hxxps://bazaar[.]abuse[.]ch/browse/

Resubmissions

06/05/2024, 23:58

240506-31dplshc2t 8

Analysis

max time kernel
367s
max time network
371s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
06/05/2024, 23:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://bazaar.abuse.ch/browse/

Score

8^/10

upx

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 5 IoCs

pid	Process
2164	ArcticBomb.exe
3056	ArcticBomb.exe
3164	ArcticBomb.exe
5048	ArcticBomb.exe
2988	DesktopPuzzle.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x001b00000002ac9e-791.dat	upx
behavioral1/memory/2164-835-0x0000000000400000-0x0000000000454000-memory.dmp	upx
behavioral1/memory/2164-837-0x0000000000400000-0x0000000000454000-memory.dmp	upx
behavioral1/memory/3056-878-0x0000000000400000-0x0000000000454000-memory.dmp	upx
behavioral1/memory/5048-893-0x0000000000400000-0x0000000000454000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
13	raw.githubusercontent.com
58	raw.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-891789021-684472942-1795878712-1000\{D2B34B8C-E1E9-475C-8C58-F078F719F0C6}	msedge.exe

NTFS ADS 7 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 790357.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\DesktopPuzzle.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\DudleyTrojan.bat:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\2a92b3f6761a6202524f0f45241c9f449dfc9282364c9a726bce5beb5245bdd1.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 934253.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\ArcticBomb.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 627175.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 23 IoCs

pid	Process
3424	msedge.exe
3424	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
3336	identity_helper.exe
3336	identity_helper.exe
4748	msedge.exe
4748	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
4344	msedge.exe
4344	msedge.exe
1640	msedge.exe
1640	msedge.exe
3368	msedge.exe
3368	msedge.exe
3712	msedge.exe
3712	msedge.exe
1132	msedge.exe
1132	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
2988	DesktopPuzzle.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4660 wrote to memory of 3760	4660	msedge.exe	80
PID 4660 wrote to memory of 3760	4660	msedge.exe	80
PID 4660 wrote to memory of 1284	4660	msedge.exe	81
PID 4660 wrote to memory of 1284	4660	msedge.exe	81
PID 4660 wrote to memory of 1284	4660	msedge.exe	81
PID 4660 wrote to memory of 1284	4660	msedge.exe	81
PID 4660 wrote to memory of 1284	4660	msedge.exe	81
PID 4660 wrote to memory of 1284	4660	msedge.exe	81
PID 4660 wrote to memory of 1284	4660	msedge.exe	81
PID 4660 wrote to memory of 1284	4660	msedge.exe	81
PID 4660 wrote to memory of 1284	4660	msedge.exe	81
PID 4660 wrote to memory of 1284	4660	msedge.exe	81
PID 4660 wrote to memory of 1284	4660	msedge.exe	81
PID 4660 wrote to memory of 1284	4660	msedge.exe	81
PID 4660 wrote to memory of 1284	4660	msedge.exe	81
PID 4660 wrote to memory of 1284	4660	msedge.exe	81
PID 4660 wrote to memory of 1284	4660	msedge.exe	81
PID 4660 wrote to memory of 1284	4660	msedge.exe	81
PID 4660 wrote to memory of 1284	4660	msedge.exe	81
PID 4660 wrote to memory of 1284	4660	msedge.exe	81
PID 4660 wrote to memory of 1284	4660	msedge.exe	81
PID 4660 wrote to memory of 1284	4660	msedge.exe	81
PID 4660 wrote to memory of 1284	4660	msedge.exe	81
PID 4660 wrote to memory of 1284	4660	msedge.exe	81
PID 4660 wrote to memory of 1284	4660	msedge.exe	81
PID 4660 wrote to memory of 1284	4660	msedge.exe	81
PID 4660 wrote to memory of 1284	4660	msedge.exe	81
PID 4660 wrote to memory of 1284	4660	msedge.exe	81
PID 4660 wrote to memory of 1284	4660	msedge.exe	81
PID 4660 wrote to memory of 1284	4660	msedge.exe	81
PID 4660 wrote to memory of 1284	4660	msedge.exe	81
PID 4660 wrote to memory of 1284	4660	msedge.exe	81
PID 4660 wrote to memory of 1284	4660	msedge.exe	81
PID 4660 wrote to memory of 1284	4660	msedge.exe	81
PID 4660 wrote to memory of 1284	4660	msedge.exe	81
PID 4660 wrote to memory of 1284	4660	msedge.exe	81
PID 4660 wrote to memory of 1284	4660	msedge.exe	81
PID 4660 wrote to memory of 1284	4660	msedge.exe	81
PID 4660 wrote to memory of 1284	4660	msedge.exe	81
PID 4660 wrote to memory of 1284	4660	msedge.exe	81
PID 4660 wrote to memory of 1284	4660	msedge.exe	81
PID 4660 wrote to memory of 1284	4660	msedge.exe	81
PID 4660 wrote to memory of 3424	4660	msedge.exe	82
PID 4660 wrote to memory of 3424	4660	msedge.exe	82
PID 4660 wrote to memory of 3764	4660	msedge.exe	83
PID 4660 wrote to memory of 3764	4660	msedge.exe	83
PID 4660 wrote to memory of 3764	4660	msedge.exe	83
PID 4660 wrote to memory of 3764	4660	msedge.exe	83
PID 4660 wrote to memory of 3764	4660	msedge.exe	83
PID 4660 wrote to memory of 3764	4660	msedge.exe	83
PID 4660 wrote to memory of 3764	4660	msedge.exe	83
PID 4660 wrote to memory of 3764	4660	msedge.exe	83
PID 4660 wrote to memory of 3764	4660	msedge.exe	83
PID 4660 wrote to memory of 3764	4660	msedge.exe	83
PID 4660 wrote to memory of 3764	4660	msedge.exe	83
PID 4660 wrote to memory of 3764	4660	msedge.exe	83
PID 4660 wrote to memory of 3764	4660	msedge.exe	83
PID 4660 wrote to memory of 3764	4660	msedge.exe	83
PID 4660 wrote to memory of 3764	4660	msedge.exe	83
PID 4660 wrote to memory of 3764	4660	msedge.exe	83
PID 4660 wrote to memory of 3764	4660	msedge.exe	83
PID 4660 wrote to memory of 3764	4660	msedge.exe	83
PID 4660 wrote to memory of 3764	4660	msedge.exe	83
PID 4660 wrote to memory of 3764	4660	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://bazaar.abuse.ch/browse/
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa0af83cb8,0x7ffa0af83cc8,0x7ffa0af83cd8
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,8796786410692855778,9545900174236271097,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1960 /prefetch:2
  2⤵
  PID:1284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,8796786410692855778,9545900174236271097,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,8796786410692855778,9545900174236271097,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:8
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8796786410692855778,9545900174236271097,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8796786410692855778,9545900174236271097,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8796786410692855778,9545900174236271097,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8796786410692855778,9545900174236271097,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,8796786410692855778,9545900174236271097,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,8796786410692855778,9545900174236271097,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8796786410692855778,9545900174236271097,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8796786410692855778,9545900174236271097,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2408 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8796786410692855778,9545900174236271097,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8796786410692855778,9545900174236271097,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8796786410692855778,9545900174236271097,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,8796786410692855778,9545900174236271097,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3536 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8796786410692855778,9545900174236271097,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1924,8796786410692855778,9545900174236271097,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8796786410692855778,9545900174236271097,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8796786410692855778,9545900174236271097,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3688 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8796786410692855778,9545900174236271097,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8796786410692855778,9545900174236271097,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8796786410692855778,9545900174236271097,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1924,8796786410692855778,9545900174236271097,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3096 /prefetch:8
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1924,8796786410692855778,9545900174236271097,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6548 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8796786410692855778,9545900174236271097,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8796786410692855778,9545900174236271097,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:1
  2⤵
  PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8796786410692855778,9545900174236271097,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8796786410692855778,9545900174236271097,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1924,8796786410692855778,9545900174236271097,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6888 /prefetch:8
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1924,8796786410692855778,9545900174236271097,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7092 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3368
- C:\Users\Admin\Downloads\ArcticBomb.exe
  "C:\Users\Admin\Downloads\ArcticBomb.exe"
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8796786410692855778,9545900174236271097,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1924,8796786410692855778,9545900174236271097,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6716 /prefetch:8
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,8796786410692855778,9545900174236271097,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7072 /prefetch:1
  2⤵
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1924,8796786410692855778,9545900174236271097,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7052 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1924,8796786410692855778,9545900174236271097,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3516 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1132
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\DudleyTrojan.bat" "
  2⤵
  PID:3144
- C:\Users\Admin\Downloads\DesktopPuzzle.exe
  "C:\Users\Admin\Downloads\DesktopPuzzle.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  PID:2988

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4456

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3500

C:\Users\Admin\Downloads\ArcticBomb.exe
"C:\Users\Admin\Downloads\ArcticBomb.exe"
1⤵
- Executes dropped EXE
PID:3056

C:\Users\Admin\Downloads\ArcticBomb.exe
"C:\Users\Admin\Downloads\ArcticBomb.exe"
1⤵
- Executes dropped EXE
PID:3164

C:\Users\Admin\Downloads\ArcticBomb.exe
"C:\Users\Admin\Downloads\ArcticBomb.exe"
1⤵
- Executes dropped EXE
PID:5048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6e498afe43878690d3c18fab2dd375a5

SHA1
b53f3ccbfe03a300e6b76a7c453bacb8ca9e13bd

SHA256
beb39e9a246495e9dd2971224d23c511b565a72a6f02315c9f9bf1dcfae7df78

SHA512
3bf8a2dd797e7f41377267ad26bde717b5b3839b835fe7b196e748fec775ffd39346dba154bb5d8bda4e6568133daaa7fefa3a0d2a05e035c7210bb3c60041a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8b53ef336be1e3589ad68ef93bbe3a7

SHA1
dec5c310225cab7d871fe036a6ed0e7fc323cf56

SHA256
fe5c2fb328310d7621d8f5af5af142c9ce10c80f127c4ab63171738ad34749e1

SHA512
a9081a5a909d9608adfc2177d304950b700b654e397cf648ed90ecac8ac44b860b2cf55a6d65e4dfa84ef79811543abf7cb7f6368fd3914e138dfdd7a9c09537

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\27b746f1-0b0b-43f1-aef4-89ef16872f64.tmp

Filesize
6KB

MD5
a50d14adf0fa89cd570143896f3489b5

SHA1
539a076f03fcefe6df3e4813d48effb28c203528

SHA256
c0dff2fb5ba42b0ba2c13ae64ed405ab4f671eebad2470247a70524fcf27794a

SHA512
2dcd4f8a1b54f38e568e6fff8208d24351163fc3e80e731f738fc6452b55685f3c8c98e25af2a67ae6132831a1fc43f0ad588abd37cd87eb2edb5a27c93dd036

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
22KB

MD5
3b5537dce96f57098998e410b0202920

SHA1
7732b57e4e3bbc122d63f67078efa7cf5f975448

SHA256
a1c54426705d6cef00e0ae98f5ad1615735a31a4e200c3a5835b44266a4a3f88

SHA512
c038c334db3a467a710c624704eb5884fd40314cd57bd2fd154806a59c0be954c414727628d50e41cdfd86f5334ceefcf1363d641b2681c1137651cbbb4fd55d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
92KB

MD5
05fff14758946d51c84af7f72d89fdf3

SHA1
92a1b6185af545c270a43f160c118d9287c73b1e

SHA256
fc076e1c94ebadd7a3ff60060ca93f3f1fa4b5975f1129632b8d38d5ccc32b7c

SHA512
a2364a28727be2a80091ac0d6be54fd011f5d681873fa587b90a167c6b1c6781f077a92653299308f054a66531eaae5dd44c0fb595dfee4def939617b6120753

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
200KB

MD5
a484f2f3418f65b8214cbcd3e4a31057

SHA1
5c002c51b67db40f88b6895a5d5caa67608a65ce

SHA256
79cbe928773386d07f0127f256f383debed5ccea5ff230465bf46ec7c87319d6

SHA512
0be1bb8db08f6e6041a85cfee90cd36a5b595afbca34d52a125465454fc806b4bb7ae569eaf4c882922fb1b962b6060534e597791cd0ad23483be5981d9be85c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\41a4ebffd069515d_0

Filesize
259B

MD5
f84fd1d12f96503138ae23b5a268d99f

SHA1
aceac645d7b8dec18ae33d7b42e848f1609d5824

SHA256
e0ee1b061d75253868ad4417e98e54e52f86817084bd411efba93c3a37dbab22

SHA512
bd95372104b17874899249251f796c4b6289cd91b81f90d0a1a36dd2ec7024b7d89057672e50af3f8f45d755c5f258ccc2e138ca97309b22d23519209194b65e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e6ce4a6240e59329_0

Filesize
263KB

MD5
22adf1856913028be85fd7353b4b7260

SHA1
cb044531003a5eebe9c42dda09f3d3cbf9371df4

SHA256
c95a8608fbce231e33b7080b1cd86ee0ac9160a5b231d1db2ce0254fe2c0ec02

SHA512
287396d36bc451492e98c9b2b7b5245f1b00901afe19c84f36ff96f20d100db749b3faf6182ab09647b88910a25f0eeb2b313aae5b5476837f0d61c69edaacdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
3f836628ccd99eb56a88582e7a924a7f

SHA1
697be3c2bc520ba4a702dd34ba87b10e2bfe2f07

SHA256
18b1ff05b3ab017e981c9a9bc25c400894cdfab70c1a4ddfd8e26d31dab1d911

SHA512
91eb3745365b0556b62b5f9592bce71fd1f9d1f304bd618e829abb82d57a22570dbcf03627a210ba2f031df43f4a2b09fc2b4857033dfb505f70ab43408fab5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
ad4f743c03d9c7e3816b1399b233ae2d

SHA1
1e7242e58cb1b9dbbdbea27970016eb3f74305e2

SHA256
05042a3ee0c675641917dbd916d6317d6237f1dc8d16910dfa11b11414aca1ac

SHA512
1338bf2de629c646f19d2f9afa87bc7b569946f5c08b3e227dd10856542d6ab71c65e19e5a72973b5a2df3ea59798130c6d52733b1440683ca487fdabe296111

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
bb3669accc260c194db29be709f8dd3b

SHA1
b4449184f0b76dca9f4fc39f2bc2cd1ee2303a0b

SHA256
9386d2c452d1800455a31807c06352bc543bd3929f1bc74bb3b6011299ddabe1

SHA512
5352720a07774701138a26168aef0eb6f053ac2d224fb6a6d763f82302a41800da8d9455e86e756f6afbe2bbeff0025db99ccf8daf700e3f5cf2962b6a7ee178

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
901ad7ebf55e191555265814819e05c4

SHA1
4be8e075e098215e5a72c7be4e6f1b64052201f9

SHA256
38ef71127cf0bd7861108821846c51863d64bfb34b2fe41ebdd0b88fb3a8423e

SHA512
9fa3fe205d8e7c7c047a411b29c756859a634ed5b9762265e4bf8a5232089e47d72253d325b4bc262dd1245d476fa73bb0191de625df776cf30a81725f92e4d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
32ef3de5e0b1019d1d608d7d84e0a8d6

SHA1
de966abd2ea1060818ccd46cc0a86620597375a6

SHA256
a9ad64f3b31e426072b10b2b37cf37c8513fbbf78db57c9014e92eaea3a67fab

SHA512
83958f29957302d5cffc83dce31c44e83021c365cdff5c444110bed4c639fcbc78b08689c4e1395ffd2e83f3026a74eb594d8df9dcddfb204e6551e4e553c439

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c9c64916f9da658f2af352356d1c3d65

SHA1
08a7b3d8dbdd37f5759643d268cc29f3ca124e49

SHA256
a849ffd19587a649088971558319c3bf78db1732e76ff1b433e94b9cff765ca8

SHA512
0f6b5b218b912ffe51129a5af6603615133572303322c9db19760787c533626b2a7030d64192390bdc34784c5fbade4f3b117524a3c30dad581b73a6805189c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
783550454560b2c7ddeff20e54b844a6

SHA1
78fd7ac023bb2cf2727e318a34af04639f46596d

SHA256
52c9c5fa7dca0ce150d5205d711bb4ee851a2b43102bd52132ea401dfd57a31f

SHA512
d3d8a733920935d01324cf08cd09e4bb5c3028da71a87dcdc183da6b63d7c1733dfd6a1efe0f7245220a9c23c9b3844915aacada9abaf23cdeaa84598be871b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
890b628151f9667440c95dda7901f277

SHA1
11669aa96814ad0854bd23b7ff307ada0adfd12e

SHA256
912d5761b2d1e4136a7e6823b97235a149a5ae2b30baa008cde68874d4f9d408

SHA512
a24cf057a166cb58e320e962a3540be10ea48b02fd7da4416b8127644ead637f18527ec8178afbb3ba19f4513027ee304041433941a8ff78886d018e4548fe31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
6438772eb68f3d329fd5320c8619f26d

SHA1
3d871e97f73ef138732fb264afac6c34406ac049

SHA256
e4123ffe2eea49bbc9f3affb0bb7c17c3e9f02f32949d85907ae62fff5c484d8

SHA512
1f5261ca81e04c94e27272ecc29385918574ea18086e57d43c471a0496d8cc6ecb9f6506cb2061f7543f484a80a55adbd67b9ed2484c6df25c3fcd13fe70aa72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8f8d64830ed9a598c20795c1d1e491b1

SHA1
8dde16834a4496a33b0c4163bda034dab1777dcf

SHA256
ade6ed021ca165a16c61d764a3392d0c99817536536a8e2e95c83868433059e5

SHA512
13d36bf2d2439bba655722a20cf3d49260736bc99e34ff2d8b9ac02b58fecf30cfdced9c3a94c92144ea43ce25cc6ac4f35c8de8f8fe7052622f7f69fd7cf525

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d7a953e3e5ce42734ba166fa057143e5

SHA1
e48cc617a472f34efec1405470effeb73288832d

SHA256
b30e4671c953d6e9739df4dbf718a5fc255bba442a320273fb9ca038b3856633

SHA512
d5de3b76563d8fcc6a1db54017fd0c2b583be2684e85ea35fc36f96d00dfac2bd149980a7b9aecfa931aea12a26b04665f43048652caef70f000df4bac737d3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
62327029c5decf85602143ec6977b9b2

SHA1
234d7d7365f7d9fd1a5396121def1228d5840e30

SHA256
b363587eec689bdaa6d291da12786c675102b3515e9b6b4ab081d5c6a8339ae0

SHA512
7ad8e7fdd0ded600fcf555529d378c8e9b9af5bd65ad4553bd6322f6ea6810e9353b8510821b42df55544c4e3279004b0f00452413b5856186adbe4555361526

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9cf614fa6cbc4268f075db989d3abb6e

SHA1
dcc3cef99296633bb9488e5d7c78a2c09500d120

SHA256
3caf4fc88c31632f92f72264e6124790f95040def056c814c8e30a490197bd8b

SHA512
153617ff4a916e97b1510be92af71b8b8f5d61ecd0c2eeecbd1c39cb228a102f51f011672614a7313746aa2b646b5bcbc1f44c0671b1eb4e778b53ea4902e954

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
dd791ae6821af21232450d1aaf70fbff

SHA1
e1aa1532e0f934473a5a60ccbcf09a2755f06951

SHA256
7c7912ff022b91ccbfd2b7d5d3db7bee980cfb3a9f9106237dcb0d04f15a3ea6

SHA512
d3032112342a93af193334b7f7ac72792863c956b26d019ecdbdb5b1485cb9902cb440a58950a9be04cb48dabb29de5a20120192e62522d1101a9b7f3042f3e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d6d1cf4715382f9fdb5f868f41a5d8d3

SHA1
0ca1d12e8396c80cab1ff2e69f50ddf69664de4e

SHA256
4788af61209a3e812009079bf9b05b15a4c6101f080c22db4ed0732e63e03dc6

SHA512
c7f141e889e6b48ab5893875cd4a62fef1bc36a03186558c456007b471209446bd9a0c0c1bb114360a5b0e682e2b5ae42c91202f57297520c7578a4407742ab8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1954724d340e2acad5a8da0497bb9fcf

SHA1
41807c0961002c4b68aaa30962c950dafd79dc9b

SHA256
479abfab0b07bfd12506c29a7a2501009b71ef44449bbf40f1b733df8825f0ad

SHA512
76e83f4b8a70fc3d8d33203a1aa3c352af8d0878725b6b2d71738fe44a2dc266cbd20dc63057250a6c8326dffb4dcfef70eec2ffcf3edc27cefee29dbc421024

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
d090a1257a163b7a15731521afc392ea

SHA1
61974d328e91a81aa6f0d650ace7ac0906c71060

SHA256
b4950661b2dd3dff6ef4fa533eb8caca4f5be97077e91837c6ce0c0a876b9d3f

SHA512
5e37c4f6456f36ea7aab28a96956ea5b9b4b688c9c9877811299ea0bef75ec6d54e7bfee3d867d7a430aeab1a470855cbff17d4d4df3a0a222f8d3e5810daf51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
de020e3135ec07aed861fffa0006a1ee

SHA1
a90923d6e3db6938f9df7c555ee60322938e092d

SHA256
265cd268921cc6a57b131c9cdf57dc79cdd5edf1e044a96fbd92e73a4ebfa2e4

SHA512
fe3a1dec9cc43dd926cde25535e3ce896b4e0050e4f2b7a05916d54a7e8d515c08f1377ecfa5d43b0e2e731680907bdcc8aabd8ee45ca54cddc9287ad39cad7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
f6581069a046eb1bef2a27017c78f5ff

SHA1
ecaa52b0bf3ed01b87a1f67db64baea33a4dc0e5

SHA256
dfbc82c059d11ee565cf01b533655f4c209b8f3285f71400980b2d9d2071e50e

SHA512
4d21d8a9c3bd89691ff5f43456741c647a42d2cb92b58a05b1c3498155aaaa64745fda434791653c7062245d134c9de6173bbe83cb7fe32dc1c7b6d33498d5cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
918a6c4c16002076825173363628529e

SHA1
336ef8fab99e06ab7578b37f3e53eaabe37420ce

SHA256
7351756dc64c8a63f4f61738a63de85083c9b5080a0b84d3f4946554ed8e0746

SHA512
630f0ee154c85c477bb4c6e9761d3b82b6fd0482dc68ea5ef60d62801207b3a1509fff49a8d3d85fa5491169543ebd28825bbf3126ec59fe8235020813f98741

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ec748397ff890d081f74fbde0652fed0

SHA1
7b80a147f1550a9ba2ce42c02e904161f4790df3

SHA256
97a042ccc41a4faf117cb0a3aa48cf2768612dd2cc1a1bf2eefc27ea6014578c

SHA512
b6f0109151ef8fa32da934faec5f44d7754a30ee33d19033ef5d4e080b1e34f61d5e027bc98d8c55fb44619bff2db83343de4daff78b2125611d96334d87b2ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5ef4f8fe792e761095ae9291b0b10138

SHA1
f872c1749d5c5a2baa858ef941270dba887879df

SHA256
4d2c3bd7e319eb0a1c7463652af500f7aa097a6154c5bd5ec5161b4d217b3dbc

SHA512
505b838607c4f13504d11d15ef60cacf63cac591f5a66c43b91e4b6a783bad6b3dcb123a7a0749cd942f810d6f909e0a9c34dabc9118c445eb24cde145a01f46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6df3ac7071531f5fb9ae65661f65b723

SHA1
c9dceb9e4dbf26ecaf93bd8680b5cd03affeb985

SHA256
fbc19ec9fea1a65a7a5a8bd79b2c01ab019e37c301e9e014d05e0f4f93531b1f

SHA512
cb3b7d97854d73924a2e0dc5429b8b13b513bec92dae8a52cfa343ef0cef3b9a9b6c042f9fc184a6ce7b9715f95efc9a49bf0e0e58cc0cde41694623808cf306

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7375eb3b1108dac34a676e388fb0a231

SHA1
5bcf1494db6c0ee5d08820776205fa5dcb9485c5

SHA256
9f9188946389e3e55cac52f0a7f9501f227f35c5f42d0536c2c4772b4cdee2b6

SHA512
4ddacc67ac990ad639b7a7fd570b35a14a902897de7c261db0da393c3fbb306b69e4579d0c3d665af392fd9a02030185771e49ecfdc1f818e5e46ac7d0b16e73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
087e611aafeb863e56198b0a92f6d6d8

SHA1
04c305c8920088cc2e78ca9d247bf5f58f7cf9f0

SHA256
a301ce2c99d7ee79ac3678419b1ace24374eb2d3043b969e33a7f662ae14982b

SHA512
7c25330ad047a9e83c165931adb24250700cb7b2a6c2244a351711a9d137fd6bd05062789f2496826deb01ed876f02c982cc7ea76fca78b39b6846c9ad2d925e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
f6a3854adb5c66915660d67fa5c54b2e

SHA1
ba9d1a649269235cb26822fcd9db64f62262997e

SHA256
82ec3e4192338418fe7ed8c161b55f4598271487d309f55d101a2b0af80984cd

SHA512
63379f96233f099efad40a33fd8484c9dcb4531011079613fa4a801621d2194b22a107c26a50f99dadc3a80d79299e8de6cd60b13fb701cc24cb666a842bc3fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
3daac80d4ebb8b84e79a31f48a4864fe

SHA1
4e5707d8bd3672acdff1ea8bfaf82b48e51e13bb

SHA256
54107a08c7fa9c9cd92dc327c7908bb132e543a5cfdd4640b20cac67e773af48

SHA512
cb0fa7a48af37038bbe2e5301f57f6ec71d531997de086b90c0b8e18cad297b83c31354745b66686d4c1cb23151264ca2437d9afcc61aff6a12d52af079aa08c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9c010e7358ea50344ad1623a0f48ac43

SHA1
f7e310e70937910dea1e17f283c4803379746f72

SHA256
cdd5e85246d28bd21a28e3d3dc7b54c9481beb088e11d9222e15b1febc39012c

SHA512
19975bedbc4ba84449e1ff98efb12149e125351ce5be4ca23e07e3dc18f758dbecba5251a4755a3abd7ff0e3595abbaeb5aca457e40f908f1634d4d7bea2ca95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587e72.TMP

Filesize
370B

MD5
9f9daf1b7681b35f2c9f99239123863d

SHA1
91f0efcbcc9613c26bdfc6b97eab5eb85f9d0317

SHA256
d49dd20fb0c91a9679067b13ca967a7dbfebdd982c3fa8f58e24a1d71b903cc1

SHA512
63fc8367d9fb5a3537a8497f8740673ddbfad4a0b49409c847b3a7a61d0e2ee9c9c3db1725c34a5c64877f42a669d9f7160bcb02431a825412173bff5ba7a078

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
9503df269af493d0b92d1f8d4892fd51

SHA1
dda4561463b45caa7d92de493de32579728999aa

SHA256
cbc3bdfc5ccd9c8d2ce00dbf71900c6a792b92786a3ca9c4f83d670a69583352

SHA512
6736132b9dcc508914f19b5b775e672a13a563b988cdd2f54bec9911ab5410bf7f7eaf7406f5a3fce818465f42ed2842ebc5ba8d97acb347c1a8db032b0ca1fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9a28b59343587d5bcfae1ee1850fe2b4

SHA1
2449129dd91d56a7d7b1627aa01fde83ecff1efe

SHA256
ada90477190fe5ffabe04d335250bfd323125539560ed497ea7f8fb0e43f8665

SHA512
cedf61a03b3559be3b2c90e372a3fc3577753212d19651464b7f86505e1f2d6fe18bb9dcad8f40fba578cd3f39360f054c40805ee5bab2a324958330fb9ab715

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
2bec49fb56f26041edb8337a73f25304

SHA1
b39cb3033f108a2b469acee422145a4692a35d4d

SHA256
3499f81fa2bf610d6bfbd29092991eabbd00464224cf3c0944438da94a647582

SHA512
ca40354f415e5593ab0783a52d441cf74b5e1aa17e4378f4a7551abce19d0e9f3f55d8115cdba80a06550145bd3a95543d7d69365cb7c1d3d59e9f8e65b7be90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
af17b6d5b98387abc16df4ce6aedda70

SHA1
5d2c8d343717e04d5fb84554b3bcdbf0185f96be

SHA256
77e12f1743f19ecdd4bf624d3cb104b4079cb15a445d388aadaf098af421788b

SHA512
94f8659ca80fbdd802b302107518f69ead768c36205d25d5266aff38e3c6a9949edc5706581662565ad852cb6ebab309e90258b371f8fbf9bbe3c7c59a9cfdf5

Download Submit
C:\Users\Admin\Downloads\2a92b3f6761a6202524f0f45241c9f449dfc9282364c9a726bce5beb5245bdd1.zip

Filesize
2.3MB

MD5
1a1e24724ab00f80725ec20c2a400e26

SHA1
f9cad9e85fffb215f693081c8e74d75554f5ddd6

SHA256
87be15a09dacb394f6f0569ddcbd4f6d3d2bee82fe6bbdc859b3215b396adfba

SHA512
64725f0333d25c367e463f47246500dcd6fc3416f354e7abde395920c016b279dba6531e7bd08a0a82e8399a09a82ad34e0dbbd15313f758f12452a9634f8f77

Download Submit
C:\Users\Admin\Downloads\2a92b3f6761a6202524f0f45241c9f449dfc9282364c9a726bce5beb5245bdd1.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\ArcticBomb.exe:Zone.Identifier

Filesize
55B

MD5
0f98a5550abe0fb880568b1480c96a1c

SHA1
d2ce9f7057b201d31f79f3aee2225d89f36be07d

SHA256
2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

SHA512
dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 627175.crdownload

Filesize
239KB

MD5
2f8f6e90ca211d7ef5f6cf3c995a40e7

SHA1
f8940f280c81273b11a20d4bfb43715155f6e122

SHA256
1f5a26f24a2bfdd301008f0cc51a6c3762f41b926f974c814f1ecaa4cb28e5e6

SHA512
2b38475550edee5519e33bd18fea510ad73345a27c20f6457710498d34e3d0cf05b0f96f32d018e7dc154a6f2232ea7e3145fd0ed5fb498f9e4702a4be1bb9c8

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 790357.crdownload

Filesize
176B

MD5
6784f47701e85ab826f147c900c3e3d8

SHA1
43ae74c14624384dd42fcb4a66a8b2645b3b4922

SHA256
39a075e440082d8614dbf845f36e7a656d87ba2eb66e225b75c259832d2766bc

SHA512
9b1430a426bf9a516a6c0f94d3d20036a306fae5a5a537990d3bcf29ebf09a4b59043bbe7ef800513ea4ac7fe99af3cac176caa73cd319f97980e8f9480c0306

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 934253.crdownload

Filesize
125KB

MD5
ea534626d73f9eb0e134de9885054892

SHA1
ab03e674b407aecf29c907b39717dec004843b13

SHA256
322eb96fc33119d8ed21b45f1cd57670f74fb42fd8888275ca4879dce1c1511c

SHA512
c8cda90323fd94387a566641ec48cb086540a400726032f3261151afe8a981730688a4dcd0983d9585355e22833a035ef627dbd1f643c4399f9ddce118a3a851

Download Submit
memory/2164-837-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/2164-835-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/2988-1006-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/2988-1007-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/3056-892-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/3056-879-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/3056-878-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/5048-893-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download