38ce15ff72fe07a74ac9e4692fac7c0b964ca3c4f6def07d942fd94ecfd80981

Resubmissions

02-07-2024 23:48

240702-3tl3eawdpf 10

02-07-2024 23:39

02-07-2024 23:36

02-07-2024 06:39

02-07-2024 06:28

02-07-2024 06:22

02-07-2024 06:05

02-07-2024 06:00

Analysis

max time kernel
259s
max time network
261s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
02-07-2024 06:00

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

piggy.png
Size

1.3MB
MD5

db441b970d8b070324fad09acb7ca77f
SHA1

d71a69ffc7c67b2bc338d809b2a7933d1139638a
SHA256

38ce15ff72fe07a74ac9e4692fac7c0b964ca3c4f6def07d942fd94ecfd80981
SHA512

49b8b422831afec6f9600f9ee03b6ff237abf548ffecb607a38992ae72c6d27820e980e79217c784b13b6df70d56482b26a06f058bb00a326e1564f7fcb1b55d
SSDEEP

24576:bNkiU39wq+8/EV7QXZyP2wWYMmxtJMdhBgf0n1BcFvnbz:bNV09wq+gECnGfJ0Bu0n1OZP

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
3456	YouAreAnIdiot.exe
5856	YouAreAnIdiot.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
115	raw.githubusercontent.com
116	raw.githubusercontent.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4100	3456	WerFault.exe	156
4048	5856	WerFault.exe	160

Delays execution with timeout.exe 1 IoCs

evasion

pid	Process
3340	timeout.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 15 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "205"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-200405930-3877336739-3533750831-1000\{7FC90798-0FC0-49B2-81E1-172BA14B74CE}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings	msedge.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 459868.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 192640.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
3152	msedge.exe
3152	msedge.exe
4056	msedge.exe
4056	msedge.exe
4752	identity_helper.exe
4752	identity_helper.exe
2460	msedge.exe
2460	msedge.exe
3836	msedge.exe
3836	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
4856	msedge.exe
4856	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5912	shutdown.exe
Token: SeRemoteShutdownPrivilege	5912	shutdown.exe

Suspicious use of FindShellTrayWindow 55 IoCs

pid	Process
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1820	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4056 wrote to memory of 3432	4056	msedge.exe	98
PID 4056 wrote to memory of 3432	4056	msedge.exe	98
PID 4056 wrote to memory of 1792	4056	msedge.exe	99
PID 4056 wrote to memory of 1792	4056	msedge.exe	99
PID 4056 wrote to memory of 1792	4056	msedge.exe	99
PID 4056 wrote to memory of 1792	4056	msedge.exe	99
PID 4056 wrote to memory of 1792	4056	msedge.exe	99
PID 4056 wrote to memory of 1792	4056	msedge.exe	99
PID 4056 wrote to memory of 1792	4056	msedge.exe	99
PID 4056 wrote to memory of 1792	4056	msedge.exe	99
PID 4056 wrote to memory of 1792	4056	msedge.exe	99
PID 4056 wrote to memory of 1792	4056	msedge.exe	99
PID 4056 wrote to memory of 1792	4056	msedge.exe	99
PID 4056 wrote to memory of 1792	4056	msedge.exe	99
PID 4056 wrote to memory of 1792	4056	msedge.exe	99
PID 4056 wrote to memory of 1792	4056	msedge.exe	99
PID 4056 wrote to memory of 1792	4056	msedge.exe	99
PID 4056 wrote to memory of 1792	4056	msedge.exe	99
PID 4056 wrote to memory of 1792	4056	msedge.exe	99
PID 4056 wrote to memory of 1792	4056	msedge.exe	99
PID 4056 wrote to memory of 1792	4056	msedge.exe	99
PID 4056 wrote to memory of 1792	4056	msedge.exe	99
PID 4056 wrote to memory of 1792	4056	msedge.exe	99
PID 4056 wrote to memory of 1792	4056	msedge.exe	99
PID 4056 wrote to memory of 1792	4056	msedge.exe	99
PID 4056 wrote to memory of 1792	4056	msedge.exe	99
PID 4056 wrote to memory of 1792	4056	msedge.exe	99
PID 4056 wrote to memory of 1792	4056	msedge.exe	99
PID 4056 wrote to memory of 1792	4056	msedge.exe	99
PID 4056 wrote to memory of 1792	4056	msedge.exe	99
PID 4056 wrote to memory of 1792	4056	msedge.exe	99
PID 4056 wrote to memory of 1792	4056	msedge.exe	99
PID 4056 wrote to memory of 1792	4056	msedge.exe	99
PID 4056 wrote to memory of 1792	4056	msedge.exe	99
PID 4056 wrote to memory of 1792	4056	msedge.exe	99
PID 4056 wrote to memory of 1792	4056	msedge.exe	99
PID 4056 wrote to memory of 1792	4056	msedge.exe	99
PID 4056 wrote to memory of 1792	4056	msedge.exe	99
PID 4056 wrote to memory of 1792	4056	msedge.exe	99
PID 4056 wrote to memory of 1792	4056	msedge.exe	99
PID 4056 wrote to memory of 1792	4056	msedge.exe	99
PID 4056 wrote to memory of 1792	4056	msedge.exe	99
PID 4056 wrote to memory of 3152	4056	msedge.exe	100
PID 4056 wrote to memory of 3152	4056	msedge.exe	100
PID 4056 wrote to memory of 1756	4056	msedge.exe	101
PID 4056 wrote to memory of 1756	4056	msedge.exe	101
PID 4056 wrote to memory of 1756	4056	msedge.exe	101
PID 4056 wrote to memory of 1756	4056	msedge.exe	101
PID 4056 wrote to memory of 1756	4056	msedge.exe	101
PID 4056 wrote to memory of 1756	4056	msedge.exe	101
PID 4056 wrote to memory of 1756	4056	msedge.exe	101
PID 4056 wrote to memory of 1756	4056	msedge.exe	101
PID 4056 wrote to memory of 1756	4056	msedge.exe	101
PID 4056 wrote to memory of 1756	4056	msedge.exe	101
PID 4056 wrote to memory of 1756	4056	msedge.exe	101
PID 4056 wrote to memory of 1756	4056	msedge.exe	101
PID 4056 wrote to memory of 1756	4056	msedge.exe	101
PID 4056 wrote to memory of 1756	4056	msedge.exe	101
PID 4056 wrote to memory of 1756	4056	msedge.exe	101
PID 4056 wrote to memory of 1756	4056	msedge.exe	101
PID 4056 wrote to memory of 1756	4056	msedge.exe	101
PID 4056 wrote to memory of 1756	4056	msedge.exe	101
PID 4056 wrote to memory of 1756	4056	msedge.exe	101
PID 4056 wrote to memory of 1756	4056	msedge.exe	101

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\piggy.png
1⤵
PID:1848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc9c4046f8,0x7ffc9c404708,0x7ffc9c404718
  2⤵
  PID:3432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:1792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 /prefetch:8
  2⤵
  PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:180
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3560 /prefetch:8
  2⤵
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3560 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5428 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:5344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:5456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:5540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6268 /prefetch:8
  2⤵
  PID:5992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2284 /prefetch:1
  2⤵
  PID:5960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3836
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Love.bat" "
  2⤵
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6256 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5064
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Love.bat" "
  2⤵
  PID:3264
- - C:\Windows\system32\timeout.exe
    timeout 10
    3⤵
    - Delays execution with timeout.exe
    PID:3340
- - C:\Windows\system32\shutdown.exe
    shutdown -s -t 100
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:5912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:6132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:6044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1080 /prefetch:1
  2⤵
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6704 /prefetch:8
  2⤵
  PID:768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5940 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1
  2⤵
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:2664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2432

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1760

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5936

C:\Users\Admin\Downloads\YouAreAnIdiot.exe
"C:\Users\Admin\Downloads\YouAreAnIdiot.exe"
1⤵
- Executes dropped EXE
PID:3456
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 1200
  2⤵
  - Program crash
  PID:4100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3456 -ip 3456
1⤵
PID:5496

C:\Users\Admin\Downloads\YouAreAnIdiot.exe
"C:\Users\Admin\Downloads\YouAreAnIdiot.exe"
1⤵
- Executes dropped EXE
PID:5856
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 1172
  2⤵
  - Program crash
  PID:4048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5856 -ip 5856
1⤵
PID:5368

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa38dc055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:1820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
477462b6ad8eaaf8d38f5e3a4daf17b0

SHA1
86174e670c44767c08a39cc2a53c09c318326201

SHA256
e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d

SHA512
a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b704c9ca0493bd4548ac9c69dc4a4f27

SHA1
a3e5e54e630dabe55ca18a798d9f5681e0620ba7

SHA256
2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411

SHA512
69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\44a5fd93-a2d7-4ad4-aaf4-773a79b38912.tmp

Filesize
7KB

MD5
245ac78a6602452aa0200951a4481a78

SHA1
5a082865703a8f7b83645b1e58df8358ac623c60

SHA256
71b068f9a3353bfa21dc934665ea672977590d1dc9dde12c01e6f9236e5e1b80

SHA512
05144be38ec7cdb9b34d07113c4741826118ca1de45a82564e9c6dcaec1f641e29edc3b7abe9438f08e934b8c685f9523a71e411a08c70a77ae634628397d202

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
67KB

MD5
9e3f75f0eac6a6d237054f7b98301754

SHA1
80a6cb454163c3c11449e3988ad04d6ad6d2b432

SHA256
33a84dec02c65acb6918a1ae82afa05664ee27ad2f07760e8b008636510fd5bf

SHA512
5cea53f27a4fdbd32355235c90ce3d9b39f550a1b070574cbc4ea892e9901ab0acace0f8eeb5814515ca6ff2970bc3cc0559a0c87075ac4bb3251bc8eaee6236

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
41KB

MD5
59cb232c37a25811223c1101b7aaf371

SHA1
6290c495c0acfbc1931b2d4290e5e780e2397994

SHA256
156f9d51bef921526c82613f57aed91f7a498452f1c9a33e9adb502304b9eae1

SHA512
85a87d653b551cb1edc64a61348f632217d33cab3eac1e636c2235c15a2f3fd13479151f787af1047d891f4b9449669d11296298da36ac96f087a29df011761e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.2MB

MD5
620dd00003f691e6bda9ff44e1fc313f

SHA1
aaf106bb2767308c1056dee17ab2e92b9374fb00

SHA256
eea7813cba41e7062794087d5d4c820d7b30b699af3ec37cb545665940725586

SHA512
3e245851bfa901632ea796ddd5c64b86eda217ec5cd0587406f5c28328b5cb98c5d8089d868e409e40560c279332ba85dd8ce1159ae98e8588e35ed61da2f006

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
37KB

MD5
669b1563b95fce26d9ddc3c7e9bdc538

SHA1
275e4ae2606a0da908003b77ea06b24ea8b66214

SHA256
d46765072d87d9892a0f6f8f9849eafe0abecee9d662e99f8b45d8c5b22ac667

SHA512
09e066f5a1974927b2cb607a8b953f2732928c7347f65cdfcdb573170840562de6eae091a61108827b3ae0799c16bfbd41d858ee1a8bc57d9bb1fac814438302

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
20KB

MD5
628ba8d31375849e0943894669cd033c

SHA1
4fa6d50a37fa2dadec892474d3e713ef9de2d8a1

SHA256
80e3440c312f921afe33a7d4a3d11d1d2dc7162f8f50b748b796f424441d10d6

SHA512
d4406493dc8767c479460f3039b038866549feebf392280384da08adbcad2e871720d046220cb67ebe3ab75c14e06a31df2fa7c0f2c17f91eda26ba0a709d27f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
37KB

MD5
f31a1ab9f483d9db21349522e39dd16e

SHA1
01a275d7fc1c4f578fa506c8e0bf9b7787dd4806

SHA256
463800c9ec072ae72a4f6fdc1f2f779c792cb7ceb6f57c7d1231eabefad2bd9d

SHA512
cab9bf13c36b854bef939e1d09c8d896caf1d7c20f6948f70f27eaf2869e49c8b9be728b4c95926ba869a987516a79d3193d416b0582b7570a58269c8caa7603

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
20KB

MD5
0f3de113dc536643a187f641efae47f4

SHA1
729e48891d13fb7581697f5fee8175f60519615e

SHA256
9bef33945e76bc0012cdbd9941eab34f9472aca8e0ddbbaea52658423dc579f8

SHA512
8332bf7bd97ec1ebfc8e7fcf75132ca3f6dfd820863f2559ab22ac867aa882921f2b208ab76a6deb2e6fa2907bb0244851023af6c9960a77d3ad4101b314797f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
21KB

MD5
0e52c094a93d5bcd8875cce575d7da9a

SHA1
de9ecbf399f77a497c96c1a4b3509153ad9751a2

SHA256
abafb66ae53e45e075a02ab40e19bc2dbb0126d83f4da5f1fbd3bed1a4b4fdce

SHA512
b2cbb5075eb1cf84b9b24c2a2f3165675496d506d5e98a8868c18514c5740c366b5a29a925dcf6f6cacdb8ce6e39eb8673b15ebb55c5e9078e0d7eff631905cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
67KB

MD5
5c7ca5f69170c3af85aaedaad13d29f3

SHA1
f508ae82d28596ccb0c032024b4ecb0f47f77422

SHA256
9e32c92c0dbbca6ab7b65713c17f92324d020b84cc3a93b9213411f2d4ae821c

SHA512
e93b64594677e275a35ccb655f2474332222b533a5f9e6c15945fd1821c52eeb365cb8bc7811786ed1cff1dea29dfe1c85ff666545c619fbdf53c2b57fea5dd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ec0f84f95215d943_0

Filesize
1KB

MD5
6ade418cde69a079793135e76efcba04

SHA1
fa78240fa1ac4307225d8b4211ca8dba93245938

SHA256
e5c7bbac8e7847f981c6f2c0221872b0e2f8973ee41ad137b0f0079fb04e6c69

SHA512
bfd66bad0aa2e648ab63c0c530f5c4bbbebe4407c8a9ddff139b4030a10c7ece24a8af663449da7f5ea1a160099fa0cdf41e59fa2131b90605bd7a7060c5fc55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
08a75e6e4db9b3db37aa450756fbbbc8

SHA1
ed98ee02780ffdbf4702e4496b349dc83ae42bdc

SHA256
560a4d0c537d4495716f93bebf8d81b3f002d1dc45d23620cd584d1f7cc09f72

SHA512
9a710302edb20c74f6c5e467018bffac096f85f3fecf8f6dc0eee1f1dc722fd6c5aab04f661a754bd35417262f9395d0421f69c1ec17209191d1b6402830ca54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
63e9ce31cf646af08bea3d015d188c50

SHA1
9c1a32a5d7bd6272e3e3fc72b28874d2bb8626e7

SHA256
f12a42d9a5e4871b988215640462926208e9b10bb33c3c014489fd4c9e216d5f

SHA512
0988a1d42ac37aa22614d0a1a71c438a323e14d5f67550a75e45349695b3e1018977d5d818bf22de147e7c5b4f0d68c8bb4143e52c763e2dfe38a79bb16d9364

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
796B

MD5
5e5773d7248f8c29424c7d0996a4303a

SHA1
a2db8da7b0cdcc150f0ae87d1c55cf8bbf975513

SHA256
53dcc2b98f38aad2fea19e222939fb5ad80a832f95f3224c0d6e7321d01011e8

SHA512
794a19a807cb84910eb8f09e27d8ac30607b64533850883572dd8aeb9ba8521cc4ed823f9baa0492315e16869be4f3a49c342cc649ba0b12143f7d9cd98f3916

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
879B

MD5
114c72f78dbf33a1030ab8560d48842f

SHA1
6bb415436b663981d91d2572a859cb653af049fc

SHA256
a62a540eac7231012b7f9363f0c4e90eeb184ac29009de1c30b3dff52e1872f8

SHA512
00b5007b6805199528e7aeeb65b877238498498edc1c7fb61579ad4f67a602cc1753992cfadf5a63f62a053cc53956436109aff56220ba0f5f97497877b2538a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2d071372ccf3bad2323b217427f3e13b

SHA1
646909ef16d0666a016a16bb219b79ecfc5c0fb7

SHA256
72f170119aa01365305fa97d60422996f286710ffda7d5be7c63ea25d2cf0d8b

SHA512
ef7c253a7a974580cee1408734d1095c4fa55f5eed778e1c566716c5a594b9459dbb9c426da953ff094b64c928a5d30f9c2d36222eb6462c7c8b7cd49803097c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cca6c9df58fa079ada911d58ac48e55b

SHA1
03ce8456e8683c8c41716cf68de4666382d0c32f

SHA256
134cf6ae6b03da8971fe77b0b7423c9fbcb7464848d8181499bdfbbb8ce68f03

SHA512
169b0b927b60888d86b8373a9e52e14aafcee8af0686a847da2917759fbbff755c47a3bedde96b36fe16c6226adae1d4af4f573c16b5f88937ce17518efd655d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f4eb1577559d9e46d10a978bff788a75

SHA1
64161e7c7b7401d367a98ba6a71f8f7dd59ac25c

SHA256
85f0cb0a043922c856b6aac35b63967571e5c3f47238dec8deb088fd92f26837

SHA512
8d5d06727732bd99b732039d15906f024b0fa51030c0fcccebfaec91bcb6758d650b9340ab45942a8d99b59e72ffd0d67a1ccb5dbe7a9ec0d6748542409fb273

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
00e643b09efea97d9e9a6f6cf4c95798

SHA1
86e728e5f1ada1899fb6da4ba70fa069390a2a55

SHA256
667ad638535eb77d90add99d71b9af539f7eb50df2bee7a2b4f9010f9b2e4d29

SHA512
002446eedc62e618679c8527eb83f51691666872851e06cd54c4148c73343be9387d9df488c78a05ab107125f1b6e0445a7b9826cc05b2b6cf2fa6ee663af548

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1285a3e2fc974eb1c5765cba5cc1a437

SHA1
3d0f90b8812a452d0be59fd1151483186d4b1706

SHA256
65225da8efdb4a25e67ce13ef8328ceb7507a6a6b2693d0fb7d51e9f72454bcf

SHA512
37777998f8ebf311e683cb78d7ebaaba059d4ec72d3a052e146320e78db67d951f3d309df3b8706023f1beb6aa5910524192ee4a74134a967b13a2bb75c9b5cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bb7daeb6d729d6b1b5677eae6bf15564

SHA1
27c8e449937c4c4faf42e698b24523c5b449b191

SHA256
6bd9af755c0b687f89b744844edb98e6de6f0fe3b6661e09c6718dd12e2a8cce

SHA512
c94fbed8462d3ed98c3d58771bae65bd916f0c4248e6fb45ecf41fa6bf24e4e9313a4fcf62e80e8b537808389a8d7d2f70ad0b488e195ed22ed4f7af69a93bd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
067ee14c10a63127e7454ec062047f07

SHA1
b96046e1a6f2a617bec44c3f4519fe548062a0fc

SHA256
1dcad47a2e50285745dd966dd42f5601f3643a30718c3094fe5c2f5e2e7138d3

SHA512
a791baa99ae504f1ed40d761bae1f21111c6c88c3504574e942e5c477e5c8e443c4350c3d49f92fd4eb1ac131b49d690ce92fcd2f91a5a842773e7719889eac3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a6de6b0be3bc303ca81e280547658261

SHA1
d92d7e47960560e1160de8f3e072b2c833867287

SHA256
a8a4f4bb09a1b3578bc35c71ccaeef4cbc3fe97ef47e347ea53d38c8ecc55648

SHA512
bf13fd21abafc5556fc60521933835a0c98f9564975a1b7848f1d2f534c9ad36f95aa5c2e657f2272614f81157f152d342897943ce57b24b85bd5c86cf8156d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
40f033bb4c86e4e1e804097c0c815026

SHA1
54201dcfa6f90b39098347dd6bfce25fdd7b863d

SHA256
99070b7098e9886292708247a6c6914db3f57a132f41e8ba3c70c19d91d15c87

SHA512
49fbbe70f9a7cf4607cf510179dea141213b02fd0e640641b250ea138d6e4b7b18774c44710b7bddba0abb742cfecd1166217672b333c939855b50cd3f69072b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
21386a34087e4db0df82b9c4bfa14be8

SHA1
5cd543d7a82b468eb39ee22f3af470dcb3d55a34

SHA256
7316a44e00aaf5fd427806bd15924f23738fcdd0e1943a7c06a5b366155cede9

SHA512
98925a801a8834989d6c7148f2f1d1972ee5764834c162465a4ed8e928da8ccdd0cdd3be76168df1024fa220d199f289930f53e48860152dd110cd86ea81e079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bd9d25de7d2b1de9e33190a8c6ea88f1

SHA1
38443e21f7601ebe3c9731749b35375867bae0ec

SHA256
36423977df64ad8913e2325dc3ffeb366e5248189f1d18a1451e19ae7c1160d1

SHA512
422e1f5719cff9289a6477893e0dd2b96d4f70888630da5c0b4da76270fcc1a186534a3bbb609f36bbe3f37376805e176b40c385e9795c4bcd5828bbd2a99807

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2de5262e57c6e191fd1ef1dfa27d3fc0

SHA1
0c259cb15a42313f816f3b7e71a5ace8bdc36269

SHA256
96096c2da41428948b84bdad0d14bb7d02c3407641fd52744b9c1da8f99f0809

SHA512
a1e9260a66f0665a2c52f5556334b94ed4e95ee5aebe4969142bc0db37ac9e62af73c6253c4915c70b21f015468b9f9c55efe3d643a84cf889a1f514c6d4d68c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c4c10a21ebd68c087c73a42493a97aec

SHA1
c35464eda4004db4cc60c040e92b940271a6670c

SHA256
ccb6602ea1157a405cf40b6961ee8738a411cb3136cbdf35776f5d5b760eb210

SHA512
cb56321fc1c2d5e3dbae0e333df54e2e3fc4ed8d87cf9657763f915ebd330becc2a11ddd96f679eaeb661e667179be857cd4c1c3aef08f795e81aeeabd597e2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
aa56dd72837296a834bc912a4cabc4af

SHA1
cab98e4ecac531fe751ce005bb9cf307aa94d6ae

SHA256
c29350218756fa59e807682e6569e31b83714bc52e69e7029fa15fd50bd5f9ef

SHA512
9da84038b222aef7da573865b734e36c50cbe5ae5ebeccf6bf6b7203c001a638ffeaa1b870552ed5a30e06973106338aaa4c7165624f8fbf1254fa4f995895fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2bc34953eae68ce6ae82dc1d98b592ce

SHA1
2169fc639e70f07fe6e1b220fa561d5bd389c5c8

SHA256
a960ec8d106aa6ef4c01189a171a579bbb99c41c4fcdb2b6a97f269838a8fc89

SHA512
fa7027b65583e769339a3a68dde87e7bdaff599c9e2e5e10b82e6013c3928d6aa1d66da46e4a30685b38687357c2c7d3e49d74c8ee992d8a535b70dede213546

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f6c7f7535f5f83868a8219ce33133421

SHA1
3b33b3b28038fe60c282f06f26a97db866825984

SHA256
d7791f4c927b9abecdc6f47fa4f647e5a009a3eec410619e0ab459a4a95fa011

SHA512
afae4d3f608d7db4419de80e846f65b590d7bba2cbd458c1719eaa5597db54c8a6a18a4fa5272d91e6410afb1c7483f6e81b3fb9b78b4cb411f3a1489336f4b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2d2715976268c0c6ad4f44e101318be9

SHA1
bcdd4e4157f33c40919397350eb5c035e572cb54

SHA256
c4fb7283edf9ecb01d4c843b3950957290e9b9ced53cf637a1c9e351cb32bed1

SHA512
9550fdf5040badfaa50495e6ba50a8a565f09374ec0e031bc67d1cef7ee6d8d0c548a110decf7e11b9cca630ca02e021d8e50f2c4bc0e78d58f390eb36853a94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5802ab.TMP

Filesize
1KB

MD5
7483f4ac1355ee687b7e750ac2ebb261

SHA1
34448845374a081970552cbb3fe10002559650ad

SHA256
22101ad5bf9c9123359e89afcfed67f65d213b724aa7975297df149b59ebabcb

SHA512
df09404c3145645ec4cfe0b250797126b461d455d73ba79f5c0bad2d06c7c81f34337348096a4ef211096e802b4055d1cf80924060cefaac533a272a2639571f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
74468a51b0c26d1830874d18db76156a

SHA1
bdd943b086ae58359c7d0874afa2c99dd0a9acf5

SHA256
7498479b316320425886defcf273171f2cd12a3635d930be87eea17f4e328b58

SHA512
d7e28f314fbdd4509d17f1597fff42ea97ff82e914afe42761c4343a17f45ac5ae636f7def35c0227b9da87a06271b0f444daa4f26855a8ed9d5f3812ce88239

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
8546bac390c773c3241828a158218557

SHA1
7004c862cccde6f4fbbbb8e42a510b829661b77a

SHA256
19bf7d0f6a6b16a7e9f5aea2ded4407733a7243ef66248dd675ca26645519186

SHA512
e29a292809d995e0735f805b92e6709acfa11f71db64cd738f37c551e2c38484c2c97c3c515789da2ee7858f94cef9999d169bdc359eec17d43b9cc996741ecd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
cb3c5c82d10eb65de6f57e88ba556991

SHA1
c92f26a4aa8e3ca9211d56ba71234e859cbc024a

SHA256
81ed58f2698d31e542b83ae3297ebb49d952e63711e247ddae116566962bed50

SHA512
daa4dc2c200e71cb617dbfdd78c08847c94d47ed47f6c907fd9b5a72cf10b40f19ad9b2d1ad3ef5821c37b43c56ce392de08288590798feef92fcd559b11462a

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 192640.crdownload

Filesize
424KB

MD5
e263c5b306480143855655233f76dc5a

SHA1
e7dcd6c23c72209ee5aa0890372de1ce52045815

SHA256
1f69810b8fe71e30a8738278adf09dd982f7de0ab9891d296ce7ea61b3fa4f69

SHA512
e95981eae02d0a8bf44493c64cca8b7e50023332e91d75164735a1d0e38138f358100c93633ff3a0652e1c12a5155cba77d81e01027422d7d5f71000eafb4113

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 459868.crdownload

Filesize
327B

MD5
0c248dcbe812d54aaac203162190edb5

SHA1
1392069ef7f3d5ec826b2d61d3056b264a945521

SHA256
07cc1cab6935312f39de3ae2734be3fcd4b41c9c4af8429e66650460cc74b471

SHA512
d69a8199af9a3473a28f14129fa136f2ff0e435229ebae7159a46df3026816df65f1c08011f3ec18115ec58898ed4db594ad689e0bc6822113183afdab2b78f0

Download Submit
memory/3456-1228-0x0000000000900000-0x0000000000972000-memory.dmp

Filesize
456KB

Download
memory/3456-1229-0x0000000005300000-0x000000000539C000-memory.dmp

Filesize
624KB

Download
memory/3456-1230-0x0000000005A00000-0x0000000005FA4000-memory.dmp

Filesize
5.6MB

Download
memory/3456-1231-0x0000000005450000-0x00000000054E2000-memory.dmp

Filesize
584KB

Download
memory/3456-1232-0x0000000005400000-0x000000000540A000-memory.dmp

Filesize
40KB

Download
memory/3456-1233-0x00000000055B0000-0x0000000005606000-memory.dmp

Filesize
344KB

Download