c94ed445611ed35ebbe8c3c2af5c17e20cdb8ef76ecbc1ef535bdec7ccf08f4b

Resubmissions

11-02-2024 20:27

240211-y8tnksdb78 10

11-02-2024 20:21

11-02-2024 20:11

11-02-2024 20:06

11-02-2024 19:54

Analysis

max time kernel
543s
max time network
554s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
11-02-2024 20:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

winrar-x64-624es.exe
Size

3.5MB
MD5

1da8374156fc6492f06828e55ea4dc13
SHA1

4923d045851434d65ce7c56b7e1bd73a08fc2305
SHA256

c94ed445611ed35ebbe8c3c2af5c17e20cdb8ef76ecbc1ef535bdec7ccf08f4b
SHA512

445392ffca842263310d0f4b8371e0bfd6bcb40d9e846d645c73616b252315b0603d7e538d9e5415028c35f747989da5c14566cf356860304e889ae7f12565d2
SSDEEP

98304:jwBOBfKqQ0K1MTXtbysMqIpmCcBQz/J6+14CeZx1kR7:jw/qQv1MTXhysMs1BQnG1G

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
149	raw.githubusercontent.com
150	raw.githubusercontent.com
123	camo.githubusercontent.com

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Kills process with taskkill 7 IoCs

evasion

pid	Process
4440	taskkill.exe
3748	taskkill.exe
3404	taskkill.exe
452	taskkill.exe
3024	taskkill.exe
4504	taskkill.exe
1472	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133521559435633993"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3336304223-2978740688-3645194410-1000\{1D017AF1-9CAD-4B01-BA44-317C06D1237C}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
624	chrome.exe
624	chrome.exe
1032	msedge.exe
1032	msedge.exe
3104	msedge.exe
3104	msedge.exe
4612	identity_helper.exe
4612	identity_helper.exe
4448	msedge.exe
4448	msedge.exe
1836	msedge.exe
1836	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe
Token: SeShutdownPrivilege	624	chrome.exe
Token: SeCreatePagefilePrivilege	624	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
4816	[email protected]
3104	msedge.exe
4816	[email protected]
4816	[email protected]

Suspicious use of SendNotifyMessage 49 IoCs

pid	Process
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
624	chrome.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
4816	[email protected]

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1164	winrar-x64-624es.exe
1164	winrar-x64-624es.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 624 wrote to memory of 2728	624	chrome.exe	92
PID 624 wrote to memory of 2728	624	chrome.exe	92
PID 624 wrote to memory of 5108	624	chrome.exe	94
PID 624 wrote to memory of 5108	624	chrome.exe	94
PID 624 wrote to memory of 5108	624	chrome.exe	94
PID 624 wrote to memory of 5108	624	chrome.exe	94
PID 624 wrote to memory of 5108	624	chrome.exe	94
PID 624 wrote to memory of 5108	624	chrome.exe	94
PID 624 wrote to memory of 5108	624	chrome.exe	94
PID 624 wrote to memory of 5108	624	chrome.exe	94
PID 624 wrote to memory of 5108	624	chrome.exe	94
PID 624 wrote to memory of 5108	624	chrome.exe	94
PID 624 wrote to memory of 5108	624	chrome.exe	94
PID 624 wrote to memory of 5108	624	chrome.exe	94
PID 624 wrote to memory of 5108	624	chrome.exe	94
PID 624 wrote to memory of 5108	624	chrome.exe	94
PID 624 wrote to memory of 5108	624	chrome.exe	94
PID 624 wrote to memory of 5108	624	chrome.exe	94
PID 624 wrote to memory of 5108	624	chrome.exe	94
PID 624 wrote to memory of 5108	624	chrome.exe	94
PID 624 wrote to memory of 5108	624	chrome.exe	94
PID 624 wrote to memory of 5108	624	chrome.exe	94
PID 624 wrote to memory of 5108	624	chrome.exe	94
PID 624 wrote to memory of 5108	624	chrome.exe	94
PID 624 wrote to memory of 5108	624	chrome.exe	94
PID 624 wrote to memory of 5108	624	chrome.exe	94
PID 624 wrote to memory of 5108	624	chrome.exe	94
PID 624 wrote to memory of 5108	624	chrome.exe	94
PID 624 wrote to memory of 5108	624	chrome.exe	94
PID 624 wrote to memory of 5108	624	chrome.exe	94
PID 624 wrote to memory of 5108	624	chrome.exe	94
PID 624 wrote to memory of 5108	624	chrome.exe	94
PID 624 wrote to memory of 5108	624	chrome.exe	94
PID 624 wrote to memory of 5108	624	chrome.exe	94
PID 624 wrote to memory of 5108	624	chrome.exe	94
PID 624 wrote to memory of 5108	624	chrome.exe	94
PID 624 wrote to memory of 5108	624	chrome.exe	94
PID 624 wrote to memory of 5108	624	chrome.exe	94
PID 624 wrote to memory of 5108	624	chrome.exe	94
PID 624 wrote to memory of 5108	624	chrome.exe	94
PID 624 wrote to memory of 1864	624	chrome.exe	95
PID 624 wrote to memory of 1864	624	chrome.exe	95
PID 624 wrote to memory of 4228	624	chrome.exe	96
PID 624 wrote to memory of 4228	624	chrome.exe	96
PID 624 wrote to memory of 4228	624	chrome.exe	96
PID 624 wrote to memory of 4228	624	chrome.exe	96
PID 624 wrote to memory of 4228	624	chrome.exe	96
PID 624 wrote to memory of 4228	624	chrome.exe	96
PID 624 wrote to memory of 4228	624	chrome.exe	96
PID 624 wrote to memory of 4228	624	chrome.exe	96
PID 624 wrote to memory of 4228	624	chrome.exe	96
PID 624 wrote to memory of 4228	624	chrome.exe	96
PID 624 wrote to memory of 4228	624	chrome.exe	96
PID 624 wrote to memory of 4228	624	chrome.exe	96
PID 624 wrote to memory of 4228	624	chrome.exe	96
PID 624 wrote to memory of 4228	624	chrome.exe	96
PID 624 wrote to memory of 4228	624	chrome.exe	96
PID 624 wrote to memory of 4228	624	chrome.exe	96
PID 624 wrote to memory of 4228	624	chrome.exe	96
PID 624 wrote to memory of 4228	624	chrome.exe	96
PID 624 wrote to memory of 4228	624	chrome.exe	96
PID 624 wrote to memory of 4228	624	chrome.exe	96
PID 624 wrote to memory of 4228	624	chrome.exe	96
PID 624 wrote to memory of 4228	624	chrome.exe	96

C:\Users\Admin\AppData\Local\Temp\winrar-x64-624es.exe
"C:\Users\Admin\AppData\Local\Temp\winrar-x64-624es.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1164

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\10a868da79514f9bbdce021d8d44682e /t 1044 /p 1164
1⤵
PID:3688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9d5029758,0x7ff9d5029768,0x7ff9d5029778
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 --field-trial-handle=1856,i,317965738624789525,410649667115162841,131072 /prefetch:2
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1856,i,317965738624789525,410649667115162841,131072 /prefetch:8
  2⤵
  PID:1864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1856,i,317965738624789525,410649667115162841,131072 /prefetch:8
  2⤵
  PID:4228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3180 --field-trial-handle=1856,i,317965738624789525,410649667115162841,131072 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3140 --field-trial-handle=1856,i,317965738624789525,410649667115162841,131072 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4724 --field-trial-handle=1856,i,317965738624789525,410649667115162841,131072 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 --field-trial-handle=1856,i,317965738624789525,410649667115162841,131072 /prefetch:8
  2⤵
  PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5216 --field-trial-handle=1856,i,317965738624789525,410649667115162841,131072 /prefetch:8
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 --field-trial-handle=1856,i,317965738624789525,410649667115162841,131072 /prefetch:8
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4860 --field-trial-handle=1856,i,317965738624789525,410649667115162841,131072 /prefetch:1
  2⤵
  PID:3308

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9d4ee46f8,0x7ff9d4ee4708,0x7ff9d4ee4718
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,11085092991846268579,14182505153889168454,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,11085092991846268579,14182505153889168454,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,11085092991846268579,14182505153889168454,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11085092991846268579,14182505153889168454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11085092991846268579,14182505153889168454,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11085092991846268579,14182505153889168454,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11085092991846268579,14182505153889168454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,11085092991846268579,14182505153889168454,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3636 /prefetch:8
  2⤵
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,11085092991846268579,14182505153889168454,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3636 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11085092991846268579,14182505153889168454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11085092991846268579,14182505153889168454,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11085092991846268579,14182505153889168454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:3812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11085092991846268579,14182505153889168454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2088 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11085092991846268579,14182505153889168454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11085092991846268579,14182505153889168454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11085092991846268579,14182505153889168454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2032,11085092991846268579,14182505153889168454,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3572 /prefetch:8
  2⤵
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2032,11085092991846268579,14182505153889168454,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6068 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11085092991846268579,14182505153889168454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2032,11085092991846268579,14182505153889168454,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6396 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11085092991846268579,14182505153889168454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2032,11085092991846268579,14182505153889168454,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3008 /prefetch:8
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,11085092991846268579,14182505153889168454,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5376 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3560

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4608

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3156

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3920

C:\Users\Admin\AppData\Local\Temp\Temp1_Happy Antivirus.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_Happy Antivirus.zip\[email protected]"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4816
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /f /im explorer.exe
  2⤵
  - Kills process with taskkill
  PID:3748
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /f /im chrome.exe
  2⤵
  - Kills process with taskkill
  PID:3404
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /f /im sidebar.exe
  2⤵
  - Kills process with taskkill
  PID:452
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /f /im firefox.exe
  2⤵
  - Kills process with taskkill
  PID:3024
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /f /im iexplore.exe
  2⤵
  - Kills process with taskkill
  PID:4504
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /f /im opera.exe
  2⤵
  - Kills process with taskkill
  PID:1472
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /f /im safari.exe
  2⤵
  - Kills process with taskkill
  PID:4440

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x46c 0x4b8
1⤵
PID:4420

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
194KB

MD5
36104d04a9994182ba78be74c7ac3b0e

SHA1
0c049d44cd22468abb1d0711ec844e68297a7b3d

SHA256
ccde155056cdce86d7e51dfd4e8fb603e8d816224b1257adfcf9503139dd28f1

SHA512
8c115e3e5925fb01efd8dda889f4d5e890f6daaf40b10d5b8e3d9b19e15dadcb9dcf344f40c43f59a1f5428b3ee49e24e492cf0cb6826add1c03d21efdec52ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
05544ce2007920f7b15a5cf833112a37

SHA1
4718c2829779edc49871f6c23af1d15fc16f8ff8

SHA256
993fccc3c719ec8a758103ef94dca336beaddf1d1c95763e559bc1fe6f2c3148

SHA512
8e4869e167dde4d2d8d25ef6bd369eba2c63662b293013e163a522605c2de02d2a88eed71d3ef36d18a3880ca2778137c15004fb7cb04be0c64e1cafadec7012

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
8de1ef40f2ae05f2419e8b83e00019d5

SHA1
86edc7cdb1708a3da1ad18ccbf67bc472edcb779

SHA256
d95593ff07a65cf5109e63eb99069352ce34742777a092e0597f0113a4413df2

SHA512
7a22a577afef1b05a16efd7948f904ce95777fd787fc1b5ace59bf3295a845173116a497c5ea7cf637b0ea0504da9d30e91557712cc2a8f37f7222783c48d526

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
3a8b9814200ef273c1c01ac08a0a1290

SHA1
ed2e2cc6f104bf285737c3118feaf985e8daf627

SHA256
39cda1338a6847ea0835aa5e7a16ab0313d976193fcc765f7608525e0d75a440

SHA512
4997ba9f38f807ec725d79b6223bd0d56321f02fc03d7a90d038db3ea1d9d548bb669432fca94a7c6bcb875ef5a9179f6926136b5408e399cf4814c5b0d1df51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e8ff20eb092798fb213c37b6a226cc04

SHA1
d2cc86e64d80a9fb6fa50f30875031f2e7bb7d56

SHA256
dd2da936aeade86d371afde6a784e7de79996fa983d8f452e8c405d14e28bb92

SHA512
71d00fb274d7ce14e98125d55797c9cb4c097de33403b4002c0ae2152712021961bf56eb8949c5d33030b09fb630cbd61127acff3ac26bf4f0dc48d7b77a2dcf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
ddabb0d0aac26746d49403fe1087ce5f

SHA1
714dde3d3ed9ff224aa3b088f58d471c1e1b976a

SHA256
c7044595f9aad1e9a058f7b3c958e71d72f26978e4f00b8210b46cab212bf709

SHA512
9d0cd12887aee8049f8488fff1fa30cfcc3e8e9a8616b8606527e0103fdd75fffa6d3b1398b335e2912c172625ddbe21cbf2edde0f38efdbe76b35d5e72c2a40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
70dcacd22510e01e467850643b053a8c

SHA1
1a34e3259f0cb98fc2d2a8499e59de4bb56da2b9

SHA256
059e9fb252e3521ed7e78296d17c228b70159d9ade0030c6760a746769f7c51e

SHA512
053599ab1c8732935396fe14a87fe2f342591d1b5018e2787624345506c67cefb50ebe5aed29a1446bb80d64fbdb843ab28331d400d6d03087a2ee6defc31be2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
15b7bbe92f2db5eba16351913d0a9ced

SHA1
2b7aa89cc0294d19ed30946e9e4292f2bccbaff2

SHA256
6aacf5918b8f89b94573869dce612b9fb5140f31af52f616393d50103144bcda

SHA512
b8456552aafd25be794268ad00ebbe6ede045d2e9b65171a91921598cd0db5eb560efd5813e9cf65815c37587c2c51b927efc0880e01a9243e9937d2e20001c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f76b36802deda7103decfed3e862defa

SHA1
8dfea0e2d9a4c7235222eef5a2674f658a87fa74

SHA256
c5ef2de03419561dcbdefadec765c3cb120e784225dd3b1f273af22b6c99c349

SHA512
71661ac4a8a51b6d4de452dec318e1f46cbb64718b4750f5270a15d16af79861cf34f379d6d1647777c651882a267f7047d2803bb64089d9fee2f25aca3e132d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bd696375b245f2734d9f256e878aef8a

SHA1
eab1b5cd386d5a13e8ce234b3f6a5e31b1310e32

SHA256
427a4ce0ced76bc4c2b440d23d0a1aa09b402c45bb7d9a3722f33567b2d61026

SHA512
a09b7d7892b03a6632bdcbad248b601cd370e8a4b1ee7e4657f18dd3bb4f61c12c1e725a9e5af7225bcbb2d81341cdc7bf23398f1c31ba9a06c25a8646c8d35b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
716f748b2a03b650b9533b6da7a376fb

SHA1
8b38f0505616c207c52a4d1049618cc54f35f4aa

SHA256
fb6711111ea7bfe83854654740150367938822059a9a4b862aa8ca1545af5901

SHA512
d1dd72f5426a1eb7c7c92ed8a1867f9e8f4e7aac4329e76e42d5861fcf3b4c447cd796fc2dff777b20057aefc078836e92fc3d394a2411aaa6042ffcb0afb084

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
50e491bf81dffe9abb6bb9923f5777d4

SHA1
7b65152524ec00b7eeccd267cf1c9280117d0b01

SHA256
3e383226efe80ed2caa54ec442beaca71dc60587ec63cc6743042c8d754c219b

SHA512
8764a2aa64782a08636eb6c5cbb439ce4c8284f12f2521ff8cf76de550ca65f104d1b3264bbf30f2174d1a5f8bfdfb45472a16c1549e4c87c8396374344a7e68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
238KB

MD5
07822ac6b4967d09de45cc57336d1207

SHA1
bec786a3bfb903e5e849a2f9b1fb91d7a4699039

SHA256
30756ee1860fb01c0af24778b19457e1b6b1e404cc86d312e62cabd6115c9667

SHA512
a74b74583dad67f66ba113380201708c1a770996aa6f54edeabbc47ad3896dec884819788127537eefea9d321816162c1106a06c3144be7f993c3e5b10efb3f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
239KB

MD5
6991e3acfa08bd313e52446629b6c138

SHA1
d2d1fa895f9df2115a31510bee8cd14fb8f4c1f7

SHA256
113b0d3eb91c803b1366dd9439352d6f76b6d207fea8fa8327b6dc730f001d4a

SHA512
559cd7a7765f86cfb399c618f744178ee2fe9c89ee71c9397fa70232793b5db7eed63504d305c6333699e01a7ba8bd1472f9ba443b66e91b5b42f13c0ef15f8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
eafa688d70e0a934e57b62b9d667020e

SHA1
0a7ad04c0a9abeaf0e5787879ec593f75a69f9ac

SHA256
b5b45db0ce502b3a1a4fa32b9dd8f4aaaff701b83210590dbee2c2ea978ea2e4

SHA512
b7b77117bd5f2773edf11e397dd7cbaf22eabc73ec521bcf11e7295763b7ae5253589f12c82560710c8b70ccf6329e6549792cc662aa30e067f65cc3a1720189

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
84381d71cf667d9a138ea03b3283aea5

SHA1
33dfc8a32806beaaafaec25850b217c856ce6c7b

SHA256
32dd52cc3142b6e758bd60adead81925515b31581437472d1f61bdeda24d5424

SHA512
469bfac06152c8b0a82de28e01f7ed36dc27427205830100b1416b7cd8d481f5c4369e2ba89ef1fdd932aaf17289a8e4ede303393feab25afc1158cb931d23a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
d20693b1c1dcd3b781979133b1754df2

SHA1
924ce249d369503fada8ca972ec31d04b050fbdf

SHA256
4f24f9b40e8c113a40ae50a9ac168e8cd582d9bfd54fe1cb88624297171ee477

SHA512
a10f298fba8196909060de0a16c2db8167d98745f60c65c25cb92851898417e3b23737645f660444f27074b06b48e0841cf1b2d24f0d477f81b47c42fc5a0e0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
c1ec61b0b68b74308e698ba6b6aa5b3a

SHA1
22de9e4be172963ee7a9dc146b2a8c878b8d83bb

SHA256
44f8dafb4640bdc1dda7de617725513a5e7b215464f852cb30e938ce34c89c3f

SHA512
5ab9828b46607eab8013cccd4f3da0401d57a821417b0b05fe15c63ea2b3b22055c19b3759496f4cefe9e7d8d4a98b213635b8af088f62bfce6435fd0f866858

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
936B

MD5
0ad6155b986f44d8552e2129ef092ca9

SHA1
9f28f69401c960900614b370d1e3b403b935528e

SHA256
60608e227b878375fdd37269195a2dc999ea7e704a538ee422d646653cf2b782

SHA512
e293a4b1e94a963976025e49d629d7e528c1476892de196ad15edb836f10adf458f7e7e35acde109d5dc773f707597e456c4c35076d5b2d0a8e8d84b63eca950

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
853B

MD5
be084e4c52c3fb14f902e39e1e9b6ebf

SHA1
d7cc3788570e139824ad1c33a631e89f56b9fc59

SHA256
8f971deadf2695c82810be2e3961d1cdf89d250498aee60fc4cac84752e9c6d1

SHA512
759fc2e880252b39360e050823b27428126d5498b59606c59cbcf866857394c990d863f72332cff1f101156c5a6f985bc97e0967d9364c2b054bf150cb848de5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
936B

MD5
de9154bcde3c7947421b8ff3669ec99c

SHA1
57698e8b6508cf78803caa02e88561a1e183fbca

SHA256
8fc5e34dcbf8dc864dffa835a6c240f1acbf1a4601fa222744d7e039fab2164d

SHA512
053d172fa7ac0161ea1f5b06f09abea59f370cb093efb07ebe0653f81b22f4d056e5786f1d3186feee0858602e3fdf1ecd7ddcc2f973e40428e2b927eb22c7ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a217c43988d8141ee3b3914c335a01b2

SHA1
ad05c6d3bdea15fd5bef03c60dcfacb428ec5b28

SHA256
964e0daee0d1d8840bdcced8a330af19541291cecf0053315a5cc4ee1cf412c6

SHA512
89982fe978eda3e3870bf1d03834a8f519f6d172b0448913726c4199162778c0a435caa9227f1ef1bb4f37f49a018d6f1374074d2206ca111755e3b7ba6e5dfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
dc148f20f8e2a04d7c4080bbff7f64c4

SHA1
cb060cb80d7a515fec7d691acf359a501d5bbc37

SHA256
19936d467450f5161430c6222e302ffc1a853661cceaa16e370b183ba9e86848

SHA512
df6fc388154dfd9d131d9a2e8a63d78455cb46f963063b50197b6c98ae92742a0bebeb4b49ac8e492ce60aa4399f6cce528c42e7432adf2e9166ba780f30d69f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f3fa79f4dbd73a7be8e6babb030823c3

SHA1
3cd35e57cf92d5289e2e79c4b6a148ce30f209ae

SHA256
01181af094d30c6251dc68e218b42babe464e4939c70774b401183a19169534b

SHA512
a6332c227a9e6d28129ab0df171bae09dfe22e50f72653f3f845dc1aee8ab453851692c4af38834ae4f7833510bc2e724326c7480aa8509811e3692cac200046

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d2c330cb42a4ffe4fb7dcd80fdb8e682

SHA1
1ca60294c6cf220d693472ebb183e5bd07b83aa7

SHA256
630a7b6da37738ce028246e3c0a49434cfba205b6f8d4599aa3f0c39d33ef42a

SHA512
c97d7c82afcf8fb1c7280e419882cd2f851d80c354f886e7f0ae51bcac3adbe23c3e4487912cc79b9248d3bab2847d6f2c4b3fc1d7eb45a394c58985936a2ebd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
423d66e77bf10a31e52fd1ddcfb09858

SHA1
74b4995c1333edefaaf77eab3bcb7e6d715b91c8

SHA256
c6d1bd48f00a995e2f8bc9d499a29e6ab040f8186241fa715016902c69ab8eaf

SHA512
fd177ab7b067223de764d5499e117ee9ba42ec77942c73f9d01a894d61e88363a227608aae862eca843f1b0a7524f96cfef5c2a73098117826ee5fe83507ea57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
35f77ec6332f541cd8469e0d77af0959

SHA1
abaec73284cee460025c6fcbe3b4d9b6c00f628c

SHA256
f0be4c5c99b216083bd9ee878f355e1aa508f94feb14aeebcfba4648d85563a7

SHA512
e0497dbe48503ebbf6a3c9d188b9637f80bccf9611a9e663d9e4493912d398c6b2a9eab3f506e5b524b3dabbca7bb5a88f882a117b03a3b39f43f291b59870c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
663307ba46197ecab097006370378098

SHA1
0dbb081f521decc5bc2bc1bae23dd162027e7cf8

SHA256
0d403928fa4ae00ccec244757013f9dff69fe3a722de5ab9fca161ab6ee9aaf1

SHA512
08cd7e1d203b2236ef87dd515ca41fa4a234129c74edfd52611a7ceb75c356562317c51424a726bf324d1792e96af54ce9f98506e7bb2e64d5bbca12e4773a8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
91b53e3610dbd9ddd65545a549fcc46f

SHA1
663cfabfba22bb6c4c566536ccb707d55586180b

SHA256
d07f6f82cefd19ad04fc01a57b09508c7ed72260fccc992c3b9cc036782b1681

SHA512
09c9d56c259602bb45dd345c3153e9d2b14c4f43661efff90b52f33cefd68f06e234f25a15577fada2f1aca84dd67e1c8e4d90da5d902c98eab31082c8d10611

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a8464.TMP

Filesize
1KB

MD5
36b89edb642956f0a13db01217018f9d

SHA1
3b59580e8b6bf3f1baf123c3624ba196e19d1329

SHA256
f6e0ea7c0549d39f230fe8149496256b14c897cc7d97163f899ea4bbe8f3643b

SHA512
969f8b054741fefb988f7be88d5a44d8c15ef2f776c00dc86f41b234d6fd8795e3810e5eff2959a0059595b01a50a6f37e5ce5893fbce8e9a929d544f0c05a95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f43fa6dfb30dc1030de620294934b63f

SHA1
231fd3ceed2528710be666f1baf0709e63fcc8c8

SHA256
c623dc062d112cb9248340c391d4874a630612e0886e7c075696b72db02e9443

SHA512
ad21f2208b66884a621448dfc16535ebd621720466529e8796f2a5e3227df3050ace8c6ac24c0b66e1a18721be30291277d499647e258569f082bc4388e17d03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
f422cdbbeac5ecfaba119afc80f467d6

SHA1
25bbcba64a2372d8fd4cf12966d3669393a9ff5d

SHA256
61ba6417422eeaff3b1cd091d46b87b059555dc2509a843e1dabcd59fccfbdd5

SHA512
220c585d68adf73dacdd931a5a111e5fe9c54aa43f0961283eb177531b56511b6b683dd305bbbe478827ffef053fcb4008ca131db5870e02031d8fd55303704a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
ed8bad646fc36786abc9106220f35bfd

SHA1
ae132d16e5525a4ccfe65a93e17392d4a2ae82f9

SHA256
2a4b1dff420111aaa91a8dc696a6356f223c2c3ac0082d8fe208cbc409e35694

SHA512
696f348d0ce2096a1039aa2b5975b747582de49a8a907fe1aa158bacd50a38a65491360376b1cbfea59849284e451d88fd63e73a05d3accabec378320e3fd562

Download Submit
C:\Users\Admin\Downloads\Happy Antivirus.zip

Filesize
1.6MB

MD5
974918541aa75f380aa6cb4d8bd3c4bd

SHA1
d0a6a3a301cf5330b00281ee8ff04ed9c3455fc7

SHA256
d703fc0de3f07684528bc1931479815a4b9cd7b66fedbb753ca21314a6a300d6

SHA512
db829bba3372a6e452d03d24e998ee91d28e3816c9d1a8d81330d450b24dc695e15d2612ec69729beafb28d95271ba55b6be8b95dbe7f4b15f4f65bf5b5279b5

Download Submit
memory/4816-797-0x0000000005720000-0x0000000005CC4000-memory.dmp

Filesize
5.6MB

Download
memory/4816-798-0x0000000005170000-0x0000000005202000-memory.dmp

Filesize
584KB

Download
memory/4816-799-0x0000000005300000-0x0000000005310000-memory.dmp

Filesize
64KB

Download
memory/4816-800-0x00000000050A0000-0x00000000050AA000-memory.dmp

Filesize
40KB

Download
memory/4816-801-0x0000000005370000-0x00000000053C6000-memory.dmp

Filesize
344KB

Download
memory/4816-802-0x0000000005300000-0x0000000005310000-memory.dmp

Filesize
64KB

Download
memory/4816-803-0x0000000074B80000-0x0000000075330000-memory.dmp

Filesize
7.7MB

Download
memory/4816-804-0x0000000005300000-0x0000000005310000-memory.dmp

Filesize
64KB

Download
memory/4816-805-0x0000000005300000-0x0000000005310000-memory.dmp

Filesize
64KB

Download
memory/4816-796-0x00000000050D0000-0x000000000516C000-memory.dmp

Filesize
624KB

Download
memory/4816-795-0x00000000004C0000-0x00000000006B2000-memory.dmp

Filesize
1.9MB

Download
memory/4816-794-0x0000000074B80000-0x0000000075330000-memory.dmp

Filesize
7.7MB

Download