510ac3ecbce8872701341ac48dfdd9

SHA256
382dcbbcd47177b032cb8e4d5d6e783454f0bfb49e81de14fbe2c9e4f114d6fe

SHA512
9e429d33fd0250abda89eb1b47cc2eeb0b3aba6db1716e7ad4bf660cd40088d2743d5cba16460814b0b90d89540ebfa0bc52631a015e95669325ae50ae4db3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
3ebaf46c37de077547cc503d1c068eb1

SHA1
a75b292f03d39fa6476ab01fcd958d13825f20f0

SHA256
9125e6c4599a3594d5f851cf59155a05ee32377a809e5cb5da67a5419492f774

SHA512
78381efe6a32a787ce812f74aec0b0c03ec5d77ce33b5d63dec30e3098eb918567c086263b4d1d315055de37ca3669f8e3e06ab734f6b71e21b03be5c2333ac1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
cdd7e533b56e75eb16b8e83035568b13

SHA1
44a89e8882b43ff0beafef02a13fef54c5cbaa0a

SHA256
1d19d1ff04e3f3f8ab7390565198a1d22015638230ccd49d5a209ce16fcec9cd

SHA512
9d44a74e115b6b08b7147dce217ae7c0c4dba0ce51ba31695dd10a3f3eaf025643022ffd8a57e612a9a69300ab044ccc21f45b46ef864d0b7bea29280f51b05b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Platform Notifications\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
65a7b3b7b0fec15fc55b73069e9fbb68

SHA1
389798be0ec3840ca6dcd83cfdbfe3a781466364

SHA256
6f01d04637e8d64ec94c4983d40d319b47a1c67fa5161d0b8d32bdf49a295dec

SHA512
6951071624891e2a08c3c46cdff1dbf335c95cb3b7221d5b246a9d6daa5ba5fff228059aed493275270a9fd27f6988150f02f86d029d3aa21887b8eb0162fe7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
60f1614906ce792f49db6b70de907d36

SHA1
eb9076cb258bba6a7f03c7919ee50eeebd45ef80

SHA256
874996e2af322e085394eaa604106e60967c008209b826328d97a81f3f07dd6d

SHA512
02abe0da6e81d1f7fe8be8b79ea708dc2e9a6d4427b139840cd5da7250599d92dad7cabbed43de7f1e67d99fe2fac9476b1939ea391edba8c8d92aa3557c189d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
df67a7e4fd4f2704cce5fc1bf259c956

SHA1
54aa8ea544d057b814c9fa849561bf9911787a7a

SHA256
5e0136fd3d2df3520b2e67ec1eb4bfa77f0db483e3860a112295a2c8b7229ce9

SHA512
e6b59920fe5555615f5763340866527f0bc54a58f1e77fb26cbe23f6b84b0be3bef8a0cf1d391e7fafe5f54ee6dd6da37e13e6e7260c4b154d366101a87fe186

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3b11c2a135333f093f410a89cd082c11

SHA1
c9995dcabd8371786ea8d83d9eb16a5c1ee02164

SHA256
d6fbc6950228c62c3cf7bb8eeec1765186e5d67ebc9d78f849addec5911677ae

SHA512
b0d3088102720b5602102d7626a26d82b640d0a93018a7e871b8ace7f3a8c72fa5a67ba4f4efab248c53d4bc3503d560edb30f5b38ba9c6c723f2b5e78fc9e44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\74a3ae06-e00f-4831-ba5a-e121b2c7c9be\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\74a3ae06-e00f-4831-ba5a-e121b2c7c9be\index-dir\the-real-index

Filesize
2KB

MD5
9d142735f46c0cb77951ceff183935a2

SHA1
d5baffcf2bcf00009ab00a1fb32d68772175fe79

SHA256
9460ed284b17103111efbc7b8217606ab33ee4aec3650ab7c001b16d9cc002d5

SHA512
5a9f1de4380c6ca43347d2e58282c379788dba36947716c8fc248c784384153f50f26a54c69241cf3b992eaf24f93bedb1c42c9484e0f92b86882480b6f53ec5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\74a3ae06-e00f-4831-ba5a-e121b2c7c9be\index-dir\the-real-index~RFe58e52b.TMP

Filesize
48B

MD5
f409b2182665fa7557ae6e8fccb1a119

SHA1
53b598683eaa0963238a868e70820e77cdaebe1c

SHA256
11b4b26bf067524455fd52673d2663c28a765b154cb16fbec7f6e1e2cc17d728

SHA512
a731d97a0c2d63714b6c868ec4effeb28462a33f66ea7aa96cee83b99986159643eebc13be5c9b1a7908cfad4a0dd76eaa0149850230d9bc068cdb49896a2d99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\eee7c336-bc21-4901-80fc-0cbe7be75de7\index-dir\the-real-index

Filesize
2KB

MD5
129cd6dd32d1245d1c90a5b50fc76438

SHA1
608f97752f0cf46504af628f37cd8cec382ec28b

SHA256
4a5edffb29dc738bf94e54abc9548975be38260f239c6676f1cb70a934957432

SHA512
96bb2a209b9fcb055e53ccfd8f9b20893bc5b30c393441842da2169a47b42ce52ad63056bee8d7427f2d15098b60539086f096f94c8bb08ac7ecb99102a66b15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\eee7c336-bc21-4901-80fc-0cbe7be75de7\index-dir\the-real-index~RFe587cad.TMP

Filesize
48B

MD5
98da38ff3b2e02eefb3b697546c48a08

SHA1
117bc7f500f3231158471437f88d3e769407e4d7

SHA256
1cecbd29ce79fa1d8d5ca3769b84286ba3f1e38f9f9827c38710c4627dbe42c3

SHA512
287104f55bf6c13ab85bed91f8eceabe65411b0088ea917ebba650e54a5dc1b9f8e5b1fe9486abf9c56475a80a37948db54a2869066359c9d836b693a27a1e0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
b76d56c1242c36c8b27063b3b3537118

SHA1
663d601be76960e915ebb40ba9b54e376c1f93e1

SHA256
a28c2b86b39214401d90b08722c61a4445d854cd42324d2ffb5b04a88bec639d

SHA512
e87cdc7a8fb2aafacac96daa8866d721f6f2a4d13e23291c883b7d51ed61f6c83f5d291737bb938eb6984a98264bc709665b84aa20570461b950ec2eb84fa558

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
3a1192e7d9f821854fba6c4f154a76a5

SHA1
e4854bdbaa63883304ed11ebdf823ab6bcf8c6a2

SHA256
66bb645d238af88073341bb00ce7fc4b8a79a2af9a60b70c5149262a6ffc26d3

SHA512
31e0d24a28702cd476a7b4e11ea067ac27f8c0b526d320cd5372358d3e0945c5d031655c2d7f33892914188cb566ca33a03bbeec581a07a9ad9ffa6d4da7bc9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
26B

MD5
2892eee3e20e19a9ba77be6913508a54

SHA1
7c4ef82faa28393c739c517d706ac6919a8ffc49

SHA256
4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2

SHA512
b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
184498fd169282e375bba887f03ffb8d

SHA1
a03c78b08e68270ef218fedd14250cadaa1929dd

SHA256
0a3b90b5523e4b25eb9c1c6ad368d5b518c5dc87f119c9b6f61a7f9d61ff5150

SHA512
874c578de88216856f0f1d7ae0d8368887a1385fad680abc9dc69b8570ff850af95347f2d022d075ac334278de232d36f38334b9ae5adce7bd5b6543a4c5ddf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
a93de46fe05cd40d8310506929b44df5

SHA1
6c748f734620ae9c4ad0a1c26d5772925001d400

SHA256
23ca36cbde8a8df2a69e1ceeeec847a3b405f0cbf2ff3fdee5381e19e49ce2ab

SHA512
8e6e4fdc8a8ffd9c14b96971383eb92b52a328d0494cdd11c92278f14808915ec90932fe7d73ff4e15ad717a24fd94e299f56e3c3e6e64439ff1de236dc53818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
0806135071affa876abbecea7fb006d2

SHA1
b917578ca1a12e3f5f0dc0b8e61e1b9b3abe6dfb

SHA256
329e25e80c75da6b45eb071b7c646b1160a76fd9a991dfdd9d93afc49483d347

SHA512
1773dc5dfea49f59c66bfeb7cf2cc6e5116629468189fbba133538eacfc681425073b79cf5842a5f7966a8fe870d4faec72f0fd602331b2ea8c165db84f2a5cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
f8244660fe34fe43c9de9531d57c67d7

SHA1
9986553dcd0cbfd279302609cf8ce52f017a2512

SHA256
1b4dc32baf321625f0f00d64c4957105777a7bed6e51caac6f7164e07b023517

SHA512
d99636d416da4c0411e6bb4fc886968685e34bdfc2c76f937227a5cde4b909a15c6276bd620eb88d26bcaa0eb6767eb4d15113467a829dca3ec4c2711ad5744b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5860c8.TMP

Filesize
89B

MD5
a0b9c84498bf9d45c6dabc494c74914b

SHA1
3fa6315b657edd0daf120389330ab06a8b64eda2

SHA256
c61f9e79995285987982cd6fb2ceb071b428242fce824e060ef3421f16349bf0

SHA512
a59df126211e31b3421b9e169c1a0d1756484d05684ef420ca9da776affe7df658768f3062a23827c5cb929010bb02e672674944b2f3935d93383c264fff3fed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
32ae6fa1bb207f2f3ec060539448c0f8

SHA1
4d52410c7028bf894ea54bdef6798f51278424bf

SHA256
8b4c919450e864cc28cb0035dc2de70f9c78c68307ca439af1bc2813d77c9400

SHA512
5a927164e02fdf6409253a79bd43d8850bb395b8a5643e1718a971c4be75a7692eb7a15c6bc31c693de8c71fb98c17b5931ff3ec34322b0d47943a55e494d049

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58b011.TMP

Filesize
48B

MD5
9f0d8bbc0e589122361c0c87254445dc

SHA1
7999241fa5a029602d9a5125c6dd481e693f36ff

SHA256
63654784862fc70b612fae59e9bdbc2ef4a41aea20c84d929083742eb6c5f0c3

SHA512
2615c97c4a3fb1ebd4c328212c93fa230bdab7fde78aee158c184d9a8a6ee09c329f34d227bdecc698c6509e5f1453c7a7b3c5a87394f9724a864fb4629a567e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
41a81d377b92aa817082aef2cca9e4d7

SHA1
09f48ee3d7aa30485fd670bf436e159a6fe7f190

SHA256
fb870ca8c1375e435d22943f6e9cd0f99a45b723336f778cf0f19dd346ffc9ba

SHA512
23993dd5cd60232bb679ad62124483721ba15950593e2d917cf7918d4828460a787726153d0019d984955b964f5877ce8353c86b0caddfd0f37c3de0b0c71d6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
1a337efe8c045bccf46e007a66274ef5

SHA1
aebdef93f607da826062a1cbbc13c1fbdf456b95

SHA256
8e0008887991c4dc7ef5dde06fa6c96ab8ff9dc3e2a2204c5d31580881a1dcfe

SHA512
3eb18138d4f5f8b42763e035bbc7c0245a409c846a94aabda4c2a32b5691b62f083848cdfca367c248797d108ae448ae65ce6e1786c754e77df0211c06591372

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fc5c1edc61db265fb21acd94ebd64d23

SHA1
d1134ba68b223bf7bb513b01a83cfdce0bf9e0c4

SHA256
333190c021d4474fb402b402aff9e57274175910549185b97403c8cd2c992012

SHA512
00d6386c041f13b90d32deeb0293d24eb9a4226c8a8face3c5de6116ceb9d7fff78fecb2a9a39c6a5d3d9bdb658a53db87942777308169c612682bf749b0566b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
157e5a4018692bf1e53e7d3a96b91388

SHA1
ab5c3dcc355d8f4d26bb938c61e48de3f0e3f513

SHA256
3b72a9f5e44a48af6d35c4bb0ab1044f61a444aaf775bd7a20d17af2ff7a7072

SHA512
b4a5c96d0c031d26afa4d3724ff3bf845ef7d246d653cd194a9bf2e0c33b8a6880deec6f9af061c1d307b10d920db3265eb942d2a35aa3171a1beea7fbda64f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
fe99409406628cf26144d0692f8a0d4c

SHA1
829ce52c1ae3223af101422e95e4d8323ed9ff2a

SHA256
db6b2f671dc04523eaf755221ae1403b0475df0a627692cfaba5b21015ce5703

SHA512
a0b6a889b082ceeb50c934313f72e2fcff5fb082d564c5d54c9d41af1bc1747bdc0b60d7b2d7053612097217090c5d62260784090da190bb1be598e0c6edb31d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3b87ae6ed778570eaac6187f5946cf07

SHA1
294320ff752e65a94213f968507953030c7f5496

SHA256
d50d158153236d46dc54468f7294709af9014bdf8bfbb33b88bc912bc8861887

SHA512
bb4be1c8979d3f45683ec5c14daa6e9e609a9214e47aa6b1cb10acf14fa33319a262427ce2ae321aa93c213bb01eb91a3de6ee068d18114604684b601edf4e32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a447dc545d9f8d2a789cb0e1ba9a009e

SHA1
8d0faaac0d604269c9e1d13a015978400e425ebd

SHA256
9a68ddb12e138d6c1f6753b37683d0b210b8f90f32b52826cfad789572d8b2b2

SHA512
6f685bb3e7a251f205d63ca188c8ac9cf3af54ec6c9af89081cd1a5e95ee826e90d23c87b0ea1eb1e010d5082aabec459581db1ff977960cc70991893237bf9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584716.TMP

Filesize
536B

MD5
b31025f05f5ed2168ad0e751ce716c55

SHA1
9b4f49ff9eea133276cafb90e16bceb94f982599

SHA256
e28d73cf35cba26edc55842a2402f337f5c29f0f1e0afc7d38e1cdf34d178620

SHA512
f12dff87ce2338aa8077e85e98b6a0228a0cacc1f6fd38774b810937512c1cb63a200914dce0e1bddccede762418d0d8165a27916d302dcb34f68b8980acb0a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d2cabb6cb747535bd0b6ecd2f09316c8

SHA1
bc497bd1747f9d97fd9685b194ca6cae13bdc519

SHA256
b341155973a476e98246753edea18939a416b7d1f0a0328ac6360ff45aab5414

SHA512
fa5e2b4a3feb70bcb29b416a659ec9709c0076035a909db49fa683e764bdad150955f762252218ec0b1850eb0a1306ec0f294e652ac9187ed90e154bf11702a4

Download Submit
C:\Users\Admin\Downloads\BadRabbit.zip

Filesize
393KB

MD5
61da9939db42e2c3007ece3f163e2d06

SHA1
4bd7e9098de61adecc1bdbd1a01490994d1905fb

SHA256
ea8ccb8b5ec36195af831001b3cc46caedfc61a6194e2568901e7685c57ceefa

SHA512
14d0bc14a10e5bd8022e7ab4a80f98600f84754c2c80e22a8e3d9f9555dde5bad056d925576b29fc1a37e73c6ebca693687b47317a469a7dfdc4ab0f3d97a63e

Download Submit
C:\Users\Admin\Downloads\BadRabbit.zip:Zone.Identifier

Filesize
226B

MD5
2b8a63f11748759a6c122fe25dceb6af

SHA1
96a26092fe07b3827d0c3efba36cfa5fb69eb1f9

SHA256
e5614cc53eca2ba33c92217a3622c78f9c5fe9084f6e550c4eaddb84edad7ff0

SHA512
345d1b2b7916e5e2bb4455a70fcd20266bbb8261274ad83165deabffeca08ef8975799401ee187a70af33bc4c938294978ef1387b5acec8ae4dbda20ba789b9f

Download Submit