8716c75aff75941711aff8770836f47eb9a254416089ef3571c6fc9a338b3009

Resubmissions

10-08-2024 06:53

240810-hnsmsatfrf 6

10-08-2024 06:49

10-08-2024 06:46

10-08-2024 06:41

10-08-2024 06:38

10-08-2024 06:35

Analysis

max time kernel
149s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
10-08-2024 06:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Module.dll
Size

1.3MB
MD5

157fd035b2a344a94166d7db3756df0e
SHA1

f221d28c1deb80b4e8d9201226435aefce6b0f75
SHA256

8716c75aff75941711aff8770836f47eb9a254416089ef3571c6fc9a338b3009
SHA512

fad0174fbd22f58dd4fcdaad8378c214270b4faeaca64d9cb306f50e9316072a4c417c5723c4123b8bf94a3dba6ef4e3303ec60f4a2cf0c3a54d8ab375ea717d
SSDEEP

24576:ZqBSLRktEBl6blwTUMD4zB1VU2bFjYWR0pMQUAqLRAovh4bSAXVVRNRfMXZO:ZqBSLRkt8l6blSU//+2bFfvA1SQVVRNk

Score

8^/10

defense_evasion discovery

Malware Config

Signatures

Downloads MZ/PE file
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

8 raw.githubusercontent.com
62 raw.githubusercontent.com
Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
defense_evasion

SIP and Trust Provider Hijacking
T1553.003

Processes:

msedge.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\000.exe:Zone.Identifier msedge.exe
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

flow	ioc
8	raw.githubusercontent.com
62	raw.githubusercontent.com

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\000.exe:Zone.Identifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3761892313-3378554128-2287991803-1000\{1E7A02B6-CD2A-4FA5-942A-1604D00D1A00}	msedge.exe

NTFS ADS 2 IoCs

Processes:

msedge.exemsedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 689385.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\000.exe:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

Processes:

msedge.exemsedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid	process
924	msedge.exe
924	msedge.exe
4044	msedge.exe
4044	msedge.exe
3520	msedge.exe
3520	msedge.exe
3312	msedge.exe
3312	msedge.exe
2992	identity_helper.exe
2992	identity_helper.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1372	msedge.exe
1372	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

Processes:

msedge.exe

pid	process
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exe

pid	process
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe

Suspicious use of SendNotifyMessage 14 IoCs

Processes:

msedge.exe

pid	process
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 924 wrote to memory of 72	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 72	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1428	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1428	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1428	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1428	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1428	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1428	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1428	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1428	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1428	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1428	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1428	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1428	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1428	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1428	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1428	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1428	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1428	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1428	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1428	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1428	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1428	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1428	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1428	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1428	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1428	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1428	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1428	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1428	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1428	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1428	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1428	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1428	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1428	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1428	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1428	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1428	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1428	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1428	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1428	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1428	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 4044	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 4044	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1696	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1696	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1696	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1696	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1696	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1696	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1696	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1696	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1696	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1696	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1696	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1696	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1696	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1696	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1696	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1696	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1696	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1696	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1696	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1696	924	msedge.exe	msedge.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Module.dll,#1
1⤵
PID:2368

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe979a3cb8,0x7ffe979a3cc8,0x7ffe979a3cd8
  2⤵
  PID:72
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,1726790553191609428,7074127298316304002,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1848 /prefetch:2
  2⤵
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,1726790553191609428,7074127298316304002,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,1726790553191609428,7074127298316304002,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:8
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,1726790553191609428,7074127298316304002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,1726790553191609428,7074127298316304002,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,1726790553191609428,7074127298316304002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,1726790553191609428,7074127298316304002,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4532 /prefetch:1
  2⤵
  PID:896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,1726790553191609428,7074127298316304002,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3328 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,1726790553191609428,7074127298316304002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3892 /prefetch:1
  2⤵
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,1726790553191609428,7074127298316304002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4484 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1880,1726790553191609428,7074127298316304002,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4900 /prefetch:8
  2⤵
  PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1880,1726790553191609428,7074127298316304002,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4052 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,1726790553191609428,7074127298316304002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1880,1726790553191609428,7074127298316304002,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3412 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,1726790553191609428,7074127298316304002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,1726790553191609428,7074127298316304002,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,1726790553191609428,7074127298316304002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,1726790553191609428,7074127298316304002,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,1726790553191609428,7074127298316304002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2524 /prefetch:1
  2⤵
  PID:2568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,1726790553191609428,7074127298316304002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1332 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,1726790553191609428,7074127298316304002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,1726790553191609428,7074127298316304002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4592 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,1726790553191609428,7074127298316304002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,1726790553191609428,7074127298316304002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,1726790553191609428,7074127298316304002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,1726790553191609428,7074127298316304002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2640 /prefetch:1
  2⤵
  PID:488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,1726790553191609428,7074127298316304002,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2992 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,1726790553191609428,7074127298316304002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1880,1726790553191609428,7074127298316304002,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6980 /prefetch:8
  2⤵
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,1726790553191609428,7074127298316304002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,1726790553191609428,7074127298316304002,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6636 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1880,1726790553191609428,7074127298316304002,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6404 /prefetch:8
  2⤵
  PID:2792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3648

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\4016a576-de25-47f6-afdb-fb681675c863.tmp

Filesize
11KB

MD5
32014e998a22b93f2649de4e2f41450c

SHA1
dc998924070f1db287f5e4711f596f0963090642

SHA256
5f2d8021ade64359802e5569ff36d4c1fa35ac7d5de9a66629fd129aac31231b

SHA512
eff677ca229e253c3b070bc9715f2414d13538412d14785f5028599bd7d908873133dc5e22f8393a62b21db5c38c40f5b23130f940f634d440ca015eb8164dff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4c3889d3f0d2246f800c495aec7c3f7c

SHA1
dd38e6bf74617bfcf9d6cceff2f746a094114220

SHA256
0a4781bca132edf11500537cbf95ff840c2b6fd33cd94809ca9929f00044bea4

SHA512
2d6cb23e2977c0890f69751a96daeb71e0f12089625f32b34b032615435408f21047b90c19de09f83ef99957681440fdc0c985e079bb196371881b5fdca68a37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c4a10f6df4922438ca68ada540730100

SHA1
4c7bfbe3e2358a28bf5b024c4be485fa6773629e

SHA256
f286c908fea67163f02532503b5555a939f894c6f2e683d80679b7e5726a7c02

SHA512
b4d407341989e0bbbe0cdd64f7757bea17f0141a89104301dd7ffe45e7511d3ea27c53306381a29c24df68bdb9677eb8c07d4d88874d86aba41bb6f0ce7a942c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\19b9fd9c-6b4d-47c5-bc48-cdc5d5a2a12d.tmp

Filesize
1KB

MD5
2d22def98528be5b5fd51bb179763fe8

SHA1
bcb6b8680a676190cbbd3cea84ce119213bf2a37

SHA256
a48961aac15b88b717cb7696423a50a039e7af7bc872bd828a37ed2479c8b204

SHA512
34a323ef4d9f2b7aa34bb377bff9f5aeacd3794239872693e481a6d96ffae78bc03c2f4ec3f53e0ef3be1f62218ea8131b821227f88c7f7f61f1cf6ac41d1fd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
67KB

MD5
a074f116c725add93a8a828fbdbbd56c

SHA1
88ca00a085140baeae0fd3072635afe3f841d88f

SHA256
4cdcda7d8363be5bc824064259780779e7c046d56399c8a191106f55ce2ed8a6

SHA512
43ed55cda35bde93fc93c408908ab126e512c45611a994d7f4e5c85d4f2d90d573066082cb7b8dffce6a24a1f96cd534586646719b214ac7874132163faa5f28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
41KB

MD5
a7ee007fb008c17e73216d0d69e254e8

SHA1
160d970e6a8271b0907c50268146a28b5918c05e

SHA256
414024b478738b35312a098bc7f911300b14396d34718f78886b5942d9afe346

SHA512
669bec67d3fc1932a921dd683e6acfdf462b9063e1726770bae8740d83503a799c2e30030f2aca7ec96df0bfd6d8b7f999f8296ee156533302161eb7c9747602

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.2MB

MD5
9f8f80ca4d9435d66dd761fbb0753642

SHA1
5f187d02303fd9044b9e7c74e0c02fe8e6a646b7

SHA256
ab481b8b19b3336deda1b9ad4680cce4958152c9f9daa60c7bd8eb6786887359

SHA512
9c0de8e5bf16f096bf781189d813eeb52c3c8ec73fc791de10a8781e9942de06ed30ff5021ab7385c98686330049e3e610adc3e484e12ef807eec58607cfae63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
43KB

MD5
209af4da7e0c3b2a6471a968ba1fc992

SHA1
2240c2da3eba4f30b0c3ef2205ce7848ecff9e3f

SHA256
ecc145203f1c562cae7b733a807e9333c51d75726905a3af898154f3cefc9403

SHA512
09201e377e80a3d03616ff394d836c85712f39b65a3138924d62a1f3ede3eac192f1345761c012b0045393c501d48b5a774aeda7ab5d687e1d7971440dc1fc35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
73KB

MD5
cf604c923aae437f0acb62820b25d0fd

SHA1
84db753fe8494a397246ccd18b3bb47a6830bc98

SHA256
e2b4325bb9a706cbfba8f39cca5bde9dae935cbb1d6c8a562c62e740f2208ab4

SHA512
754219b05f2d81d11f0b54e5c7dd687bd82aa59a357a3074bca60fefd3a88102577db8ae60a11eb25cc9538af1da39d25fa6f38997bdc8184924d0c5920e89c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
27KB

MD5
c3bd38af3c74a1efb0a240bf69a7c700

SHA1
7e4b80264179518c362bef5aa3d3a0eab00edccd

SHA256
1151160e75f88cbc8fe3ada9125cc2822abc1386c0eab7a1d5465cfd004522c8

SHA512
41a2852c8a38700cf4b38697f3a6cde3216c50b7ed23d80e16dea7f5700e074f08a52a10ba48d17111bb164c0a613732548fe65648658b52db882cacb87b9e8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
17KB

MD5
e9b3264faf77e08f57c8f7a1a14c9b11

SHA1
d43446a355e52e891514e120eda755b3f948c472

SHA256
a98b1d8329d683e7dfb0d3e47a91be7ae1934fecb947d6fb7af34b983754fb48

SHA512
d0600e040db29b413a56a780e9855c290abd1484a6ea616cb7e0eda81dd56a8b6182ae72168f0ccd9794563c7bfb96395c5f50bc64673be958a028b7818ef1bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\06450eb6a7b09545_0

Filesize
2KB

MD5
146b4c402465cc0cd20c657d95814093

SHA1
e05f56cca13cc287d0eccc969827640678ff2644

SHA256
ff9f0994f4f6bd24218c49a5579f133590af050a4c3a6e08b11b7864215ec2d0

SHA512
b9fe23b7665a6b4ec9c93d170ec13fe5e926d08d8b19bc62d9e96e0fe1d34ae3d9b2e91f44e3e75380dd11c7da21b8f014c5ccc20f1f99bc5ed944c48a349a85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3f02c4494b1a18ff_0

Filesize
4KB

MD5
9f9c68d94d3fb3e0fd827cfc75ca97ac

SHA1
50569a7c8ae25bedc0dedfa2f61cfd6ccdaef618

SHA256
0f35673cfa5a955916dbeb5e98bd6e55b95cfa7e104df2758ca21b527b368d3b

SHA512
557b582ba8a3ce521b7a9e503be6d245a718a05b05fa0e25e498b1015c0e55b80c7d414c2cca05515d7acf60f633a9c3f99b033c5165680adce9ccc3b06b3174

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\54621936eea23565_0

Filesize
11KB

MD5
b0d501c83fb9392f7b70106b5ae11972

SHA1
5cf9e4bed0c6cd77ca474c3545bc16b52e6e3077

SHA256
912811e2f44e8e2434fdd5ed884ece4f76f772b431fef5120c6d8ac1ba028f5c

SHA512
59bee363936f5ed1ff138a4abb661f803d75510349bb006966de5536de8026bb90555ca1a3bd67500f778df451202cc5647d62303f4a727672fa29e0e3262e3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ac9b40a0411376f7_0

Filesize
2KB

MD5
2a80375162923422999ac6aed32c4e35

SHA1
154edcf4f04e7c59f1c0db421f750ea8db2d3dc5

SHA256
fa7e9cbfa8846ca6cd695c2e76675ade3ab0f77374f265e8976fc04f7f3e4996

SHA512
c447124bab52ebba5ba51c80ea40d4a8db304efc027866aa5062c290fff308fad5b0833aa250b4ba168316bdb35d9b8839a932eb53b43e6cd55c5d57790708b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e55f0a6d1b533c66_0

Filesize
2KB

MD5
a99b3f03ce9444170161e94a33f83cf2

SHA1
93f342494b37ef77334185e9bc96ab54698e26e1

SHA256
672f6b07fef9f93e8ee215e441293d7c7dd9b55931184cec9bbba899f142c922

SHA512
ce2c11086b825cc83515034826a22f5bb22a0fe468c5a82ff39466ca16e2b916239d4e567760c8c9e7de0e7e621d8b47305f747b7103cced1ea8f580017c494b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f89251fac2b69325_0

Filesize
3KB

MD5
fdb9832d1186d7025b59ddf5cf1687e5

SHA1
0f2e098518c1364687015fce63d93c027950dfdc

SHA256
eaf4e883c2e59f9c3af727b4bab3c3658e159d7cbbd866dd2b07726e36418b35

SHA512
13bd6f2f6ed046e5a1b799b0630b7aef1a039ca7843591559e3db27c38297fdbfa8ac21ed654ac13aaf6c2f89f03d9b54ab045ac85157c8275e95c86cacaf13c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\feadcc6fa014c0d1_0

Filesize
1KB

MD5
2dc8b5409faf2cb69fc37546b470c92a

SHA1
d45cfbded42ed34e4e7914d4194e9d089f22ee87

SHA256
b4b7f87936ed4413655ea175166319da3d73111d1f7ee2852b5c641d3e93f005

SHA512
73c3054f116634bb4eb6b202ff153fa4c0a47cf4424174bde878295337c40eef4cfa29f038c713c4b7f01c21c43fe4381185a384ed92398008bacab4c9458086

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
ab01951f2366f33de811e60da5ad1714

SHA1
da7fa9ba7c6491374751e416e09eedde04b7c012

SHA256
fc0c6ac778a591d1ef1d9486e9ea1917eaeca8d588173bcc047e244ea7fe1cff

SHA512
c43111c79e3d464b3b6d0b1317c39b2c4816d74a513d7cda1542d58eeed54d735850a1343771e8459d33b17d21c1172add87d98b2a48a8fe011730af5bc466b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
44783e5a16df1f5c16c990f521cdf9e0

SHA1
2b44025d5f52fa6b99b636bdd40ff3e0f825a949

SHA256
dc2a270426ac8f019f92c5dbe31488dd2b8c14da7dc7360e308d3c3a2a08f1ad

SHA512
71f415f15bd7bb5210a4b03c279cd16306525e1eab4677b239d762d61c52f4af7ccd3d7802e2aec002a0b7aa19e7b7d3955d55259c26faef1f422bab1f4a5bf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
2dfde183cc9a0299467d3f6a9b266bdf

SHA1
766736274ac6930e2f011c47e69f2a44d8dae7e9

SHA256
11fcd5384ea0e3db4d474da8ca3d8534d00534c389c8a6a0c3ccffd256cc0e42

SHA512
5ba97100dc61d3b8a459e634e8993f8396a8411f90e483b343d0bccb9cccc2aaa6cc78e52289578f7bdf0f3f8fba51728013e58046b92d9636c2c9878340d95c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
cfd5af39f5a0d1eb732ec0e27def7741

SHA1
608522d2e978f6aed7a0032e3c70b4cc5a9ee22f

SHA256
fe3b2a88e10d5ab1599d9e8824ba00f36821f9735dbb5f7ede1fdb4ef7b1c55c

SHA512
4d341761e377d1fab25c6abde6cc4c1ae0474025fdd27a8bc19f915ece28c121275cd09fe8904fdd2b7720a34fe052ff012123432af0cef5932f7f7bad1d75be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
790B

MD5
0f5bd571813ff70f4b2487655ddf22eb

SHA1
e49979fb9f8aa63b0ca3166b3c0c83e950efe037

SHA256
1feed3399fc3e390748fbea9d14ebacb119146e9c1cfedcc41ab08e9ec3309be

SHA512
a55c7fe6e50491d568ed4b141a5878a3da89a66b128886a4918a7dc23821069aa61d4a8b61f8470c4646c1e2b72d98b3a79712fcb0c2cdccfd0ea07a7a2b4de7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7ec181d3e0746531cb953223b23fffb3

SHA1
397b96355ff2ca18567cb1f3ec4a669df5912b24

SHA256
cc236d8bdd09194443b6a216171ee5e08dd1aa569753bdabaa7aa585c4338a6b

SHA512
c965aaec2d10141166bbcb2ce999e9f95f76a66562eb887d718e56e8495f62f37b182107a5cd7383387e17dfd4100a6a7bc1e240eaa2e86658076e6af0a629d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7035bb7862216fa3c7e1c17359639b79

SHA1
15fa7f1f67ceb10b0530c42ab9765d0d69f38afd

SHA256
e36bfc3dab35bfada4652e6cc9d6e5e5ffa64e4df8e08351741d788b84e71f27

SHA512
22711d0b8c9a3331cc1d29a48484e4e1d35d0b6d4c5ed134874fb92b32a552ebdfd141bd2caf093d97af50f3a30a908a98e04d272e1bb22f27253c4f752b105f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
504c000445a89cb099f704893250490f

SHA1
247bbfd090269e93cbe6dd947fe67d3d8e6977cf

SHA256
26f35f89a998dcbd42e82f8fe3786aae98457e09ec9958b7126ac4c554b2c3c7

SHA512
6b7711fafc599c333d4a95f23c57d9f394d445288ec458a2b67d67ac47074317404736919f4432dbde58ad537a4045b904d240db719de33321c4e812435a6a22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0c7e6e9e281619cf7e9338fef13db878

SHA1
ce1e1c12e50d189eed8ba0327c44249deb7dba2d

SHA256
695e79bc541dbba95a77235e1f4e89e01266451abf0e2bc571a68ad02e6fdd76

SHA512
9244e93a6d6abfa47f4b99a3a16dd4e67e1fd5cdee982d6499cb1c96c6a3e0b8184858459c87f5dae9cc0183bd2e319068a516e91479602266d75f6845e56d5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2f9e6a03c53da9ce0aa18c83be0d90bb

SHA1
a5fbd59d629774af9bdeb0aaba7f92ca38296f4d

SHA256
6e65c3a33c88e6e937668126f5a6bb9453f9923e585f7ac3a48640b8302c4c31

SHA512
489f2767afd9aecbdaabb976349e0dbb0558779b93ec35d88fe357b165a93c940543dd935fdc756f595175541794ac7db335333d4834edac8f4ded0154c97b7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
90f39ad60c3f9de8fb7a1e39bf84dcab

SHA1
b653ae62bc741dd3a1abea022adfa39e7c2dc23a

SHA256
b1777106782bdd0e912ab17e66346b0059cd1bb1561b616e5a9aaffba44334b8

SHA512
de347aa38482d2bc35a353cbcbd51c914f15e57b9097a80904178f0cf013f412f46d8748df24a86f356f384d065ccdbcc52925740e8aa53bce1937ca4d44ba8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
eb17081469605f7ea28ce3936a059d21

SHA1
583eaa7b0adbd8567553659bb9a3da8dc882a354

SHA256
f1efbc35ea11ab1b18a4d7e63be991efe27f654a4b85034c4fce920a5050a596

SHA512
c459d9f7b4a84f33550d6b6c16044b767f4c57e316730d8b32c39fa597555f2b02be765c02039ed96d0129437af7e831a7421f02b4b93dd2bef4e0269ddcab8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a9932a0a95ae48b695846382e9b4476c

SHA1
b5f81a118ca281f126d3c7d371dc243476f06f32

SHA256
b4ea958e5302d3f2888fa542a58ed713f9614245fb814257437d3e344643c4a0

SHA512
e928d460d245f4e848fcc3cc68773902b13248a0ea7a667bbad14b6767a45fbd3dd5b5a5f802221779b48c9cdf5d22f252a66c06d05d182e3ccba833c51358c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a10cf718fd3c09790546ba4ef042f06c

SHA1
2c13c8128401c9649094ca2599b37c868a15249e

SHA256
c8e5cc7fc6a390d2f3ed21740f9ffdb14cae00a37e4d27e8ee5bdd7d2dabeb7e

SHA512
98f77355f3e9bd2518367895c3c518c6096b1f4fcfe47592544d429e721b272248fe26640c88361bde6fb549ec0decba503fbb34998913afb1e90af9c9280ff1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
282f90d0cff9caac56f7d718a06bde74

SHA1
9538bad4d6a69c3647bca873ae6638352c8cc673

SHA256
0b07ec50cc9956e7a1954f478200e6b36d8fa19bf8ac24d322c5aabab5c7da73

SHA512
30a3189dc56024f60962e0e4f3f8193f884e747989212232a8523d1b11c6876910e865aa30ee24f0fe2d76ebe03e87aa30f5457575264f7e10217cece31c9034

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a54c0e9d7e66c21b0cf43c97afdcf9c0

SHA1
8b63286c281e25ba8430d102ab48bd62a119754f

SHA256
132688295d9904cb18d811e2035eacc32024d59b47184f4f0e63bed3b5a2fb2f

SHA512
0ee97bf899fc9a65fa54f131221620833eb220d10bb14c55b5b0829eb88c23ee5af585af9c047dd339823f4bc8a72c4ddaa12baaab80e2a7aa00cf645a970c68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
92fc1bbfecc3041ab9eee2e317779293

SHA1
c4722696c20a77aa0f3fce64bcaf533d938b57c2

SHA256
1f2200a3c898a8a5dfd129d72904cf0fdbd3fa6944a870121b4f863f1139b692

SHA512
a182b128d32c57fc438a415254e124544075905c13e44cff87df02a7d0422a400070d13ebc30ba37b8787ed3b53866df18e644a6980d7be0cebf2a82cdfbe21a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580b94.TMP

Filesize
538B

MD5
bc2e16142978aca6073c9be0623321ae

SHA1
e3bed0aedc0a51fc40bb96000df95214e2de72fd

SHA256
04b3fd2bd8d87da4c2dbc5432734d689de199ae6641d1e233194399ce31821b8

SHA512
8745b0dc8ea24149371b6a28b908cece201d0c42a6b10dcc0e27e6b597b73b6ddc6dd195e5ee7dc00862a9df822fb8190c28c55aefc43dacf35471ae4f1585ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a0d04753-2ffe-4c2d-8538-e3cfea1daad2.tmp

Filesize
7KB

MD5
6ed6d1c69ac55a1c892c9feb9b400ca6

SHA1
94d58077642ac8d97cc269b9e40ca49a3d78efd5

SHA256
3c41936f28deba88336912f40dd90064f6202e2be58a36af383e7c868b7c1c2b

SHA512
774f74c7aaece49d157cd49d9f9a28419b76504828a041c5d5096f839410080886a27b3a3b46e72ca96dde9249f8f489536fd1783d2643fa78a746235f6cb4e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1a11be867aacf502de83185e18f9da6c

SHA1
a782f7afe92234ef3e5fe502bc01456b763f9ead

SHA256
31e597c489df9a3e5c4ad2d7b6bf950dfe6362202ab5879613e8f3b54b918493

SHA512
77a9d3a95dbf6399a111a2e536a9e3b0a2c8f3afd76b24ac63ea94d3e13a025246dca4ddbb2ffa40b0d2178c5551d3131aea638528b47dfe7f54e409b187968b

Download Submit
C:\Users\Admin\Downloads\000.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 689385.crdownload

Filesize
6.7MB

MD5
f2b7074e1543720a9a98fda660e02688

SHA1
1029492c1a12789d8af78d54adcb921e24b9e5ca

SHA256
4ea1f2ecf7eb12896f2cbf8683dae8546d2b8dc43cf7710d68ce99e127c0a966

SHA512
73f9548633bc38bab64b1dd5a01401ef7f5b139163bdf291cc475dbd2613510c4c5e4d7702ecdfa74b49f3c9eaed37ed23b9d8f0064c66123eb0769c8671c6ff

Download Submit
\??\pipe\LOCAL\crashpad_924_HMBHDQPPLSTYOMZH

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit