hxxps://upfiles[.]com/wDKF8

Analysis

max time kernel
212s
max time network
214s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
17-07-2023 18:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://upfiles.com/wDKF8

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\Control Panel\International\Geo\Nation	WinRAR_Patch.exe

Executes dropped EXE 3 IoCs

pid	Process
404	WinRAR_Patch.exe
1156	installer.exe
4652	winrar-keygen-x64.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 987320.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 24161.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4708	msedge.exe
4708	msedge.exe
3248	msedge.exe
3248	msedge.exe
4552	identity_helper.exe
4552	identity_helper.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
3812	msedge.exe
3812	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 32 IoCs

pid	Process
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe

Suspicious use of FindShellTrayWindow 43 IoCs

pid	Process
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4708 wrote to memory of 4084	4708	msedge.exe	84
PID 4708 wrote to memory of 4084	4708	msedge.exe	84
PID 4708 wrote to memory of 2812	4708	msedge.exe	87
PID 4708 wrote to memory of 2812	4708	msedge.exe	87
PID 4708 wrote to memory of 2812	4708	msedge.exe	87
PID 4708 wrote to memory of 2812	4708	msedge.exe	87
PID 4708 wrote to memory of 2812	4708	msedge.exe	87
PID 4708 wrote to memory of 2812	4708	msedge.exe	87
PID 4708 wrote to memory of 2812	4708	msedge.exe	87
PID 4708 wrote to memory of 2812	4708	msedge.exe	87
PID 4708 wrote to memory of 2812	4708	msedge.exe	87
PID 4708 wrote to memory of 2812	4708	msedge.exe	87
PID 4708 wrote to memory of 2812	4708	msedge.exe	87
PID 4708 wrote to memory of 2812	4708	msedge.exe	87
PID 4708 wrote to memory of 2812	4708	msedge.exe	87
PID 4708 wrote to memory of 2812	4708	msedge.exe	87
PID 4708 wrote to memory of 2812	4708	msedge.exe	87
PID 4708 wrote to memory of 2812	4708	msedge.exe	87
PID 4708 wrote to memory of 2812	4708	msedge.exe	87
PID 4708 wrote to memory of 2812	4708	msedge.exe	87
PID 4708 wrote to memory of 2812	4708	msedge.exe	87
PID 4708 wrote to memory of 2812	4708	msedge.exe	87
PID 4708 wrote to memory of 2812	4708	msedge.exe	87
PID 4708 wrote to memory of 2812	4708	msedge.exe	87
PID 4708 wrote to memory of 2812	4708	msedge.exe	87
PID 4708 wrote to memory of 2812	4708	msedge.exe	87
PID 4708 wrote to memory of 2812	4708	msedge.exe	87
PID 4708 wrote to memory of 2812	4708	msedge.exe	87
PID 4708 wrote to memory of 2812	4708	msedge.exe	87
PID 4708 wrote to memory of 2812	4708	msedge.exe	87
PID 4708 wrote to memory of 2812	4708	msedge.exe	87
PID 4708 wrote to memory of 2812	4708	msedge.exe	87
PID 4708 wrote to memory of 2812	4708	msedge.exe	87
PID 4708 wrote to memory of 2812	4708	msedge.exe	87
PID 4708 wrote to memory of 2812	4708	msedge.exe	87
PID 4708 wrote to memory of 2812	4708	msedge.exe	87
PID 4708 wrote to memory of 2812	4708	msedge.exe	87
PID 4708 wrote to memory of 2812	4708	msedge.exe	87
PID 4708 wrote to memory of 2812	4708	msedge.exe	87
PID 4708 wrote to memory of 2812	4708	msedge.exe	87
PID 4708 wrote to memory of 2812	4708	msedge.exe	87
PID 4708 wrote to memory of 2812	4708	msedge.exe	87
PID 4708 wrote to memory of 3248	4708	msedge.exe	85
PID 4708 wrote to memory of 3248	4708	msedge.exe	85
PID 4708 wrote to memory of 3976	4708	msedge.exe	86
PID 4708 wrote to memory of 3976	4708	msedge.exe	86
PID 4708 wrote to memory of 3976	4708	msedge.exe	86
PID 4708 wrote to memory of 3976	4708	msedge.exe	86
PID 4708 wrote to memory of 3976	4708	msedge.exe	86
PID 4708 wrote to memory of 3976	4708	msedge.exe	86
PID 4708 wrote to memory of 3976	4708	msedge.exe	86
PID 4708 wrote to memory of 3976	4708	msedge.exe	86
PID 4708 wrote to memory of 3976	4708	msedge.exe	86
PID 4708 wrote to memory of 3976	4708	msedge.exe	86
PID 4708 wrote to memory of 3976	4708	msedge.exe	86
PID 4708 wrote to memory of 3976	4708	msedge.exe	86
PID 4708 wrote to memory of 3976	4708	msedge.exe	86
PID 4708 wrote to memory of 3976	4708	msedge.exe	86
PID 4708 wrote to memory of 3976	4708	msedge.exe	86
PID 4708 wrote to memory of 3976	4708	msedge.exe	86
PID 4708 wrote to memory of 3976	4708	msedge.exe	86
PID 4708 wrote to memory of 3976	4708	msedge.exe	86
PID 4708 wrote to memory of 3976	4708	msedge.exe	86
PID 4708 wrote to memory of 3976	4708	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://upfiles.com/wDKF8
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa743f46f8,0x7ffa743f4708,0x7ffa743f4718
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,6851167806515284996,16142162740891821055,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,6851167806515284996,16142162740891821055,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,6851167806515284996,16142162740891821055,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
  2⤵
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6851167806515284996,16142162740891821055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6851167806515284996,16142162740891821055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6851167806515284996,16142162740891821055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6851167806515284996,16142162740891821055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6851167806515284996,16142162740891821055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6851167806515284996,16142162740891821055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:3812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6851167806515284996,16142162740891821055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6851167806515284996,16142162740891821055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,6851167806515284996,16142162740891821055,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6748 /prefetch:8
  2⤵
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,6851167806515284996,16142162740891821055,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6748 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6851167806515284996,16142162740891821055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6851167806515284996,16142162740891821055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6851167806515284996,16142162740891821055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:1
  2⤵
  PID:5600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6851167806515284996,16142162740891821055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1
  2⤵
  PID:5740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6851167806515284996,16142162740891821055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2264 /prefetch:1
  2⤵
  PID:5864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2032,6851167806515284996,16142162740891821055,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2680 /prefetch:8
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6851167806515284996,16142162740891821055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1
  2⤵
  PID:5148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6851167806515284996,16142162740891821055,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2128 /prefetch:1
  2⤵
  PID:5484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6851167806515284996,16142162740891821055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3080 /prefetch:1
  2⤵
  PID:5404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6851167806515284996,16142162740891821055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6851167806515284996,16142162740891821055,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
  2⤵
  PID:5756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,6851167806515284996,16142162740891821055,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4872 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6851167806515284996,16142162740891821055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6851167806515284996,16142162740891821055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1696 /prefetch:1
  2⤵
  PID:5236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6851167806515284996,16142162740891821055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6916 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6851167806515284996,16142162740891821055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:5544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6851167806515284996,16142162740891821055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7156 /prefetch:1
  2⤵
  PID:5536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6851167806515284996,16142162740891821055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:5748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6851167806515284996,16142162740891821055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6851167806515284996,16142162740891821055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6851167806515284996,16142162740891821055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:5268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6851167806515284996,16142162740891821055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6851167806515284996,16142162740891821055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
  2⤵
  PID:5752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6851167806515284996,16142162740891821055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4572 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6851167806515284996,16142162740891821055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6851167806515284996,16142162740891821055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2032,6851167806515284996,16142162740891821055,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3788 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2032,6851167806515284996,16142162740891821055,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6220 /prefetch:8
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2032,6851167806515284996,16142162740891821055,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3920 /prefetch:8
  2⤵
  PID:5672
- C:\Users\Admin\Downloads\WinRAR_Patch.exe
  "C:\Users\Admin\Downloads\WinRAR_Patch.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:404
- - C:\Users\Admin\AppData\Local\Temp\RarSFX0\installer.exe
    "C:\Users\Admin\AppData\Local\Temp\RarSFX0\installer.exe"
    3⤵
    - Executes dropped EXE
    PID:1156
  - - C:\Windows\system32\cmd.exe
      "C:\Windows\system32\cmd" /c "C:\Users\Admin\AppData\Local\Temp\900C.tmp\900D.tmp\900E.bat C:\Users\Admin\AppData\Local\Temp\RarSFX0\installer.exe"
      4⤵
      PID:5404
    - - C:\Users\Admin\AppData\Local\Temp\RarSFX0\winrar-keygen-x64.exe
        
        "winrar-keygen-x64.exe" "[Xeryiar] Activated for: Leah Barnes (Tech support)" "[Xeryiar] Licenced by: Bryon Bylsma (ICT)"
        5⤵
        Executes dropped EXE
        
        PID:4652

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1772

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4688

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\74f6e660-45d5-45ba-8856-1096afe96998.tmp

Filesize
12KB

MD5
2ab712861b552c5d6ca501185b604feb

SHA1
fc8756d6ecb9d9a9049aa9908799c8e8f5ce3282

SHA256
4a97179a37bff7b71c3080c32f85b93b4961ced9efa6a99b11aba7c5728bc6a6

SHA512
d2bdd05b58753b6eb37cedd78d6c18dbca321120d6566299782ee4f2c3c6f266e338f19e2b03c95d72d0bf69af09d67a4b9e0ead3fc014c4e4dff8ef2129cdb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a7ad9bb1054aa03e39b3554833d0c3ec

SHA1
cbd5b99ca100bc2f1292df23bf8e2a5a6f9640d9

SHA256
0c3eae39386b4117ad26187afc4933e254468cd12d813271f4b7420cee73c189

SHA512
d1d0b77e0bc412b4ee687e849531a7c9b70200d45d0bdbf38357b6fc59af835522e749b2fd8c2d4cde73518970568c38d73416c97381a11cc6029c14b1678276

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\717783b6-e133-4d5d-8469-269a84f7f382.tmp

Filesize
9KB

MD5
4de5ce85292eb81cf956c15b5e52c208

SHA1
8b6a8c06f057e5a1232d618ce3253f87f9c6cc4e

SHA256
36fe152bed35bd6a72e22e611d14053a5cf6f8f6ce5cc92923b0946a715d89c3

SHA512
9c34b387329a1c0092a905228df798bf5f31cd872a4451fbdd9852117066337ede88d306f9894214acc3ec9de3bfc0d95bda6f543400be760b0e2600e22caaca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
46KB

MD5
da81f25855b16c4d3679609c74a68df3

SHA1
d464c2ccf1ef3964c063416b593c33bdf0cc90c6

SHA256
4d9bba10295ccc7aa7cc593d9cb7d2fe00cbed2f8f4bdeb5641193eb639126ab

SHA512
4059de9882f30e5f4d73c13dcc859142546f7f4b5a966fe083109d7d9832cdda7f05626054f0dc901bb96271b8d7d5b711032151bc84575cd8a912d587a7579b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
64KB

MD5
57c31810491d51f1f9448e23aa2da7e7

SHA1
381fa5e102f1bb64a917750a33e0c1a87a2b9548

SHA256
b9f1080f366373f09544d9f0f0958d8a1d875560e595e316a59ab57cf3a6b64a

SHA512
8dfa5389cc9ee1bede00d175a748e025dd609eec1c81db70d10b5a55cd00424141b5a718f10672c1bdb7927e0f14a445ada7d5f3cfa1e4548ee7ffecb9b8556a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
27KB

MD5
ac621a9ecdb1106b2d9439a69eabca56

SHA1
9cfbd2269b83e9000689ac4df38cad2a7e3891de

SHA256
3d0023b25e38974ebafa72093953cad7b21c0ff3f5f7fd85ff4fde3de87be399

SHA512
9673c4496d70ef5e4f6d355796131ebbad1ae0f35b0c519e8311a8e5f4ea7060712ec7695d1c2e6adf1ad23c12902778108f958181e3efde342d1ce8096b32b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
76KB

MD5
a831d6983ba3c663514ca1aa5b859d62

SHA1
f89a708178cae200d47f0e7a063d382e63879d3f

SHA256
02044d664b06973cb4f7c0e4c820a37df0fb752d3377eff81abcc7044fe28a14

SHA512
a30b74014401bed4aea55ea45a55ef8f0eb4af62bd147817f0cbff2ef9b5f86dc41c07e537434e2336d4d017a9a78f0fca0d4ad19df495554dd4402de544e3cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
124KB

MD5
17bffc3a4c1402a8d19ba70949b715e2

SHA1
ad46f22ca5a638b767ba002c43f98531cf5e9535

SHA256
5f4993daa7ae9d8dfbdb7b8b9718163bfc05915ac7afb96a71a2fc29d82c87e0

SHA512
a24716cdf0bd8910c2b194b5df8c2182e8267ae8eb43de57c4b903efa156e1ff55f3f7e1d5ff67c0d87da3bedc5be09484ed8f6f853a2773af169213a2b07aa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
68KB

MD5
b1ab2a13cadacdefec40ed3f4ad02f2d

SHA1
89cd58b8bfa46b543326473e5686b1d941f37aad

SHA256
493fdb7974dd61bd32038b05c03d659c5099fe0b36bf269c2a3cd29d6d01f859

SHA512
0b061996ac497e6dd0cdd718b889a621b8ece70678a9516272961c1ce5ea76c300b19f19f0b1717ce6d0c719b73de7802cbba97146db49cb567fe98c659bf461

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
31KB

MD5
adb325b2ec7b9354a9e5bed096f304b7

SHA1
29b18e8eddbba101b6a74cec1a608196bf2e90c2

SHA256
a260cd834c50c650bbe028eefd67b17045f9adcde8aaee1f391376a902b146ca

SHA512
3b502af55eaccd2ab118b6ac27304339a780e688cc3fc5a284442e80b6e3cecd0105ec258644578f63c594e1f1dbade6eb074513c5703851c22e0cacc9ab50c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
18KB

MD5
a11683f8a357e6209a75a8b370a64d0e

SHA1
e604d87484993764c8355c7c41f0f2958c66b5d4

SHA256
a12464c93e9fa5a774b30b54a10472c109e07fd924d1f5caa0512aade93968a5

SHA512
a57e75969b1f99bf1ea7d711af37320e52076eaaf6424eed252142c3b93e0224cccf6a28364323e1525d737ec6333093b3df33d8d35d7807e2c3d007fea33085

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
55KB

MD5
fba312478200b967723bf53e7f3defd6

SHA1
9ca9337ef4ead1686095143032f5fc6de54f207a

SHA256
28aa216fa4a1167ddaabd4cf981c541cfd3873cef069ed59a63f54b333af9769

SHA512
6e16c58cfa6381c30e26fbf17e61b64861c166280f0bfa2edbb85488e8cfe5ed56d34472be9fba10628a143eb9bc720db7d33f83e84a492bea9c8af3be4d5fce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
171KB

MD5
92f0bb21de86c6c660bb835f40365184

SHA1
ee7dfcc9328ad0560e1d9fd6a035b8efdae3d7be

SHA256
3eaea657e2d8557cc8e98102697e4fb358abfe10b4d95f8dd5cafd1585a2df82

SHA512
f52731ff5972853ab4cf84edb84e18373656f77a3ca1054de48ffffbf452f77e930e5d15e1c6ed0268ffc6bc5651a5c754d237c86f73e40e4848b0f57c91d1c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\49a0275625932111_0

Filesize
148KB

MD5
0270468be8c4c64f340e45add9b89405

SHA1
20d0825550955f085209b574446005411af94dcd

SHA256
165f0f688fbed644585b72ef00a82ba55677f0a9b355f57cae796ff538b0756c

SHA512
acd702cf2f5f9d19e9be79189a444922b338d60ae512d31552ba9dc35a1d4591dc43e0ef96f2e6aeec7e369e218e5c106760aa285dd86c768089a2a121649ab1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4aa07a17979d2344_0

Filesize
280B

MD5
5808920fb9f696eb99c57e5882a2815f

SHA1
bb25904697c16214c417616377787d438e4fc866

SHA256
db2c6893e28ed477dc5b35a5d377c0b622ead3e9f0b175495ba803c1d95cb666

SHA512
6d8f8b5996a297f313df316182d70bffc6af06fa6fb0b8c3962c9b12166b5bd9f87fc5e4467413c5515dc8cada2846c52c9bf00c49f5523b36015d705e13e342

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\643e34e2272a698b_0

Filesize
54KB

MD5
3f7028889a30e117a85c136a8b2bd28d

SHA1
e99ef03f1ee50286681cb20c627d4a2c15922762

SHA256
f38a92d0427a27f32190d6b947066f223b336fd25e6427383cd3723a7467b73f

SHA512
0c53dc99bcb6b4fac7c443bbcd66a7523df197e34f702e8a3a40995a8d4d7692d8a33a491ed2777877f06b16df4274ed2962a3150df94800057094e20d6c6fe0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\83ed3c13f77c2b9b_0

Filesize
14KB

MD5
4551e806de87b8c589307404dbd3854d

SHA1
ec89836ad2bcf53f6a2392343f6bbcb941a4e248

SHA256
8a4892aea67a7b4b4a05397cc0bf15c43ca2dab5ad2a5da42923ce436148a70e

SHA512
39a2066152ef36ab000442c6ecdf2321f73f1fd969c9f0dcae1ea612ec66212b9628c61a92a64dacdb09525d6b740bca781ea09316bcffff854dffbf887ec5cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\86500ef3b1cee7e1_0

Filesize
270B

MD5
4a6ae6e5444a4115fe050c7a5d8846af

SHA1
a69ef477cd6071c0a8c3b343fe9aa8e3310fd3b1

SHA256
ba150d7a9ad89830611fac37e9cd599000e5c486fc92b53065521f472bbc5fe0

SHA512
c00c38ddbbfa5eebb2475cf39d54afbaa0258433b73221df74924b37484d85a2475b1fe28c0b4c16deee635e3ebd3ac988edeb3540290ec8ebae799307e6b36c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\936acc38e3e455d8_0

Filesize
311KB

MD5
83d71465f7efd92296dec830499b9e55

SHA1
c876709b58c1032c64779561c49a23234ff89d0d

SHA256
b86c8e223a0c46cc0bef35c2a66e4a316b2c59060386474721a00db7f30fda48

SHA512
77ed160328feae496acd9087f77e6f71f5f201d2d3bfa2c157c36d6691ecd68cb2a038a5426ac4c558ac5b3beae2bcf9fd9a0c10d8ee1449b2de0091fdce28f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a0f804e3644cbd59_0

Filesize
21KB

MD5
e42c960891f510dd3bbcace4e74b5858

SHA1
239ea4d6ec618487a7aee07a55d7b3deb95c2281

SHA256
2fc2c5e7eb40041e436bc4e3621cc58fa273d124eccd92a306de00cf15546f38

SHA512
8912d5a454922471b622666790c4fcb1f125f9dccf1b138a9664b45abd62ef62b23d22dff2d2f5c3325cce85ccd0fe2d780e34a7571bcb4c45e2da34607afb3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
a31a3a4efbfc2c032e5e98da6d510a96

SHA1
ec2a07db5ec4d0d867b3b98ea995a42dc9473b63

SHA256
3dd86fee9da950193fc41e606184c33a552adb9ea3164899aa9128e41ee4c815

SHA512
1024b440efacb54d2176a32849fba5bcdb5048570bf12ba4302a4854df9175eb05b1b39daf0bc1e845df87554753034b0270ef6476ed549fd8ccd7a187bd6999

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
be8ee0e89baa8699600d2717c5ab791d

SHA1
fa4cfc981439a5f54a4f5d47040749ed6c8b005d

SHA256
2d33896e515ef5fff76aeff1e43effb46a90adcf773e03d7afa53f652eb9dd8b

SHA512
77ceea32c0c943080b4bb8e1388162c9a04eb0d16e054b80266c45d1f1f86136eae698f955da4dbee4ff08a28aa5773e6989ce33252240260d3acef6587e07a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
fcfaae93a270ebc0662871eeb5b5e395

SHA1
8cdbffb5042a220e09ed2a7c269ee861d891b3e7

SHA256
47a3f1291eca8f2cb17c2572c34532b944bb6e7a3a5d8fc1649be8782d2cd57f

SHA512
4813c3c88d79b29a2041c29d75053c6aca00aa8d7445aea5c6504063ce5b3908b4e9fc5c513e513bd580d77838a568685926554dcfca0562b8755e306c16467a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3ee1fce93a7ded7013a256774f9acdbe

SHA1
648001412743a9fe3b8fb36880c875acf0a0cada

SHA256
30fc871a525c55cb66325a01eae7b22a51650323f97f24e64c6c51e657b0b759

SHA512
e6a11f3bcc2318d931105ad70c923f4bc02e5c6c0bd7b5ad53f172c24d92a8daf6265fa858d10470277300e5a692b5c9fb50e080bba3c57b8cc6c56f7a09df7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ed51ddd0f656718c20de5b467427fd1c

SHA1
3fd868969c2948d72995356c60c8807745870df1

SHA256
4d8db71e3fe0523e2c9fc34081b40d8247e7b713f6b9cd9d969d83e6c42f576c

SHA512
31571e44b26026cf22928dba2d50296deb51c2dfba932fc374e2ef51953697168268daa1e4027ba39e6e79484179c2556539aa96c8488443d8026177c657e67b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
9b3b69bb92d32ddb8726d039f36522d9

SHA1
714a29f9be094f3efa642d7aa7d1d7b7d9dbf220

SHA256
c5241616a9d032779a413c9a850544f9ff924a3fbc136d61eae2697118651aed

SHA512
aabb7ea7b1aa00ae1a7d8f2b20ee05c86281e156b1f821f0907c0be8dea1947a22a5696b62dd7e29f44e1c7ba35729ad0c67f458e3e3ced38ff2c06fb6804aec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
e4269e0ceb442beb1e5a9ef1bf7eafad

SHA1
46cc1e0e88a8bc09210bf0dbe9c91eb8c88cecc5

SHA256
b268800c89d7d670f4cb6140648beccabceaf432b0dffaa58c787ad01f97414b

SHA512
90a7441a128fe67da5601814b845777694869863d4d33eabacf31e610980f7979ea38b686f377f0465fa4ae5470ccc9cb91e83514c6c14a2fefce8e04503b47d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e62cc4051e1f8eaa0abda5d730a2496b

SHA1
d15346e40b196bc313cbfe5ac96b3c90b83345be

SHA256
ffb5b740b8777d010f0d32a120092084c3cd32eaceb937188d698ddc22df2fcb

SHA512
3e8f6d89c7c153177b2149d86cd8602ceafedf66f5335a86b19dfa46fc38c47f6ff9a272c3b71b4464a5921ebdf2461fba25692ca916b9715bac520bf1e81a22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0684ae3aee3c50bab9d6c037e27764ce

SHA1
9359b2a1a2d0886c0e7bc669ae6281b4bfccd766

SHA256
182f7415a16c2e3610a4ed7719dc39b30a289f7f7c607391f2e9eba0c2359c6c

SHA512
0bf832cf5536a4d334569e6842489bc64c4d8b1c6360b7ee85f5c4b316828643580615163c7049070fc3dfb4ad9ab289c89fa33ae288a6f0e4a22f83314c4a26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
fd5a7f934d2c9505f0f151a357636824

SHA1
abdf7218bae0896bfe8c7337369a3a5b5e36c79b

SHA256
f28b4fc941217664eed5fe5d673adfcdfc04c6ae20feeacd2dc5a7319ba578c7

SHA512
ce70710b62e7a1f1210141f62646b7bb8a0d000b6c0bbd0edaa31a1c6c42da46b74df37c099e09390fca7731f590b7ecf4c6fb6a8b0f65c189b477b690cc293c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e15310d11134597fdd2bc8453fa111cc

SHA1
2a601eac5e306f2c84367b3d6eccc6906525bf36

SHA256
9177905fd880f78c218853c477890560c9b624e8ff3574baa1eadebe24880256

SHA512
eb9417181b92e185074d447153ec12ba35e4283b8120e0fb1ef1c9af97348e5416a0be7e169a9d7b8b3c547b4908846c4691576e87e305d422f2a12fcc7d71b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cb10.TMP

Filesize
2KB

MD5
201447994a8448955e2669a8a368d12e

SHA1
e04309f247aa5aaf2fb561f13a7d0c7e26c0f416

SHA256
d2104692df64a634ae9e2e3ae8ee5ab98617d86be42a81bcf360d76fbaa5dca9

SHA512
c6d22aebb8104a2f6d28e8802b90333881104ade95a9cbbce93799c7fba1ef8d3fcee6457e3ced5a4036e2167ca589667005208882436a1fa12e2e63e5f82e62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
c870be6e1f93ece0221e102679612016

SHA1
5dd8af48ce99c860b080a4ca23c560383bf4b4f5

SHA256
1e14c2c2aded4c24acf0d60295ba4c7231313bea65f997af538af5703475d152

SHA512
6bd7883ac3ac887ebafaf3f94d222d7accf180d181e43eb53b3f09a7d8aacaee782108641bcb4828eb23b6dbb79d7c59dac743613f2b447552811a08c879c2d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
93789f98253b6299ec96adea7c96906e

SHA1
4f9638d74d4195d4210218c4a1aa0331beee7fd5

SHA256
6e10bbd94baf5b9f6a218437c24984b30b8e27ac51daf1a364946933e7a08819

SHA512
8150e7c600265fc6a5d4f515028c059b85442ad23116cb3dbe460d9b678214873f7303a2c4e7a51e2674af54c85acd7fc10ae4c4f4ed71163bdd220411c9ec92

Download Submit
C:\Users\Admin\AppData\Local\Temp\900C.tmp\900D.tmp\900E.bat

Filesize
1KB

MD5
5e57bba9578d040a87ab4287dbee501b

SHA1
f0302a8658493bb9a0dfdc941fa12ac22aaa0c8e

SHA256
7dc33e86cd1d73125c594d021ad5f6d93f897cef1b40ad9c9cc7ff0c9ffd606e

SHA512
fc2df6d1431a64d032614f07d37b8515b510bd9683079da4fbb030fc8242d7b7a1ddc3d1eba7f4de7fa39c79c504f5c83054edba4a8ebe2aaef0662a0c53bae8

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\installer.exe

Filesize
123KB

MD5
93557df1ec5ad0ea09f3774a6098348c

SHA1
0aded9a56dfcda53b329b26b2b30dcfc1fe41e81

SHA256
1ebcb3d843feb3722b4036e4dd6b8fbc43956bffd39f3d92f584f557cf25f9fc

SHA512
b7f55483479c7cfddd713a09681b762588581f31b7de413ba6c32edeefc95f884640daf6e4cd89a3e664732a4219d64df8b031a87302fd2fa6bb7e08abbfc2cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\installer.exe

Filesize
123KB

MD5
93557df1ec5ad0ea09f3774a6098348c

SHA1
0aded9a56dfcda53b329b26b2b30dcfc1fe41e81

SHA256
1ebcb3d843feb3722b4036e4dd6b8fbc43956bffd39f3d92f584f557cf25f9fc

SHA512
b7f55483479c7cfddd713a09681b762588581f31b7de413ba6c32edeefc95f884640daf6e4cd89a3e664732a4219d64df8b031a87302fd2fa6bb7e08abbfc2cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\installer.exe

Filesize
123KB

MD5
93557df1ec5ad0ea09f3774a6098348c

SHA1
0aded9a56dfcda53b329b26b2b30dcfc1fe41e81

SHA256
1ebcb3d843feb3722b4036e4dd6b8fbc43956bffd39f3d92f584f557cf25f9fc

SHA512
b7f55483479c7cfddd713a09681b762588581f31b7de413ba6c32edeefc95f884640daf6e4cd89a3e664732a4219d64df8b031a87302fd2fa6bb7e08abbfc2cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\names.txt

Filesize
742B

MD5
c82b51a49c454ac78874bf3753fe5b94

SHA1
b6cf8bcc928bbbbd15c9a7c8e52f3376ff23d7ce

SHA256
28a9ded5afbe4e808c73ad69299724afca6cc0a8676d8c509aac0f599c7e1850

SHA512
36690126a04f8449a79b756f6d920461eae040deb3372ba56fc5e3ce991fd499a00ca7103de54d880e8db93e3d182d6a3f4a1a69398ae9f221abe9205bba866b

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\rarreg.key

Filesize
537B

MD5
72b2e8a5dcfd144ee2e6ac6297effc75

SHA1
9daad3912785f9a67ea8dffda87c6ab1240cf29c

SHA256
9c0c9d18cba62c3ca5c85a522c9db27cc22e908a19500d72c3c5a11a32f41495

SHA512
b0eb716d231b5e7934724e37a8d0b249c624b30529f89f7c64d12a25f02e2a08ea843fd1238cfe49e96873a20c55e1448672db75df761e0c54c4506982e1270d

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\winrar-keygen-x64.exe

Filesize
426KB

MD5
f98019e8c02240eb60a7b6274b7eb3dc

SHA1
513a2e42d020ffe14e8e923bbf7bc5f39d5dfbed

SHA256
0e4b425854d885a926be699c28e002112409d571d06a88bb9e0b501af0f6ebf9

SHA512
a3c4b8d22d57e11a9b6a867365b74df389d85ce7b4266cf16696096ea513d7fdd9b8e690980ffbf5721e94e1609a69517aa71019ecf53b4442e34f0fd611d67d

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\winrar-keygen-x64.exe

Filesize
426KB

MD5
f98019e8c02240eb60a7b6274b7eb3dc

SHA1
513a2e42d020ffe14e8e923bbf7bc5f39d5dfbed

SHA256
0e4b425854d885a926be699c28e002112409d571d06a88bb9e0b501af0f6ebf9

SHA512
a3c4b8d22d57e11a9b6a867365b74df389d85ce7b4266cf16696096ea513d7fdd9b8e690980ffbf5721e94e1609a69517aa71019ecf53b4442e34f0fd611d67d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
80e3a5a912e473f732bdb3254ba69b09

SHA1
6696218603ba5df904555bf467c8ebcc7bdfd411

SHA256
08fba3245bdc8f3b4faf9ff77229c68e31774f800655166d8f857012a3c413a1

SHA512
d349064dbf6743623f6b4989d6b88880ae9098b7ac989034a73cb3f5657135db951aff387aaa1375b6a02b64be56e28db167b6f332f846c7933aac796feb467c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
d61d236eb061cca84d5366c791a0613e

SHA1
f79edc5b7ba4f402612b2cb9a41e280b355bfaab

SHA256
9c1d9731f1b1669f9d300e560f67c8e04a2776bbb8599aebcc9d0cf76c8f2e63

SHA512
d973a49057c6ac400b0a6a6533a79f3e39f6bc8d71e1d9dd15b50c15a30b2aa921835ecf5f1de84cfa654d0a1a891420d1a0e576764dff281836fc6d7b92e0f1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
19e64bd3dddaf3fffa64dc9daa18c8d6

SHA1
ada45d5077d039c0d505e9b5fd04e8cd9d0bff4d

SHA256
e5b8145fa9ab7e5e3aa12e2523a870456a3e1a0b675e942f6f2c2ac3b54491cf

SHA512
949f2004d5ea5f3a65fbf19e275be1ca3c25ad27317710704eb137dcea8546902a16539d324df04da885de53b19cb1dbdff865f411665b3f1279e6caf9ce170d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
624a1209730b9c1d8698341559abfa1b

SHA1
2093e23fd663ac68c1a45db8243cc7c5adc0f3e9

SHA256
9107ab5da7c8d8168ac1eab3f23f3ee1d165f388bf9975c6284aaca559ae2038

SHA512
acb695def8ffba2108dea226eed6498a4e8cc75c70310f239536672a25bf7eddb5b25ea7bf181e3e125dd7ed1612fd40572c08ad61d2bb229b4bc6f1f6728261

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 987320.crdownload

Filesize
590KB

MD5
20017e1f0ac31d6b8014aa4d18714ba6

SHA1
20768339649684510de095c6a2cd24360fc947f6

SHA256
a2bdbf5faa781e71dfd73b5cfe9f6ad51887c8e43926a53738010580edf0f52b

SHA512
beb14011234f9b51aeb6304e70a98d71ae7f29764498638911fcf3497c77c87583f2ab1d8a263502587fef68adb25ebd70d9f9c1bb3bb4d7e63de8035c350827

Download Submit
C:\Users\Admin\Downloads\WinRAR_Patch.exe

Filesize
590KB

MD5
20017e1f0ac31d6b8014aa4d18714ba6

SHA1
20768339649684510de095c6a2cd24360fc947f6

SHA256
a2bdbf5faa781e71dfd73b5cfe9f6ad51887c8e43926a53738010580edf0f52b

SHA512
beb14011234f9b51aeb6304e70a98d71ae7f29764498638911fcf3497c77c87583f2ab1d8a263502587fef68adb25ebd70d9f9c1bb3bb4d7e63de8035c350827

Download Submit
C:\Users\Admin\Downloads\WinRAR_Patch.exe

Filesize
590KB

MD5
20017e1f0ac31d6b8014aa4d18714ba6

SHA1
20768339649684510de095c6a2cd24360fc947f6

SHA256
a2bdbf5faa781e71dfd73b5cfe9f6ad51887c8e43926a53738010580edf0f52b

SHA512
beb14011234f9b51aeb6304e70a98d71ae7f29764498638911fcf3497c77c87583f2ab1d8a263502587fef68adb25ebd70d9f9c1bb3bb4d7e63de8035c350827

Download Submit