hxxps://link-center[.]net/1067274/flower

Analysis

max time kernel
134s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03/09/2024, 16:55

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://link-center.net/1067274/flower

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 3 IoCs

pid	Process
5764	flower_cracked.exe
5204	flower_cracked.exe
600	strnmap.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
188	discord.com
184	discord.com

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
100	api.ipify.org
98	api.ipify.org

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\driver.sys	flower_cracked.exe
File created	C:\Windows\System32\strnmap.exe	flower_cracked.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-523280732-2327480845-3730041215-1000\{26BEB180-6510-40B4-91A3-16843D829242}	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 109787.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4144	msedge.exe
4144	msedge.exe
5036	msedge.exe
5036	msedge.exe
3128	msedge.exe
3128	msedge.exe
4336	identity_helper.exe
4336	identity_helper.exe
5888	msedge.exe
5888	msedge.exe
5204	flower_cracked.exe
5204	flower_cracked.exe
5204	flower_cracked.exe
5204	flower_cracked.exe
5204	flower_cracked.exe
5204	flower_cracked.exe
5204	flower_cracked.exe
5204	flower_cracked.exe
5204	flower_cracked.exe
5204	flower_cracked.exe
5204	flower_cracked.exe
5204	flower_cracked.exe
5204	flower_cracked.exe
5204	flower_cracked.exe
5204	flower_cracked.exe
5204	flower_cracked.exe
5204	flower_cracked.exe
5204	flower_cracked.exe
5204	flower_cracked.exe
5204	flower_cracked.exe
5204	flower_cracked.exe
5204	flower_cracked.exe
5204	flower_cracked.exe
5204	flower_cracked.exe
5204	flower_cracked.exe
5204	flower_cracked.exe
5204	flower_cracked.exe
5204	flower_cracked.exe
5204	flower_cracked.exe
5204	flower_cracked.exe
5204	flower_cracked.exe
5204	flower_cracked.exe
5204	flower_cracked.exe
5204	flower_cracked.exe
5204	flower_cracked.exe
5204	flower_cracked.exe
5204	flower_cracked.exe
5204	flower_cracked.exe
5204	flower_cracked.exe
5204	flower_cracked.exe
5204	flower_cracked.exe
5204	flower_cracked.exe
5204	flower_cracked.exe
5204	flower_cracked.exe
5204	flower_cracked.exe
5204	flower_cracked.exe
5204	flower_cracked.exe
5204	flower_cracked.exe
5204	flower_cracked.exe
5204	flower_cracked.exe
5204	flower_cracked.exe
5204	flower_cracked.exe
5204	flower_cracked.exe
5204	flower_cracked.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs

pid	Process
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe

Suspicious use of FindShellTrayWindow 40 IoCs

pid	Process
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
5764	flower_cracked.exe
5204	flower_cracked.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5036 wrote to memory of 3312	5036	msedge.exe	85
PID 5036 wrote to memory of 3312	5036	msedge.exe	85
PID 5036 wrote to memory of 1404	5036	msedge.exe	86
PID 5036 wrote to memory of 1404	5036	msedge.exe	86
PID 5036 wrote to memory of 1404	5036	msedge.exe	86
PID 5036 wrote to memory of 1404	5036	msedge.exe	86
PID 5036 wrote to memory of 1404	5036	msedge.exe	86
PID 5036 wrote to memory of 1404	5036	msedge.exe	86
PID 5036 wrote to memory of 1404	5036	msedge.exe	86
PID 5036 wrote to memory of 1404	5036	msedge.exe	86
PID 5036 wrote to memory of 1404	5036	msedge.exe	86
PID 5036 wrote to memory of 1404	5036	msedge.exe	86
PID 5036 wrote to memory of 1404	5036	msedge.exe	86
PID 5036 wrote to memory of 1404	5036	msedge.exe	86
PID 5036 wrote to memory of 1404	5036	msedge.exe	86
PID 5036 wrote to memory of 1404	5036	msedge.exe	86
PID 5036 wrote to memory of 1404	5036	msedge.exe	86
PID 5036 wrote to memory of 1404	5036	msedge.exe	86
PID 5036 wrote to memory of 1404	5036	msedge.exe	86
PID 5036 wrote to memory of 1404	5036	msedge.exe	86
PID 5036 wrote to memory of 1404	5036	msedge.exe	86
PID 5036 wrote to memory of 1404	5036	msedge.exe	86
PID 5036 wrote to memory of 1404	5036	msedge.exe	86
PID 5036 wrote to memory of 1404	5036	msedge.exe	86
PID 5036 wrote to memory of 1404	5036	msedge.exe	86
PID 5036 wrote to memory of 1404	5036	msedge.exe	86
PID 5036 wrote to memory of 1404	5036	msedge.exe	86
PID 5036 wrote to memory of 1404	5036	msedge.exe	86
PID 5036 wrote to memory of 1404	5036	msedge.exe	86
PID 5036 wrote to memory of 1404	5036	msedge.exe	86
PID 5036 wrote to memory of 1404	5036	msedge.exe	86
PID 5036 wrote to memory of 1404	5036	msedge.exe	86
PID 5036 wrote to memory of 1404	5036	msedge.exe	86
PID 5036 wrote to memory of 1404	5036	msedge.exe	86
PID 5036 wrote to memory of 1404	5036	msedge.exe	86
PID 5036 wrote to memory of 1404	5036	msedge.exe	86
PID 5036 wrote to memory of 1404	5036	msedge.exe	86
PID 5036 wrote to memory of 1404	5036	msedge.exe	86
PID 5036 wrote to memory of 1404	5036	msedge.exe	86
PID 5036 wrote to memory of 1404	5036	msedge.exe	86
PID 5036 wrote to memory of 1404	5036	msedge.exe	86
PID 5036 wrote to memory of 1404	5036	msedge.exe	86
PID 5036 wrote to memory of 4144	5036	msedge.exe	87
PID 5036 wrote to memory of 4144	5036	msedge.exe	87
PID 5036 wrote to memory of 3868	5036	msedge.exe	88
PID 5036 wrote to memory of 3868	5036	msedge.exe	88
PID 5036 wrote to memory of 3868	5036	msedge.exe	88
PID 5036 wrote to memory of 3868	5036	msedge.exe	88
PID 5036 wrote to memory of 3868	5036	msedge.exe	88
PID 5036 wrote to memory of 3868	5036	msedge.exe	88
PID 5036 wrote to memory of 3868	5036	msedge.exe	88
PID 5036 wrote to memory of 3868	5036	msedge.exe	88
PID 5036 wrote to memory of 3868	5036	msedge.exe	88
PID 5036 wrote to memory of 3868	5036	msedge.exe	88
PID 5036 wrote to memory of 3868	5036	msedge.exe	88
PID 5036 wrote to memory of 3868	5036	msedge.exe	88
PID 5036 wrote to memory of 3868	5036	msedge.exe	88
PID 5036 wrote to memory of 3868	5036	msedge.exe	88
PID 5036 wrote to memory of 3868	5036	msedge.exe	88
PID 5036 wrote to memory of 3868	5036	msedge.exe	88
PID 5036 wrote to memory of 3868	5036	msedge.exe	88
PID 5036 wrote to memory of 3868	5036	msedge.exe	88
PID 5036 wrote to memory of 3868	5036	msedge.exe	88
PID 5036 wrote to memory of 3868	5036	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://link-center.net/1067274/flower
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff132a46f8,0x7fff132a4708,0x7fff132a4718
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,7549468391904035703,10073971965113180640,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,7549468391904035703,10073971965113180640,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,7549468391904035703,10073971965113180640,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
  2⤵
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,7549468391904035703,10073971965113180640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,7549468391904035703,10073971965113180640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,7549468391904035703,10073971965113180640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2052,7549468391904035703,10073971965113180640,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4948 /prefetch:8
  2⤵
  PID:644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,7549468391904035703,10073971965113180640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2052,7549468391904035703,10073971965113180640,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5772 /prefetch:8
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2052,7549468391904035703,10073971965113180640,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5816 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,7549468391904035703,10073971965113180640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,7549468391904035703,10073971965113180640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3856 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,7549468391904035703,10073971965113180640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,7549468391904035703,10073971965113180640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,7549468391904035703,10073971965113180640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,7549468391904035703,10073971965113180640,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6380 /prefetch:8
  2⤵
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,7549468391904035703,10073971965113180640,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6380 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,7549468391904035703,10073971965113180640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,7549468391904035703,10073971965113180640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3928 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,7549468391904035703,10073971965113180640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6512 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,7549468391904035703,10073971965113180640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,7549468391904035703,10073971965113180640,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,7549468391904035703,10073971965113180640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:5608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,7549468391904035703,10073971965113180640,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6652 /prefetch:1
  2⤵
  PID:5612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,7549468391904035703,10073971965113180640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:6012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,7549468391904035703,10073971965113180640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
  2⤵
  PID:6124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,7549468391904035703,10073971965113180640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:1
  2⤵
  PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,7549468391904035703,10073971965113180640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,7549468391904035703,10073971965113180640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
  2⤵
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2052,7549468391904035703,10073971965113180640,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6968 /prefetch:8
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,7549468391904035703,10073971965113180640,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6708 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,7549468391904035703,10073971965113180640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,7549468391904035703,10073971965113180640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,7549468391904035703,10073971965113180640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,7549468391904035703,10073971965113180640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:5124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2052,7549468391904035703,10073971965113180640,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5392 /prefetch:8
  2⤵
  PID:5736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,7549468391904035703,10073971965113180640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7120 /prefetch:1
  2⤵
  PID:5348

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2484

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4460

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5572

C:\Users\Admin\Downloads\flower_cracked.exe
"C:\Users\Admin\Downloads\flower_cracked.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5764
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:5976
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c color E
  2⤵
  PID:5252

C:\Users\Admin\Downloads\flower_cracked.exe
"C:\Users\Admin\Downloads\flower_cracked.exe"
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5204
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:5448
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c color E
  2⤵
  PID:5796
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\Downloads\flower_cracked.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
  2⤵
  PID:6044
- - C:\Windows\system32\certutil.exe
    certutil -hashfile "C:\Users\Admin\Downloads\flower_cracked.exe" MD5
    3⤵
    PID:6072
- - C:\Windows\system32\find.exe
    find /i /v "md5"
    3⤵
    PID:5256
- - C:\Windows\system32\find.exe
    find /i /v "certutil"
    3⤵
    PID:5196
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4476
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\System32\strnmap.exe C:\Windows\System32\driver.sys
  2⤵
  PID:3976
- - C:\Windows\System32\strnmap.exe
    C:\Windows\System32\strnmap.exe C:\Windows\System32\driver.sys
    3⤵
    - Executes dropped EXE
    PID:600
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2124
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c color E
  2⤵
  PID:2464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2dec76b3-1825-4e21-a904-e8e123e6be5d.tmp

Filesize
9KB

MD5
c58a4143326f70c79ea74538cdcde051

SHA1
8932f9719ddd69d9e10fb8ad203e4991a4805aae

SHA256
fa35e276c9569290d2d84427a62bae557bcb17521619e3393f6fd0fe7d0b75a0

SHA512
170441d69c001a6b11b3474ba46e7be50b40a86b232fbb1f5f9eafe7435e9ad1b2dc0a39343018d313f16cbc8bb6a99d1a98fe6f44e3d5eafffc12947a8d9785

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
67KB

MD5
ed124bdf39bbd5902bd2529a0a4114ea

SHA1
b7dd9d364099ccd4e09fd45f4180d38df6590524

SHA256
48232550940208c572ebe487aa64ddee26e304ba3e310407e1fc31a5c9deed44

SHA512
c4d180292afa484ef9556d15db1d3850416a85ad581f6f4d5eb66654991fa90f414029b4ce13ed142271a585b46b3e53701735ee3e0f45a78b67baa9122ba532

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
41KB

MD5
f3d0a156d6ecb39d1805d60a28c8501d

SHA1
d26dd641e0b9d7c52b19bc9e89b53b291fb1915c

SHA256
e8be4436fcedf9737ea35d21ec0dcc36c30a1f41e02b3d40aa0bfa2be223a4a3

SHA512
076acfd19e4a43538f347ab460aa0b340a2b60d33f8be5f9b0ef939ef4e9f365277c4ff886d62b7edb20a299aacf50976321f9f90baba8ccd97bc5ac24a580bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
1.2MB

MD5
540af416cc54fd550dcdd8d00b632572

SHA1
644a9d1dfcf928c1e4ed007cd50c2f480a8b7528

SHA256
e4e53d750c57e4d92ab9de185bb37f5d2cc5c4fcc6a2be97386af78082115cbb

SHA512
7692e046e49fcde9c29c7d6ea06ed4f16216ec9fb7ea621d3cc4493364743c03925e74244785588d1a4bfc2bedd32b41e7e66e244990d4076e781d7f4bbb270f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009a

Filesize
211KB

MD5
e7226392c938e4e604d2175eb9f43ca1

SHA1
2098293f39aa0bcdd62e718f9212d9062fa283ab

SHA256
d46ec08b6c29c4ca56cecbf73149cc66ebd902197590fe28cd65dad52a08c4e1

SHA512
63a4b99101c790d40a813db9e0d5fde21a64ccaf60a6009ead027920dbbdb52cc262af829e5c4140f3702a559c7ac46efa89622d76d45b4b49a9ce01625ef145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
689b1b67af7af7012f374c5f1d1ef35e

SHA1
12d066e07f5e1fd06f2b5783be9fffbfe602d134

SHA256
585268232f53a79aa2018e19e38bcd9c92166c165c519c57497fdb3c0b61f457

SHA512
9c8051ae22a2b7919be94afa2a9d6c3d946e9ec240d9353f84ebe89fec23dc1003a8d35946702839e13e94929aa8598dab8919fd895e69a1f0958d598065e2c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
c7ac41926648700a5b8a960720f4104f

SHA1
f08475b5a237728e3fa85996923817da1a08fdb6

SHA256
b470bc249f07094ee342ead5c602aa63f37f986229474d2ae3d17f1721cfa980

SHA512
11e9d85ed1bb3d739b50fb0e9882cba80fe6aecbaf7144b60b81128754913cea28bc2cd96b0ca4a81119ecb7be9a3c52d068815632bbfd8ac9159218431a2faf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
1a561593e01d572e805ff11cf6c80d6b

SHA1
afb8596f3cd831278704a893fa5b6e64bbb8ecad

SHA256
e8c91ca403e18211544c8483d27667d73335b6760a03558318d6e04c31449c9d

SHA512
96985f3b56ebf9245823673cf99d70f495256ca4843b6c7da335d201d9c7e12abdbc478c26fda0fc39b3f21153067464aae1226174960f61557d3fd28df09c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
e0745143350158d613670a486527526a

SHA1
b4977754f6c36d16025ccc33d1793145e70645f0

SHA256
d9b99eb6e0b6ba1032fb7ff0f107390b63290f0f1c1d72bf1c79d1b20e0df5e5

SHA512
3904946c3a548799f5c2a28dbeeb327f70a8b6ee266d303a6f55f37b938e2893c32756cc8c9a23401cc6ade053ca9018663cdd6b62c136be2c393749c4412a0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0da626dabcc12ed15034f981c73b9983

SHA1
3dce7b63e122a7127fd734fa3ffc7f63785fde89

SHA256
afb1acbe28bfcd3c7c7c82e8f1d577b1d025fdd25965556cdf88457aca11d4fa

SHA512
7fe31b0cbe936039cb46a516d502353013fda792e0e70d553e339592cb7102267b37133ab681a6adf0cb77eb0549e2c7ec14c58c8a9ec05a2c21fd1efa21581c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2edb68a7903d3e6a19e676d984db40cf

SHA1
3852c6b43bf5b78e67e317433370dc722057a906

SHA256
37b26b04735c310328f771f0f6952228b5a8aac3676a19bc3be0af38adcc2b96

SHA512
44b35053dde4beceb295f375fa443039ecf2ba746f2da04c85ed094062be71534b30986888f4d4ab93f223b598feac735ab8618c1111090b3f186192ba50f944

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
840294d77530d34fc244c2b3220ab4f9

SHA1
dcd5cdf9bcab9467967845f89d5d780ed369855f

SHA256
e1c45e558bfbe8983d55d917d2b490406721c38b42c1a37472abbbfb82acb935

SHA512
49ffc60eeb1b004228aac1f6953d091cc0a5a8a07e5cf011bd3626d7337b7f931bfebb1e4efec53d13348ebb8048f9663607e06ff8b575c0102d8966a6214180

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
6728ee89bf52974086bb7e873510cdde

SHA1
ed08122b417b2ceb43c17c1e863d80d02229beac

SHA256
f536d5703759168f7c8049fe8ee10cedbd87d1d95707d33caed0222e0906247e

SHA512
ae4afeac78b52e5334c6d3ca449b3e713d472a369f5a23e51a910aad07fb8b6b91b9a406afa5f2eca109a3e8d4d06b7779166078a6da39da9fa382f4487c280c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
a67c4744185c8e84056fa8cd4dcf308b

SHA1
f0fdfe1d0d71ae27d1543c41646550cbdf190ff7

SHA256
71440acbf96108e1cd67eed6920c0291bed7fab1058c7de28884fffab8db121d

SHA512
797c49c5f187a1bf85b5993411f0e1b46a77d39c6007dd0327f1fb5d1b597415eec36482904d4f8609aeed25b4d9760f57a2ad5b957dc383dd0db889b9aa7a21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\23223990-8e20-42fb-b551-6ab4725fcb42\index-dir\the-real-index

Filesize
3KB

MD5
8cc6b7a9a1a9f267cbed88dd95968c60

SHA1
05a33f7d24a2e1e28b7329034209dd4c4ba145f2

SHA256
eddd9d35f2d39514ea7b3be26639ec245a4ad73cfee7c52b7df8f9f4921a7dfb

SHA512
c35197006dde57a2fb40888e8ba98d2216fcf888a4c8975096aa97cb71bd4d917fbb790bc1c92347b06040f0b3e21184debb32834dbde5452c624a1b4fbf43cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\23223990-8e20-42fb-b551-6ab4725fcb42\index-dir\the-real-index~RFe584a62.TMP

Filesize
48B

MD5
d0a992d36087c239efb63145b6d67775

SHA1
e82230956994573a990155dc1f0bd4b94c6e9b03

SHA256
a3b3c9cfae5b91ff18ac217c04066999548187ddf427dcd66c8efd18966fc46a

SHA512
9372af487cd128fee4ee0c22446721a690a52fe334ddb1b8d7b3720310e77e6748450b0137ecfcfdaa92d0e8da5a4638b032d4c221b9ac06bc2f891941918c41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\ebdf963c-ee46-49a6-90b1-ea2c8d5efe1d\925a02cd30dd2ad1_0

Filesize
86KB

MD5
3ee2f70322c11b69a8c3b53d6431ea82

SHA1
d7974672161397933b9e72984ea66d7933403e37

SHA256
26cd8f3d23f26aa4df56320b0f2667ed65bbbff4b129008b26b28dacac32b117

SHA512
305e94482ec8b3eaaf89ec235d8c46e4f10faf6b8e3dae03463b665d5677dbadc92b7e67cbda26e349a7183971ddf4fbb8d38dd0fb90bf0c072c9102cc04a123

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\ebdf963c-ee46-49a6-90b1-ea2c8d5efe1d\index-dir\temp-index

Filesize
72B

MD5
adff05a478a9c4ccaaf8f2b889575684

SHA1
512b8262b90a1ff7843190ea30874842cd4535b5

SHA256
665d04b3b76e6525d667f90d315f054df0999ade275026b0287467aba06a8b43

SHA512
df6df960561c4f6313d01fc392021273487099114cb7821e910253bcf8980fea17db49325567cb3f8cd3681f64fa525ae25255982b4247e99671bfe372c8ae46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\ebdf963c-ee46-49a6-90b1-ea2c8d5efe1d\index-dir\the-real-index~RFe584b6c.TMP

Filesize
48B

MD5
94c897706e0d09d5e58793c08816ee34

SHA1
420aaf760b51c19149dec6a4b018cb8752edabe8

SHA256
555a44fc8c75c0fff2a19c05a8b9cdc1908ca2653284f9d48d0894c0b08db4af

SHA512
3a3f428bed904372d1f2329252f919f3660e1a709bcd1fae5149587151b3bfb9cb684ae71aa0200d4e1fbf23231569ad0da740871f3bf94105cbbf9f175f91ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\index.txt

Filesize
86B

MD5
9eac306f90aa5c95d64590027ddfaf9d

SHA1
b9e4913e5af6a2b1ca55daab8d1434be0173fb5e

SHA256
70ad98aba891777f7dd685afa5df2c6dbc78bde7315c1fd39ba95799a8fc6282

SHA512
a2e9cf1d0e2cd98b32aae4b842bc4213bb9c94963a301d373089b0c0c7d04343e0f5429de4e2385b4f52a499db254dc2e28fb53da1dc35cb633cb693a7a72eba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\index.txt

Filesize
176B

MD5
bf7bf96207720251419b3a56401483a9

SHA1
43b310e1da32d088d6ee6cf31018c87376b76e89

SHA256
94f9f4997742091a85371e5b5ff3e54e1b5fce5d40bb19de1b83bc003b637813

SHA512
e98d328779a894287efc93f37ff737dbc38dbc60ecf31b186ddb62bd3cac5686e88a5ed3416d1b045a70962870d241ce6597ba02b6709dc090e3698d3f00788f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\index.txt

Filesize
236B

MD5
db30fa14c55f8b31f61c61cca6c7a575

SHA1
011d10e11c4aa852ffa8dc515b4d9c6a1316b25a

SHA256
2c12c12c32733d618def3d88dcefa43122992c0186d93a7e8aa9ec361a0f37aa

SHA512
bf8c2ccd252026672041e63e20c5632a21bafdc4ccde50e0ce28f31755535d1f09348a677e3ebc9e43b81a16f527a5fed2349265e77cb3e91aa5f014bdf707bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\index.txt

Filesize
229B

MD5
7ceb6b2cf3c344cde66e2a5e5b9e8ba7

SHA1
e2c60db62938697a4b24ea665e939909af45215f

SHA256
6f41957ccb325f7ed0ef1881e2f398fcda6a48a605f009c111ef53def12cc6f3

SHA512
fae028d68067b47c098213d7f42235002f37ac67a8b5aaa95cf2069d3ec8212ea46b87257e33289fa2154c84e9484895a4c16918dc135ddfbaf8bfd792043553

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
144B

MD5
799b6b4ac92c956a546e976a60473111

SHA1
43215e2fce868254c99850e2c3c3e48b550e34fe

SHA256
90c24a5a2f5238dc254e29718e8e32facba228cd05886dc52fe14a80c203e8c6

SHA512
409393dfbf9e66d3a363b55a8d17f0e51dc9492f981e92834cd3093ce89301b1a4ca380bd35fbe7485119a1480c778c0596a7e0fffc9eb9cfbd2c238b9a95be4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
999069a8f4fac5a16db7b79bc5bad1fe

SHA1
3fedeccdfcfca386a4d7aa9356ba164f5deb10d1

SHA256
047f1bd46319aaa4822d0834a3539469e6fc2cb8bae3a1a2bc5c2abd51dd9316

SHA512
3370497e1077835c2847ef0f55a5414efc1c9410239543a2d7f1d67d2de4fa048ba50c11f68b363dc3e3c2d88c285ee30c6eb89caa30fa878ee8fa094bea7633

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe581c0f.TMP

Filesize
48B

MD5
fd2e4c7fe7cc09a72e3435161b0b6733

SHA1
3c88664c432c3f6d1fd6fd4040107856ceb755eb

SHA256
6de63f5cc0214285423e86aa9a66d47ef2cdf48338b25b0acc664f2d6825f0c0

SHA512
8d40948fd3dc4f1ab38d71d3001e1739cc7a416ecf82edfcefbc3ddc1600456c2696522b4efb5cbc064298054d58de8334a7139cc8087d043939ce96ff38d979

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
3f339ea4a33858c78fb6101cecc239b6

SHA1
91fc8013fad3c56269f70713672034148aef1bf3

SHA256
45b84e3bfe131e08d943b31a1f8564ebfe0e19d53db705aaef17915057e66de8

SHA512
b170f0f4b6c842a10c6d851ea92e836e91d93cbe346253ae01c6d590312d9234f649fb52e565a1a2af2317b7c0bc01804d0db5a51692702453159c63bcee1d62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
84f7dc41e9283a399997a945cd740dea

SHA1
543aec522e3bb31dde06132560201bbc634dc043

SHA256
a7253423696843d0e097efe3396e334118a73bde8acd314d4eda03f887a2fbfe

SHA512
09b284d64ca2be83da9b3dbc054ca82982b2411ecdaf42ec0492953d6029994650d9d83095ade1f112e521cef294e4fe77d49751f0c619f3b6eeb78a61a476fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0f75e82ac6a0880ed7a04eebbefc6eb5

SHA1
39622c7b5b054b96915e0d28607e409c23e7ee2c

SHA256
cf8ae013f723ec1f0eb3b6ff30aecea7060811f4903a69fcb44ad8366128e769

SHA512
f2c8f83a093fcfcde3b41980b10a7c8d38282ee67e989f6c5415cdb48a0c3062fef454795d0cefffb93964ed50d3d014eba869953de74ecbdc1bc3a6da69314b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f31a.TMP

Filesize
1KB

MD5
c1370de28bfd0ff6e651f114c783a7ce

SHA1
20c988df2613a97e33ca3dbc2f6d3a9b86f09d1b

SHA256
1ee4c58133aa16affa7d801ef2356955f459128d8bf6ad3f955bc14922dc3ce7

SHA512
5457421388efb62c3497e3caf3256fcd1e2696997487f75daea4676c18c9e40d74408474f7857bcba26ae3f2434683bc34210ceeb4da70a773daca9b5475a914

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
751567cbddd80066f4f1e8c60172ba8f

SHA1
d961ac268b8e3eb99e983ad61457c30c90cf3bf3

SHA256
698340dd8c8634b1f691d3f60edf97e90fe1c82038b6295e37ca170105763eba

SHA512
9a5c4171a148c1eb766f09a750790b1965102a60d56d294475d3c1552c89449fdcc70ac7522776984da22375dbc2f9e0b150a75b53fd5f2709993f86c927594d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c5895130c954d45e70926e49615fac98

SHA1
4a5389efb491154fc701a0181b9f4b21c34c0f49

SHA256
aa32419188f851668b2c95c20a4a3094043bc79026d7b7a2e83829239f5876ff

SHA512
c7d09a9a9bb5ea8aef233b95e295789cef73fe4089de49e0850ec9375821cacf82b114bffc87bcec2b413f4fe63559ce7735be71828e6733a730c91f788b3fe4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.exc

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
1f1b5af5cf2f18431008dfdbd1253552

SHA1
f0ed2c572e086efdc32b735bec29d1edf6c79ca7

SHA256
66db0eeba021b61d912445252b99de0dc487dd0b21cf9c982de27dcdf1244c1f

SHA512
407f03034be6f9a55334af2a28b8b1e9f58dd1d165c572c4d8f8c791e61b19d40cb493e7f196df0e3eb1cc0f7a3d4b36fadd6fbcd52827a3170f6b4d50bc84c8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
28e3082921069aee530d861d54b7ece2

SHA1
50415b5d93b9e82d63fd18d377cccb032d39f865

SHA256
dde688b1739cef7a725a313708429803cf609c045de23f6a1f832748558ceee3

SHA512
5e28b7b02629ab7832a74a5ca5b60399ba852f221b3740f95a1c17960cc82e675b3ee2fb2f91a484f754b085f2951f01bff19fc24a4c147505dcd5d5fa753a15

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
68a2a268038e418c96ecaa1ac78dc4a2

SHA1
43083d653cffa2dbd59e6bca836eb51db3670f92

SHA256
62d65749388fcd219c86bf39258be9794411959d3dcbcb2c6f03cf7308bc9afa

SHA512
15a3b860dd0edd6b61224a6f04dcf404d84706ddde316cec07e147d7e82d56668bc59d4359dc5d833500ba7abd9f854633200ee81211e5e3cea95408e7f04489

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
9df2fc64239ba91a8923e493fabbc485

SHA1
28a63d805f9afcd45d5713439a372a4a1f004bf6

SHA256
9941bc821e863766f692dcded4048d193aa3332955ab73fe430462f62a38e978

SHA512
eff8f5c9e632efc52710e350aeb093847527c3b239fcbe551f077de8ba07bd7540da4c254fbe1af5bc314569dca08129e1776fea34c10cbec21bb1f5bcf8f5bb

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 109787.crdownload

Filesize
2.0MB

MD5
a9e8452e49bc005c900efcfd44a61827

SHA1
23a8648c67cae5c7b585e7799f28fde92f0b13e6

SHA256
21427e770ace36295c64388b491f757a4bb540c8dc4c78a534a8db21bd96b59f

SHA512
5fbf8257d17c8ea2343cf35c20bf66b38aa62f344be295076b4355a4c49770c4ad0f28f47d047cc91d715848ac96fd5281254d6923b8d3f7d5cd921a7d2f4f0b

Download Submit
C:\Windows\System32\strnmap.exe

Filesize
530KB

MD5
54ed683eba9340abf6783bd8d7b39445

SHA1
950e3c11c71354097c8440529b31f8ac2b3c32a8

SHA256
2d0a9d5ca563ffa82a974903bb43411b22c863311ec926449f08d16f483e4e70

SHA512
9ff8c110823bad1e0a79a810b151e1d5557022080af0c8aaa9ff76996bd040747346f62459c50468cf86f49389c0e5fb7f057e9bd30fa31fed49ae5692d50ae2

Download Submit
memory/600-1693-0x00007FF673560000-0x00007FF673611000-memory.dmp

Filesize
708KB

Download
memory/600-1695-0x00007FF673560000-0x00007FF673611000-memory.dmp

Filesize
708KB

Download