hxxp://github[.]com

max time kernel
150s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
13-12-2024 17:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://github.com

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
10	raw.githubusercontent.com
21	raw.githubusercontent.com
47	raw.githubusercontent.com
48	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings	msedge.exe

NTFS ADS 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Ransomware.Locky.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Ransomware.Locky (1).zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Ransomware.Petya.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4608	msedge.exe
4608	msedge.exe
4772	msedge.exe
4772	msedge.exe
1980	msedge.exe
1980	msedge.exe
3264	identity_helper.exe
3264	identity_helper.exe
4628	msedge.exe
4628	msedge.exe
676	msedge.exe
676	msedge.exe
1240	msedge.exe
1240	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe

Suspicious use of FindShellTrayWindow 49 IoCs

pid	Process
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4772 wrote to memory of 1292	4772	msedge.exe	77
PID 4772 wrote to memory of 1292	4772	msedge.exe	77
PID 4772 wrote to memory of 5116	4772	msedge.exe	78
PID 4772 wrote to memory of 5116	4772	msedge.exe	78
PID 4772 wrote to memory of 5116	4772	msedge.exe	78
PID 4772 wrote to memory of 5116	4772	msedge.exe	78
PID 4772 wrote to memory of 5116	4772	msedge.exe	78
PID 4772 wrote to memory of 5116	4772	msedge.exe	78
PID 4772 wrote to memory of 5116	4772	msedge.exe	78
PID 4772 wrote to memory of 5116	4772	msedge.exe	78
PID 4772 wrote to memory of 5116	4772	msedge.exe	78
PID 4772 wrote to memory of 5116	4772	msedge.exe	78
PID 4772 wrote to memory of 5116	4772	msedge.exe	78
PID 4772 wrote to memory of 5116	4772	msedge.exe	78
PID 4772 wrote to memory of 5116	4772	msedge.exe	78
PID 4772 wrote to memory of 5116	4772	msedge.exe	78
PID 4772 wrote to memory of 5116	4772	msedge.exe	78
PID 4772 wrote to memory of 5116	4772	msedge.exe	78
PID 4772 wrote to memory of 5116	4772	msedge.exe	78
PID 4772 wrote to memory of 5116	4772	msedge.exe	78
PID 4772 wrote to memory of 5116	4772	msedge.exe	78
PID 4772 wrote to memory of 5116	4772	msedge.exe	78
PID 4772 wrote to memory of 5116	4772	msedge.exe	78
PID 4772 wrote to memory of 5116	4772	msedge.exe	78
PID 4772 wrote to memory of 5116	4772	msedge.exe	78
PID 4772 wrote to memory of 5116	4772	msedge.exe	78
PID 4772 wrote to memory of 5116	4772	msedge.exe	78
PID 4772 wrote to memory of 5116	4772	msedge.exe	78
PID 4772 wrote to memory of 5116	4772	msedge.exe	78
PID 4772 wrote to memory of 5116	4772	msedge.exe	78
PID 4772 wrote to memory of 5116	4772	msedge.exe	78
PID 4772 wrote to memory of 5116	4772	msedge.exe	78
PID 4772 wrote to memory of 5116	4772	msedge.exe	78
PID 4772 wrote to memory of 5116	4772	msedge.exe	78
PID 4772 wrote to memory of 5116	4772	msedge.exe	78
PID 4772 wrote to memory of 5116	4772	msedge.exe	78
PID 4772 wrote to memory of 5116	4772	msedge.exe	78
PID 4772 wrote to memory of 5116	4772	msedge.exe	78
PID 4772 wrote to memory of 5116	4772	msedge.exe	78
PID 4772 wrote to memory of 5116	4772	msedge.exe	78
PID 4772 wrote to memory of 5116	4772	msedge.exe	78
PID 4772 wrote to memory of 5116	4772	msedge.exe	78
PID 4772 wrote to memory of 4608	4772	msedge.exe	79
PID 4772 wrote to memory of 4608	4772	msedge.exe	79
PID 4772 wrote to memory of 1732	4772	msedge.exe	80
PID 4772 wrote to memory of 1732	4772	msedge.exe	80
PID 4772 wrote to memory of 1732	4772	msedge.exe	80
PID 4772 wrote to memory of 1732	4772	msedge.exe	80
PID 4772 wrote to memory of 1732	4772	msedge.exe	80
PID 4772 wrote to memory of 1732	4772	msedge.exe	80
PID 4772 wrote to memory of 1732	4772	msedge.exe	80
PID 4772 wrote to memory of 1732	4772	msedge.exe	80
PID 4772 wrote to memory of 1732	4772	msedge.exe	80
PID 4772 wrote to memory of 1732	4772	msedge.exe	80
PID 4772 wrote to memory of 1732	4772	msedge.exe	80
PID 4772 wrote to memory of 1732	4772	msedge.exe	80
PID 4772 wrote to memory of 1732	4772	msedge.exe	80
PID 4772 wrote to memory of 1732	4772	msedge.exe	80
PID 4772 wrote to memory of 1732	4772	msedge.exe	80
PID 4772 wrote to memory of 1732	4772	msedge.exe	80
PID 4772 wrote to memory of 1732	4772	msedge.exe	80
PID 4772 wrote to memory of 1732	4772	msedge.exe	80
PID 4772 wrote to memory of 1732	4772	msedge.exe	80
PID 4772 wrote to memory of 1732	4772	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://github.com
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff1e013cb8,0x7fff1e013cc8,0x7fff1e013cd8
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,13897654095651632778,776972345506175225,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,13897654095651632778,776972345506175225,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,13897654095651632778,776972345506175225,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2524 /prefetch:8
  2⤵
  PID:1732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13897654095651632778,776972345506175225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13897654095651632778,776972345506175225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13897654095651632778,776972345506175225,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13897654095651632778,776972345506175225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13897654095651632778,776972345506175225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13897654095651632778,776972345506175225,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3720 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13897654095651632778,776972345506175225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13897654095651632778,776972345506175225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13897654095651632778,776972345506175225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1896,13897654095651632778,776972345506175225,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5612 /prefetch:8
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13897654095651632778,776972345506175225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13897654095651632778,776972345506175225,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13897654095651632778,776972345506175225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3860 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13897654095651632778,776972345506175225,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,13897654095651632778,776972345506175225,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,13897654095651632778,776972345506175225,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13897654095651632778,776972345506175225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13897654095651632778,776972345506175225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13897654095651632778,776972345506175225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2488 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1896,13897654095651632778,776972345506175225,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6284 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13897654095651632778,776972345506175225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1896,13897654095651632778,776972345506175225,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6280 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13897654095651632778,776972345506175225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1896,13897654095651632778,776972345506175225,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5708 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,13897654095651632778,776972345506175225,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1220 /prefetch:2
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13897654095651632778,776972345506175225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13897654095651632778,776972345506175225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:3292

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3844

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3620

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\0b7f452d-d109-466d-8971-e0c8648db575.tmp

Filesize
11KB

MD5
66c712488464f3eedf6ceb961008357b

SHA1
ded5da5bdf17414a251049633bdb212095d91a63

SHA256
7d3587378f0d54fff72e931c48a913e655a550b4ae8295750aed99418a614c15

SHA512
7fc446f898d2f8b26eb186adb997f14f50d46dcdd5b5e202cac9578f41db6fa35f9dc7821451b0bde8ec1ec5820c93c2373fb94f4ee894a847620f4aa60dd19f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c0a1774f8079fe496e694f35dfdcf8bc

SHA1
da3b4b9fca9a3f81b6be5b0cd6dd700603d448d3

SHA256
c041da0b90a5343ede7364ccf0428852103832c4efa8065a0cd1e8ce1ff181cb

SHA512
60d9e87f8383fe3afa2c8935f0e5a842624bb24b03b2d8057e0da342b08df18cf70bf55e41fa3ae54f73bc40a274cf6393d79ae01f6a1784273a25fa2761728b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e11c77d0fa99af6b1b282a22dcb1cf4a

SHA1
2593a41a6a63143d837700d01aa27b1817d17a4d

SHA256
d96f9bfcc81ba66db49a3385266a631899a919ed802835e6fb6b9f7759476ea0

SHA512
c8f69f503ab070a758e8e3ae57945c0172ead1894fdbfa2d853e5bb976ed3817ecc8f188eefd5092481effd4ef650788c8ff9a8d9a5ee4526f090952d7c859f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
38KB

MD5
53214f37c15ce68a217e2915c835b235

SHA1
912add71f2d55aef34ceed48859cac16207759e3

SHA256
5b50f1bacf12105016c72bb57bdb3a468b274fc21d4485d1922a14e2e127f803

SHA512
7289364baa2d22ebe8754a3b0c0ee75e707d88cb925a7a2e871644899bff3a91afff924eb5f3bb1afac7ec6d5fc571dcefc20c5bbf049a1bdc1e0a8515f6fad9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
37KB

MD5
fc8b9283e9c3686899120581f73dbf88

SHA1
5d2c3af2bf4a2054daf15098d95992c9aac1bf17

SHA256
27d6e4815025d7fe830001e206a4dfee19b496f302332f195ece6295f5d1f216

SHA512
9dff216af5570c81213c24076f9afdb150b52df46d0143e199d12cc1d05d7e8b21e096b129d5d722ab0b51996a41cd70f0b2f06a65f9cd127c5700fc6ce49319

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
20KB

MD5
7be57a45cb4cfa25175b9e6683e6ec46

SHA1
da32d0bccb313405a270f64933b18b125455d0ee

SHA256
0920423488d6702e1e9863f78345fda0b9a34e5e26f3442046b35c8c19ae5651

SHA512
d48bea4ccf7e40e30551aa0b3df81a87d64ba44884ec915c13dc23491a27cb6ab15d3c7e5a7c47203ef69d7f6bbaa8ae07c275ffa256b7a3e0aeee2a5950ed7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
17KB

MD5
18a9531f05f4a3662558d102349767b1

SHA1
328114b78180b5931d651669bf0b21d3a5cf8adc

SHA256
2d427df292899c50caad69f5c59737ff07f39544e52ff6b9d01f4fb82ec0d716

SHA512
b52d9f81a88694bbb16551a50fefd69a3f3dcd0ce5d3d3f3e3a2c1d7de969b5f6e27ca9fd22f7e964108f9b39eb083a44ef161ee3b8c39f61fa5939a15d21b2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
24KB

MD5
4ad64b8276b4c91e8b4a8c29c286b0be

SHA1
1ec3308f54f831c9d77091c7778856376682e3be

SHA256
dd7f2ff3804aa453d5a974f21e8a432903ec9d51443467f53c95e97dbedf0b4a

SHA512
be01b165393d8da062c4a1752711a01edd94b051160a2f7f8e6c4f4bdf6b56d749fc3cefdf5829221527b222a7b31770b544487b2d6f4bce52cf1aac4a51d243

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
18KB

MD5
8bd66dfc42a1353c5e996cd88dc1501f

SHA1
dc779a25ab37913f3198eb6f8c4d89e2a05635a6

SHA256
ef8772f5b2cf54057e1cfb7cb2e61f09cbd20db5ee307133caf517831a5df839

SHA512
203a46b2d09da788614b86480d81769011c7d42e833fa33a19e99c86a987a3bd8755b89906b9fd0497a80a5cf27f1c5e795a66fe3d1c4a921667ec745ccf22f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
18KB

MD5
f1dceb6be9699ca70cc78d9f43796141

SHA1
6b80d6b7d9b342d7921eae12478fc90a611b9372

SHA256
5898782f74bbdeaa5b06f660874870e1d4216bb98a7f6d9eddfbc4f7ae97d66f

SHA512
b02b9eba24a42caea7d408e6e4ae7ad35c2d7f163fd754b7507fc39bea5d5649e54d44b002075a6a32fca4395619286e9fb36b61736c535a91fe2d9be79048de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
58KB

MD5
4b76402426037caf152947f8287ff127

SHA1
6754eb9e9bd622d152b1ab958cb6465d5bdd90f6

SHA256
ef4949139d10ea9b20d7ea642fd8947a758273bbf58501257f1201955e634187

SHA512
fde567a4c12e45e1f232961e9cf9a0b93a8ab7d450920a4e1161831936264d97f2734b1e2f0bf6fe5e8281723a9a368f6fcf298371530c42e0ffa721e795621d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
105KB

MD5
933b847d646154f68829fb1423017ee0

SHA1
09bc5713a9598a53e3fc89940f8175583bb5326f

SHA256
7a9ecd7c422b35dadf831dfd19676957e063d71630dd6e190289985bed2836cc

SHA512
fc55b2dcfc12401a1ea055e604269d22c2c84f53ce9b0d9510a924ab3395467d4c61bdd5e7ce2bfbbee61b158c8ded8815c2518b039b68345eb152fd1dd6c7b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
39KB

MD5
3908716b765ed743acf5a1981e143a7c

SHA1
c807e8bdd9ccc8021205495de41a6b56d9511894

SHA256
e32d875b9ba028daee97e6ef89696de413442ce32be675c9cbdc5f2495e5a4ab

SHA512
18241ee4074a7bef35905074108b46a806defd9d92699c773ffaa0d0fba9f6c32d8b4cfc60983c19c683cc8b85e511d2c9352fe3bb68dd4f5db80acf9a53b07e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
53KB

MD5
2ee3f4b4a3c22470b572f727aa087b7e

SHA1
6fe80bf7c2178bd2d17154d9ae117a556956c170

SHA256
53d7e3962cad0b7f5575be02bd96bd27fcf7fb30ac5b4115bb950cf086f1a799

SHA512
b90ae8249108df7548b92af20fd93f926248b31aedf313ef802381df2587a6bba00025d6d99208ab228b8c0bb9b6559d8c5ec7fa37d19b7f47979f8eb4744146

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
88KB

MD5
76d82c7d8c864c474936304e74ce3f4c

SHA1
8447bf273d15b973b48937326a90c60baa2903bf

SHA256
3329378951655530764aaa1f820b0db86aa0f00834fd7f51a48ad752610d60c8

SHA512
a0fc55af7f35ad5f8ac24cea6b9688698909a2e1345460d35e7133142a918d9925fc260e08d0015ec6fa7721fbeae90a4457caa97d6ce01b4ff46109f4cd5a46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
67KB

MD5
b275fa8d2d2d768231289d114f48e35f

SHA1
bb96003ff86bd9dedbd2976b1916d87ac6402073

SHA256
1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1

SHA512
d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
16KB

MD5
6bd297ca3e7194e80a3b03d545a2033d

SHA1
6720368ae50640eedbdb4b4d3e1311a3d696bfaa

SHA256
e59224be8c0105da450467d1986adc9c315ffe34282c4b6def19ad9cf413db8c

SHA512
885a70a2634d882188241c5c725255bd2611973c3a6999220d1215ed90452bd418250e9f18e81722277777c66ebc2f693c37a988b6a2f7623295b34356b3cdce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
47a46c114419f0dab4ce6923288d9620

SHA1
73f233d9ec7a20408b98351224aadace43da6d9e

SHA256
54c25f2c67afefd22aa2f52ca1fc3c2fed580de5d53a3c062589bb36293c7033

SHA512
1273861246aa7436255c407f14cafe9a5c24306cbcc57714d5b36c6cc78c6566cea24c123c607a87f6b4f5c99efe90fa7c4532ba52411a65747430efc2f43282

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
945B

MD5
ad71b853e37871052e7be7d448c64c28

SHA1
3a48e37749fbdbc6d84628074deeb11a2fa6121b

SHA256
9c200b8b688d435e36a3c4fa09ed5046ff7643993c6d6656139f4c047211e129

SHA512
918116e840f096c9736e781742adb6f8779bcef27a73786ecb0cd4122bd200a961ba849139ed5f8ec2e354f4c33249fa552838c52048644472ffef3e19c2a691

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
96b2dcf1c564c316e3208938c6953ab0

SHA1
7c97e184d717f13ba87b8f28edd04c65048521b9

SHA256
dda79790cfbfcb4965a06e30ac956cdbf25d06279278885812f384a0cedb24f3

SHA512
f1a4551eb84684d50b5ef8502581945c0d86251a221b64ab51f83341e33d5f3211f700dcc4977d06a8935a0c2f89126adafd5dd1b8099d11c571cb55b339005d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f466d377cf9bf42e4b05ea3b9eb7f7b6

SHA1
76d0bae0b5540a61999febc0407f612eaf7fc33a

SHA256
0434f9ab6159c344f5d558d1057c179ce33cc64b5a08d1f83265e4933108ab3d

SHA512
c8aea9cfaf508070dc82d231c9b5a126674c42293b5d05143f6aec5fe9c10542df7f081b5e450ef156911eeb6261afb73e10f078fd25beaf5e359e52ce00a8c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
78c4cc95c7c25e8746258af885bafb3b

SHA1
96107dfc139a5c5ff6724997556424dafca82325

SHA256
ff8cb92499aa981dbf264cc95c5b866aa6eff28225b0c24ee17c93d866784a2e

SHA512
ecd164cf3ed3fd9a181a4e6401e46e308bbf4dba5ffa30f747afd36b95257ddc470575c756e4f560a4eec003751f2aaabaa989503cbe6a051e9016ac35eda1dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d731ee48544ec198559f6d49adc950e4

SHA1
28c4cd1bc6e234f6cef96e9403eeb1df5636b24e

SHA256
66e324f2f7b659ac43d12766da17fe9cd0382e195b005d65cadb6d95ac06a3b0

SHA512
2692346a08228104813a3288edd8d432e358fcf30f955597359cf6beea4a43cfdc2b93108efec522fc408639a0fba0bc2bef94778a7b8dbd47f7770b5825b0c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ca072109124cde20bf9b89eb789f7436

SHA1
f8a76581245db8be3cdd86c288a314317798baa3

SHA256
b639ffbeb2a4a30fd1d6a51c91fa4da1ca8fe8bf745238322bda5ce5b9faeb69

SHA512
f445ffd2046ecf00b0c31683e3d74f9222410c2dd874536159af7fbc34889c51ead4f3adec57514f374f5371ecdf2df1473e87b14e7e43419cdeeb7a9ba420e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c6e3d36da999249374d28b24f7f8d2db

SHA1
331bb7ea06f0fb66d96362b9a2f458819d814348

SHA256
ceaab94767f607ecb2283e3eca447f44d6e2cda900f83d535dbc2def16da271c

SHA512
e95da5a9bc1311edd903dc2a2311c66ecc4fb8c6b8c35c11eb23462df29df7be84b7159315049992311ff03a074b81a2cd0fe9eabd454a3ea5c1abe7a22bbcec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d896ad50100b00178f96658a579cf401

SHA1
5bbe5ef5516598d3947ea9dd93da1f3b01fbd4b7

SHA256
09e816699c51ee7e04d2a10e51e541c51371752d739f5f14c898627e75192f59

SHA512
19731e7b4f9991297f3144a89fec9d519b48c3d54042ef624fdeaccf58655b41b2257196dfbebbf2ca84cfcf89704f35a3e054ef88998ec6da367a299f94eb54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
196fb67b9c656183a98db6b49c3ac3bb

SHA1
abafe654914bcb4a5cf7e705e796fbc788543cfd

SHA256
8318cad8d206498e2dc27a1c64aac2246e2f989c74545a0ce26d4ff6068b350c

SHA512
a76360d7b39f35f59a80a8554abf962afeb49696f07e7684aedae901ab50d5ae4b6c4e8c555f72b521aec7febede8e27ecb8cd31a59af90cb5044bf6a6de4641

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ade01efc23ed2f4dd46cf2e9f0f8eaa7

SHA1
9b30ad213d9280067568590a88f54c920346cd1a

SHA256
065432be4e3ea1ceba064eed145bf0847130701f6b214774ac5152ac7f04856d

SHA512
9ed8f65a99738c7a51cd72a010472810a487b687a0a919bf65443b6a871cc09790a08ef4cf1160783289059a03d0c8e09921120859d50f9bfdc8333f064f89e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
97e7d852419b53851061d87bd40f44f2

SHA1
78af49de6113efa710d3a2e6fe60b87dabec181b

SHA256
62273a54865ee47225fc158cd76a486eddac14f457b2f1dacaeaf04c800321a3

SHA512
a8d88aa44e201d0c98e3f2c6c1d1383ca38ba1eca6bcec9942abcb314a7235b2e9395e4a4ef33cf14bf9c16b6acd5095178047c855a6ff912d6f2f84fd098b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9723dd8322ba9bf961de44a037756b2d

SHA1
5cc17258e722792a511a8c59f84e0e4a1a27c278

SHA256
ec443e2d8da9d4fe722f7533b4bae71143c13e5b536c2fab2e0b7a13638663c5

SHA512
1cee6ba84408923c214f633b0a5587145688e6025282be64696cb9c07e3784d1b31c978a585a61ce42d2b700e8655540c34fe8c066531c2ec5c60b722629e9ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1358ce60b8cc89e56e25216e6d050185

SHA1
03da3f895863af6f0749b9df6ea6cc2d787fdba6

SHA256
a46ce942b7deba56796c235b8c7da128d0e8a0233c48d06a260f18adac458b69

SHA512
07acc2bf9fc21d669e093f873fb2690d4f80e008d4b0ddb597b7f8cac503ffe99583407067519a47ac7b1b1be1cfa3cf63358a11f625663a39fde5455c27deb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
233b15783a769f46f97b39fb8cb8521a

SHA1
3091fcfb7458fddcb451de460c44df5ddc108300

SHA256
2c01f22d63a05085dceaaf96955ad788908bb4cab3c6494a428367dec52480c2

SHA512
9b8cb09d59da5c2eedfa1ca2a353f6e04c38a71bfad73bfe20c180da799f9e92c899977173898f878ba3ca3a95ffe98c8737a73c3379b529cd90b2ca710601eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5800a7.TMP

Filesize
873B

MD5
5dc2c79ce651b95ecd2ced6cd2209bec

SHA1
8ee845c54547c10806f15b3b40c44f538f2654d0

SHA256
a150d789d54ac6438cb99aabc8afe6af1fb9c6a17d28af1e843e57e6657e45f7

SHA512
c44ee19afa88c36a4e875bbacb5537d99d3e96ee602567016c125f7db81b218f0a1ff8fae64e84f333fc7a3ec15aef6bd19542772ba028c7ada8dd70f405dba7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e922902c-fc5e-4b8b-975d-734e0542067c.tmp

Filesize
1KB

MD5
e82773fcb9ae7149ca998c871b0a83f3

SHA1
6c5099c33e2d3f92d1dc80d63c8cd5849cb1aeef

SHA256
6cb28736e1a0e3681e43bed763de70c2b0279cf1706c4aede9752c97944cf0ac

SHA512
9a2cabef9e93a9b466fb68f544a0493f5552874fbc0345199fe57d6168d30c5f028fb263b3c90e122a5f24ae303f99b531d785d71aa304f0c38ebd5649c57377

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
582dc9f6c410365f62301002dad873cc

SHA1
e54995b823433991a1f9f9d830bb9448c0770a31

SHA256
2dc05f4254c6e6321bbeaa0463186bae941b0d791756e37eee1aafcaeb40184e

SHA512
a2fa0e7f39ad6f7b622750dbc62207a5ff49aed510502cb17b3fc14599dd44647814297f335548e777c21fb23f999d57c1f6545d624c896290f98cf020c60214

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f2384f0d183871e7f01bf131432a7f79

SHA1
935df8b365ce72b4a9ba1a505639c2f251f8935f

SHA256
326bed48af4d75220df4040e75f49f998d72de60e8b5aa8cb3ef471cf48da0a5

SHA512
5afdce97b07c18f3aa105e0fcb16da2e0f675dac7990b2836136ed3610cee6d79b344dd4a482f12f48d916c641624a76b2604119b09a198f1c739d688c91d648

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0120fe417080d4d456ea554c47aace08

SHA1
7b24dcf35bc66874286b9cd46d39803140ad470d

SHA256
1e53d26bc6e4359adc9abbc332f12f6b4b6a25e207e887492ab4dde3758e466e

SHA512
c84474009d4cb70ae2e9252d2714ead4a730793a9ed7f554ffa287215f2d6076067bce420efa819fcf7086fe27eda3e2545a49bb3358feff1201a3d571ee3271

Download Submit
C:\Users\Admin\Downloads\Ransomware.Locky (1).zip:Zone.Identifier

Filesize
235B

MD5
5b07184595c3bb899fd56ac157e00098

SHA1
e47eec090db57fcc99118458b60394734cd138b2

SHA256
04fad38afb0e40e3e7c955dd40958e826c71c10d87100ce02e92db35253ee02f

SHA512
7434d182a4f1bf0ae95df97345c1ee04765a33ca897de3675bf2fef3141d19cfe4f35468c0ff38e70886f3b52eb559b95439ec0d7f80757ff9b050da95885486

Download Submit
C:\Users\Admin\Downloads\Ransomware.Locky.zip

Filesize
125KB

MD5
b265305541dce2a140da7802442fbac4

SHA1
63d0b780954a2bc96b3a77d9a2b3369d865bf1fd

SHA256
0537fa38b88755f39df1cd774b907ec759dacab2388dc0109f4db9f0e9d191a0

SHA512
af65384f814633fe1cde8bf4a3a1a8f083c7f5f0b7f105d47f3324cd2a8c9184ccf13cb3e43b47473d52f39f4151e7a9da1e9a16868da50abb74fcbc47724282

Download Submit
C:\Users\Admin\Downloads\Ransomware.Locky.zip:Zone.Identifier

Filesize
55B

MD5
0f98a5550abe0fb880568b1480c96a1c

SHA1
d2ce9f7057b201d31f79f3aee2225d89f36be07d

SHA256
2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

SHA512
dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

Download Submit
C:\Users\Admin\Downloads\Ransomware.Petya.zip

Filesize
538KB

MD5
e8fb95ebb7e0db4c68a32947a74b5ff9

SHA1
6f93f85342aa3ea7dcbe69cfb55d48e5027b296c

SHA256
33ca487a65d38bad82dccfa0d076bad071466e4183562d0b1ad1a2e954667fe9

SHA512
a2dea77b0283f4ed987c4de8860a9822bfd030be9c3096cda54f6159a89d461099e58efbc767bb8c04ae21ddd4289da578f8d938d78f30d40f9bca6567087320

Download Submit