hxxps://ideal-space-train-w6jqj5r7w9wfq5p-8080[.]app[.]github[.]dev/a/hvtrs8%2F-gktju%60[.]aoo%2FPPAS1%2Fppas1-%60ilapigs%2Fwkn-rglgaqeq%2Ffounnocd-bwind%2F2abf9%3A3%604ad01%3A962dc%3A8aa2710%3A06662%3A656183%2Fppas1-t0%2C0%2C32-36351-0c%60d%3B81b%5Dwkn44%2C7x

Analysis

max time kernel
1481s
max time network
1447s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
28/02/2024, 16:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ideal-space-train-w6jqj5r7w9wfq5p-8080.app.github.dev/a/hvtrs8%2F-gktju%60.aoo%2FPPAS1%2Fppas1-%60ilapigs%2Fwkn-rglgaqeq%2Ffounnocd-bwind%2F2abf9%3A3%604ad01%3A962dc%3A8aa2710%3A06662%3A656183%2Fppas1-t0%2C0%2C32-36351-0c%60d%3B81b%5Dwkn44%2C7x

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
2040	rpcs3.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-647252928-2816094679-1307623958-1000\{8B5EBFBC-2F30-481C-8135-57B6B0E81B2B}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Local Settings	msedge.exe

NTFS ADS 4 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\rpcs3-v0.0.30-16153-2cbd983b_win64.7z:Zone.Identifier	msedge.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zO493ACA89\rpcs3.exe:Zone.Identifier	7zFM.exe
File opened for modification	C:\Users\Admin\Downloads\PS3UPDAT.PUP:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 340597.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
4624	msedge.exe
4624	msedge.exe
1712	msedge.exe
1712	msedge.exe
1412	msedge.exe
1412	msedge.exe
2332	identity_helper.exe
2332	identity_helper.exe
448	msedge.exe
448	msedge.exe
1352	msedge.exe
1352	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
916	7zFM.exe
916	7zFM.exe
3944	msedge.exe
3944	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
916	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeRestorePrivilege	916	7zFM.exe
Token: 35	916	7zFM.exe
Token: SeSecurityPrivilege	916	7zFM.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1712 wrote to memory of 3544	1712	msedge.exe	77
PID 1712 wrote to memory of 3544	1712	msedge.exe	77
PID 1712 wrote to memory of 2168	1712	msedge.exe	79
PID 1712 wrote to memory of 2168	1712	msedge.exe	79
PID 1712 wrote to memory of 2168	1712	msedge.exe	79
PID 1712 wrote to memory of 2168	1712	msedge.exe	79
PID 1712 wrote to memory of 2168	1712	msedge.exe	79
PID 1712 wrote to memory of 2168	1712	msedge.exe	79
PID 1712 wrote to memory of 2168	1712	msedge.exe	79
PID 1712 wrote to memory of 2168	1712	msedge.exe	79
PID 1712 wrote to memory of 2168	1712	msedge.exe	79
PID 1712 wrote to memory of 2168	1712	msedge.exe	79
PID 1712 wrote to memory of 2168	1712	msedge.exe	79
PID 1712 wrote to memory of 2168	1712	msedge.exe	79
PID 1712 wrote to memory of 2168	1712	msedge.exe	79
PID 1712 wrote to memory of 2168	1712	msedge.exe	79
PID 1712 wrote to memory of 2168	1712	msedge.exe	79
PID 1712 wrote to memory of 2168	1712	msedge.exe	79
PID 1712 wrote to memory of 2168	1712	msedge.exe	79
PID 1712 wrote to memory of 2168	1712	msedge.exe	79
PID 1712 wrote to memory of 2168	1712	msedge.exe	79
PID 1712 wrote to memory of 2168	1712	msedge.exe	79
PID 1712 wrote to memory of 2168	1712	msedge.exe	79
PID 1712 wrote to memory of 2168	1712	msedge.exe	79
PID 1712 wrote to memory of 2168	1712	msedge.exe	79
PID 1712 wrote to memory of 2168	1712	msedge.exe	79
PID 1712 wrote to memory of 2168	1712	msedge.exe	79
PID 1712 wrote to memory of 2168	1712	msedge.exe	79
PID 1712 wrote to memory of 2168	1712	msedge.exe	79
PID 1712 wrote to memory of 2168	1712	msedge.exe	79
PID 1712 wrote to memory of 2168	1712	msedge.exe	79
PID 1712 wrote to memory of 2168	1712	msedge.exe	79
PID 1712 wrote to memory of 2168	1712	msedge.exe	79
PID 1712 wrote to memory of 2168	1712	msedge.exe	79
PID 1712 wrote to memory of 2168	1712	msedge.exe	79
PID 1712 wrote to memory of 2168	1712	msedge.exe	79
PID 1712 wrote to memory of 2168	1712	msedge.exe	79
PID 1712 wrote to memory of 2168	1712	msedge.exe	79
PID 1712 wrote to memory of 2168	1712	msedge.exe	79
PID 1712 wrote to memory of 2168	1712	msedge.exe	79
PID 1712 wrote to memory of 2168	1712	msedge.exe	79
PID 1712 wrote to memory of 2168	1712	msedge.exe	79
PID 1712 wrote to memory of 4624	1712	msedge.exe	78
PID 1712 wrote to memory of 4624	1712	msedge.exe	78
PID 1712 wrote to memory of 2104	1712	msedge.exe	80
PID 1712 wrote to memory of 2104	1712	msedge.exe	80
PID 1712 wrote to memory of 2104	1712	msedge.exe	80
PID 1712 wrote to memory of 2104	1712	msedge.exe	80
PID 1712 wrote to memory of 2104	1712	msedge.exe	80
PID 1712 wrote to memory of 2104	1712	msedge.exe	80
PID 1712 wrote to memory of 2104	1712	msedge.exe	80
PID 1712 wrote to memory of 2104	1712	msedge.exe	80
PID 1712 wrote to memory of 2104	1712	msedge.exe	80
PID 1712 wrote to memory of 2104	1712	msedge.exe	80
PID 1712 wrote to memory of 2104	1712	msedge.exe	80
PID 1712 wrote to memory of 2104	1712	msedge.exe	80
PID 1712 wrote to memory of 2104	1712	msedge.exe	80
PID 1712 wrote to memory of 2104	1712	msedge.exe	80
PID 1712 wrote to memory of 2104	1712	msedge.exe	80
PID 1712 wrote to memory of 2104	1712	msedge.exe	80
PID 1712 wrote to memory of 2104	1712	msedge.exe	80
PID 1712 wrote to memory of 2104	1712	msedge.exe	80
PID 1712 wrote to memory of 2104	1712	msedge.exe	80
PID 1712 wrote to memory of 2104	1712	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ideal-space-train-w6jqj5r7w9wfq5p-8080.app.github.dev/a/hvtrs8%2F-gktju%60.aoo%2FPPAS1%2Fppas1-%60ilapigs%2Fwkn-rglgaqeq%2Ffounnocd-bwind%2F2abf9%3A3%604ad01%3A962dc%3A8aa2710%3A06662%3A656183%2Fppas1-t0%2C0%2C32-36351-0c%60d%3B81b%5Dwkn44%2C7x
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff751c3cb8,0x7fff751c3cc8,0x7fff751c3cd8
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,15446495871971369427,2748719252752686262,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,15446495871971369427,2748719252752686262,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,15446495871971369427,2748719252752686262,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15446495871971369427,2748719252752686262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15446495871971369427,2748719252752686262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,15446495871971369427,2748719252752686262,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,15446495871971369427,2748719252752686262,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15446495871971369427,2748719252752686262,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15446495871971369427,2748719252752686262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3716 /prefetch:1
  2⤵
  PID:1316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15446495871971369427,2748719252752686262,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15446495871971369427,2748719252752686262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15446495871971369427,2748719252752686262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15446495871971369427,2748719252752686262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15446495871971369427,2748719252752686262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15446495871971369427,2748719252752686262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1908,15446495871971369427,2748719252752686262,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=2660 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1908,15446495871971369427,2748719252752686262,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15446495871971369427,2748719252752686262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2916 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15446495871971369427,2748719252752686262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15446495871971369427,2748719252752686262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2912 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,15446495871971369427,2748719252752686262,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6316 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15446495871971369427,2748719252752686262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
  2⤵
  PID:708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15446495871971369427,2748719252752686262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1908,15446495871971369427,2748719252752686262,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5468 /prefetch:8
  2⤵
  PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15446495871971369427,2748719252752686262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,15446495871971369427,2748719252752686262,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7016 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15446495871971369427,2748719252752686262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15446495871971369427,2748719252752686262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:768
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\rpcs3-v0.0.30-16153-2cbd983b_win64.7z"
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  PID:916
- - C:\Users\Admin\AppData\Local\Temp\7zO493ACA89\rpcs3.exe
    "C:\Users\Admin\AppData\Local\Temp\7zO493ACA89\rpcs3.exe"
    3⤵
    - Executes dropped EXE
    PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,15446495871971369427,2748719252752686262,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6412 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15446495871971369427,2748719252752686262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15446495871971369427,2748719252752686262,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15446495871971369427,2748719252752686262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,15446495871971369427,2748719252752686262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2148 /prefetch:1
  2⤵
  PID:4088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4788

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
12b71c4e45a845b5f29a54abb695e302

SHA1
8699ca2c717839c385f13fb26d111e57a9e61d6f

SHA256
c353020621fa6cea80eaa45215934d5f44f181ffa1a673cdb7880f20a4e898e0

SHA512
09f0d1a739102816c5a29106343d3b5bb54a31d67ddbfcfa21306b1a6d87eaa35a9a2f0358e56cc0f78be15eeb481a7cc2038ce54d552b9b791e7bee78145241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce319bd3ed3c89069337a6292042bbe0

SHA1
7e058bce90e1940293044abffe993adf67d8d888

SHA256
34070e3eea41c0e180cb5541de76cea15ef6f9e5c641e922d82a2d97bdce3aa3

SHA512
d42f7fc32a337ecd3a24bcbf6cd6155852646cae5fb499003356f713b791881fc2e46825c4ff61d09db2289f25c0992c10d6fadb560a9bea33284bd5acc449f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000053

Filesize
7.9MB

MD5
5f7ef12403bb775db5eb6e97e4661d14

SHA1
232ec53dc70893e0be784796b97761c3c9825ade

SHA256
d04ad75c2691bd6d30413d5a0f9121d1eeaf71ffa54c44eea985a99438715822

SHA512
0be759244e7799f4c4435d5d5f5dd13535014ac9d4bb7fb4fd7cfb6ee6d48c2f08c0b58f75036d5efa02676084c7e7ded79e50484fc59cfbbfbaec018202c3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3b4c97d21c8f97001acef627fa04fc63

SHA1
5107dc5825cfb8496ef61cf358c70978fb276b64

SHA256
8f0cb03a90b1b28d2ac7bb60bfd90f40db663776c82099d16624b4486aa8340c

SHA512
7590ff9cb36e55288eedc32c6091633bb8d7df8071086c365f07c06cbed82f9c7178ee536cc0548dadaa32f2af80cf1cc63c4f31386c9d5d2b5ec663c2b60bfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
49d145b3ed626a11fcd06b51d9924bb2

SHA1
a5ea4bc2d5d69d983cbdb5e29ea13c7e3f3d3680

SHA256
0388ad9aecb51e4bc4ff2bae52bd7739568a4a8750ad8374c5cbd54af1f9e353

SHA512
6c5f6cd6444129fa33380b4d8d8b9cc0505ab08aaf95ac157675456c9452ec27b027b39c80c7305f8fdc51bb9a8861499cafc467b25349c97de190215a328b12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
954B

MD5
3f1e5bbcd976de55ae3c287d465926d0

SHA1
e172cd0c878c43ffd3916b90f8c3bd540db2f568

SHA256
4a9745deaa2bcab640f1ba56e9b184f89e378bf38032af94d51b3984f3ca6d74

SHA512
741c65eeaa466dd8a6d2e8add31791e9539a3275b0ea314fc65afd7542bae6f409877eb2909b04700a7975867a281227f0b548e3f4550e310a6745e024460932

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
7ea4d65202d6c41b463b3782e3027310

SHA1
c828f95efbb2fb6045b53102c242bfa38539a79c

SHA256
7c124b5741dc4873cf9454a696ff4c6e00e6d44805f738a9add0c970e5ac830a

SHA512
2ccd2b9dd3befd00f859ae61b3961c4be2c3f87dd9ef9acc1ad1002af5ca70d6034b005509529a4c4d77b2dbb0da821e5458760470e974f9d697e7be040edfb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c745db8aa7b993f34e55984e03144b14

SHA1
b60c970c52389e03f9b0771ad9308adc7465b5ce

SHA256
55470a095a5f38cf17ea23bf84464d837291b22848a83868765adc2cedb5eefc

SHA512
0eb6f5937b2c77892a99ec90d83c3575f04345d22c1924d2053a4fb45560d05c1208d5405242393f8adb47864f34c6794c9811689b2319e217c32902d10b3d7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
232eaca4ca3d41b990c530afda06c64b

SHA1
16615ee7891d2139eb5570e10304c3084d69dd76

SHA256
7b99911d49fa8c3aa0cd9d1bf76a258d00b295da309638b97e0581058b2be23a

SHA512
ebd8d37247fc68ad2ce263a891f66fcb3498b02be47f12e6d279b9df9ced0655e2f2d2f5adf2b0c0b2e8c214ff4048354c2c78b32e0429082e6a215d957a9fc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5a33e610bbd067a0a412a01bebdd0243

SHA1
779f7c90491377d79cd243d09a97d0be9f4e659e

SHA256
088532dd56353cda38a313bd5b3d8efe888d67c565f2f663da32b0912d8719c3

SHA512
5364e2fa814a2120bea912d003df1c1704262764448ba5b6854b5445609cd4cc03353f9d3fed0f4bcac65f61b4e9c5e8d93612a687099552edf9cd362d22a620

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0a27b227e18f925b90060adb2a32535d

SHA1
5f715ce05e07481c31dd7714ac0751e20980f787

SHA256
986900d371f35a6bd04a1330bdabf25b88b3942ff17f46333224e2f37e8b53e5

SHA512
698a0a4820e8c338a12d2486f3f9762a88d0121e97b39bd3339a9e106b9435370bc2c3271f262d6ee188163d786bd3ceac6eee56fd63bfb5bc470e3ced0795ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2fff16dcf54288954a4a77f2384f3e6f

SHA1
bc2127669c1a2331af3fe63bc3bff665c8e47463

SHA256
1e94618a68588d29d0d292424ae0eaa0d83d107f063896ceaa5002d05d4b76bf

SHA512
565f9cabbd401076ce2ba18569100ccbd8206e7dafc89b236913ac1712a4c372494728699eb23b9810bfd0833d9c2e93842319227200eb638ca0c5e7ff34613a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f1b33dbf9d4b74f0ee366b1ae44b9f5c

SHA1
b7ff66464794158735da29c83c92fcad5fea0db1

SHA256
3db3a4af3da3d59ba322573a4cf864283109fde3ebc668d1ac066dfbedae84ba

SHA512
1cdc795d03d0dc9b3399fc576d4c52f7cf932d800f3ec64e56d54b637f431472c99137aa1f39815d16d02e40b8e1f79210ca714fc5651ec795c08c856f14f104

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4ad32dcbdff207a484ecb2c95daceb9a

SHA1
126c5e3ff0106208bc3be67a0c7aa32013b21573

SHA256
66f02cfba7bb28e4d297961af4266fb249be9849ca684a04c1fe0d0dec87a1f1

SHA512
cdd91f0a83bdb919a4e20d9c93ab574bd761e4f913bee6473574ef7768787e27d7ebc99e74869cc10d3890543198155e275bb358a8ad7c6650f5d12227caec53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7df50ed8f4c3a02bfd6d8c1ea276a108

SHA1
e299661d9614527230b867c90260baff855f497e

SHA256
787ffefea21ed1cb7149a987f46644e4ccaa6a4813d9627d405b0c40e93a6005

SHA512
63d732058d7ac5903617cb7dc99232901b290ad2ac1d3e14fa81ac060e8d19da908b9bc5091e251081392b68dd2ea4683f4cad4f1e4bf5778f354d0d89743a24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
150aed35ae9bc73f2b0a0ab00aeb3022

SHA1
7a30b43f82303fec4be48e14a857735d976f9e2c

SHA256
5829209bb6ab65f16e70f0c69482a21894e68a434e10064068ac2bda82a6c22d

SHA512
705d1cb862b812743e749ccce6e05261892c50e1fec7c49a13a75efec6af86f1246ab0901f128d60c947bfd73b5405709d93a7e6a2ff89b02cffe488da417260

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a5fa03f8d169804bb98e7d9fc96ba498

SHA1
c47c7545f84e88889389b113e3ca387d9d9e08ed

SHA256
d98a62a66de763724a9a0376332be239cf81d38dabd0ad8f213d3ce2ace20c58

SHA512
c1911168600705880353872b67fd15c9d522f6fe536986ce13c531549df4ef0c8dc60481196041d8d082b27a736404587e2e4638d23c3f702ef7c98fd44b2520

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
344e244a04b0c8d3ee55cedc9a7e0133

SHA1
4ae666fdd2548689ac9bebe676579ab954cad49c

SHA256
02ce5cdb71da3cd78959ec8e706763ab04a7948dc9112911ca9ece35dd4c4497

SHA512
291406cfb3a50c6afb48cfd87a74e8cbd1e9de3ef2304ddef057a97ab98ce7e5d1ac8ab711030c7380cc1f0737e9a1131d64cb7ff552f24cb71102d8ec95307e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
67650a1d79e1fe41263880889531e8e0

SHA1
4121bb5787dcaec8d73ac93a2a3f9139143d136a

SHA256
326fb12a051e707cccadb7b377611315a6394d23a4a0bb302fb86cc96b593d4f

SHA512
ab089cabf20e5d57a8e186bf0e13ecdd4379456e1fc949ac5632cda4d5bc2957d3317a96b9f63ba48f3f6cdfd67c36890ec87685493f7cd6af024988af4e04b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
24db4057cc4c08734158c32be32af505

SHA1
73534a4bf4e2418faefde864de45f9b324912c21

SHA256
628847a5dcfd89a9bf78ca451fbd55574745d5997d41f04746bc5a13bb57a1cb

SHA512
8abd900f1a657aeb3c272460f658fd848e0ccd13f09277da042a5e316ed62ee00a04f4d7671947702ee217ce9970b6591c2bd539a0b3e8451e6347e394766f19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
1bd13d937c569496a49c6e32eecb5c3e

SHA1
b0035fa6e902b063dae9868d9e2142105c9efc71

SHA256
d6524fad9dfa295056fababe01f5c58231526ff5ce59fab1fab3fc7a1dc788d7

SHA512
1d04d37010fab9a2f7f74c53b654ab989d42568aaacc07e91c298b936505abaaf823872aceba9e47f449a953a168ebc2acd25a7de4dd6bc7e63ed4df6edf78bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
0b2e01c9f53748f35058b4d2a8f49248

SHA1
1490bdff00a36c245d19036a174bfad0adabeac1

SHA256
02e2aba4086fa25130b01e3c727eefca6c680cda03438055f24586066ae5cf24

SHA512
c466aa61b11740f33040bebdd0a663dd699e2bc9558df3383298ce96eea950f1d509badae5f09ce5236c9b01a68e0c7d909b7d6a8a0ebb361a7b7186d0b73f03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
57b31685dbc33e47cb0d144f898f5fb7

SHA1
d715ed787fd31776d8d7d1c9bf2399b6bbe8ae58

SHA256
72f413a5863f9f2ce20a199d860067996ffea8628c2f7a33872495025ae8e8d4

SHA512
1d5f3e1daa39c0ac4063b6396f9e4c2360e5e60eee4152da67a6b755816cfea4a2c6b07b9d47ea7fed177a710003c5bc00878cfc3062b1d2b0a819ab6d1ac37a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
83261c87a33ad003be49984f20d4330c

SHA1
80c59793bf5a721cc6d0e5961854f5ad8ec6e292

SHA256
0e4d1720449d4dbc79f938ff060ab58bf1b366023a98db87cad547ca8343e556

SHA512
f27ae32e7c2dccdc8510da9cef5e923d090257196f09156bd2ad5a2fe3f41438d10128cbc1588847700a0374468d72210d0a915809937680f6fcc80b309ce73c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ea2c1bce0e87ab2c5d0509310b43be69

SHA1
426c22e5868389bc582ff04e86bce9a5f7f14542

SHA256
c6d3f068535910504b5ca6d2276725d2b4b46f9829acef5fa47b05eb100ba108

SHA512
8a66fb1182423adb12506349518fc1810f096a1e44267283ee1913621bc3dba97772181a0de84a7ce696c1bdc009979b5434bbb07bcfeefc8b666039f0502c55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
06ec51174e1616c3f5ee3b7a883ad2bc

SHA1
ec34d4a1ebb2d6f2f137ca0402186edbf7047fb0

SHA256
c56df9d4030244b42f6cb91c324ceb2e7520d7d107d4772e0cf3d9481c923ad8

SHA512
19fed9ddac038cdd70716b851e0ae180da5afb159f4fcc335c5ca089eff733cf60c2a61b18b7210e57710ebcfef095d45a266aae5671c8da9ceb022b8cf732a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
c5a8ed0973a617b387d25fbc3c5e9228

SHA1
0f9c7327c8f75486810e7caf847ed15b3e1e11c5

SHA256
b6d05608855923836ca2773bf58462cb63125805e444f92702b987e84cfb88fa

SHA512
e98df5a47435374f40f6c7b09b65ab90c97a2ddc9dc49241fdd96dfcb594b196691d3bc9b57543691a999ab93adde8d206d7a20aa354542f2eb9585b718ad38f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO493ACA89\rpcs3.exe

Filesize
2.5MB

MD5
259773c4df4c0d6d705d4dc731cc8f51

SHA1
35290caa7f99a0be598e2cbf01e3a7e34361b4ea

SHA256
38936582647ad257c32f633b6a05230cf2cbe1283c64dc3f49eb056fb564fdbb

SHA512
ecb63bc3fd89b9d6d4a722fdec793ecdf77dceebbc863674f73b2d3e45bb94b505427c5c10380df239872353ecda7f778b9f3a32b91eb86b4bdb101701c5fc09

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO493ACA89\rpcs3.exe

Filesize
1.7MB

MD5
9e51b30a7d44f1e493cc6bbfd73fa70f

SHA1
c85c8d60ee37e7b2b9cb52a392051e54c1f5df67

SHA256
39d80437bb37616e7a84ec50aed20bb6282ff7d308740dd421e4d7d5fde6bc5b

SHA512
825c8b6940ff73ad97e5b5c3d7bb0b7a41f69e8bb3eb0e596578c8d245557fc91bd25574400c5b5bbd4c5eddee8446fe8bfd8ac9a82fd8972cbaf4cf63dd8237

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO493ACA89\rpcs3.exe

Filesize
1.6MB

MD5
1d1df0399592f4d7badfb9ba9c6efc07

SHA1
ed2059dbec114800e878060ee43b3feee7cd8991

SHA256
da5c52f85fdff6e813f891cbb3c2f3c8595a397144db4bf7b809a099861afeff

SHA512
a758c71c5da8330379645a1be45e9bd1a098ff1fc47f8d39996129950dc824cceac84d32bced86a9acd2c11a45f173c4353da24ee4931d1f7c71057282a2f9d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO493ACA89\rpcs3.exe:Zone.Identifier

Filesize
638B

MD5
ca4c28636dca2c76d311acc24f6a2a39

SHA1
1c1f5fdff2e814bb6a9ae1c56c0bae95f9d50006

SHA256
1821c1d6c81dd6e73c32a940c92ac29fd2b5042f05a1251768e5ca3b65439c2d

SHA512
f03a12d70017ddce37c253de3c8814b3f23628137e05aeba8fd65c67c0d8012f53384205c65b46049a0651606ff36f96df59f69af731f4a45e8e6814e719d40b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
85ec1feb7117871eabbe9c0ede250823

SHA1
839452d98e50528f975107937d93a2702a883929

SHA256
a55af7491d4545e71732861bd41c7b2d47db6f5c4df2e5bef198d98054d7f56f

SHA512
6cb32ece859bc50967cb7db1345e625a9760897cca52db1c83a38049a3cff5923ea764e938a798b4768e7e056cee290f9daf1611e50ab8f4f7f5e381f565f3a4

Download Submit
C:\Users\Admin\Downloads\rpcs3-v0.0.30-16153-2cbd983b_win64.7z

Filesize
4.0MB

MD5
c7e5217cfe9daec5442afb2f9528da04

SHA1
66c86e8bcdec5104ac17dc39341a1878359537ef

SHA256
65b99ab5865b7dbd115008fe6c8fcf6df57ab8303ea3eb52636348e959edf137

SHA512
5724578785df377e59afbd0a71b06092346eb5384b1efb56b5a1483bd6349a8c8f5d2651e08f99f452fdfc4fcaa428109d92eed89d1d6ec698657e166a12d905

Download Submit
C:\Users\Admin\Downloads\rpcs3-v0.0.30-16153-2cbd983b_win64.7z:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit