97ae764cc96122d8663ceab01524895416df3758e7c90c8adc8bb002d025ab97

Analysis

max time kernel
150s
max time network
159s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
24/02/2024, 02:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fadc131-grand-theft-auto-v-free-v4-download.html
Size

5KB
MD5

de2c6e007e110ecaa601d4ed71d66c6c
SHA1

43a03d5dd9d956c9ac74cd98d97736c9b1fcfb61
SHA256

97ae764cc96122d8663ceab01524895416df3758e7c90c8adc8bb002d025ab97
SHA512

643e09873067c75eb78df9e0889fff55e67c33dd779e34dc6f328233506cdb64ce54350b68fc15cdcc892efc2533cb7b8fa56a452ab074ca700ec8c1612442a8
SSDEEP

96:1j9jwIjYj5jDK/D5DMF+C8kHZqXKHvpIkdNKrRB9PaQxJbXqq0yTMQr+Cw:1j9jhjYj9K/Vo+nkEaHvFdNKrv9ieJXu

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
1436	utweb_installer.exe
4548	utweb_installer.tmp

Checks for any installed AV software in registry 1 TTPs 9 IoCs

Security Software Discovery

T1518.001

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-1101742937-4171729779-750941522-1000\SOFTWARE\Avira\Browser\Installed	utweb_installer.tmp
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Browser\Installed	utweb_installer.tmp
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avira\Browser\Installed	utweb_installer.tmp
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast	utweb_installer.tmp
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast	utweb_installer.tmp
Key opened	\REGISTRY\USER\S-1-5-21-1101742937-4171729779-750941522-1000\SOFTWARE\AVAST Software\Avast	utweb_installer.tmp
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV\Dir	utweb_installer.tmp
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVG\AV\Dir	utweb_installer.tmp
Key opened	\REGISTRY\USER\S-1-5-21-1101742937-4171729779-750941522-1000\SOFTWARE\AVG\AV\Dir	utweb_installer.tmp

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	utweb_installer.tmp
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\	utweb_installer.tmp

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1101742937-4171729779-750941522-1000\{6C0FDC4A-4BED-4437-AE3D-0E1BB637FA57}	msedge.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 540878.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\utweb_installer.exe:Zone.Identifier	msedge.exe

Script User-Agent 1 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	108	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious behavior: EnumeratesProcesses 30 IoCs

pid	Process
4336	msedge.exe
4336	msedge.exe
3252	msedge.exe
3252	msedge.exe
4776	msedge.exe
4776	msedge.exe
1432	identity_helper.exe
1432	identity_helper.exe
1088	msedge.exe
1088	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
448	msedge.exe
448	msedge.exe
4548	utweb_installer.tmp
4548	utweb_installer.tmp
4548	utweb_installer.tmp
4548	utweb_installer.tmp
4548	utweb_installer.tmp
4548	utweb_installer.tmp
4548	utweb_installer.tmp
4548	utweb_installer.tmp
4548	utweb_installer.tmp
4548	utweb_installer.tmp
4548	utweb_installer.tmp
4548	utweb_installer.tmp
4548	utweb_installer.tmp
4548	utweb_installer.tmp

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
4548	utweb_installer.tmp

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3252 wrote to memory of 2704	3252	msedge.exe	77
PID 3252 wrote to memory of 2704	3252	msedge.exe	77
PID 3252 wrote to memory of 1208	3252	msedge.exe	78
PID 3252 wrote to memory of 1208	3252	msedge.exe	78
PID 3252 wrote to memory of 1208	3252	msedge.exe	78
PID 3252 wrote to memory of 1208	3252	msedge.exe	78
PID 3252 wrote to memory of 1208	3252	msedge.exe	78
PID 3252 wrote to memory of 1208	3252	msedge.exe	78
PID 3252 wrote to memory of 1208	3252	msedge.exe	78
PID 3252 wrote to memory of 1208	3252	msedge.exe	78
PID 3252 wrote to memory of 1208	3252	msedge.exe	78
PID 3252 wrote to memory of 1208	3252	msedge.exe	78
PID 3252 wrote to memory of 1208	3252	msedge.exe	78
PID 3252 wrote to memory of 1208	3252	msedge.exe	78
PID 3252 wrote to memory of 1208	3252	msedge.exe	78
PID 3252 wrote to memory of 1208	3252	msedge.exe	78
PID 3252 wrote to memory of 1208	3252	msedge.exe	78
PID 3252 wrote to memory of 1208	3252	msedge.exe	78
PID 3252 wrote to memory of 1208	3252	msedge.exe	78
PID 3252 wrote to memory of 1208	3252	msedge.exe	78
PID 3252 wrote to memory of 1208	3252	msedge.exe	78
PID 3252 wrote to memory of 1208	3252	msedge.exe	78
PID 3252 wrote to memory of 1208	3252	msedge.exe	78
PID 3252 wrote to memory of 1208	3252	msedge.exe	78
PID 3252 wrote to memory of 1208	3252	msedge.exe	78
PID 3252 wrote to memory of 1208	3252	msedge.exe	78
PID 3252 wrote to memory of 1208	3252	msedge.exe	78
PID 3252 wrote to memory of 1208	3252	msedge.exe	78
PID 3252 wrote to memory of 1208	3252	msedge.exe	78
PID 3252 wrote to memory of 1208	3252	msedge.exe	78
PID 3252 wrote to memory of 1208	3252	msedge.exe	78
PID 3252 wrote to memory of 1208	3252	msedge.exe	78
PID 3252 wrote to memory of 1208	3252	msedge.exe	78
PID 3252 wrote to memory of 1208	3252	msedge.exe	78
PID 3252 wrote to memory of 1208	3252	msedge.exe	78
PID 3252 wrote to memory of 1208	3252	msedge.exe	78
PID 3252 wrote to memory of 1208	3252	msedge.exe	78
PID 3252 wrote to memory of 1208	3252	msedge.exe	78
PID 3252 wrote to memory of 1208	3252	msedge.exe	78
PID 3252 wrote to memory of 1208	3252	msedge.exe	78
PID 3252 wrote to memory of 1208	3252	msedge.exe	78
PID 3252 wrote to memory of 1208	3252	msedge.exe	78
PID 3252 wrote to memory of 4336	3252	msedge.exe	79
PID 3252 wrote to memory of 4336	3252	msedge.exe	79
PID 3252 wrote to memory of 3772	3252	msedge.exe	80
PID 3252 wrote to memory of 3772	3252	msedge.exe	80
PID 3252 wrote to memory of 3772	3252	msedge.exe	80
PID 3252 wrote to memory of 3772	3252	msedge.exe	80
PID 3252 wrote to memory of 3772	3252	msedge.exe	80
PID 3252 wrote to memory of 3772	3252	msedge.exe	80
PID 3252 wrote to memory of 3772	3252	msedge.exe	80
PID 3252 wrote to memory of 3772	3252	msedge.exe	80
PID 3252 wrote to memory of 3772	3252	msedge.exe	80
PID 3252 wrote to memory of 3772	3252	msedge.exe	80
PID 3252 wrote to memory of 3772	3252	msedge.exe	80
PID 3252 wrote to memory of 3772	3252	msedge.exe	80
PID 3252 wrote to memory of 3772	3252	msedge.exe	80
PID 3252 wrote to memory of 3772	3252	msedge.exe	80
PID 3252 wrote to memory of 3772	3252	msedge.exe	80
PID 3252 wrote to memory of 3772	3252	msedge.exe	80
PID 3252 wrote to memory of 3772	3252	msedge.exe	80
PID 3252 wrote to memory of 3772	3252	msedge.exe	80
PID 3252 wrote to memory of 3772	3252	msedge.exe	80
PID 3252 wrote to memory of 3772	3252	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fadc131-grand-theft-auto-v-free-v4-download.html
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcc2d03cb8,0x7ffcc2d03cc8,0x7ffcc2d03cd8
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,13960983377932936861,9666833499270343931,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,13960983377932936861,9666833499270343931,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,13960983377932936861,9666833499270343931,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13960983377932936861,9666833499270343931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13960983377932936861,9666833499270343931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,13960983377932936861,9666833499270343931,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4728 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,13960983377932936861,9666833499270343931,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13960983377932936861,9666833499270343931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13960983377932936861,9666833499270343931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13960983377932936861,9666833499270343931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13960983377932936861,9666833499270343931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13960983377932936861,9666833499270343931,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13960983377932936861,9666833499270343931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13960983377932936861,9666833499270343931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3852 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13960983377932936861,9666833499270343931,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1884,13960983377932936861,9666833499270343931,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6020 /prefetch:8
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1884,13960983377932936861,9666833499270343931,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4996 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13960983377932936861,9666833499270343931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:2656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13960983377932936861,9666833499270343931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2980 /prefetch:1
  2⤵
  PID:2636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13960983377932936861,9666833499270343931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4508 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13960983377932936861,9666833499270343931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13960983377932936861,9666833499270343931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13960983377932936861,9666833499270343931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13960983377932936861,9666833499270343931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13960983377932936861,9666833499270343931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13960983377932936861,9666833499270343931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7280 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1884,13960983377932936861,9666833499270343931,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7596 /prefetch:8
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,13960983377932936861,9666833499270343931,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7296 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,13960983377932936861,9666833499270343931,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:448
- C:\Users\Admin\Downloads\utweb_installer.exe
  "C:\Users\Admin\Downloads\utweb_installer.exe"
  2⤵
  - Executes dropped EXE
  PID:1436
- - C:\Users\Admin\AppData\Local\Temp\is-ILGAB.tmp\utweb_installer.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-ILGAB.tmp\utweb_installer.tmp" /SL5="$901F6,866470,820736,C:\Users\Admin\Downloads\utweb_installer.exe"
    3⤵
    - Executes dropped EXE
    - Checks for any installed AV software in registry
    - Checks processor information in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,13960983377932936861,9666833499270343931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:2616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a91469041c09ba8e6c92487f02ca8040

SHA1
7207eded6577ec8dc3962cd5c3b093d194317ea1

SHA256
0fef2b2f8cd3ef7aca4d2480c0a65ed4c2456f7033267aa41df7124061c7d28f

SHA512
b620a381ff679ef45ae7ff8899c59b9e5f1c1a4bdcab1af54af2ea410025ed6bdab9272cc342ac3cb18913bc6f7f8156c95e0e0615219d1981a68922ce34230f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
601fbcb77ed9464402ad83ed36803fd1

SHA1
9a34f45553356ec48b03c4d2b2aa089b44c6532d

SHA256
09d069799186ae736e216ab7e4ecdd980c6b202121b47636f2d0dd0dd4cc9e15

SHA512
c1cb610c25effb19b1c69ddca07f470e785fd329ad4adda90fbccaec180f1cf0be796e5628a30d0af256f5c3dc81d2331603cf8269f038c33b20dbf788406220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
69KB

MD5
a127a49f49671771565e01d883a5e4fa

SHA1
09ec098e238b34c09406628c6bee1b81472fc003

SHA256
3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6

SHA512
61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
30KB

MD5
9e26e9bd45775141c967088d9e624bb1

SHA1
1599f5bca3788c17f77f1f33533a1640336a83bf

SHA256
8365121e7b738ff867b0a6d97640a927b5884645a3a549ff0cde96e57c5afaf2

SHA512
f78c020fb0d81525be5bd22c02e375a07abc2ece3654073ca0298a7e97a293ab338057aeac2b7db988dc46c602e31118728f711d5ef00ce46442dc63cf56abaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
384KB

MD5
b78f1e119ae6b2dd5731d444e63e5316

SHA1
b111ae65493e45efd73dd9bb8cf9e9ba80f47d64

SHA256
96ed6dbc5280d27ceee10fb8286cd04efd21858ba19df78f1de7ce730b41ef06

SHA512
12ed0ee017bb408b0738d45369cbc78cc4f32564fdf565f18236f5761cc3676c45efaa016c6d43d0a435cfb09fc868f1ab6e1a09a5f64ae3a20d4a71fa38e686

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000058

Filesize
83KB

MD5
95ad70b0720495f26f4b7dc7aa152c13

SHA1
d325d177460b579980d6b36a4da2defbc709d6ce

SHA256
7d40765179bc45d7b2a36b9f0d49d12c2048abb154ed0ecfaa2433417fd0cdbc

SHA512
ca9f7e4fd11ce28a5eacee9cda062c8418b4d6cb440ed82328c03d7c1d1835d7aa175a2ac5e35ce2ec3ab6a37ed2fae0bf2eb61c7b08199299b6dae9e5194fc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
6470ea83c305f087a05b3498191a64ac

SHA1
6e0efdb342aac65c346da9f113e8a625f89aacf1

SHA256
a3e9bf571fbcb440e00fa38789ebd24d2334cb9ce600fc6bd1f1dda8acd3b3b8

SHA512
b69f882a467b0e93b8581e2793f3fdeec24f04ccbd8088475271d707ac1c2447aa4b06418bd575dc29a8b26f6ee25d96d643d59d8f8e2ec68eeaf2adef0622e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
a83f7d3768f6432eb34a25142599c68b

SHA1
88e9accaf234ee080e412f9a99c7a2e980bd0d81

SHA256
28915203ac12ca635296bf28c487b2e61b3b927e2ff9218b25ded3ed5c3048a5

SHA512
dd33c5ee424cc824e4cd086d2ad8af5597a6101eb095b5bb2b3ced41b69206d6c145449d6998f4877c6729fcb7f63b47d50cccdec98abfdf7ab50862631e3078

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
003e1667f7bfa9780a82079252e33610

SHA1
837d5adbc1445f4662283d6c65c879b9cb418654

SHA256
c4a5b488f4d9ae63a942c1ced71ee533803777fd916bf3c657659ee12a3532d8

SHA512
e1b14dcfc14d172cec179fa04a5a06b677f20685f33564ea2275e6ce94c8ed9714d3602dfcd9de3e5d55db8f52d9a93d903ebeb92f5ce360e68fccf5da3168ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e38b9ac6516644935c5a5c36a888e992

SHA1
4a0d451f47416e8c78f329f360a78d26a97f15b9

SHA256
124ac69d599276f56abbbb941a45f44e18c5e718a65dc9e2bc744d0051cf8af1

SHA512
6c13b333ffce272a0d27eeba84e422dc05dcacd93b44a762b0efa6bf0988255689c05198a401092cd885783303f106fb6c7fb3e1d386d51be6303d2217b29e2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4312492450101ef4041d0d4eeaa60a15

SHA1
d5f1ae89caf66791b1e5bc877de5a1b6a214cff9

SHA256
04811e5ed336fb1bf9551ed64934eeddc0fb469c1c29b3d13c7f3032e6b2057c

SHA512
638194e3582578e08b8b6d9a9885a73bf26add5e89c40481ced85354bed2f4eaba52a239e4d9465802d5825915c0b59afc00c60ea9e52520f7db01355770e348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
675944817159093d384577d67d33b944

SHA1
75edbdfc9f407868aa736d7ef38986595cb91196

SHA256
2d30acb7a725c7d4646fcf23b5ec2fe551c4641400fc8129be9eb2682d0b973f

SHA512
73b1b54414bf9e92ed3d0cb740de166b1669d9c4eef6ac965fa4966857cd58dc340c4a7e51c9fafb54e9cca486ed1a58574c23102ee4946284bfb8b727a7b42e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e14f3b46c8562330e1297f7d212aa7ee

SHA1
672629e1b84bda468c79af1e893f895184d3006e

SHA256
4361a15b33093feef5dbe6ce6f2dee9c100d27105d38acf7355f379769a6dad1

SHA512
09f37cef3f18d2ff05ad1506dd0baa0023f7db29efe48717e9ea5c1005cb7781fe6a36cd595b58ebfe6529ac5c70d1b017159e4c6eb90626eaf8902a0fbbfc00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
62febd2594ff10995343e6b44f1cde4e

SHA1
9c492b178f18321832e51a6b9d58d8727a72eba9

SHA256
b80565a885aacea2d8ac6e63722fed620b8d74dec3d1b4ae59b35c5720aafa0d

SHA512
eafe2f54ff7c445b1770340dbf54ccbfa21e28cf3ca8d2f021781d38e2d6436c49a06728055e8f5426afd25187f43da15bde00fbb6449edcef4054265e6f867d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6057533bf4dd7d805778d7e01fc867d9

SHA1
95faf111ed478ec15f253c73b82c79286279616a

SHA256
696329a05d06e1c229533f795f68674cacd37cfce6e655e6f3f96c5ae713c32c

SHA512
b5a19cbfa4f87fd42458976fbaf6b9d2d99e2ecf6f90b544b7c8715a589e6451c3947ed4a2fbea0d59e52e38c213ffb1f49f5e6d24aaddcd1db5b688b692bd02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f5c882520eb69f5e3ef84f37db915a39

SHA1
b479c9556b7e90ba2d0f1e71376d148dae0ebc78

SHA256
bf6c380c8645b55caaf4e7c544f374ba63be0dfaa4b33329bf7f150d66aa22ed

SHA512
4ca037b8c29b6d50fde8cfb11007c0416579e90eb0efc6532d6c58780f32e2c6d081e5fe981cc121dd23acee95cb1cfe156a46bb201b33a33bce483b9ee74e2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6f2d44a55704a8a99933f7be933ff043

SHA1
7bf194aab25a49e54310925ea352ef14e50aa213

SHA256
07ba95edf333ce6240eff40713cee124d15a86e6237a2c94f892972cb6024d83

SHA512
9918f6abc1648c75a37cfeeeede643ad26b6c27eef5f3c5e951d85d9ca99c49032929cdda1e807af8ef811a6bc0cd32fc390ee6657be1e2b74545a990e69e007

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
adbcf992a37837018672350f5d3c51e3

SHA1
de8f2204891dd66565876f7fa1820ca3db409acf

SHA256
b186952e2e7692d943c3843a0776ce9ef38a5b035a7e8bbc58f51d0705c557c4

SHA512
d2fdbc8de162583159458c42a028fbcd3b633a2777db1bebaa8be7f481b54977f4b6e2e3dd6ad22c91953509bb74b8d66f9869808d7c1ce5ea711fd1f1f9fe2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
e9abbdc25ac66e50cbd5849b87ba4d1e

SHA1
243de50ab8fcfbd2bef78c67bb76ade8201949c3

SHA256
a1ebb1ad3e44f012d2cfcabc7400f6d1537872ffa9f12b434273346b4fecd39d

SHA512
c32d59d2b2ec38f558b78c136b3060937286cc8ae41fe03938ce76562484fb51f4533e0aedb8bb79021be0eddb45b9439a0b3b83d8f7bce85487b08e26dc1ff9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe594721.TMP

Filesize
48B

MD5
806450f509b91a7de8898ecf78fb2283

SHA1
f4a0ba51ed43211d69bc64f793af8c8909ed1170

SHA256
650a14bad2f9e877a8a18dcc8a847ea9327ca12c13ecdade241fd374b48178d0

SHA512
a74d3d5a23fb161d9d3118681a4c5d60538e452fcdfa34262fef803452bb283f7b82298c35e83e067882c97bab1c8582c9c663b11e74cd849102d3defb89457a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0ab1c0ee400e3d8da47f6a3687d7cb55

SHA1
361de895f98d39706d2362d80ba5688326395d9b

SHA256
cb71178a51cb8de652dc9f469632a0690260dddcd2121da8eda29f2f817ed4b4

SHA512
5ee128d40e9d10841ed733a726e97dba5f898d4f50a3a4ed0d5552bafd1d47b80335484a0f8010ec31c069bfec807b11ffb38d891172754475ae069de94ecf61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8d068b9ab9d89470e1a85b1c28df953f

SHA1
08f1f8a20c1cef5d255663132265eb81f4315cb0

SHA256
00d2c5115ec609d7c1801baf190302d523d67e5243fc26c08949fe01d0bed44d

SHA512
513ea7c330fc7e8f80e458fd5fd5968c27a16fcfab81aa297d1e1b9d7a93229c021a694535a946e73a0e7386cf5b63ff8a7bd52fcf9835190bbce3d9ed569b3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
1c26fdf34e92dff3249b787b0edeaff7

SHA1
642156c1140f57e4eb87bcc737bd7349d31085ab

SHA256
06bda288a94fbc093fc792e6613617d70eb1785c794943cec380e606af0982d3

SHA512
0011130894acaec652fdf1ca93116be0b75890cf08719390b0338677d95ba96c69e4e68d8d01d395744d11ca7136d363c4da460e8b61db34c525b601a71feea9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
89cbc731ed5c8a9c7454bfb983784504

SHA1
dc080aae9977e1fb077abe4df53d0eee5b1df58b

SHA256
fed630377a3dc2b7da1cc18791135feb38ccfa0c914380e73ff00faa2fafe5ba

SHA512
7c409b0b54a3476a60b048256f0b08e3714aa27c40abfdc94bdbc1cafcdf67e45acdc5bdfcba8393f45953545d0be554d800a7925f37e5cab4e2ae1e97274eaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586b19.TMP

Filesize
705B

MD5
72852d86a790849c3d065141ea5f05c6

SHA1
caa35ca53c5ada2013afbf9700237d4b21a1967e

SHA256
1ff2d407c24f5540820cdda0af8497f909a8c7b2041a261fb36d80d67523e356

SHA512
88a523ddae937d279879e482a44f2b5fe34dadb6945a67cb37e9582031924f1a11b706c5e7312d223491802ebefe9d5a6a513fed58156aae748812e49f4e91ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ed6fa817-a2cd-4c05-beba-f23e56c8c238.tmp

Filesize
6KB

MD5
a585f172809d40bf4feaa6469d04afa7

SHA1
92aa57c8506b90cfe91fac1487ef487a68c32609

SHA256
5b639913a0c03d1081bd12ebbf65345bef47a812de7ac81e18e9c3f618cada0e

SHA512
ec860e3dcc19adec23abc5c3da5d8534d854e6b210d1b2d9e3754f96f49fdb1bbb657a36e4a08957462f673b4e6ef5c100bd91178fb705e3d78023b7c3bbcda8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
31e34e20f808bd403592cabaf9c2a73e

SHA1
e740e75e5df734a8f9c9b1eedc7edf1ba9b79617

SHA256
f14c6159105963a010fadda2ab227e570e6503c938a45adb86694c9d91d1da60

SHA512
8b0e5c5ddb23195d0d377baca8d993c6cecf78b4df065b881694f222aa983bfdb342176931d9467716f337d88a655c304238dc253e47f106f1855f751e51c932

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
cc395675ef739ef8c028ad06050516f2

SHA1
603ab7bc4de856fb3e858105651b53196f6ee014

SHA256
494680eb509071fa507bca396f9de186d7d568bfce4e41d1afa91f573598fe41

SHA512
6bc164864d127405bbe29f4443d91e802eb03768c4ba10597c2f381495c2135ea809546230016960567a4bd51517b74d324c32461abe3ced134a0ab52c9ae524

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-ILGAB.tmp\utweb_installer.tmp

Filesize
960KB

MD5
dc022ccdca49242eebd7a0ddd6e44f4d

SHA1
141ef62bf2e760ffbd8f266607302d3b074240b1

SHA256
c75c5657cdf663f7e7ce48c89d33c948b59127892d8a6888fe6d00068400c3fb

SHA512
20c43f127832b7e336d37a73ce4ea63caa4546e77bfec0460b8143c32ae676aa27d51b4ad26a7e5a727c153f36f565cf9e617249c9db923205a235607a9f7d30

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-ILGAB.tmp\utweb_installer.tmp

Filesize
576KB

MD5
b9a120bebd5d422f29c75a76aa4d4b2d

SHA1
6e89964f960f3138cff2306a794cfaf5f7887a94

SHA256
4c934a99df6cb02a682cd6033f6560873426bf64aa482b758a4d216c177381b7

SHA512
12bb6c5b7209ecfd3260136f0dabe819df5d130f7ba5e9d69036c6c54fdf70539f025f454f798823f8f3cf46cb2fd46ecad71d60dc4899b38180ec089f346775

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-MOFPJ.tmp\AVG_AV.png

Filesize
128KB

MD5
f1f21be822c2e22934c88478dda2fd74

SHA1
8bd1625264a1b64e34e3f7d7c651b87ec593fad1

SHA256
5f3223dbfd67dc3ba0e0a3c23f5294258251272e06a66fdee6416dacc160fad4

SHA512
79d27aebc1604aed9138d729e86acae0b176249ed4e2f7ea1b34795c9b8ca89868b1d3b8b673558b81b0601af8b6de4404e72ae4bd5ba78492e394133a243681

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-MOFPJ.tmp\AVG_BRW.png

Filesize
36KB

MD5
c0e10a5142865236ee82b96c2a9eb75c

SHA1
a6ddc9f963bf0f677b418d8d48f5e8430afc09d4

SHA256
16b6b70168ea5a2d6d684f379c1d5e88ab9993d9ea0d22f04736f24bc89200cc

SHA512
98393660fcf8261a9e084db9900a3dc8894c1b0f564935512a39a2aa14a1a4e2104e86634f4fe10eceac97b0193c77e23434077f4ce66e72a5793c8a8b4dabe8

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-MOFPJ.tmp\WebAdvisor.png

Filesize
47KB

MD5
4cfff8dc30d353cd3d215fd3a5dbac24

SHA1
0f4f73f0dddc75f3506e026ef53c45c6fafbc87e

SHA256
0c430e56d69435d8ab31cbb5916a73a47d11ef65b37d289ee7d11130adf25856

SHA512
9d616f19c2496be6e89b855c41befc0235e3ce949d2b2ae7719c823f10be7fe0809bddfd93e28735b36271083dd802ae349b3ab7b60179b269d4a18c6cef4139

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 540878.crdownload

Filesize
1.7MB

MD5
c81050aeb6df0f1bee77277ac1c6a611

SHA1
0d24389683ad58521268fc48decb5df882409c81

SHA256
12ec3d0ce2c74bdd95bc3b1ba16c24760e3d9a20bacf59be4795f839d83d3136

SHA512
953f6e49a33a9a600acc89c06e0539b29c822395ff37890471f3c038f5dff4d4b8a9cb96b0d17f703959da3306be4bdc0997131aa7ad6e5d70ef925d7bb417c5

Download Submit
C:\Users\Admin\Downloads\utweb_installer.exe:Zone.Identifier

Filesize
61B

MD5
32f407399408f5699cf248694be99677

SHA1
e4b03b513d86565ba643d0b3582f691ac8bd3e46

SHA256
7c9778aa32d29008c79c8a33a34a213a283a1e11bd113704b7ee0c07c460701b

SHA512
a9c9951b78bf866b0279f17a562f7aba3f5e51bae988806d806ff14fdaa82107311cb9729237dc0e728fd46e9771e56dc13c0a6d2894843847dfe05017b137cb

Download Submit
memory/1436-1003-0x0000000000400000-0x00000000004D6000-memory.dmp

Filesize
856KB

Download
memory/1436-1058-0x0000000000400000-0x00000000004D6000-memory.dmp

Filesize
856KB

Download
memory/4548-1053-0x0000000006F10000-0x0000000007050000-memory.dmp

Filesize
1.2MB

Download
memory/4548-1057-0x0000000006F10000-0x0000000007050000-memory.dmp

Filesize
1.2MB

Download
memory/4548-1059-0x0000000006F10000-0x0000000007050000-memory.dmp

Filesize
1.2MB

Download
memory/4548-1052-0x0000000006F10000-0x0000000007050000-memory.dmp

Filesize
1.2MB

Download
memory/4548-1063-0x0000000006F10000-0x0000000007050000-memory.dmp

Filesize
1.2MB

Download
memory/4548-1064-0x0000000000400000-0x0000000000711000-memory.dmp

Filesize
3.1MB

Download
memory/4548-1065-0x0000000006F10000-0x0000000007050000-memory.dmp

Filesize
1.2MB

Download
memory/4548-1009-0x00000000026F0000-0x00000000026F1000-memory.dmp

Filesize
4KB

Download