Resubmissions

11-08-2024 08:57

240811-kwnd5ssgrq 8

11-08-2024 08:53

240811-ktthdasgml 8

11-08-2024 08:47

240811-kp4sjssflj 10

11-08-2024 08:37

240811-kjelgawfla 8

11-08-2024 08:32

240811-ke9k2sscqm 10

11-08-2024 08:29

240811-kdnl7awdrb 6

11-08-2024 08:26

240811-kbzxfawdlc 6

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    11-08-2024 08:29

General

  • Target

    MEMZ-Destructive.7z

  • Size

    17KB

  • MD5

    d91a65636b8d4b7437983e064e2580fa

  • SHA1

    2bfaf387d22b7e9c1a54c35d8ab33fa84006ece3

  • SHA256

    c547f9193b8fcb681dbb93968d54ac9912901097e1912ff7ad11c5a9ee13062c

  • SHA512

    0175a90f980354b6f9a0fb66be6672c18c03a33fb547a0a16d159f18745f59fc5f4d9dae69dfd4d3bcffbc1bd3bbc73901000931dc3c12b70dde6e4e72a92f9f

  • SSDEEP

    384:CxpNbARMGzvkdrUUAhybY4GfheFQb4M4ecf3iQ/FF87u20VoDWXeQT:Cxp6RLzMtUUVMsFQb4ycfiQ/o10XeQT

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 4 IoCs
  • NTFS ADS 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 22 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs
  • Suspicious use of FindShellTrayWindow 58 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\MEMZ-Destructive.7z
    1⤵
    • Modifies registry class
    PID:2648
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:5032
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:1940
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
      1⤵
      • Enumerates system info in registry
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:4012
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffefc453cb8,0x7ffefc453cc8,0x7ffefc453cd8
        2⤵
          PID:2792
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,6231273543987839800,4287206011311838187,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
          2⤵
            PID:448
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,6231273543987839800,4287206011311838187,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
            2⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:928
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,6231273543987839800,4287206011311838187,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2516 /prefetch:8
            2⤵
              PID:3052
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,6231273543987839800,4287206011311838187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
              2⤵
                PID:3092
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,6231273543987839800,4287206011311838187,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
                2⤵
                  PID:3568
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,6231273543987839800,4287206011311838187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
                  2⤵
                    PID:1564
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,6231273543987839800,4287206011311838187,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
                    2⤵
                      PID:4008
                    • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,6231273543987839800,4287206011311838187,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:4836
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,6231273543987839800,4287206011311838187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3816 /prefetch:1
                      2⤵
                        PID:3296
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,6231273543987839800,4287206011311838187,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4600 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:1120
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,6231273543987839800,4287206011311838187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
                        2⤵
                          PID:4664
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1900,6231273543987839800,4287206011311838187,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5568 /prefetch:8
                          2⤵
                            PID:4120
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1900,6231273543987839800,4287206011311838187,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4788 /prefetch:8
                            2⤵
                            • Modifies registry class
                            • Suspicious behavior: EnumeratesProcesses
                            PID:864
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,6231273543987839800,4287206011311838187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
                            2⤵
                              PID:4804
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,6231273543987839800,4287206011311838187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
                              2⤵
                                PID:5008
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,6231273543987839800,4287206011311838187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
                                2⤵
                                  PID:4980
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,6231273543987839800,4287206011311838187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
                                  2⤵
                                    PID:1692
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,6231273543987839800,4287206011311838187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
                                    2⤵
                                      PID:432
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,6231273543987839800,4287206011311838187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
                                      2⤵
                                        PID:3656
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,6231273543987839800,4287206011311838187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
                                        2⤵
                                          PID:4008
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,6231273543987839800,4287206011311838187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
                                          2⤵
                                            PID:3672
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,6231273543987839800,4287206011311838187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
                                            2⤵
                                              PID:2408
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,6231273543987839800,4287206011311838187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
                                              2⤵
                                                PID:2752
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,6231273543987839800,4287206011311838187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
                                                2⤵
                                                  PID:5076
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,6231273543987839800,4287206011311838187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
                                                  2⤵
                                                    PID:1968
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1900,6231273543987839800,4287206011311838187,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2480 /prefetch:8
                                                    2⤵
                                                    • NTFS ADS
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    PID:4792
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,6231273543987839800,4287206011311838187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1
                                                    2⤵
                                                      PID:1264
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1900,6231273543987839800,4287206011311838187,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6628 /prefetch:8
                                                      2⤵
                                                      • NTFS ADS
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      PID:2280
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,6231273543987839800,4287206011311838187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:1
                                                      2⤵
                                                        PID:2160
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1900,6231273543987839800,4287206011311838187,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:8
                                                        2⤵
                                                        • NTFS ADS
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        PID:2884
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1900,6231273543987839800,4287206011311838187,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6968 /prefetch:8
                                                        2⤵
                                                        • NTFS ADS
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        PID:1892
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,6231273543987839800,4287206011311838187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1
                                                        2⤵
                                                          PID:2280
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,6231273543987839800,4287206011311838187,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
                                                          2⤵
                                                            PID:5028
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,6231273543987839800,4287206011311838187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
                                                            2⤵
                                                              PID:3204
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,6231273543987839800,4287206011311838187,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1584 /prefetch:1
                                                              2⤵
                                                                PID:1452
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,6231273543987839800,4287206011311838187,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6208 /prefetch:2
                                                                2⤵
                                                                • Suspicious behavior: EnumeratesProcesses
                                                                PID:1708
                                                            • C:\Windows\System32\CompPkgSrv.exe
                                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                              1⤵
                                                                PID:2052
                                                              • C:\Windows\System32\CompPkgSrv.exe
                                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                1⤵
                                                                  PID:568

                                                                Network

                                                                MITRE ATT&CK Enterprise v15

                                                                Replay Monitor

                                                                Loading Replay Monitor...

                                                                Downloads

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                  Filesize

                                                                  152B

                                                                  MD5

                                                                  2ee16858e751901224340cabb25e5704

                                                                  SHA1

                                                                  24e0d2d301f282fb8e492e9df0b36603b28477b2

                                                                  SHA256

                                                                  e9784fcff01f83f4925f23e3a24bce63314ea503c2091f7309c014895fead33c

                                                                  SHA512

                                                                  bd9994c2fb4bf097ce7ffea412a2bed97e3af386108ab6aab0df9472a92d4bd94489bb9c36750a92f9818fa3ea6d1756497f5364611e6ebd36de4cd14e9a0fba

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                  Filesize

                                                                  152B

                                                                  MD5

                                                                  ea667b2dedf919487c556b97119cf88a

                                                                  SHA1

                                                                  0ee7b1da90be47cc31406f4dba755fd083a29762

                                                                  SHA256

                                                                  9e7e47ebf490ba409eab3be0314fa695bf28f4764f4875c7568a54337f2df70f

                                                                  SHA512

                                                                  832391afcac34fc6c949dee8120f2a5f83ca68c159ff707751d844b085c7496930f0c8fd8313fd8f10a5f5725138be651953934aa79b087ba3c6dd22eaa49c72

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5419c53a-e18a-4fcb-95ea-f3fa2ff80d34.tmp

                                                                  Filesize

                                                                  1KB

                                                                  MD5

                                                                  f6d4cbce20a64c97349349a3a5874e89

                                                                  SHA1

                                                                  128f6a503d23d37dc7dcadf200901063bc4e7f70

                                                                  SHA256

                                                                  eea65c813e12812c6b5d83017bb94ae390f46301cc5e95d3a6f738375c521bb6

                                                                  SHA512

                                                                  87ce8a56a8d2f5c32bb1bdec842bf3e2918acda2e2f7136653d0f3244d31214aa143e65ba684107d7ade8ef51cd905948edd8f1aac9516783467b2c8ffeb5816

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

                                                                  Filesize

                                                                  62KB

                                                                  MD5

                                                                  c3c0eb5e044497577bec91b5970f6d30

                                                                  SHA1

                                                                  d833f81cf21f68d43ba64a6c28892945adc317a6

                                                                  SHA256

                                                                  eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

                                                                  SHA512

                                                                  83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

                                                                  Filesize

                                                                  67KB

                                                                  MD5

                                                                  a074f116c725add93a8a828fbdbbd56c

                                                                  SHA1

                                                                  88ca00a085140baeae0fd3072635afe3f841d88f

                                                                  SHA256

                                                                  4cdcda7d8363be5bc824064259780779e7c046d56399c8a191106f55ce2ed8a6

                                                                  SHA512

                                                                  43ed55cda35bde93fc93c408908ab126e512c45611a994d7f4e5c85d4f2d90d573066082cb7b8dffce6a24a1f96cd534586646719b214ac7874132163faa5f28

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

                                                                  Filesize

                                                                  41KB

                                                                  MD5

                                                                  a7ee007fb008c17e73216d0d69e254e8

                                                                  SHA1

                                                                  160d970e6a8271b0907c50268146a28b5918c05e

                                                                  SHA256

                                                                  414024b478738b35312a098bc7f911300b14396d34718f78886b5942d9afe346

                                                                  SHA512

                                                                  669bec67d3fc1932a921dd683e6acfdf462b9063e1726770bae8740d83503a799c2e30030f2aca7ec96df0bfd6d8b7f999f8296ee156533302161eb7c9747602

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

                                                                  Filesize

                                                                  19KB

                                                                  MD5

                                                                  2e86a72f4e82614cd4842950d2e0a716

                                                                  SHA1

                                                                  d7b4ee0c9af735d098bff474632fc2c0113e0b9c

                                                                  SHA256

                                                                  c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

                                                                  SHA512

                                                                  7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

                                                                  Filesize

                                                                  88KB

                                                                  MD5

                                                                  b38fbbd0b5c8e8b4452b33d6f85df7dc

                                                                  SHA1

                                                                  386ba241790252df01a6a028b3238de2f995a559

                                                                  SHA256

                                                                  b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

                                                                  SHA512

                                                                  546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

                                                                  Filesize

                                                                  65KB

                                                                  MD5

                                                                  56d57bc655526551f217536f19195495

                                                                  SHA1

                                                                  28b430886d1220855a805d78dc5d6414aeee6995

                                                                  SHA256

                                                                  f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

                                                                  SHA512

                                                                  7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

                                                                  Filesize

                                                                  1.2MB

                                                                  MD5

                                                                  9f8f80ca4d9435d66dd761fbb0753642

                                                                  SHA1

                                                                  5f187d02303fd9044b9e7c74e0c02fe8e6a646b7

                                                                  SHA256

                                                                  ab481b8b19b3336deda1b9ad4680cce4958152c9f9daa60c7bd8eb6786887359

                                                                  SHA512

                                                                  9c0de8e5bf16f096bf781189d813eeb52c3c8ec73fc791de10a8781e9942de06ed30ff5021ab7385c98686330049e3e610adc3e484e12ef807eec58607cfae63

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

                                                                  Filesize

                                                                  43KB

                                                                  MD5

                                                                  209af4da7e0c3b2a6471a968ba1fc992

                                                                  SHA1

                                                                  2240c2da3eba4f30b0c3ef2205ce7848ecff9e3f

                                                                  SHA256

                                                                  ecc145203f1c562cae7b733a807e9333c51d75726905a3af898154f3cefc9403

                                                                  SHA512

                                                                  09201e377e80a3d03616ff394d836c85712f39b65a3138924d62a1f3ede3eac192f1345761c012b0045393c501d48b5a774aeda7ab5d687e1d7971440dc1fc35

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

                                                                  Filesize

                                                                  73KB

                                                                  MD5

                                                                  cf604c923aae437f0acb62820b25d0fd

                                                                  SHA1

                                                                  84db753fe8494a397246ccd18b3bb47a6830bc98

                                                                  SHA256

                                                                  e2b4325bb9a706cbfba8f39cca5bde9dae935cbb1d6c8a562c62e740f2208ab4

                                                                  SHA512

                                                                  754219b05f2d81d11f0b54e5c7dd687bd82aa59a357a3074bca60fefd3a88102577db8ae60a11eb25cc9538af1da39d25fa6f38997bdc8184924d0c5920e89c8

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

                                                                  Filesize

                                                                  27KB

                                                                  MD5

                                                                  c3bd38af3c74a1efb0a240bf69a7c700

                                                                  SHA1

                                                                  7e4b80264179518c362bef5aa3d3a0eab00edccd

                                                                  SHA256

                                                                  1151160e75f88cbc8fe3ada9125cc2822abc1386c0eab7a1d5465cfd004522c8

                                                                  SHA512

                                                                  41a2852c8a38700cf4b38697f3a6cde3216c50b7ed23d80e16dea7f5700e074f08a52a10ba48d17111bb164c0a613732548fe65648658b52db882cacb87b9e8e

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

                                                                  Filesize

                                                                  36KB

                                                                  MD5

                                                                  01369d5062d49b270c8dd6ab535bc403

                                                                  SHA1

                                                                  39c654df64cd7386081da8108f23573f331debab

                                                                  SHA256

                                                                  ed672ed37bfdadddb835de8c346655a17b653094197a2d6080e6777fa59785ea

                                                                  SHA512

                                                                  de704934135717cb62e4d15ef1666e78b3d43c17ff5d50b279c21a5318ac2ce0cea88ebeb17b66f4668e1ca1a8801bdd6bab0194b157b1da6bd90c71b29da08e

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

                                                                  Filesize

                                                                  40KB

                                                                  MD5

                                                                  3051c1e179d84292d3f84a1a0a112c80

                                                                  SHA1

                                                                  c11a63236373abfe574f2935a0e7024688b71ccb

                                                                  SHA256

                                                                  992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3

                                                                  SHA512

                                                                  df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

                                                                  Filesize

                                                                  53KB

                                                                  MD5

                                                                  68f0a51fa86985999964ee43de12cdd5

                                                                  SHA1

                                                                  bbfc7666be00c560b7394fa0b82b864237a99d8c

                                                                  SHA256

                                                                  f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f

                                                                  SHA512

                                                                  3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

                                                                  Filesize

                                                                  37KB

                                                                  MD5

                                                                  a2ade5db01e80467e87b512193e46838

                                                                  SHA1

                                                                  40b35ee60d5d0388a097f53a1d39261e4e94616d

                                                                  SHA256

                                                                  154a7cfc19fb8827601d1f8eda3788b74e2018c96779884b13da73f6b1853a15

                                                                  SHA512

                                                                  1c728558e68ed5c0a7d19d8f264ad3e3c83b173b3e3cd5f53f5f3b216ed243a16944dbe6b2159cfe40ee4a3813ca95a834f162073a296b72bbdedc15546be8f8

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

                                                                  Filesize

                                                                  37KB

                                                                  MD5

                                                                  93acf02790e375a1148c9490557b3a1d

                                                                  SHA1

                                                                  78a367c8a8b672dd66a19eb823631e8990f78b48

                                                                  SHA256

                                                                  4f2513f353c2cdd3177e3890f216ea666e4eb99477a56a97ff490f69a9833423

                                                                  SHA512

                                                                  e6354f4e4d35e9b936a7ddaebdd6527c37e6248c3f2d450c428903a32d77439cab78020a45834379cf814a79149c3dddf4e1280b9d06a7f972e5f8e61c463d6e

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

                                                                  Filesize

                                                                  21KB

                                                                  MD5

                                                                  a6d2a865e9f16ea305950181afef4fcf

                                                                  SHA1

                                                                  082145d33593f3a47d29c552276c88cf51beae8e

                                                                  SHA256

                                                                  2e5d94863281987de0afa1cfd58c86fde38fd3677c695268585161bc2d0448a2

                                                                  SHA512

                                                                  6aa871d6b2b0d1af0bda0297d164e2d685bc53f09983e5a4e1205f4eb972a2017323c99c3cc627c3fb01381b66816e570f61d013d3775cddad285ac1b604cdc9

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

                                                                  Filesize

                                                                  20KB

                                                                  MD5

                                                                  c4b8e9bc1769a58f5265bbe40f7785ef

                                                                  SHA1

                                                                  07ff14df16d4b882361e1a0be6c2f10711ddce50

                                                                  SHA256

                                                                  2786986a3139e9722e667f81b4902609a4cf458e1c16206cd11feceee0254192

                                                                  SHA512

                                                                  a39157460b523ee2b9e1eacccf7aed99ff002767a8f87287c1c4662b6711b97f7d4955df64a86a882417fe71e598719e3934e14f787c1e6b3348c8a4c813e3ad

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

                                                                  Filesize

                                                                  18KB

                                                                  MD5

                                                                  2e23d6e099f830cf0b14356b3c3443ce

                                                                  SHA1

                                                                  027db4ff48118566db039d6b5f574a8ac73002bc

                                                                  SHA256

                                                                  7238196a5bf79e1b83cacb9ed4a82bf40b32cd789c30ef790e4eac0bbf438885

                                                                  SHA512

                                                                  165b1de091bfe0dd9deff0f8a3968268113d95edc9fd7a8081b525e0910f4442cfb3b4f5ac58ecfa41991d9dcabe5aa8b69f7f1c77e202cd17dd774931662717

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

                                                                  Filesize

                                                                  57KB

                                                                  MD5

                                                                  919d13ecf08e3da7e9f337e7b60d6dec

                                                                  SHA1

                                                                  3d9bd4aa100f69cf46ad175259edd6ce9864830c

                                                                  SHA256

                                                                  9d4575044d2efd5e90503beda65571b5158a3f32d999191ac1f82d1a5ee62ad0

                                                                  SHA512

                                                                  98d8236ed1c44826b4489b9fb7b76c62502a032547374446c53dcf2eee2f5fe3548c6587fce66df9d075294bc2ab6be97c3cb21457bc899451ebd3b476715985

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

                                                                  Filesize

                                                                  17KB

                                                                  MD5

                                                                  109a8cceba33695698297e575e56bfad

                                                                  SHA1

                                                                  2b8c6dce1ccd21a6eea2dd9aef2a8a6bde389053

                                                                  SHA256

                                                                  dd82d9ac034f0a06524fc1d5ef884c29a7e4d586a1e7db66e339dc54fac3636d

                                                                  SHA512

                                                                  6d51ed30c45560838df921212370a0044640a8e3c0433922106225cb6fec8cc115ac6191c753da13def21c4e0db4deb5782fb7a75ada822ced1db7c7d13beaf3

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

                                                                  Filesize

                                                                  19KB

                                                                  MD5

                                                                  f5b631335f170065edf1b148e10b34d4

                                                                  SHA1

                                                                  ca34f82af577fec763ed38f0436d20f1cf766f62

                                                                  SHA256

                                                                  99be964ed51ca453ccfaa264a1ea9490da11e32b53765919172b6d3749a9f846

                                                                  SHA512

                                                                  c66791cbdc7c0d12e7295eb26eb583b26e03692c8986ab7d5dac0e6a561b8b68a8a9e33814121efc700ff6b472aa4f685162b0c75439b144f12286c9e28c7cc7

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

                                                                  Filesize

                                                                  53KB

                                                                  MD5

                                                                  cfff8fc00d16fc868cf319409948c243

                                                                  SHA1

                                                                  b7e2e2a6656c77a19d9819a7d782a981d9e16d44

                                                                  SHA256

                                                                  51266cbe2741a46507d1bb758669d6de3c2246f650829774f7433bc734688a5a

                                                                  SHA512

                                                                  9d127abfdf3850998fd0d2fb6bd106b5a40506398eb9c5474933ff5309cdc18c07052592281dbe1f15ea9d6cb245d08ff09873b374777d71bbbc6e0594bde39b

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

                                                                  Filesize

                                                                  137KB

                                                                  MD5

                                                                  a336ad7a2818eb9c1d9b7d0f4cc7d456

                                                                  SHA1

                                                                  d5280cb38af2010e0860b7884a23de0484d18f62

                                                                  SHA256

                                                                  83bdfb7d266fd8436312f6145c1707ddf0fb060825527acfe364c5db859887a3

                                                                  SHA512

                                                                  fa69455b3bfc162ab86a12332fe13322dfd8749be456779c93a6ab93e1d628e246a31a0a55cdba0c45adb3085acd62ba0a094b2115529d70cb9f693f3b1da327

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

                                                                  Filesize

                                                                  23KB

                                                                  MD5

                                                                  de8c6574e9057e4b6ea7b9437db4b9d5

                                                                  SHA1

                                                                  265d520b6a04b434f5c3fc8c28debac183898db2

                                                                  SHA256

                                                                  51f281fe367854904b3db4b6f4cd70ccf90414335716482aceef382c536ae746

                                                                  SHA512

                                                                  cc8791772d03ee3f4b13654d2bd3354ab1ec28322ae3522187603bde00b1a5d940e99e62dda0fd3a7faf0ba9c3cd42425d0e64196f954bdb93c979f5e990e7dc

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

                                                                  Filesize

                                                                  23KB

                                                                  MD5

                                                                  bc715e42e60059c3ea36cd32bfb6ebc9

                                                                  SHA1

                                                                  b8961b23c29b9769100116ba0da44f13a24a3dd4

                                                                  SHA256

                                                                  110ccd760150c6ac29c987ee2b8f7c56772036f6fe74ff2fb56c094849912745

                                                                  SHA512

                                                                  5c0edd336a6d892f0163aa183e5482313dd86f9f5b2d624b3c4529692d70720f4823808f10ee7870fd9368b24de752b343570419fd244c33ad2d9cc86007bedc

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

                                                                  Filesize

                                                                  18KB

                                                                  MD5

                                                                  5b094f098b1a9a5502e52eb891a7fcac

                                                                  SHA1

                                                                  3716b5c86a81f93714cf34d71aa1351d48fe7fda

                                                                  SHA256

                                                                  e498841db854ed25757c5faf23bd2de38a5a4592cf0bbe2ff8ce07f039b00618

                                                                  SHA512

                                                                  8b18ee8fadc56a37e8a86d94d09923f8e83f0e7f9a543a7c046cd3499bf4eb8e83010fa35d8e20e7b27b1d06d4b3e80c240f2ab2e615aa3bd2bcc318ff895e3f

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                  Filesize

                                                                  4KB

                                                                  MD5

                                                                  9f22b9933a98fd75e82294048f2c9dce

                                                                  SHA1

                                                                  ad772879e7fd68c96c1c8b2fd2fd7c183c3776a9

                                                                  SHA256

                                                                  c9c3c5f7bd3f79cb7672f8aacfa4aa76ab732ea41ffabc81ed13717b2a716dfb

                                                                  SHA512

                                                                  73c8e0a7d183adaca1e36c45a6ccd0afa5f181993bf5cdd3aaa63637bb8bda29087dd5e3d7dc3c3c3880a08a04a85a9a5e0501e2ca4d5a7d9ba1ca1116867227

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                  Filesize

                                                                  111B

                                                                  MD5

                                                                  285252a2f6327d41eab203dc2f402c67

                                                                  SHA1

                                                                  acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                                                  SHA256

                                                                  5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                                                  SHA512

                                                                  11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                  Filesize

                                                                  1KB

                                                                  MD5

                                                                  2f942eaff256f4d80fc5ab3c8bccb375

                                                                  SHA1

                                                                  3442ccac5dfe85ded84938653437fe4ba603c1fb

                                                                  SHA256

                                                                  981752cbd7db6ff2a93a08ce55f430eee67aa11819e1da321e530180919a8cb1

                                                                  SHA512

                                                                  907d982830237c7fc58030858a6177d15cea688f3a342e98744aa51ae52ad53c267f2808b939afde46d84eb7a3add60b701862c660500756f61148eb8a155761

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                  Filesize

                                                                  5KB

                                                                  MD5

                                                                  dbfc425b68ce75c9779d93359c340dcb

                                                                  SHA1

                                                                  0b1658594042007ab96cd8aff8c6d7eb58e3c226

                                                                  SHA256

                                                                  6e4ae7b728b5b80ac357e7c17f8d298d1142875dd1c646344edbebd1e291f308

                                                                  SHA512

                                                                  c51e92d5a6cd405be84cd9ead19c5d28e1e02a58c4526ecc30ec29d8499ee52327498a738800d07eb41ac6f753743b2ea3709274f3e8d28bbfa5235eb852cad9

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                  Filesize

                                                                  6KB

                                                                  MD5

                                                                  302fe85efbcccaa3a1c2bd9acd972999

                                                                  SHA1

                                                                  8a06c3a94bf24753d3140e6705a91d87301b8221

                                                                  SHA256

                                                                  0f9e4897da245482efb6630d396af44a834b0ebb0e6ff8eea1045f24c5aebc49

                                                                  SHA512

                                                                  5245eb19d31143d5c0f45abe96d0614b2f95d94e201deccc1bac65654b256bc4e77ae9e396f35d6c09758e008653b291e84136cdccd0b7d5968eef48c07a759c

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                  Filesize

                                                                  6KB

                                                                  MD5

                                                                  47d7ad12eeaccbbb6db766097da80b97

                                                                  SHA1

                                                                  ad5ef535b639a5adbaa873441cb0038ab25ad555

                                                                  SHA256

                                                                  c35aefdff2aee70176e81bbdc03dc98e2e7bd7e36fbb2de442ccf6736f294e5f

                                                                  SHA512

                                                                  cafa29cc48347167e222602ce6ee2bd0f5642407937684598418a21bed5e6a3776f12d6b1b0878bb1380eaa919d0c7143d87ea244a16dd1125764f2d1ecca28f

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                  Filesize

                                                                  6KB

                                                                  MD5

                                                                  a85855e7df4982930c4e28280a215c61

                                                                  SHA1

                                                                  55e09cc2213c8798cf2ae8d6f8bc5c041191259e

                                                                  SHA256

                                                                  c099fe738c2e3088eb6f95228c0ceaedff46a690c13ab0e58ceb41c5688f01ed

                                                                  SHA512

                                                                  a8bfaa0fd63b0545dd6ee65b9d247a254c76adfaadeff6c9253cf8eadbcc99e50263356e45b279b80fb7e8f4361614c96228fa3c073996340f1b5a9a109ff570

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                  Filesize

                                                                  1KB

                                                                  MD5

                                                                  1495ea6540a2644e7b632ff6ce8bd8f0

                                                                  SHA1

                                                                  e64c7a0d95ce60169b763649418e99128cb46b43

                                                                  SHA256

                                                                  2f51d562337460a058948005e149086da7210701d8f9dbba543968c3091cdeaa

                                                                  SHA512

                                                                  5ffd88a2e01251028c0f8554babe75c3101bf395f4148b54b210729077660240e08b542371e3d608c202594e084f432222fc049917f54cb32ee9d38ffab68456

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                  Filesize

                                                                  1KB

                                                                  MD5

                                                                  e26fb1bf233fa41269d50bad171088db

                                                                  SHA1

                                                                  be2b2fbabec60e9f6560e4d54fae7ba97a1e86a1

                                                                  SHA256

                                                                  33b3e1eac6ec40c42f4353aa843b8c3e6437a0409e68d4f574725a790660a216

                                                                  SHA512

                                                                  f1f8c76e485ee54e6264da52535131a44bb8b708917a14ade459167794e3c36885e4366b0ade1bcdc120a9dc1cad0a3f500655c3b3eee9024f0b5bd19911f66c

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                  Filesize

                                                                  1KB

                                                                  MD5

                                                                  be15a096c9f8453ddc1e8213710286ee

                                                                  SHA1

                                                                  ae572c4d16a1a37e67bf4ffeeba013f3a212dc5a

                                                                  SHA256

                                                                  fa64ce6668ff20e14e03c309a6bed0978cb7a37b405ce585691cbb308de949a2

                                                                  SHA512

                                                                  1cf48d3e3b534acac5136236376c20b92a82960aa5d869f5fb4449fc3b20499020eb08ca5f657d9011e8ae69ea71436b0c79b19f6049fbbc53108b9a95d4471d

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                  Filesize

                                                                  1KB

                                                                  MD5

                                                                  d861108592833ba2ff77dbcaa9db2e73

                                                                  SHA1

                                                                  05ca564b1c4f2cd08e678ff05f3794d0fb0eb8fe

                                                                  SHA256

                                                                  2fd9b0af74aaa6f7c904e57e07efea3c90e275c21f11fef5f027a30de8411b96

                                                                  SHA512

                                                                  af3fb821a75661b065effec6ee8b017be1e2d7d6b735df314fc5e551c7f921e7889db1c5cfa82d993d85c4b439d5ed0b7a17ef1762f23cda9fa4cbc5e9c257c5

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                  Filesize

                                                                  1KB

                                                                  MD5

                                                                  b153395b9ef35863f2b93c5a98aa0a22

                                                                  SHA1

                                                                  92afd67900b9b54af7300ec55b77e70b5d478155

                                                                  SHA256

                                                                  339a02bb51606455cedbeea953c0b1b7acc975f49e782acfc01b49303331e4e6

                                                                  SHA512

                                                                  98f6483fb143f031bfca3e9f7e29c5e8aa64d02a063690a5383b16a005bafefc8b8b8a556991e419202e30d642be0e9504dcd0e96f288bee760b48dfcdd36ef7

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58722d.TMP

                                                                  Filesize

                                                                  1KB

                                                                  MD5

                                                                  9402323a40000d8cd5c5c91fffdb997a

                                                                  SHA1

                                                                  71b7ba4945e938fd61dcc68812fa9f78308b6c34

                                                                  SHA256

                                                                  71597d235e2b3cbcab74edc543039698c4865c700ef21354402f021f0d7218d9

                                                                  SHA512

                                                                  e707fc1fd4e396d1fead07a571ac4336fc7574a545ea5c0a967dd384b9d294fbcd035f83f4e48102c4378bb330e230085b383c3f65af93f2baf36c523bc9ea80

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ca2007ca-01fa-4c25-a651-1200a640fdcc.tmp

                                                                  Filesize

                                                                  1KB

                                                                  MD5

                                                                  e1d5c128bf946d34d4e2f7e9c85bfef9

                                                                  SHA1

                                                                  1983e395d5fb4b2c94556623f54578f530e43f78

                                                                  SHA256

                                                                  08070c8f9939fed9cc730bfd7115840b8ca5816988b71deca047003320c2cb7d

                                                                  SHA512

                                                                  cbc6481a5e334dc6fc12a2981704a856654289a768202cdc28a7dc183e5cb6a3eb8dcf4f9d5d5b11e079d58e1becb3cbe25cc30bac05bc6482c05356366c4932

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                  Filesize

                                                                  16B

                                                                  MD5

                                                                  6752a1d65b201c13b62ea44016eb221f

                                                                  SHA1

                                                                  58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                  SHA256

                                                                  0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                  SHA512

                                                                  9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                  Filesize

                                                                  11KB

                                                                  MD5

                                                                  33fb8e6421fff9596e7bddd22d187f9c

                                                                  SHA1

                                                                  50f2654155e1fd7297d486a2ba90df1625d46641

                                                                  SHA256

                                                                  fc5ed92d422361d9142e5e71acd2803da92abc61d6f4a4a73eeed6a86c247a06

                                                                  SHA512

                                                                  6c45fc2e3b33a0f4d2d9c91576d723f0d33080dcdeb47fb3807f0fb1cb27150a3da07d66eee75502a48977ad8c405dfcfc99528e354e3d8ceccb3fcefb63e3ba

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                  Filesize

                                                                  11KB

                                                                  MD5

                                                                  90e953f4e9b364d142e0faefca0bd1d6

                                                                  SHA1

                                                                  58d65da228bd4f9b8703af5981d31af83835f9e2

                                                                  SHA256

                                                                  dd7eb12ab25ec77ff0bcb587ca7a4c99ed89d574ee43847a60a1173c533f0348

                                                                  SHA512

                                                                  c799c12bb1e15bedbe40e7d74a85dc503c9b1d1500d662f1daf7f9510c1e262c2a01b32e6aa9552cd507f20300ae015d8bd3b6409fd843fc62c128fe58cf6415

                                                                • C:\Users\Admin\Downloads\Ransomware.Cryptowall (1).zip:Zone.Identifier

                                                                  Filesize

                                                                  132B

                                                                  MD5

                                                                  a59d2d2bde25b6ccf93c437d18a07558

                                                                  SHA1

                                                                  a3219af3bfbd0ab68830c16945960e933b06d8f3

                                                                  SHA256

                                                                  3de6b27eb322c460f11b97c7e7cf107db396ff2e711574958c62e3b9bde76344

                                                                  SHA512

                                                                  6dbd5cd26091452620f885b23367da35066aa504a3be830f9184b3961372de7664efdbddfbc157deac5743b660b7c768c503f05a8e598dbaa106462a0c6d8c0b

                                                                • C:\Users\Admin\Downloads\Ransomware.Cryptowall.zip

                                                                  Filesize

                                                                  100KB

                                                                  MD5

                                                                  8710ea46c2db18965a3f13c5fb7c5be8

                                                                  SHA1

                                                                  24978c79b5b4b3796adceffe06a3a39b33dda41d

                                                                  SHA256

                                                                  60d574055ae164cc32df9e5c9402deefa9d07e5034328d7b41457d35b7312a0e

                                                                  SHA512

                                                                  c71de7a60e7edeedbdd7843a868b6f5a95f2718f0f35d274cf85951ee565ef3ba1e087881f12aeede686ce6d016f3fd533b7ef21d878a03d2455acc161abf583

                                                                • C:\Users\Admin\Downloads\Ransomware.Cryptowall.zip:Zone.Identifier

                                                                  Filesize

                                                                  55B

                                                                  MD5

                                                                  0f98a5550abe0fb880568b1480c96a1c

                                                                  SHA1

                                                                  d2ce9f7057b201d31f79f3aee2225d89f36be07d

                                                                  SHA256

                                                                  2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

                                                                  SHA512

                                                                  dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

                                                                • C:\Users\Admin\Downloads\Ransomware.WannaCry (1).zip:Zone.Identifier

                                                                  Filesize

                                                                  26B

                                                                  MD5

                                                                  fbccf14d504b7b2dbcb5a5bda75bd93b

                                                                  SHA1

                                                                  d59fc84cdd5217c6cf74785703655f78da6b582b

                                                                  SHA256

                                                                  eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                                                                  SHA512

                                                                  aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                                                                • C:\Users\Admin\Downloads\Ransomware.WannaCry.zip

                                                                  Filesize

                                                                  3.3MB

                                                                  MD5

                                                                  efe76bf09daba2c594d2bc173d9b5cf0

                                                                  SHA1

                                                                  ba5de52939cb809eae10fdbb7fac47095a9599a7

                                                                  SHA256

                                                                  707a9f323556179571bc832e34fa592066b1d5f2cac4a7426fe163597e3e618a

                                                                  SHA512

                                                                  4a1df71925cf2eb49c38f07c6a95bea17752b025f0114c6fd81bc0841c1d1f2965b5dda1469e454b9e8207c2e0dfd3df0959e57166620ccff86eeeb5cf855029

                                                                • C:\Users\Admin\Downloads\Ransomware.WannaCry.zip:Zone.Identifier

                                                                  Filesize

                                                                  236B

                                                                  MD5

                                                                  62e410d1b07b8752b12f50f05b9486d7

                                                                  SHA1

                                                                  40dd9def7a0c66e7e64a475c95d4cca19b1ada43

                                                                  SHA256

                                                                  6c426cccf12b817b4c1353d24549360d8696c2821dfef95ae30a46a37d447901

                                                                  SHA512

                                                                  f09045dfef5c0c4c82e1983f67a228f12f91fc328d47b67a0bfe8c8837fd873ed50ab0256ee0b3bafaa99512b8be4bfc65ab7ab6b04147a5da6a2888d868928b