hxxps://github[.]com/Da2dalus/The-MALWARE-Repo

Resubmissions

09-09-2024 23:31

240909-3h687sxfqg 10

09-09-2024 23:24

240909-3dy22avhrp 8

09-09-2024 01:57

240909-cdp61syfnf 10

Analysis

max time kernel
208s
max time network
206s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
09-09-2024 23:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Da2dalus/The-MALWARE-Repo

Score

8^/10

defense_evasion discovery

Malware Config

Signatures

Downloads MZ/PE file
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

2 raw.githubusercontent.com
31 raw.githubusercontent.com
Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
defense_evasion

SIP and Trust Provider Hijacking
T1553.003

Processes:

msedge.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\BadRabbit.exe:Zone.Identifier msedge.exe
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

flow	ioc
2	raw.githubusercontent.com
31	raw.githubusercontent.com

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\BadRabbit.exe:Zone.Identifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 6 IoCs

Processes:

msedge.exemsedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 106692.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 481833.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 916485.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\BadRabbit.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 403412.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 381838.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4860	msedge.exe
4860	msedge.exe
5204	msedge.exe
5204	msedge.exe
5524	msedge.exe
5524	msedge.exe
1576	identity_helper.exe
1576	identity_helper.exe
4360	msedge.exe
4360	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

Processes:

msedge.exe

pid	process
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exe

pid	process
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid	process
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 5204 wrote to memory of 3364	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 3364	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 4872	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 4872	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 4872	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 4872	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 4872	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 4872	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 4872	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 4872	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 4872	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 4872	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 4872	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 4872	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 4872	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 4872	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 4872	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 4872	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 4872	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 4872	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 4872	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 4872	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 4872	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 4872	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 4872	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 4872	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 4872	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 4872	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 4872	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 4872	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 4872	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 4872	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 4872	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 4872	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 4872	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 4872	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 4872	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 4872	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 4872	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 4872	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 4872	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 4872	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 4860	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 4860	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 3500	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 3500	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 3500	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 3500	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 3500	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 3500	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 3500	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 3500	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 3500	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 3500	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 3500	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 3500	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 3500	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 3500	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 3500	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 3500	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 3500	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 3500	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 3500	5204	msedge.exe	msedge.exe
PID 5204 wrote to memory of 3500	5204	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Da2dalus/The-MALWARE-Repo
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa5ca33cb8,0x7ffa5ca33cc8,0x7ffa5ca33cd8
  2⤵
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,8275793349898146841,13598046685405388683,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,8275793349898146841,13598046685405388683,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1936,8275793349898146841,13598046685405388683,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
  2⤵
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,8275793349898146841,13598046685405388683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,8275793349898146841,13598046685405388683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,8275793349898146841,13598046685405388683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4552 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,8275793349898146841,13598046685405388683,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2100 /prefetch:1
  2⤵
  PID:5660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,8275793349898146841,13598046685405388683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,8275793349898146841,13598046685405388683,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1936,8275793349898146841,13598046685405388683,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5524
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,8275793349898146841,13598046685405388683,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5884 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,8275793349898146841,13598046685405388683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1936,8275793349898146841,13598046685405388683,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6140 /prefetch:8
  2⤵
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1936,8275793349898146841,13598046685405388683,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,8275793349898146841,13598046685405388683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2360 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1936,8275793349898146841,13598046685405388683,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4836 /prefetch:8
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1936,8275793349898146841,13598046685405388683,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6440 /prefetch:8
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,8275793349898146841,13598046685405388683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1936,8275793349898146841,13598046685405388683,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5552 /prefetch:8
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,8275793349898146841,13598046685405388683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:1
  2⤵
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,8275793349898146841,13598046685405388683,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6256 /prefetch:2
  2⤵
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,8275793349898146841,13598046685405388683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,8275793349898146841,13598046685405388683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,8275793349898146841,13598046685405388683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2784 /prefetch:1
  2⤵
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,8275793349898146841,13598046685405388683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,8275793349898146841,13598046685405388683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1328 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,8275793349898146841,13598046685405388683,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,8275793349898146841,13598046685405388683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,8275793349898146841,13598046685405388683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:1
  2⤵
  PID:5768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,8275793349898146841,13598046685405388683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7068 /prefetch:1
  2⤵
  PID:4372

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4372

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CDE89F9DCB25D8AC547E3CEFDA4FB6C2_EFB75332C2EEE29C462FC21A350076B8

Filesize
5B

MD5
5bfa51f3a417b98e7443eca90fc94703

SHA1
8c015d80b8a23f780bdd215dc842b0f5551f63bd

SHA256
bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128

SHA512
4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c32b6fc873c040253034fe4bf5037bd0

SHA1
fc58579eb5bf46c8d5246a45abae3566898c2e27

SHA256
8d59014ec29aebf56b641a018b29b6c64e33764d7a2262283ce51319071f930c

SHA512
e8ba0e9e78bc58b3d6d671a1e693cbe81745f000daaf281cc6aa6c591ae261b981f704e3dcb32f0fef87424aab0f42e4cfe40e445d8ef5a529c7bfda8ac510f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f74f80cd052dc4903da98dd6916f375d

SHA1
3e3512884ee41291824b30b256670b3d0a1c8d40

SHA256
d9589878daebff7c0991b2007a7af982f4760512545b4e331708f3f3308447ac

SHA512
bd186699a85c91cda88df15ebee640f99b55ff168e228dd0de8d7416d62de1bcb57e88beb3b12ce74a54a9c7491934ef3dd5fdd6b92ab5c909f129b419d96b77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
7df11c32a7d6751c73f16f54aed1423e

SHA1
10b3119ffa2394d4abf36c77b6962459f3d8bf8d

SHA256
af52af0f31bc027a5d722d52dc00553039f5a8aed3ff22626d2f2a4161090d42

SHA512
6106e1de36454bb4ee3f71db8049001245c42935e8c8e40a0dcd092c42aa3397c2513479560bfd831dc7fb08bf28def44e97745b4241abfd66d699a4f00274d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e41dea61e54e0a0d8cf2aff051ad9cce

SHA1
01dc28e375956a881a8058303c3d5d2612044177

SHA256
c0f8ebdcb452e075d4eeac835b54144178a629f0c92ad1d3242669e2a84b558e

SHA512
fc8a448c6f2cf089ec2eaaad63a9dc27136565a60b74f2d0a15dd233bb3e4f84c8850851b1b13b2c10cb06267424e8a176fcb29eaf673fe10355010dac68454f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
579B

MD5
65141ee7de186b38be5e1fdaddb3d501

SHA1
455647ecf2fe6d59ac8b378758eb06b9b7a4e69c

SHA256
534e5e7800ffb87965af22f5b6137df74b4cf5ab7c061b0a325bb5f62c157465

SHA512
d0625d5c88c342ebf59235de6d9ce14e2e9c054d6aa15cc3658a8f9fd913642374f817c41d594b77bdd17218b063047a572d1eaf4ff5c33f638550dfb9f14b37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
649B

MD5
ae36c921a4127b670e423643a25b9163

SHA1
9f2e7951ab7e386ba88b3b959f5ec9f6135e23ed

SHA256
ddde7101dcd853d8558541fde2b918ef972f13db70c565b3c487abb55de085b3

SHA512
d9cea27631b911013a266f533473c1dc32e466d8ffaa3c34c441a7a49dbd3c2c391acfe575dea5393d64318efca2d4469eb07aa39e60469b83b92ab38d202db2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
542be2bab7a0e9ee53c2694fea3ff556

SHA1
b8054ac64dea909c59e3842d2d8307fde74d11d3

SHA256
50cefe1490adf1df7dcff34fca9abdf62e1fa5c8f34cf9ccbb8a308f1cb8a631

SHA512
7a17bfbb81a1a9d79312f1c460458373e406be6a9b16d4038fce2ce6343d6c1077c11a3bea34f2997f72013304e60dcae9b161564462947647b82eb751b72a2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0870526f91d089cfd784d39255098724

SHA1
6719344195a19ca63a65db4ffa0b769d7350fcb9

SHA256
9efc6e20e112ab646f766a1e38445b1e287094c1af64695e6abd18b8fb26a28a

SHA512
a1e94b9d4d6a908b0a203a77bc3bea309d34c3132f91cc96fc00bcff46e8ebb846928146a654d12c06319b79c28fa4721e45a718ba53d449996b1dc91bdf0551

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d05df7e08ee11ab1157ecf93b5e4c26a

SHA1
80c04ee380b4262c5e424ef0a7e1645e0fd40d62

SHA256
7860a90b5a7446e1c853f9182edb560ed115f727760a507fcddbc8fc18bd4940

SHA512
b31fd9076f73105602d3bdadab3ad361faf33fa2603ad3d11aa466d30e1042cc20e7e96247ccc8716babadd143cb2bb67dddfe6007b419c0a7b4ddad84db845e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4d05177de66c7ba71ecbc45787c113ac

SHA1
49295328d86e1efe9dd8b205013e2a1a5dda67c2

SHA256
8eb9317e5c94b76909144ca9fb943634e98ad2ec802e50ccb20755a0ff181f6c

SHA512
cc82d520a3ac25d1273fde18d45ae0b1d1cbbe3b932808a966b940ba10e7a4efc83a56f0f0b8b8f8724b6abd32e66ffe882040a43e9fde4b05e05bd7a4007cde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f7f6303923bff71f50b4abac0b87e78f

SHA1
457ff75f92bbe6265e49feb6839751878d2a24a2

SHA256
27d52eee4c7384437b4b7f6c3267b1635d04a109b17690d6b07bac32870b6737

SHA512
938859e2066909933f3b67862c121e4090c29bc61c4dbe04d922c6669feea04c2771a209a4618f553937cdf1cadad5167a9a1a8e9fa26aa73d9a652339b54dc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
aefee6bf88386f0eaa8188efb9c3f740

SHA1
dc9f6b70323df5000a06c2a0bc87e7a3e72eebb0

SHA256
07a57c6cfa0e39fc375939c8bca6f0126d59ee76e3716e640a5e7ece023a4919

SHA512
993e8bd9e7d7a7d76e614b9ff93a6ee44d45baea116eb14b4e8da12fdbfed04c0af1c6d88652d6d10a35ddc716af9aba86407e33f8ad561e6450d48f9fbc0592

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9bc43f87a3496e9ee3e9e0ae9732e6e4

SHA1
e0aaf7a6edd519d3f69e8bcff23148eb2f8ecba5

SHA256
cbf262b3d08f79e3e35c47e240f77ca88e9d141c91f635f6adb3b59fdea15ec9

SHA512
19feee8b8feed0fc6c2da613cc5c35353c1c005beda462c07ceced9e84a54763f5c86b0d24e7e4d77c2dd1cd6ecb09a240e1b0dcb41c938601de99f4faa99618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
25527b2ce717e25558e832b934cf0ca9

SHA1
8362bd4079db9202c55b290557a79cbf61763eb3

SHA256
5824d1bc3756c8e1175dd4919adb9ae5445635f6a182b5b3c988728422470005

SHA512
fa6f5f248d0d2195f44cf07f66d9834a53f38f0c7c0a4b5dce95e61d9033483384c5f3bb2d009f83cde3b0a1efb457f04ce9396d9abddba81b915f5c784ad14c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d92bc756bdf309ea552cdb3bceb877e7

SHA1
dd1aee3623452d3794e1afded204d2c2559c0a01

SHA256
d476e03cd3e4fa92036b5c575d891b42d59f1b7f3275cd69d62d7ddafc669f21

SHA512
d65106a14e1e19e8fbcd635380bc31154fa77fe8ede15db4793578ed3c3db9f1144a79a255aab8be3684b5a6a591541419ec6c65f95195461cc8328fa255b892

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
5c3d7765ba43bd1edee4b831682a4b15

SHA1
85b74a85860b724221380ac36104c4cee5ed4b38

SHA256
c5f1bd264450e4e5abbc92baa64264e8621ffc3dc7ffe360145958651635b186

SHA512
9e6977b042efa5eb699dcd81cb8246309dc51e89b4e90ad752d4dbafba629c2f55813da36959e4489cae1f738f28c9e1bb976bc030b34e0c956a7656defeadf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
25c34e36862707bbc2aacf92a753ed3e

SHA1
e8b1fb9a63b2038a3b9b546f2ebc03e3a653ce17

SHA256
b171927a895e4b411d6045fcfa8238c9bb01cdd81af25c07d1bb4b34eafb1c77

SHA512
31f2a249705c344f6777e4edb88698d13c47d557fdc8d72cd309fe429e9d21a0841d8661278168c669baef0a7f30047162a200cf7504e4dd431572eeb2c35e6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
66b4d75bdfcf0491be2be26f05f4f0ab

SHA1
e1b42ef62e4fee92725bf88eba1c424894d9cda9

SHA256
5524a71316c7ffa9a63eaf34e544aa01106552ad267c29f9e09c5d98c7d6b1ca

SHA512
3938f868b405dbebc1ddd2289b25bb759c856c5013b576fda54e07682b9a631b102362162fcbd231f2e9b3284f83ef99170bed20892f3c821864bf609ad8ae0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b1cc89819d48d734f2204f4e001f466c

SHA1
32c342410ff7be255217337f4128dc0c4bb45e9d

SHA256
03c1a7eeb4c356fa70cc913c1d9a48567706643f17b7508022a61cd73d51e661

SHA512
7de840a83484ac4f1edc97d74b3a0f246eb3db92670c84984c92711e6b9ebc753e2c1f3b8aeeda4b79d8b0519c2c5e8cfb345572a5da985d03d78048179c2d06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
16699a45f5b449e6c05474dd679f6879

SHA1
1b2ae14f86152feb4b672e65edb288bcd6ee0a21

SHA256
8a3e3dd543858438403d11b66adedfcfc0df890b33649ae18e68a59ea952ec5c

SHA512
6195ac510f054ccc8f5a276c7f6fd689e8b601fd0741802cc7559bbdda1e40004f2253ea67c861ec23a072fec297586398daf74d9ad155cc37f03425995226e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1e16e9293ff4dbdaa9d4873ebaeab5bf

SHA1
23afb3bffed18481951fff756bb67f6e0c3df587

SHA256
073cbc075b9c342fd5595e096ce1cefc48f5bbd0551a6386fbb771fbdc801add

SHA512
f7220883d2c536b4d329403285e3f0cdcb1bc6e38d2b12fb29305117dd8ee464e606f6b6698f9b01fa5e21002cbfdafd965a43dbfb45e0c5293460c078d0e195

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2bb1762a9ad2a9f88ca94afef889b369

SHA1
9f27e947e5f6c26050a812e7f050fcbd533fb016

SHA256
69f2b7d83fa33db6235b392c8ee31ef7c8f01948388c9db8646fc1337f866fe7

SHA512
dee085fe6d2d1e42cbc295e360bc271150c9365d3b1080737bbf0954a846b1b4f4b5fe2e1ee3b0e1826dc834defaee968e6b3a151f8f60ae593d39925f725663

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
22839931da3c130847de72f388463e36

SHA1
3ef32cd03a9f4256324e1d7407143d4d681834de

SHA256
552b10781f8fa3c5808cff381d1d3b07c68f7330dfc78b68f9aa0349f7aab2f8

SHA512
187cddb5314eacb33c85104d74e6ad5862cd62d6e10f72adf78d71456061e3d40f37911f5e4af417b89b0af9b03eb774ec1bb3d602f89ba8860f5dcbd719da38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4ac59e1ecf1bb8332a6d2152d4832df6

SHA1
ee59423e9b08b5138b0555736baef6936cf5d327

SHA256
a50557066f4d637efcfa2c3aa370e8bfbdcb5387de5a2b70e3be6aefce6a282f

SHA512
abb037cfca477e0ede11d961fd522784ae191cd2f8cef8338062bd71954fc6946849e99455cfe09243d546ca3a82576103518c0244696f40c432b60040f962db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582d54.TMP

Filesize
874B

MD5
74035d96e9af89a4d8aba291f53cfe10

SHA1
1d64da32d0456abf5560bddbf8840258fe062468

SHA256
f2e38464e998dbe4e495a69cdcf31e246f4475affc49d57242c098a0edae1ae3

SHA512
0424e4d84d631b4418ad520dfc546c3dcbaf9ac5a9a12b4cad4dc620a3289f98fc0465e258250083228eb874b3a6e1a71fa3dcf70f510dc82c015127d9b39494

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
eab13f1f2f306ed6521e7bd5d5364878

SHA1
b469b37c457da5462c2646cac26ecf7f6443bf00

SHA256
5061c5fc9c082819d57e8a12f6f855854884b8ed8b10761848dab90f05bd654d

SHA512
b7e40a1f981476f1657e22295cc84b55eebebdb5da77f8a7ebc4573607ca7b4f06926b8afded5798040f50d9828bfc41c6ea7c860cb87b15c60b49b580b86dbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7c1c96615cbe0fa036af9be390d7a2e0

SHA1
276de75960b53ada21efea6a1cb3652acf77c4c0

SHA256
aaa08900093ada7007050e318a950ee6089843301a56148d3fcc60009c423043

SHA512
7ff5306f80b349cbaedd5239b1a149cb4b77c235d040655400858dbd0edccab0b993c8c17b804783f9c6a72fbd879ef77895c42fd176d33d2e78be544f58ea57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2895ca854810818e91422db18a5b4ed0

SHA1
45b1543a086ddd8ca37f7478640496e7f57b10eb

SHA256
51b191fdd1f5d7a99d7dbaa2b02ad650755abdc58b0f6aa23091e1daf9879907

SHA512
72a6d3723b23f9a9076e7e7d7ea1e4bd112b1795317c3bf4ba82e5e77b1b2356d76d84409b3741dca71754f2e57454b2c8e0e9b65ad449ffce58cd9d92a12e62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
201d27a984d0106aca33d1f96f055426

SHA1
29b2d902346a714c16fb4d59d9a6badef44075e1

SHA256
93ef618248aef3ae6b5b333868bfd21f66f8d18ecdf32c0aa17f6962dbb546de

SHA512
613d70377536702b0e517a615ad348c279e56821fd8f35defca25eca14416b7981d343f90d5bdb88cc7f447c34f08809cbbdd650bf4577ab4308eb79392ff0f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
755267e5255b135c1554d67b0834c422

SHA1
359b490609998422b9b7f1715ff4b471017b2194

SHA256
ee0174d5eb96324ebb66a0eb78c92e709761c6bd4cc977b18aee5216f4ee4a96

SHA512
b89cb25861e3f78486d115080465b7ad2470260fe5f24d6ed7936b6745dcbb6d369a35d3197d5bd6cafa8fc4cd7b51d4a9c9da7b7486f4b033825a8ab41f675f

Download Submit
C:\Users\Admin\Downloads\BadRabbit.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 106692.crdownload

Filesize
184KB

MD5
c9c341eaf04c89933ed28cbc2739d325

SHA1
c5b7d47aef3bd33a24293138fcba3a5ff286c2a8

SHA256
1a0a2fd546e3c05e15b2db3b531cb8e8755641f5f1c17910ce2fb7bbce2a05b7

SHA512
7cfa6ec0be0f5ae80404c6c709a6fd00ca10a18b6def5ca746611d0d32a9552f7961ab0ebf8a336b27f7058d700205be7fcc859a30d7d185aa9457267090f99b

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 381838.crdownload

Filesize
2.4MB

MD5
dbfbf254cfb84d991ac3860105d66fc6

SHA1
893110d8c8451565caa591ddfccf92869f96c242

SHA256
68b0e1932f3b4439865be848c2d592d5174dbdbaab8f66104a0e5b28c928ee0c

SHA512
5e9ccdf52ebdb548c3fa22f22dd584e9a603ca1163a622db5707dbcc5d01e4835879dcfd28cb1589cbb25aed00f352f7a0a0962b1f38b68fc7d6693375e7666d

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 403412.crdownload

Filesize
414KB

MD5
c850f942ccf6e45230169cc4bd9eb5c8

SHA1
51c647e2b150e781bd1910cac4061a2cee1daf89

SHA256
86e0eac8c5ce70c4b839ef18af5231b5f92e292b81e440193cdbdc7ed108049f

SHA512
2b3890241b8c8690aab0aed347daa778aba20f29f76e8b79b02953b6252324317520b91ea60d3ef73e42ad403f7a6e0e3f2a057799f21ed447dae7096b2f47d9

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 481833.crdownload

Filesize
232KB

MD5
60fabd1a2509b59831876d5e2aa71a6b

SHA1
8b91f3c4f721cb04cc4974fc91056f397ae78faa

SHA256
1dacdc296fd6ef6ba817b184cce9901901c47c01d849adfa4222bfabfed61838

SHA512
3e842a7d47b32942adb936cae13293eddf1a6b860abcfe7422d0fb73098264cc95656b5c6d9980fad1bf8b5c277cd846c26acaba1bef441582caf34eb1e5295a

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 481833.crdownload:SmartScreen

Filesize
7B

MD5
4047530ecbc0170039e76fe1657bdb01

SHA1
32db7d5e662ebccdd1d71de285f907e3a1c68ac5

SHA256
82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750

SHA512
8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 916485.crdownload

Filesize
431KB

MD5
fbbdc39af1139aebba4da004475e8839

SHA1
de5c8d858e6e41da715dca1c019df0bfb92d32c0

SHA256
630325cac09ac3fab908f903e3b00d0dadd5fdaa0875ed8496fcbb97a558d0da

SHA512
74eca8c01de215b33d5ceea1fda3f3bef96b513f58a750dba04b0de36f7ef4f7846a6431d52879ca0d8641bfd504d4721a9a96fa2e18c6888fd67fa77686af87

Download Submit
\??\pipe\LOCAL\crashpad_5204_VVFYUSXRURRCEPHK

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit