6514b345465786d232a61f8aca8e3b60e2bf8a3e45f237086e55caac0c19cb4d

max time kernel
1691s
max time network
1696s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
24-01-2025 16:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_1d93e8597dd860cf81cd913c4b997818.html
Size

25KB
MD5

1d93e8597dd860cf81cd913c4b997818
SHA1

a7dacf6a32b194720a87130a16f2222c44f036eb
SHA256

6514b345465786d232a61f8aca8e3b60e2bf8a3e45f237086e55caac0c19cb4d
SHA512

c35592acafe20b18914ba7ee31201faa7534136df292d7c14436fb3bcbdd5f07b96b3b63897509068b8263ec4e12f55e192de027996dac8e63e08712fb891e98
SSDEEP

384:PqlIcCtF4JVGTHyk9v1o99t5W9ISFaTGHx6QckT/gbpLOXguLZ:sZtSF5zg9ExLZ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
1576	msedge.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\The-MALWARE-Repo-master.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
4536	msedge.exe
4536	msedge.exe
4112	msedge.exe
4112	msedge.exe
400	msedge.exe
400	msedge.exe
1576	msedge.exe
1576	msedge.exe
1972	msedge.exe
1972	msedge.exe
1420	identity_helper.exe
1420	identity_helper.exe
4276	msedge.exe
4276	msedge.exe
412	msedge.exe
412	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe
2612	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
4112	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4112 wrote to memory of 1120	4112	msedge.exe	77
PID 4112 wrote to memory of 1120	4112	msedge.exe	77
PID 4112 wrote to memory of 808	4112	msedge.exe	78
PID 4112 wrote to memory of 808	4112	msedge.exe	78
PID 4112 wrote to memory of 808	4112	msedge.exe	78
PID 4112 wrote to memory of 808	4112	msedge.exe	78
PID 4112 wrote to memory of 808	4112	msedge.exe	78
PID 4112 wrote to memory of 808	4112	msedge.exe	78
PID 4112 wrote to memory of 808	4112	msedge.exe	78
PID 4112 wrote to memory of 808	4112	msedge.exe	78
PID 4112 wrote to memory of 808	4112	msedge.exe	78
PID 4112 wrote to memory of 808	4112	msedge.exe	78
PID 4112 wrote to memory of 808	4112	msedge.exe	78
PID 4112 wrote to memory of 808	4112	msedge.exe	78
PID 4112 wrote to memory of 808	4112	msedge.exe	78
PID 4112 wrote to memory of 808	4112	msedge.exe	78
PID 4112 wrote to memory of 808	4112	msedge.exe	78
PID 4112 wrote to memory of 808	4112	msedge.exe	78
PID 4112 wrote to memory of 808	4112	msedge.exe	78
PID 4112 wrote to memory of 808	4112	msedge.exe	78
PID 4112 wrote to memory of 808	4112	msedge.exe	78
PID 4112 wrote to memory of 808	4112	msedge.exe	78
PID 4112 wrote to memory of 808	4112	msedge.exe	78
PID 4112 wrote to memory of 808	4112	msedge.exe	78
PID 4112 wrote to memory of 808	4112	msedge.exe	78
PID 4112 wrote to memory of 808	4112	msedge.exe	78
PID 4112 wrote to memory of 808	4112	msedge.exe	78
PID 4112 wrote to memory of 808	4112	msedge.exe	78
PID 4112 wrote to memory of 808	4112	msedge.exe	78
PID 4112 wrote to memory of 808	4112	msedge.exe	78
PID 4112 wrote to memory of 808	4112	msedge.exe	78
PID 4112 wrote to memory of 808	4112	msedge.exe	78
PID 4112 wrote to memory of 808	4112	msedge.exe	78
PID 4112 wrote to memory of 808	4112	msedge.exe	78
PID 4112 wrote to memory of 808	4112	msedge.exe	78
PID 4112 wrote to memory of 808	4112	msedge.exe	78
PID 4112 wrote to memory of 808	4112	msedge.exe	78
PID 4112 wrote to memory of 808	4112	msedge.exe	78
PID 4112 wrote to memory of 808	4112	msedge.exe	78
PID 4112 wrote to memory of 808	4112	msedge.exe	78
PID 4112 wrote to memory of 808	4112	msedge.exe	78
PID 4112 wrote to memory of 808	4112	msedge.exe	78
PID 4112 wrote to memory of 4536	4112	msedge.exe	79
PID 4112 wrote to memory of 4536	4112	msedge.exe	79
PID 4112 wrote to memory of 2892	4112	msedge.exe	80
PID 4112 wrote to memory of 2892	4112	msedge.exe	80
PID 4112 wrote to memory of 2892	4112	msedge.exe	80
PID 4112 wrote to memory of 2892	4112	msedge.exe	80
PID 4112 wrote to memory of 2892	4112	msedge.exe	80
PID 4112 wrote to memory of 2892	4112	msedge.exe	80
PID 4112 wrote to memory of 2892	4112	msedge.exe	80
PID 4112 wrote to memory of 2892	4112	msedge.exe	80
PID 4112 wrote to memory of 2892	4112	msedge.exe	80
PID 4112 wrote to memory of 2892	4112	msedge.exe	80
PID 4112 wrote to memory of 2892	4112	msedge.exe	80
PID 4112 wrote to memory of 2892	4112	msedge.exe	80
PID 4112 wrote to memory of 2892	4112	msedge.exe	80
PID 4112 wrote to memory of 2892	4112	msedge.exe	80
PID 4112 wrote to memory of 2892	4112	msedge.exe	80
PID 4112 wrote to memory of 2892	4112	msedge.exe	80
PID 4112 wrote to memory of 2892	4112	msedge.exe	80
PID 4112 wrote to memory of 2892	4112	msedge.exe	80
PID 4112 wrote to memory of 2892	4112	msedge.exe	80
PID 4112 wrote to memory of 2892	4112	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1d93e8597dd860cf81cd913c4b997818.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff926c73cb8,0x7ff926c73cc8,0x7ff926c73cd8
  2⤵
  PID:1120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,344157505777882454,11260858091898272938,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,344157505777882454,11260858091898272938,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,344157505777882454,11260858091898272938,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2408 /prefetch:8
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,344157505777882454,11260858091898272938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,344157505777882454,11260858091898272938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,344157505777882454,11260858091898272938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,344157505777882454,11260858091898272938,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3904 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\DisconnectPing.htm
1⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xdc,0x110,0x7ff926c73cb8,0x7ff926c73cc8,0x7ff926c73cd8
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,14853749705704738433,1339858446828759834,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,14853749705704738433,1339858446828759834,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,14853749705704738433,1339858446828759834,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2620 /prefetch:8
  2⤵
  PID:792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14853749705704738433,1339858446828759834,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14853749705704738433,1339858446828759834,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,14853749705704738433,1339858446828759834,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14853749705704738433,1339858446828759834,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14853749705704738433,1339858446828759834,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14853749705704738433,1339858446828759834,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,14853749705704738433,1339858446828759834,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5032 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14853749705704738433,1339858446828759834,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14853749705704738433,1339858446828759834,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14853749705704738433,1339858446828759834,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14853749705704738433,1339858446828759834,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4540 /prefetch:1
  2⤵
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14853749705704738433,1339858446828759834,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14853749705704738433,1339858446828759834,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14853749705704738433,1339858446828759834,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14853749705704738433,1339858446828759834,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14853749705704738433,1339858446828759834,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1712 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,14853749705704738433,1339858446828759834,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6184 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,14853749705704738433,1339858446828759834,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6808 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2612

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1820

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
807440ff399f01b1f9fe2b6c13ee1e1f

SHA1
91461a82a1042ce660ac98d7f889d5d5b2769bdc

SHA256
c9d7ddb415e56f9f4aedbb2d4aff84dc1b77b3dc24f6adc4bd3a588739c69c8b

SHA512
d0f78cc18b251d25b7c5ebd59fe85f92452c054ada49f544ba87f0ebf5528f99147ccfc5803d5c967ce86b449178b0f38492ebc39aaa5e3d8d180d54a6b77e66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
24cf96ce707cdc8cf498a4f514d7c80e

SHA1
7ca3c3adec307e9781f89faaa615cd5fdb3b39b3

SHA256
868f15a348348fb0538682da9052dc82f1e8b54d742f1cbe0d7bb613dccbc9e7

SHA512
d28d000c5f1427f455b0d0c316706addd6ac4517d4ece22045afa414ce2a3fbe611b92948687ec9a187694305dc8306acefa34a20bd380583b092bdf305fd681

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7145ec3fa29a4f2df900d1418974538

SHA1
1368d579635ba1a53d7af0ed89bf0b001f149f9d

SHA256
efc56eb46cf3352bf706c0309d5d740bca6ac06142f9bdc5e8344b81d4d83d59

SHA512
5bb663ede88f8b7c96b09c1214aac68eda99bc09525ac383baa96914ff7d553ea1aed09e3c9d16893d791c81ddb164c682dfbb4759ac0bc751221f3e36558a91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d91478312beae099b8ed57e547611ba2

SHA1
4b927559aedbde267a6193e3e480fb18e75c43d7

SHA256
df43cd7779d9fc91fd0416155d6771bc81565e98be38689cb17caece256bf043

SHA512
4086c4ebe410a37d0124fc8bd00c58775e70ab2b7b5a39b4e49b332ce5b4866c6775707436395467aff9596507c96fb4896f3bf0249c5b9c99a927f31dcc1a96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
15ffac9d03fb291db68e1c15b33fd20d

SHA1
93f486b48f94ccdf0229d3e22259363b1381e4ca

SHA256
2d3295241f9f604268dd526d7e081c9beb4bdb33c1f9059b296e3095a9d64308

SHA512
a1ca41aa8f496d4a75f2e91406061d6efc118089895b788a2759a9dd58137beda528c0bb5376f636a747ff66005e4ce84395e829d4021c3def85e3d4f91bcd73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
7983e080b7540140f6a84ea88148656d

SHA1
f115e91e103e68d930d3bfc2fa4aea53e2c165f2

SHA256
9bb6ec059579f92d7c5b4cadcc1bf86640fcacc8eaed890c288b5c2c7af4f666

SHA512
b298df72e821cebab928da279ee3d8e5bf7e59faeb74fab58085a88f00b1596a098f13a9f0f8cdab05f6bb65e5ff4a86e89fe902528d6cbb880f6fdc271a420b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
24838a3f1d09540904b9430491fff75d

SHA1
342a300074be15f3b2abce8a7da2631bfd97be1e

SHA256
ba8797b4493c4ce18e31bb4451c5d0bed99aeb8abe124d5b965e2f9a9ce8179d

SHA512
b180384d3962122b3430e4eeca1f6bdb4f49151799023dc86aef9d682aa70056b28da8b5b5e311e4e49d196169c308457ee6275acc53a3a37de2f68bb672cb02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
e1e8b10f57274c622bd69ec72e381df5

SHA1
06dbb1b3e4a61bb81000b11954f32ff1909be437

SHA256
8facabdaa3dab9ce6ba3a4161d861bb7f528193a555d7a4cf899f7600113e644

SHA512
6b7b905ccc714f6ddb322127703eaf1d435a7851e6769d4320ea3752af04c279995685b42bd99534488e12509f3ba018fc8700ccf2f084b37b4e6f53b9bb8f22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
8f631f657d1687cce75f7a4970dd7a57

SHA1
00c0a9b23689a64a4f52439757ecde5f2a0615c7

SHA256
77c7e34674101034fcca285d9414de52754b68692bb5c5b37f349b01822af790

SHA512
d07de34f179dc7af96609c1fa35900499a4140d58e81c25b63557e0279a56d06f22308b3ec15818e0312a9678a041bd03b0fed5e40ebb12600757368604ecbb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
77c732f3f798988afb93889a3a009d5d

SHA1
009e28e404f7497f7d49f004e5594be0deffebfd

SHA256
bd271d1875aa2ca9a8c3c517b931712f31eeef986df89a19f0f9661781697349

SHA512
4175bb786ff3b224ee51e2a1943f166e9edda16254f482960bde492c61df1284b2291c708b6e5678d587d4e4ee1654aaa576af3847705375d61cc73d435c309c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
18aed889f252f9822c70f3c8b7c9a57a

SHA1
ed07006202b0f38ac79572d469350f222e302c5f

SHA256
02a049b67e60d11e360141e355b8eabecc2c18dccde27885f781d1bcb155efdf

SHA512
37fb30518cc444dd63f92da1b2c5c640f73c27409eeaa404ad1e9ca27f3ed6827faa5549333c88c02da133cb1a8b0efb59f8d2d1c6cc04304efe9e4594d65ad8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
1KB

MD5
00901af4d09c4ea4fbec0fb178420a86

SHA1
ff80e909d03561bc155d02b79312f2657cb9fef2

SHA256
48bac09c5f9dcff13761d970db31a1219e8d82ae6003e912c0f425d3703301e5

SHA512
40ba18004352fd79ae397d0a4b8313d164e7b1874ffa23c90dff79d3d34c4d2120f9dddb6abdcb6dec10a6cb7a7e9ad81780e3729a7e25d0c25e683184296dab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
28KB

MD5
83b8b9dd6ed0f7691ad766c9b2ed8843

SHA1
d828ab7c08b49a724fed5dbde86d9871de9d6ab9

SHA256
d9844916eabe7664147aa911653aa1e30d0cc37229f865bd3fb8157f25dba98d

SHA512
af8cb560a23dd7a571eed2788e3b4063ba16a34523f05c34c1a28934d140894db1c471881a49b96783ed09b8a461d17bf931bb047b9f4884574982dabf622b9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
7e2c7aaf61e33aab16ac2c592690897d

SHA1
913b0346253f21e9783f613cb143cb533ff30d2c

SHA256
6b55523ba631e42f8a700575e8fa715ab2e80aafbb910f4e69065727dbb1acac

SHA512
ca427fb8914998094ac0af9df3e6e8f1b7d1ac882aed6739d6d54c8def12233b619afa1fbc2dd13cd4e08a13b0be1861e069d34711e36c2e71bff1a41bf697bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
934B

MD5
b9dc13a8f0902ae4da1d7a7cd8bae459

SHA1
9c0f5005c7b6836adac4cb2e9368cde14dd56da2

SHA256
11a206d0d17a16d09808fd6f6357497d41ca4875d933b06be0c9c852d2689ed1

SHA512
bb4043cd28941085fdcab9a0468fb092f041620faed62cf024a06c0c761a1b131d528e412865df831d69b931d728343e8a1bc2ca432f6447504f0f580cd9ff09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
049d486c77f0beba43f2de0e63adb382

SHA1
82552811f15375a1f05aa8060d778f83a79a7b46

SHA256
ec56603aec039c0cc071f52539d0e2751d900f2401ce16fce369bc49c29e3472

SHA512
9ecbcb2c9908009ba0088e4f08a9d88f31efc72715ba1ceb94c6833016f1495fcdfca0cfb91d87861125662baa25a0dfa035c83f1a7ad8d4a1e74953e94be356

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e973ef330ea64c541d4718fa4736936a

SHA1
af99edb669bd94ecb1124ee66ad17b2e138bdcfb

SHA256
afd378b25ff482e758548b8d6ce58c11b8c62d60789848c59994763ed45e61c4

SHA512
2c2ad18a81f484d0a7eb38b603e6ae71ac5a4e678c3434d5aaa819b5d80edd2a67b912171081eb73b071914a437b1a9da8eaa21d3b13fe45623cad1411c09866

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
18ed28cc7ae6d468f007eda9c3e223fa

SHA1
801c07149cdf8437a947af20b2318c4512d38323

SHA256
a1a133238a1429cc434ffc316261c1132131d1bc1b6fb51559bc18b66669a3c4

SHA512
12fffc6d32373a0d30ecbb0054111c8cc87261821b30859e3b71491cec06e133c21c62aa345c5dce54e975dc6cc0daad90711c7ea8f1257d0e82ecb8c20fb1a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6cad47586a770c24a5ee06dfc79c733b

SHA1
e48d0b69d4618204367fa48775a79fe765cac64b

SHA256
f481d2f8431e8e461995dd138b1152f38f6f41e4b46a91a5dd76f0dd28c40ec8

SHA512
57fa384bf2b649e3c0d1fda2196626e99a927b19cb57e73e328e96cf9d07c584c2cce74d95021e9613a8f99edd92b9d51470d32ee5b957771bf0e03b0620aa01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
75da20e39f05562606e2bd93ed13d9f7

SHA1
d2bc98e5c52420267d761aa957d70770da673966

SHA256
59317055170dfa6cab1631066cfafd851f4e17c438f6dd6ece3852411a62c3f1

SHA512
554cf1a494933a6e398c2025bf5e905589f18b1f6f4f661df6bd094ebdb9ffaaeb8825134abbb424e4237e21c47aa64c608ad3e10e401adb9746a05639ffb806

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
137B

MD5
a62d3a19ae8455b16223d3ead5300936

SHA1
c0c3083c7f5f7a6b41f440244a8226f96b300343

SHA256
c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e

SHA512
f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
406d55894c0e525e6a67c367a3650840

SHA1
6df5ec68094cea645d82da76d71cb0139987911b

SHA256
3aeba3cc9c2182b66445d83eac90e2a2e31ca2a9cbfbfe31e89f705368aae571

SHA512
820a38451c7b04af086d649c1d43c7a605d6514a5f46c2a7318a532717fc3e1ca2927adfd84960a537771270a8fbe0b9317b19c6cdd6aaa646e421e06382ce32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13382208281026419

Filesize
1KB

MD5
21dcbec08881145b9ffc021fd9b7a753

SHA1
de45da70d8044453ea2bd277db750f19c3ad9fe6

SHA256
1e789e0408fde383ba3b2d00830d80e939e5a85b1c42dc0a47f81ddb2773c24b

SHA512
336fa4a076c34f9b26beea90716d05f6d94cba83b5319d9f85a3538414ad2407d81fc249c93591edeb0cbe100d753fa6586fa79f37f24ea1bce27150d61ecc68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13382208283540419

Filesize
1KB

MD5
790fb3f29c472744c15329cab23e7f91

SHA1
9551fa89aee7e96dab12047018077af145f358f4

SHA256
a3a8dd9b908355251c929fc6452396f2a4124c4fd06eeb525b69ecc4b59bef28

SHA512
5f907dab289f2979e859ae3a15963c1f47a6e1e8981565d1d8824f3564bf7c9bb1aea1e1fcf61a795d49734b1a3ef71ccfcce04d1b1c1924e20a569e4ed1a1d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
f6bb3ce5178c5f6fe4b65c9a541e9c73

SHA1
8847ba012ade4ee4185ca27d8039f118a5c52559

SHA256
ddac7afb60bff6a925392f5ea8a67d2351dc298a6acdf682c10b445817107aa1

SHA512
a1332515d1959031bf2a4348f533c99e0a4a11968b96a22e268fa105560770686b73fd4b62b0b73a403049ef06fbbfa8638f00713774b598a5b25c5194bf3564

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
0c6c9448e80619ee6ea5b032bebf6c4f

SHA1
71773c0d9efb15eed8235e272179c22340dfd771

SHA256
0729c671c2555d236faa08a063b3da5bb005295d92b4fb65259927280096c71f

SHA512
e73f7f07bd4379e60e1fb332c19076d68ba0fbc8f1ae3d34060295d10e3ba318a552cafda915e0cf003b33b12a8f1e6f6a1652c6c96a5e59eae4013373cd3462

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
02c88283381d5f539761ebff4bed0f79

SHA1
da578f39127b94bc950f3bc5eb58bdb86ff897d2

SHA256
473d7d47ba5c826a412416fbf7c0f4df9f3e5f2f12faa79d3510631c12e28f69

SHA512
88afc504a52f9293f86167f910adf73359808692da8c5db6f7793a297b5eddb384672a036680ada5959c0d6038b0f5bfb97320a9ac31908f212fcd6d2df6d40c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586685.TMP

Filesize
1KB

MD5
b8a7e4f369caf13ecf53cfac3d8a8c62

SHA1
4330c66c5022ca7fe723c97f82c3b8493fcab1b5

SHA256
bdc11488cafdc512933de6fe81957dfb8dbf7267b4be91e738a6e0e925bf7d69

SHA512
0d3cd3f316fdb530f8dca928d0286cc4d15bb8ac547299b5b6dd28ad273ca9d8c2c5ce3eb4a3bd2f483df57e8b7f43319852e302eb0c362176718315631f051d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
60ebc17442f4eaa68e2d147827edd0dd

SHA1
518ac0e50b5ce307634e08080bd2ecb6718b6d6a

SHA256
9c3d9e52085e76e22c297f524f26f9e73c8c0a83ca8be8be28a63f7d1851a322

SHA512
703ffdfb35d615c163fc8ac487fa6dd37fce91c5f35428d85f5de0618f03d3e20c2903e37c1691e4ea6b231d3548ae84933a624d66246b1e4354873d3d2afe8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
41ba5ba76de21ec5b84f1c39ec065eab

SHA1
fdac755549c43e1ad015bdc239842d09973b6352

SHA256
be9801a82f8f8f1fc80cc93dc719491a75f2f257646b86402ee1ef1ccf225b8f

SHA512
5172709ee5b3312a47900d80358ccca31e03dd0211e8c33d1c00f84dbe8076ba25d198fd5ef74a8e0a92ba86c73457a59c09c534d59dd6224a2905da094dc682

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
fa8486bb3aa9562720e75567c02a96e8

SHA1
a47cd04ec477eda4626c322193b992e258196f75

SHA256
c3b370b7302e8d4dbb1e24467dc4877c03bc1c443d01271ee5440cbf97dd192b

SHA512
b39c5f42376e0b13aed234dd5ed50eda147431b2e99c8840361c73e1386b51c41fc303f0919f1d8e894599da1ca7f5cd5515faac9e0973e1f53e51b15d2381ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
1ed40972821339db25bb076720c95bc5

SHA1
8874d3caad081b8c1215ae5d424d2d6f414a324a

SHA256
8538fe569d8d272dd4b2999e7934d04302df969f90f7aa02859f28c30473aa5d

SHA512
ced8c3d9bd872278eb3344fa1bbb213a2a2c4fb9ab9e196edb989fe769e2eb11cb5e652690048a26b034448387689f002fbeb04277671176e192c46401395a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
138be061a2bab98fdcccc077bba0dc3b

SHA1
afed2373c6a3db8109bd4219d995d9aa533f09bf

SHA256
3cd75b301c4fc42b2e66fa0c391705463eb1e05ec8c7c1ae306cffdfca6f5862

SHA512
18b870f7b5171a745f15eb4b8c65544c915c8fe321aee6eb8596c5aabdb576b6090073ba847ec02d93623c6089364dcc90eaada456290288d82d188921a4838e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
b890b701f9803c7bbae37d257924cfa2

SHA1
502f23ed7a9bfe8378d3a22038c9464498c7585c

SHA256
1dc39792d33e7d8de44657c007f48d96c051c7c415b4b7021a77aff5adeebd03

SHA512
e506f88048fe9e707b5a088e63966c8b3cdc054a5fb0e1f70725811e6578d8127b9c43cd26a4c4d5b6ad9c530f00eb25874f58017e938a828d9fa1705e56499a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
f02c86ef91627c9e62289358a2c75a31

SHA1
d2dbb1a3a3afb8698866fb5aa2d575995ad0da6b

SHA256
23feecc8cd860f6c966630f88166950b6d30fd72377d45b0945c9b7f87e14b9d

SHA512
fc46f745f3f144495afcc8eec2b0b7b47ee594c03f063eae975da9f56975f0d7fff78cf2da2b7232afb65bd088316c00c1678ab8d5a11e3c9693fd523e72f94e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
177a72d7d45d059247ff4ebd8ef3ac61

SHA1
769308b7d45a0319af8b11c69df38839fb07428d

SHA256
5e3eaccb2290c284b9362b86a85aea6cde2dc697f2bf714cb42c7ba929fff47f

SHA512
12bd65b7a6ddace6d2d6e8414e3c59a43ca0d9561df3a5b522cd40c07fea4ef1303ffa366c31b7bda27df18f9505f72d8c374061ac2659e0290e7bbba59cc5d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\e5fd1db8-239f-4a86-9658-396fcaff0d32.tmp

Filesize
11KB

MD5
c04b62b2747fc7e6222bdf463e364492

SHA1
b5ea943187f83497dc7fda448c51f5289d625f9f

SHA256
8c059ba0638b68666108d100f1f3ccfc64ee8f78b0212ff97df59c3f0d71cbd9

SHA512
7d1b8fab95bc751ade036780075915babf1ea61975c5e256e8cf7f23fa2017e76bf82201365a5e84b3516f466b8f346088d9fb41ad3e3a0a2d0592b4b38d2a13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
5B

MD5
ccd217e34b26aeedc032f2f810decb22

SHA1
35b08bb8cbe64e9bd7dfeb430ae5df798d8be292

SHA256
0e8f637a7e6c801461ec7bfc436fdf81e65da9de76b34d9e344d09bba1b16d7e

SHA512
a58792e7362fbfcb42d31011a89e9121d3d40e5635a7ac0ac84f435bbf77df9968329e7eefeec2c2bd71525274fdaddd57544fe3f211282ef31d5b3dc56592e2

Download Submit
C:\Users\Admin\Downloads\The-MALWARE-Repo-master.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit