a9614c6564109168c11a853f00a2073803c8a26af2effa33b861d80f78121e54

Resubmissions

16-12-2024 20:02

241216-yskezaznap 10

16-12-2024 20:00

16-12-2024 19:57

16-12-2024 19:52

16-12-2024 19:49

Analysis

max time kernel
149s
max time network
149s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
16-12-2024 19:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample
Size

258KB
MD5

37698ffffe211da5c8b3f97ec1f36bae
SHA1

83f5b50f58b8c0a1451e8ba9f119b526abae76df
SHA256

a9614c6564109168c11a853f00a2073803c8a26af2effa33b861d80f78121e54
SHA512

368e0ee6d90d1f1746c23a520520a658964a7d289f846f2ed94772f28bb7331af763dc99fc7a8395c4a19314b35fbe9c5aa9e765cf7092e59cbd8f48f8ee3134
SSDEEP

6144:giaRHpOL/saqkPV9FemLtcIDSsmwj9OvZJT3CqbMrhryf65NRPaCieMjAkvCJv1/:laRHpOL/saqkPV9FemLtcIDSsmwj9OvY

Score

8^/10

defense_evasion discovery

Malware Config

Signatures

Downloads MZ/PE file

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	raw.githubusercontent.com
44	raw.githubusercontent.com

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\MadMan.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

NTFS ADS 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\MadMan.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 627393.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 165185.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
1316	chrome.exe
1316	chrome.exe
2712	msedge.exe
2712	msedge.exe
1652	msedge.exe
1652	msedge.exe
1176	msedge.exe
1176	msedge.exe
4416	identity_helper.exe
4416	identity_helper.exe
5116	msedge.exe
5116	msedge.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
3320	chrome.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe
1964	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1316	chrome.exe
Token: SeCreatePagefilePrivilege	1316	chrome.exe
Token: SeShutdownPrivilege	1316	chrome.exe
Token: SeCreatePagefilePrivilege	1316	chrome.exe
Token: SeShutdownPrivilege	1316	chrome.exe
Token: SeCreatePagefilePrivilege	1316	chrome.exe
Token: SeShutdownPrivilege	1316	chrome.exe
Token: SeCreatePagefilePrivilege	1316	chrome.exe
Token: SeShutdownPrivilege	1316	chrome.exe
Token: SeCreatePagefilePrivilege	1316	chrome.exe
Token: SeShutdownPrivilege	1316	chrome.exe
Token: SeCreatePagefilePrivilege	1316	chrome.exe
Token: SeShutdownPrivilege	1316	chrome.exe
Token: SeCreatePagefilePrivilege	1316	chrome.exe
Token: SeShutdownPrivilege	1316	chrome.exe
Token: SeCreatePagefilePrivilege	1316	chrome.exe
Token: SeShutdownPrivilege	1316	chrome.exe
Token: SeCreatePagefilePrivilege	1316	chrome.exe
Token: SeShutdownPrivilege	1316	chrome.exe
Token: SeCreatePagefilePrivilege	1316	chrome.exe
Token: SeShutdownPrivilege	1316	chrome.exe
Token: SeCreatePagefilePrivilege	1316	chrome.exe
Token: SeShutdownPrivilege	1316	chrome.exe
Token: SeCreatePagefilePrivilege	1316	chrome.exe
Token: SeShutdownPrivilege	1316	chrome.exe
Token: SeCreatePagefilePrivilege	1316	chrome.exe
Token: SeShutdownPrivilege	1316	chrome.exe
Token: SeCreatePagefilePrivilege	1316	chrome.exe
Token: SeShutdownPrivilege	1316	chrome.exe
Token: SeCreatePagefilePrivilege	1316	chrome.exe
Token: SeShutdownPrivilege	1316	chrome.exe
Token: SeCreatePagefilePrivilege	1316	chrome.exe
Token: SeShutdownPrivilege	1316	chrome.exe
Token: SeCreatePagefilePrivilege	1316	chrome.exe
Token: SeShutdownPrivilege	1316	chrome.exe
Token: SeCreatePagefilePrivilege	1316	chrome.exe
Token: SeShutdownPrivilege	1316	chrome.exe
Token: SeCreatePagefilePrivilege	1316	chrome.exe
Token: SeShutdownPrivilege	1316	chrome.exe
Token: SeCreatePagefilePrivilege	1316	chrome.exe
Token: SeShutdownPrivilege	1316	chrome.exe
Token: SeCreatePagefilePrivilege	1316	chrome.exe
Token: SeShutdownPrivilege	1316	chrome.exe
Token: SeCreatePagefilePrivilege	1316	chrome.exe
Token: SeShutdownPrivilege	1316	chrome.exe
Token: SeCreatePagefilePrivilege	1316	chrome.exe
Token: SeShutdownPrivilege	1316	chrome.exe
Token: SeCreatePagefilePrivilege	1316	chrome.exe
Token: SeShutdownPrivilege	1316	chrome.exe
Token: SeCreatePagefilePrivilege	1316	chrome.exe
Token: SeShutdownPrivilege	1316	chrome.exe
Token: SeCreatePagefilePrivilege	1316	chrome.exe
Token: SeShutdownPrivilege	1316	chrome.exe
Token: SeCreatePagefilePrivilege	1316	chrome.exe
Token: SeShutdownPrivilege	1316	chrome.exe
Token: SeCreatePagefilePrivilege	1316	chrome.exe
Token: SeShutdownPrivilege	1316	chrome.exe
Token: SeCreatePagefilePrivilege	1316	chrome.exe
Token: SeShutdownPrivilege	1316	chrome.exe
Token: SeCreatePagefilePrivilege	1316	chrome.exe
Token: SeShutdownPrivilege	1316	chrome.exe
Token: SeCreatePagefilePrivilege	1316	chrome.exe
Token: SeShutdownPrivilege	1316	chrome.exe
Token: SeCreatePagefilePrivilege	1316	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1316	chrome.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1652	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1316 wrote to memory of 4660	1316	chrome.exe	82
PID 1316 wrote to memory of 4660	1316	chrome.exe	82
PID 1316 wrote to memory of 436	1316	chrome.exe	83
PID 1316 wrote to memory of 436	1316	chrome.exe	83
PID 1316 wrote to memory of 436	1316	chrome.exe	83
PID 1316 wrote to memory of 436	1316	chrome.exe	83
PID 1316 wrote to memory of 436	1316	chrome.exe	83
PID 1316 wrote to memory of 436	1316	chrome.exe	83
PID 1316 wrote to memory of 436	1316	chrome.exe	83
PID 1316 wrote to memory of 436	1316	chrome.exe	83
PID 1316 wrote to memory of 436	1316	chrome.exe	83
PID 1316 wrote to memory of 436	1316	chrome.exe	83
PID 1316 wrote to memory of 436	1316	chrome.exe	83
PID 1316 wrote to memory of 436	1316	chrome.exe	83
PID 1316 wrote to memory of 436	1316	chrome.exe	83
PID 1316 wrote to memory of 436	1316	chrome.exe	83
PID 1316 wrote to memory of 436	1316	chrome.exe	83
PID 1316 wrote to memory of 436	1316	chrome.exe	83
PID 1316 wrote to memory of 436	1316	chrome.exe	83
PID 1316 wrote to memory of 436	1316	chrome.exe	83
PID 1316 wrote to memory of 436	1316	chrome.exe	83
PID 1316 wrote to memory of 436	1316	chrome.exe	83
PID 1316 wrote to memory of 436	1316	chrome.exe	83
PID 1316 wrote to memory of 436	1316	chrome.exe	83
PID 1316 wrote to memory of 436	1316	chrome.exe	83
PID 1316 wrote to memory of 436	1316	chrome.exe	83
PID 1316 wrote to memory of 436	1316	chrome.exe	83
PID 1316 wrote to memory of 436	1316	chrome.exe	83
PID 1316 wrote to memory of 436	1316	chrome.exe	83
PID 1316 wrote to memory of 436	1316	chrome.exe	83
PID 1316 wrote to memory of 436	1316	chrome.exe	83
PID 1316 wrote to memory of 436	1316	chrome.exe	83
PID 1316 wrote to memory of 4876	1316	chrome.exe	84
PID 1316 wrote to memory of 4876	1316	chrome.exe	84
PID 1316 wrote to memory of 4728	1316	chrome.exe	85
PID 1316 wrote to memory of 4728	1316	chrome.exe	85
PID 1316 wrote to memory of 4728	1316	chrome.exe	85
PID 1316 wrote to memory of 4728	1316	chrome.exe	85
PID 1316 wrote to memory of 4728	1316	chrome.exe	85
PID 1316 wrote to memory of 4728	1316	chrome.exe	85
PID 1316 wrote to memory of 4728	1316	chrome.exe	85
PID 1316 wrote to memory of 4728	1316	chrome.exe	85
PID 1316 wrote to memory of 4728	1316	chrome.exe	85
PID 1316 wrote to memory of 4728	1316	chrome.exe	85
PID 1316 wrote to memory of 4728	1316	chrome.exe	85
PID 1316 wrote to memory of 4728	1316	chrome.exe	85
PID 1316 wrote to memory of 4728	1316	chrome.exe	85
PID 1316 wrote to memory of 4728	1316	chrome.exe	85
PID 1316 wrote to memory of 4728	1316	chrome.exe	85
PID 1316 wrote to memory of 4728	1316	chrome.exe	85
PID 1316 wrote to memory of 4728	1316	chrome.exe	85
PID 1316 wrote to memory of 4728	1316	chrome.exe	85
PID 1316 wrote to memory of 4728	1316	chrome.exe	85
PID 1316 wrote to memory of 4728	1316	chrome.exe	85
PID 1316 wrote to memory of 4728	1316	chrome.exe	85
PID 1316 wrote to memory of 4728	1316	chrome.exe	85
PID 1316 wrote to memory of 4728	1316	chrome.exe	85
PID 1316 wrote to memory of 4728	1316	chrome.exe	85
PID 1316 wrote to memory of 4728	1316	chrome.exe	85
PID 1316 wrote to memory of 4728	1316	chrome.exe	85
PID 1316 wrote to memory of 4728	1316	chrome.exe	85
PID 1316 wrote to memory of 4728	1316	chrome.exe	85
PID 1316 wrote to memory of 4728	1316	chrome.exe	85
PID 1316 wrote to memory of 4728	1316	chrome.exe	85

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sample
1⤵
PID:3336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffc4b86cc40,0x7ffc4b86cc4c,0x7ffc4b86cc58
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1764,i,14154953985238405817,17153572560837934785,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1756 /prefetch:2
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2100,i,14154953985238405817,17153572560837934785,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2104 /prefetch:3
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2180,i,14154953985238405817,17153572560837934785,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2196 /prefetch:8
  2⤵
  PID:4728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3068,i,14154953985238405817,17153572560837934785,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3124 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,14154953985238405817,17153572560837934785,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3060,i,14154953985238405817,17153572560837934785,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3760 /prefetch:1
  2⤵
  PID:820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4836,i,14154953985238405817,17153572560837934785,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3320

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc37ea3cb8,0x7ffc37ea3cc8,0x7ffc37ea3cd8
  2⤵
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,5750681716085558658,11655512966868921377,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1860 /prefetch:2
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,5750681716085558658,11655512966868921377,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,5750681716085558658,11655512966868921377,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2508 /prefetch:8
  2⤵
  PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5750681716085558658,11655512966868921377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:1320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5750681716085558658,11655512966868921377,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5750681716085558658,11655512966868921377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5750681716085558658,11655512966868921377,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5750681716085558658,11655512966868921377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5750681716085558658,11655512966868921377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1872 /prefetch:1
  2⤵
  PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5750681716085558658,11655512966868921377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5750681716085558658,11655512966868921377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,5750681716085558658,11655512966868921377,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1804 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5750681716085558658,11655512966868921377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,5750681716085558658,11655512966868921377,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6120 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5750681716085558658,11655512966868921377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5750681716085558658,11655512966868921377,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5750681716085558658,11655512966868921377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5750681716085558658,11655512966868921377,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5750681716085558658,11655512966868921377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1696 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5750681716085558658,11655512966868921377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:2568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5750681716085558658,11655512966868921377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5750681716085558658,11655512966868921377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1884,5750681716085558658,11655512966868921377,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6796 /prefetch:8
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,5750681716085558658,11655512966868921377,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6624 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,5750681716085558658,11655512966868921377,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6676 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5750681716085558658,11655512966868921377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1884,5750681716085558658,11655512966868921377,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7096 /prefetch:8
  2⤵
  PID:924

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4688

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
f6426bad52d69fadb23efa0476d92d3c

SHA1
097900594c7a4f4dc666544c94a8323b0bc57266

SHA256
2b55b351cfbf4f6f2650f80031f54cf6eb34c47254070ced4df282bdc8e50222

SHA512
ac8d76adac169eed60af6c5b22dc10ee35e638b9dffe46f6dfd6582cbe5d13c01b5402028ba659ca8f4aa597741b9d14ea6ca9e341b12aa213e99b6e16fa4fb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
de5f64c1b6b8fcf5a0175b7f3be95ca4

SHA1
12d9c8bf2eccfc69627d4b33202a1a9ccec946ec

SHA256
1c77a86cdd5765675d97abbb67ebf8ebf452c8f47c8036821e95d7cd2223c741

SHA512
a91114330dcef22cae61986b9da02fb0cf233778935aa61ba9a6c541dcab959b050d113e85b9bc2c867355fbab9831b1915cb1a71f8b85cd3e235301a3366a66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8ecd6160bfddb71f56a43dbb54b8800a

SHA1
4be61179ea0905eb0d8c748642a6061f4e653ffa

SHA256
66f635cdff3593768ba5854b5c955e43280540a43a0576ef733f26d7dadec03c

SHA512
538302a1b48e9897a150030abb5203d7a84e35be457d8a8ceac60f130379b81296ee060a767483104639e5a0e28ddcdbbe2da9ab433b1de73e37cd8b873cdc68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f6c32cdd9abe91b9509a89edaf69ee7b

SHA1
f0887e7ad70690bbf77f3aa35567b723c951e997

SHA256
70ea8dc405bf509252b5d81a566ec92051e857836779767f258841db3fa1031a

SHA512
88b5cfe65ba6ba3e1c265cb3c7337b281effae2db20c9b205c0268c02c0f94bf7949b5afaa43f59b36f9ae3e971865e88f02738cb5b91a3f893e78c002f401d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fa1ed275a98ffc8448a05946aa95cb23

SHA1
9c1b0cfb9ed39026401720a8dd49791d03d97501

SHA256
2970e4e00d1807eb4d04a0dd24ec4881af6fdd0c3e96162ca374cf11dc3be973

SHA512
b838eb44f95817f789a06f31e3775aae44887fc83f5a84b9229c659fe993a53f0bfc7e7d4ed4b38d81398d30c9d8cc92b76cb15cff9d9aea428ebc5fd33be0b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c55148a7f6bbbb1f1b3a70dcdd4f2be0

SHA1
61bd06484d43a27bfcb99ac84e8910397735ec3b

SHA256
4f59fe0ce665d145d58eb87d5ce1d828fd29a167970dd963888b363e8d78fec0

SHA512
9471463fca01677b337c2c2504f9968defab79e58bcd0a6a2f57a46ea25927e1a72e01ec6622663f1893c2ac0bdc5dfd67e92717621e2fc6e2968bef74344393

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c3a7fd923471aa03f6c785409166bee2

SHA1
0008db92fc85c24e5b89f4922e2dcb1e7453ff66

SHA256
fb4ae47dcf449630a38125968a1f735bcf61594398590527338b2548e68e5052

SHA512
1de67c9e0bc6afe95e10c32c93f3510fe9965d15f6b5f7b2c7e63ca236360075fee265dba07b160c4f0f2406eb65043e53b70b27fe44da2d25b0be48c3fa7d87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
93e0f539f39fc2895514e14b87c0a45e

SHA1
a687090b73cadedb6fd52ac4e168ddea0abb7f1f

SHA256
bd26dec5eb21e544ea15998c3bb16bfd483d8c251d301276e5480521ff6a1def

SHA512
3ef71182f6afa4a2698edf769f2f906a8f116f8f4ff399851acb2ca0535f820dec8406f16ad7e6a87d83277632ca4bd8505613fbbcee54c8a26ecf9622e7d052

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eed5e301bf103b54b284542d06ad9503

SHA1
561975cb48f45b21770ed442313cd78e15753cfb

SHA256
0c3bb8c80aebd7070d4d2d78a2aa2a6e2a51caaf8040b70dd08a9d865b0ed13f

SHA512
efc464ad5b5ef8952a61db88cb10d7e7a55a9806b06ef871f370735ce4b37c57d158669c52e3686587559bd1a0a15a4dc30a522a51351bab2d86c1d85007e772

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1d4d6b7fd48df86d1e89a0bafb4e207e

SHA1
68bd6b91e1d8470cc95f2cffedd68a8c7d548af2

SHA256
71bef67493ab7f74856c4f63f6fb49c0eaca01ec7d525dfb3edef2999cd771fb

SHA512
27ab9e55ce7df1fc990c5a13eeb58a8fc0b2ad315ef2c0a6b106bf2567da4b02463c4cc721c0550877db002b64e678720f94f90698362e746e6b914da6225871

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
2c7b0db6f0cc6c84f1c0aab06308595c

SHA1
558e585865ce80e108905e6c37ef24153af81fcc

SHA256
03eb10fbc5dbcaecc6ac450a915ee1d757008ca87afcff18da9eeac24dc08248

SHA512
7f46be95868797656e9841e729164542f6ea4347e0b714e7e33e5a06a17eee1e492ad826b33492ac8c885576f40c0d23eeaf54ebc20e492e3e5b293c3e826e75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
f897c871f1232125518564947646465a

SHA1
201c26a4b1301ef7922fce06216b2cfe84238ca0

SHA256
b8f8302013fcaeb54639d87877c8f561a78cc9f438190cbd32ee226884d48dd5

SHA512
82a3d03ac2c925d5e1a34a39ca8176e4ab85c6e84f6736354c7297d0fbc8d7dba9f96e7af1a79e2aa32bef2f0adbb2d47a3c01731527852c4226dceec55396fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\0389c7ce-c0ca-4d24-a506-acf042002a1b.tmp

Filesize
11KB

MD5
79d3f182919a9267849c5de145bfd087

SHA1
03974e61b29a17caa47063752461753a78a6dcc6

SHA256
72d3f2db8cd062f73305457ae9c4dba2842c9e53386ecdacc3b3599dbcbb1345

SHA512
487b1ce52230c664b45ab501e4f6ebf6e490c45e48b819aa5d455ff605aa00386cc2486eaaa43e9531fb62ea99a036abda440946bf3ebc87ce10e07197639fd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f1d2c7fd2ca29bb77a5da2d1847fbb92

SHA1
840de2cf36c22ba10ac96f90890b6a12a56526c6

SHA256
58d0f80310f4a84f687c5ce0adaa982eb42fe4480510399fa2ae975d40bb8bc5

SHA512
ede1fafea2404f16948fe0b5ea5161ccee3ee6e40c55ff98c337eac981a6776b9c73dc030a5c59e4347aec91259f497539206e71949c33adcecbf2c846709e14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4c1a24fa898d2a98b540b20272c8e47b

SHA1
3218bff9ce95b52842fa1b8bd00be073177141ef

SHA256
bbcc378fcbf64580e7a48b4e7ca9be57fa0a1f2e747f488325685bdb18d73a95

SHA512
e61f196e7f1c9a5fe249abe9b11eea770fb2f4babc61f60b12c71f43e6fe9354cf14869daf46abc2c2655bce180252acd43c10562a2dcd31fa7d90d33253820e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
67KB

MD5
b275fa8d2d2d768231289d114f48e35f

SHA1
bb96003ff86bd9dedbd2976b1916d87ac6402073

SHA256
1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1

SHA512
d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
17KB

MD5
18a9531f05f4a3662558d102349767b1

SHA1
328114b78180b5931d651669bf0b21d3a5cf8adc

SHA256
2d427df292899c50caad69f5c59737ff07f39544e52ff6b9d01f4fb82ec0d716

SHA512
b52d9f81a88694bbb16551a50fefd69a3f3dcd0ce5d3d3f3e3a2c1d7de969b5f6e27ca9fd22f7e964108f9b39eb083a44ef161ee3b8c39f61fa5939a15d21b2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
ab5d3133282889f27c92e6fbd977dcb9

SHA1
2d325fa12d799c7253e57484410db8ebd110077d

SHA256
dd09c27765151c2af6ad4ba4dfecc12aba84bfdaa46a771a1c9806a021f67bab

SHA512
a035689865df78b5aa63c0f8076d5ca2d23543eb965e660dd39732b0972e409f06335134f60c8ddd3666c37ef3282654dbc38267b8e7998b615c6f3a368557fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
c5067ea2880d53d7ea18709c1c8f2545

SHA1
7e403f5afff5f196e8b56c1dd6ee516af829c8a8

SHA256
dcdf7e18b465fde59d4ec59ba3e7f04fc6288053bfb5ed62ac0d5e4182d11155

SHA512
6b201ab30124defc64e21d1706215d955756c8808760250c0453a03b85d4a35259b2ad47aa574b148c4d960fb51a9f43e2068b83049897c2269946c8292af0cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
788B

MD5
b15a6b414580459c6857cd6de53f8e25

SHA1
8299e6de8da0266187488dbf43f6489bec99c2a9

SHA256
5138a7491697d70cb04be9bb5c4d211fa20816e864c5ce579cedfe13acc5f1f4

SHA512
f7495d484090ca40174739ca492b748db467e3c5180658193798e855c1d726a5aed305119041d1a5b2d40b0323ee58c8c3cc69a897a47f48ceda47a46ed34173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
64489b09a8188d0199d0e6e5b262e88c

SHA1
0fa8731497df11bfc0777b6225c155595b17eaaa

SHA256
151fafbf13360c2e33a4e923efeb442e15433c998ae0a21102623db16a047448

SHA512
ab7eafd0298c148a37ef555484a68ededb760a1c95fe183428436550ee7c9283cc4b098e20cb18d59f55c47e3e7a066cfdf8b0ffdc8847a8df8dfe7ab21252d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
24d060ae0de0fd2e26c1ab03d9845fdf

SHA1
f619f19e7bc9f3ca255d9b8cd9e96719693add68

SHA256
266025994536b2ba728efe53203f7a90872488802f8904d19f9852c3d81a6300

SHA512
5e9f1e1c94b3ebfaf985fe79b895e501a83617c87d7ee937d59397d0cae7f7395be2ac34c13607fae1d6d7ddff4464618b3158f19747bb69f035a0e642b8ea84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
079e4baac3dafcfd57ea1e7f3efaceea

SHA1
f6ccc5719f386eafbc60b0ba051e4ff52350f610

SHA256
35fef4bf018073be606d66d2f272525fb5881ba821ad5d8e7d0e3f40fe6bc771

SHA512
884c4cb9cf231c095919932a224b37cc639b7b6ce29f606394a47e92ff7f835cb9e30f33b23740bca91639302ec00ccad9bc38653744d12cbf1b2128ec3639d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f207aa2a7dd39522b5c2c7c051caa468

SHA1
8199e6f100f039aa1e58bb135c19e98cae0aad0d

SHA256
d7c4f78176a0fbff0a6113c55beca1dd41cb54870309c612eb318872443c4713

SHA512
36c7bfa096af31801c0f70daa8b7dea511ee4c0aee140d5afc2c09240b1f9f0b92a1126be83cbb4a636bdb1ab7eaf0dba821c9dc914d344628925e0f58a5834c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b0b1f112a0421456807e5e9bcb6bb506

SHA1
07f92c521f8dd6e236c065f0e61264819bbd7303

SHA256
4521b8bdace13b4f4c1a3c63b0bc729ca63eee442b46250c3d749c0fb7167090

SHA512
16a004e651317b3b5d99e3b6f50f9774709d091386cce8ca7ef44efa410ab89abb1c20ae66f187503fb32f44af5c1a675db992f4bf69ff53de95379f317f1699

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e0e1fb8d14366545bc8d601623e9d856

SHA1
55c72af50f4f0b39d2074723b319bcb8e4fa7170

SHA256
1cc0d7cb49da988f4e942fa1e2ee7f6bc885452bf22cdcb3a7fb11fe5e8ff615

SHA512
601116483f8ba6e92c092e68ac6c98b9c6bdb281b5034ff37f7df22bcfd9e64bcb532b936381fb9410021bf999d54762c452f04c300d277c7621c926e06bdf05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
24295fa70c386061663ce223e259f214

SHA1
455306523adb3f53c0236506bc4758fc042bee64

SHA256
39bbd9d788d1046a3864ff719139fcd9ed63f7177f8bf5f20c23e0d9da0de9a6

SHA512
228842c033cecb18206648299adf4737b11ad5a3cf59610f67fa8b7ec89b04ea7c9baa300d86313efeb14056dc85a5ff1aa24cf68bbe2c1e742903c7b5d07c8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8bd647f79a993f947904cf8fb001b9e6

SHA1
c514db23ad9e1fe2e1260030e2e5660510d10488

SHA256
28b2da3097b90313d53147580ed6008e5654a05366ab2b7c1d5a9baba71cbc9a

SHA512
4a9d5ed94bd8a82c6c7b29052918523d49d38cb1fc7bd55849b914a66d9eac692ae2c7ce5973e030ee35a192cd3ba4f4ab9b98b7eb253d3ce3a6fc1bf807f06f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d1d9e057f352a906e709772710ae632e

SHA1
a204230a37d4d48f38f4f76bfaa1704fa3d3f71e

SHA256
be85adac5de73cfcfe140be4ed43f9507a26236ae0bc5aeb35ce3efa18172404

SHA512
bcf1578e9d3665760439301114807f8a02741fc6c2d9840bc8319187469c5d6c04415c555596df32b7ffd7e1f76255c997c60e63b8ed4df34906c8aa6a77e3d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2f11fa7ff1d96e0b6a3ad83032499370

SHA1
1ae247af6ddee3c3e6c0b838e215f782fe513555

SHA256
a8ada1d69f87fbde86457e9f5b0a6d0d8fc269ed6cd67f2aff5f9318867b5c93

SHA512
b9e624960a424ee47340b3849c4ce5ebdda9a7cda0945603c43ee8e34275faf47e7ab0495f4fc0f758dba44bb4ad61b68438cfa799feea1808f7ad909cfa0bdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8e25eac96a5d6a417809f5f5d0d337e0

SHA1
91231f387ee9a5c2b7cbd39f9c7c60888955805b

SHA256
cf3e7c40e03e51a715e13f89edba0e3dcd11cae21e868348f5b7804c39dfb4c9

SHA512
81c251a15b351d4f637d6fcae146f38edc0877eb39d5de0a5b47f0a362112342232a2df0a80d415482ae0df00f3c9f12b08ec71b0db02c9994a44b3a3627848e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5865ba.TMP

Filesize
1KB

MD5
59de8c22a899f7444bbb70ac06a5d6fb

SHA1
b7826beca2c5106c99b9f2c506dae3989b50c2a8

SHA256
9e60f471ed3ca3d199f2eb194e24ff55423e81fc8955de5610be289d77feb3cc

SHA512
3ba871a6253303d94bd2d6571aa1f92c489cde82f6452e5dc7120992af8a44564016bd28fdafe5b30e98720c4549984fce7b8d5b0060afd23ba954fff40f2c9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0f70d85f8bdfa8b8f936210428342909

SHA1
a21e6d1d49ed9036e6768a6db12fa2938488fb91

SHA256
a2f7a57ecfbb6870653943c5e98c05425b330c61b919f7156c8d609475be4fd2

SHA512
287b04fdf986e88b50a228648f687032d489294f9b118fb3160a161587def693e8e3ee01b6085a7704b82948e1d7d001e0a88f532b580c115c411bfd2ce131d8

Download Submit
C:\Users\Admin\Downloads\MadMan.exe:Zone.Identifier

Filesize
55B

MD5
0f98a5550abe0fb880568b1480c96a1c

SHA1
d2ce9f7057b201d31f79f3aee2225d89f36be07d

SHA256
2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

SHA512
dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 165185.crdownload

Filesize
2KB

MD5
a56d479405b23976f162f3a4a74e48aa

SHA1
f4f433b3f56315e1d469148bdfd835469526262f

SHA256
17d81134a5957fb758b9d69a90b033477a991c8b0f107d9864dc790ca37e6a23

SHA512
f5594cde50ca5235f7759c9350d4054d7a61b5e61a197dffc04eb8cdef368572e99d212dd406ad296484b5f0f880bdc5ec9e155781101d15083c1564738a900a

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 627393.crdownload

Filesize
141KB

MD5
de8d08a3018dfe8fd04ed525d30bb612

SHA1
a65d97c20e777d04fb4f3c465b82e8c456edba24

SHA256
2ae0c4a5f1fedf964e2f8a486bf0ee5d1816aac30c889458a9ac113d13b50ceb

SHA512
cc4bbf71024732addda3a30a511ce33ce41cbed2d507dfc7391e8367ddf9a5c4906a57bf8310e3f6535646f6d365835c7e49b95584d1114faf2738dcb1eb451a

Download Submit