7e6dc8f4c8b0a49457dfcbf6bb9b06b85a0ed460e5e16ba924d1c152e6898ea3

Analysis

max time kernel
284s
max time network
290s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/09/2024, 12:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

airplane assignment.png
Size

160KB
MD5

5e17aeda62f7d60ed6870d0c659d42df
SHA1

7a277ab54733e1e446c21d64dd5d3a4e10d1de0b
SHA256

7e6dc8f4c8b0a49457dfcbf6bb9b06b85a0ed460e5e16ba924d1c152e6898ea3
SHA512

c49ab0e67b5cb9f429d60bc399b94f35a7a10783b9c0cc3e1e142e044e0a15818e21b89536bb4d2fee48150fc5863549e7b6ab1b776ab946b1ecea178fac6e4e
SSDEEP

3072:NQmBgNM6irGdyPwkujRYC1QxRRGlsyHTb/cAhWMcHH5zYZ0mcGQvv2:NnGNM+dyfudYimRkfLTOLmcGF

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 7 IoCs

pid	Process
2720	Nople.exe
624	Nople.exe
2152	Nople.exe
540	Nople.exe
5832	CrazyNCS.exe
4532	CookieClickerHack.exe
4704	Melting.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
119	raw.githubusercontent.com
120	raw.githubusercontent.com
121	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Nople.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Nople.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Nople.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CrazyNCS.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Nople.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2412658365-3084825385-3340777666-1000\{00DDAE65-30B6-48DF-973E-14C6FE53C23F}	msedge.exe

NTFS ADS 5 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 189227.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 266579.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 842956.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 958515.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 273268.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
8	msedge.exe
8	msedge.exe
1808	msedge.exe
1808	msedge.exe
2888	identity_helper.exe
2888	identity_helper.exe
4636	msedge.exe
4636	msedge.exe
5752	msedge.exe
5752	msedge.exe
5904	msedge.exe
5904	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
3740	msedge.exe
3740	msedge.exe
6096	msedge.exe
6096	msedge.exe
3476	msedge.exe
3476	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1808	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1808 wrote to memory of 1368	1808	msedge.exe	90
PID 1808 wrote to memory of 1368	1808	msedge.exe	90
PID 1808 wrote to memory of 3172	1808	msedge.exe	91
PID 1808 wrote to memory of 3172	1808	msedge.exe	91
PID 1808 wrote to memory of 3172	1808	msedge.exe	91
PID 1808 wrote to memory of 3172	1808	msedge.exe	91
PID 1808 wrote to memory of 3172	1808	msedge.exe	91
PID 1808 wrote to memory of 3172	1808	msedge.exe	91
PID 1808 wrote to memory of 3172	1808	msedge.exe	91
PID 1808 wrote to memory of 3172	1808	msedge.exe	91
PID 1808 wrote to memory of 3172	1808	msedge.exe	91
PID 1808 wrote to memory of 3172	1808	msedge.exe	91
PID 1808 wrote to memory of 3172	1808	msedge.exe	91
PID 1808 wrote to memory of 3172	1808	msedge.exe	91
PID 1808 wrote to memory of 3172	1808	msedge.exe	91
PID 1808 wrote to memory of 3172	1808	msedge.exe	91
PID 1808 wrote to memory of 3172	1808	msedge.exe	91
PID 1808 wrote to memory of 3172	1808	msedge.exe	91
PID 1808 wrote to memory of 3172	1808	msedge.exe	91
PID 1808 wrote to memory of 3172	1808	msedge.exe	91
PID 1808 wrote to memory of 3172	1808	msedge.exe	91
PID 1808 wrote to memory of 3172	1808	msedge.exe	91
PID 1808 wrote to memory of 3172	1808	msedge.exe	91
PID 1808 wrote to memory of 3172	1808	msedge.exe	91
PID 1808 wrote to memory of 3172	1808	msedge.exe	91
PID 1808 wrote to memory of 3172	1808	msedge.exe	91
PID 1808 wrote to memory of 3172	1808	msedge.exe	91
PID 1808 wrote to memory of 3172	1808	msedge.exe	91
PID 1808 wrote to memory of 3172	1808	msedge.exe	91
PID 1808 wrote to memory of 3172	1808	msedge.exe	91
PID 1808 wrote to memory of 3172	1808	msedge.exe	91
PID 1808 wrote to memory of 3172	1808	msedge.exe	91
PID 1808 wrote to memory of 3172	1808	msedge.exe	91
PID 1808 wrote to memory of 3172	1808	msedge.exe	91
PID 1808 wrote to memory of 3172	1808	msedge.exe	91
PID 1808 wrote to memory of 3172	1808	msedge.exe	91
PID 1808 wrote to memory of 3172	1808	msedge.exe	91
PID 1808 wrote to memory of 3172	1808	msedge.exe	91
PID 1808 wrote to memory of 3172	1808	msedge.exe	91
PID 1808 wrote to memory of 3172	1808	msedge.exe	91
PID 1808 wrote to memory of 3172	1808	msedge.exe	91
PID 1808 wrote to memory of 3172	1808	msedge.exe	91
PID 1808 wrote to memory of 8	1808	msedge.exe	92
PID 1808 wrote to memory of 8	1808	msedge.exe	92
PID 1808 wrote to memory of 3564	1808	msedge.exe	93
PID 1808 wrote to memory of 3564	1808	msedge.exe	93
PID 1808 wrote to memory of 3564	1808	msedge.exe	93
PID 1808 wrote to memory of 3564	1808	msedge.exe	93
PID 1808 wrote to memory of 3564	1808	msedge.exe	93
PID 1808 wrote to memory of 3564	1808	msedge.exe	93
PID 1808 wrote to memory of 3564	1808	msedge.exe	93
PID 1808 wrote to memory of 3564	1808	msedge.exe	93
PID 1808 wrote to memory of 3564	1808	msedge.exe	93
PID 1808 wrote to memory of 3564	1808	msedge.exe	93
PID 1808 wrote to memory of 3564	1808	msedge.exe	93
PID 1808 wrote to memory of 3564	1808	msedge.exe	93
PID 1808 wrote to memory of 3564	1808	msedge.exe	93
PID 1808 wrote to memory of 3564	1808	msedge.exe	93
PID 1808 wrote to memory of 3564	1808	msedge.exe	93
PID 1808 wrote to memory of 3564	1808	msedge.exe	93
PID 1808 wrote to memory of 3564	1808	msedge.exe	93
PID 1808 wrote to memory of 3564	1808	msedge.exe	93
PID 1808 wrote to memory of 3564	1808	msedge.exe	93
PID 1808 wrote to memory of 3564	1808	msedge.exe	93

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\airplane assignment.png"
1⤵
PID:1788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff839fc46f8,0x7ff839fc4708,0x7ff839fc4718
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,4168231110944125124,3159157155863692459,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,4168231110944125124,3159157155863692459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,4168231110944125124,3159157155863692459,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4168231110944125124,3159157155863692459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4168231110944125124,3159157155863692459,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4168231110944125124,3159157155863692459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1
  2⤵
  PID:620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4168231110944125124,3159157155863692459,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,4168231110944125124,3159157155863692459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 /prefetch:8
  2⤵
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,4168231110944125124,3159157155863692459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4168231110944125124,3159157155863692459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4168231110944125124,3159157155863692459,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4168231110944125124,3159157155863692459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4168231110944125124,3159157155863692459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4168231110944125124,3159157155863692459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2148,4168231110944125124,3159157155863692459,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5620 /prefetch:8
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2148,4168231110944125124,3159157155863692459,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5528 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4168231110944125124,3159157155863692459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4168231110944125124,3159157155863692459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4168231110944125124,3159157155863692459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:1
  2⤵
  PID:5160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,4168231110944125124,3159157155863692459,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7024 /prefetch:8
  2⤵
  PID:5532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4168231110944125124,3159157155863692459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1944 /prefetch:1
  2⤵
  PID:5552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,4168231110944125124,3159157155863692459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6616 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4168231110944125124,3159157155863692459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2148,4168231110944125124,3159157155863692459,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3436 /prefetch:8
  2⤵
  PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,4168231110944125124,3159157155863692459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6576 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5904
- C:\Users\Admin\Downloads\Nople.exe
  "C:\Users\Admin\Downloads\Nople.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2720
- C:\Users\Admin\Downloads\Nople.exe
  "C:\Users\Admin\Downloads\Nople.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:624
- C:\Users\Admin\Downloads\Nople.exe
  "C:\Users\Admin\Downloads\Nople.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2152
- C:\Users\Admin\Downloads\Nople.exe
  "C:\Users\Admin\Downloads\Nople.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,4168231110944125124,3159157155863692459,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6896 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4168231110944125124,3159157155863692459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
  2⤵
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2148,4168231110944125124,3159157155863692459,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4024 /prefetch:8
  2⤵
  PID:5560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,4168231110944125124,3159157155863692459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7072 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3740
- C:\Users\Admin\Downloads\CrazyNCS.exe
  "C:\Users\Admin\Downloads\CrazyNCS.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4168231110944125124,3159157155863692459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
  2⤵
  PID:5224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2148,4168231110944125124,3159157155863692459,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3416 /prefetch:8
  2⤵
  PID:6052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,4168231110944125124,3159157155863692459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3592 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6096
- C:\Users\Admin\Downloads\CookieClickerHack.exe
  "C:\Users\Admin\Downloads\CookieClickerHack.exe"
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4168231110944125124,3159157155863692459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2148,4168231110944125124,3159157155863692459,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6728 /prefetch:8
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,4168231110944125124,3159157155863692459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3592 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3476
- C:\Users\Admin\Downloads\Melting.exe
  "C:\Users\Admin\Downloads\Melting.exe"
  2⤵
  - Executes dropped EXE
  PID:4704

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ff63763eedb406987ced076e36ec9acf

SHA1
16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

SHA256
8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

SHA512
ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2783c40400a8912a79cfd383da731086

SHA1
001a131fe399c30973089e18358818090ca81789

SHA256
331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

SHA512
b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
36865e21ce9d29d3c532e2fe81363b19

SHA1
b060fd4a95edf5c22d357eb09fcefe649d08bdd9

SHA256
8cec4f7c9b55b61a360ce323fc0f008c879108acc4f72095176975fb64875a04

SHA512
2542c1bd4cbf342fd02609b25bae15cc302ce7167d1fbff588603ca55ae14c423652351bf3c22bc3c71ff280c12e993299ba65862539a242378f5df0a1d7fdfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
839d76c99f515b3167f17b5127cc4f80

SHA1
e1fc91504ad890a7502e3fd26fee06a25a3bfbf7

SHA256
f35cc278724c985377ebbea9bafb0f78fbc571c323492bad02b92d74e5eea838

SHA512
81a3dae6d1f4b3bd94e97def94437074243986b755d73bf8703405f851dd51dd5b3e37247c21880800aa082777fe747c911f5c390abc58b11d0af2aa63a4125b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0394e65eb08732aa3d35b1168b3bf64a

SHA1
a62a2dc581baa82332574860e528d6c713e85e6c

SHA256
a06f7a294bbbb443ed326373d1dfde2f09c38ad10ad3cbcf32b0a50404164031

SHA512
879e0a60e488a8f26ac6cd7af917b1b47f15e4cbee699b8703273d09457e1de99efad186342fb43bd4ff989f53fabf6bdf49941110dec604f3e229d88fefd09c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
658f9f0705188f5b3b2e2e1c382399bd

SHA1
a42323c3ae71429d1f9889a3e91e1c96db6175bf

SHA256
ea2c2de1fe7dd3e1b3dfbf3423ee3fbef2882c3f0e9ef2e8541460a0e9c05ec8

SHA512
c47cd8e7079e42675d19fe5c6d45147e2c1a8370c30f1a8cac7dc62a434d9cee5f8d1cd4507386a4b41206a15e4f5b708ca6f706865f8a0635e2663691718a40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4d8d00fb0ace159cb01e629b18145b0c

SHA1
6c23165e585c02e32e31783fd3f75d9ea3c70cbd

SHA256
9f440e0a79abd0e66235771ed8b8bd4a4021737b5dbd62e4b7e46d89230980b7

SHA512
f1456cdd6d462f6828d5589b9345605fffb8fcc91ded7d7a41d4650ceba0726f1fd0a5e3b5e6bf978a2dd892b9384c9ce25166e3908759afb6459455e87c255c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9520ec7d1c498120af5d58bc63c141d2

SHA1
cf77cc2449dc8563ed69a974dec5a2ccb27296e6

SHA256
1947060f5cfeb4f139a1095db028f1bf6d940864503684bf09703d25de8d3c46

SHA512
88c959e57fbef350265a5759ac86472078a6b976129da7e73b99bf57ce4cad2d3327af818a9a15ae34cdff7802ad343857632b7727351528d1d4e565f56b4735

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
887a0d8eab8ef324466304d122a29f98

SHA1
3cf92f6e612fcbb1035aa1753660886d54c987df

SHA256
7a4c9023cdb23f23f9eb3812057c7c8443f4ac3d91abf267ba822a6e195317a9

SHA512
50d73d134aafcc33bd5af8a21fdaba4751c91d408bc289f9164e2a4dd4701f233e4a56ff0d630f60e8e674d6991ca475c23db1968ec0e8165ea54714e4b8b086

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bf56db6febbd27be03f9ac001ce8811f

SHA1
55e2c01678a21114d7d5c7ef7d0dea481680f0c7

SHA256
718310af8254f71c6abcb2f25bbb34073d40ae9194a5ab83a5ac6dd80a1fad9f

SHA512
eb5d3b791ade26a0df204ad0c7231619660d2bb4583627743a5196c80c3d77e0b7fde3ae5709c821ca538b324d3bcc422e0645ed50defcac542d0ef128640b9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
42ba0ab1916ad13665254a9198adbbc4

SHA1
d35ceeef267f94ba1b643c87c37b5d5f5112fcb6

SHA256
aff17e602955e887a34ffe9ad4c001135182f960140ff1794c1afdd81ae77123

SHA512
2e80ac33f201168c21ef30aaa2b098ded3d930346e99a6aee06a56e8cff5d29e9d1fd3a0449487631bd7773c831c769a3acdc1515a9fa11fd58d7106cf37eb6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f1aa85f0070921c4b7ed8608bf932f61

SHA1
9596466980d59f3a7eea173b0468e791d26aeeae

SHA256
35bf7abfabafac71e3f1ffb1d9771c32784e300f58903c57bca4f14130956212

SHA512
1b50c9b35c740ef6b0d1d828b0b483bf6d934645e0c19ad767920985fe9894c3837d1bf3d66606defdc4fcd588e0725026378a69b1172e3f4a63d137682304a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8616401b03b5318890dc36afc42e04d1

SHA1
c7896faca2f6b33949e5d02437fae9ef789af996

SHA256
70dcbffb87de088f8be6fbee1e509d8b5bb34014e2a4527112d92a1806a6ad2a

SHA512
c8299644c627c3c0e0b4898c1fa8bf3b2d11819133e1a3c19f1ab3396c301f4bcb954e90c02206a7d1be7241661ac00f096f9408942036f468bfda742aad6208

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
67af4721b8470d75da85d42cd9b161cf

SHA1
74194e30943d8717b5677af6e617767fcd2e76e0

SHA256
0b6484ae32dd1168027738af07fe105929bbb58b5855f352afe6025988cca6bd

SHA512
a64b08e695374eb2f372c90297a9f6e395b0b003d5fc5e88dc4f0ad489213b7a19cb4b404aec0760459e06a69906c427c1c49bd9bc410b5b07b7d4f8a317b071

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6ba981a3a5aaab8bdcece2112500dfcf

SHA1
d4ec2e00090759e0b32e67ddc34abde1f36f4632

SHA256
3f03a28b77c9ba0f6c36f48318f2bf77d210ee218483cd6603d5426356cbf815

SHA512
e40ff406c8c4f4a1255a87e635e1bd209d01796c6e3e9622b70d6364143dd14333c4e83576c3256a36fc7a2a50695161d07ed8958661a303033193c9b5d47c7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f61f3daa0ae46c9a4de812ccdf958661

SHA1
620585ff38ea24fa8a6fb3429e487634b3eada9a

SHA256
7355cc7fdd0c3b6dc2348de15d5c3e95b9c80bfe99beb95b9f9052cc8c4dd1fa

SHA512
60aa97b1e617b77616b41d8e9aba43c0fa40b5ace9a22d9599ec1c4055915927112a9e7e1047026356c511c973d7819e7ac076129bdb6341b5b92c7b316d7060

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
7c740dec4a75c81ec56a513ad2414f3b

SHA1
a9f7881c632cf33b2201c2a23a649d6ac22a8e45

SHA256
3bf021c3429597ade5bb951adac89182b3d68ec5411f33bc1019f6232c91168a

SHA512
0dee7d5bee01beb93da59e1e6558fd3d399a906837dca1da87fe9f7f51f2a79ef2ddbc42a4f88e790a80858675df648cbc6626fa36c1acbb17e796bece6a4bb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9b8a1dab6d61ea9f277eefe0916c3bf3

SHA1
8adde14b9a5ea769350051cfa22bdf2862365b85

SHA256
385edc2b08e59df78a1c5e4e2693c2c5c953e62846b8ceca0d1de5f27df8ba82

SHA512
65df719e9373df2d3d94795d82f51c90358911289d71a6676d832e674998878dd98d8be840772b55ed8010af03b852a706fe8992853ba8cd2e6aaf1f57cb84a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3523b70cf179d1acd37c98bfa591230d

SHA1
8a5d806fcf6984da64834158026dac24a1e63b42

SHA256
e8d32d46f77221972a685faa349e25c79c418bdb2a2382968216d67d15f0b038

SHA512
6ca82ce40b215f5aa740dd2e5d5f10cc1ddea387374a8cf566953e3ad5faf331d30c8e51b4adda584f0a776c518fc8f8d955fc5e1657722cebe434aacd109b91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4255fc96b88f0ba215499f5b9d6d0449

SHA1
78394eb22eb2ee06d5d648161ab94cc342c18928

SHA256
90248e2a3204ef797f43d6cdca10f39a1e7fc43d485b976e79c03f6e029461de

SHA512
0e874b1ef94022e796babd22f69d48f99826958dc46cf768f5c27ea14eb5d53a072257bcfad10f039a9c5a29ed045cdf53338a42334390dce99c88034b9568b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2730f832727e482cb08156c4edc7b075

SHA1
b7a0445a76df3e752cd2165cd6c47952787a5c42

SHA256
de360c39d3a8cbff76fab8b3f7eea97913affdf590a65e437e10fc78073122b9

SHA512
c89325dcb7fc270885c145b56f8b5cc774f49808dcab83b22cc7bfb3d4b40a7951dd374c3093448612fdcae4071cc570517257332a5970097699a5f9d794381b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5844c4.TMP

Filesize
705B

MD5
a9363b05e28fac628c1679ad319c88d8

SHA1
12715f55f44ff93eb2ae1bc4107cd35078b2510d

SHA256
f06868872dfd51d9a54a8b83557d7128b185049c7058d9a2e725b309c191da07

SHA512
045558b71a2c7ca29ad3d1641b807985923000f5ae44210650a1dc3bdebbbe472433216d8a6274882a43202c03dee7dd8e53bc42936a91fba29025b230b620f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f84fb99ab533c7fde564e7855c1983ae

SHA1
95db0eda05161a73437c81c826a28b8484f30cb8

SHA256
6dda4fed1402b5b471b38547ba3a7a72cdfebdf45f67ee9fb571bdebe9ac4aac

SHA512
0a721265b726c1eaa2eeb57f4e077726fd07d96337a5c431fafdd41eb158e31674426d387e33cce614a0f3ef544eaf28e0b4304d4fa29598b9189aea4e067fd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
54865b7b2c5618f7802b8490a2740748

SHA1
940beef6b56b7e2f528366ef1eddf9c59418cf65

SHA256
96ae23a1307851b1161b2597ca065fc72b51d8aa85cae2f2bab1490b4c2792e8

SHA512
4787256f7f0b89938b7253d0440a79ded7eb6a905684a307c49ecf48867830d5935a9d673af94f89dc840c0388104d594b430856cabbdfbd61f52bf47f89ae21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cd55bd60165d52a96c6d9402d66683c0

SHA1
f1ac08c0d81e81492b8bbcc5bff527608baae6b6

SHA256
93c309accd7eab697468d4ea36f89a5fad7440276fccd2506a43879fc0a3f871

SHA512
f97bd2e6a6ef3d2f724b098a80d32e552f83fb44baa0f56bc769d13518b12f4e32288318d3da06d4f524dc316559df395d249998f6cc324e007e3dbdc4df65af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ba122ee05076b25066f7aa6d13174520

SHA1
826516e767eeea307e5d5d1ab208a0d8f444ba81

SHA256
775e8664a9e82d1934efeced3dbf196b9787e214f9fcf354853302f112f926d8

SHA512
33832b455530b0e23d5a3d9ee892a951c7455bc2e1630b2c2bc8f12c7158949912e6b2e26529fc679e1a41a7abdf47d681c5f12592a19bfeaf8b120b23138d70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d9290887634294a4d3de1cd14a36e95f

SHA1
786c6d281bd032fe85af757a185872ec807097ea

SHA256
cfb2633234c0de020ddf8a8211de85a1cd486702835aae9fa446e5f980bb2263

SHA512
1c4113a5ac0d42e31cc272177da8aa23b68c57e1c73e8feca72b1452e9e9d7312ba0b6a2819907b3d915495776c783bb1be828389d812ffbd7abf9d26c7cd595

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f9188a0c914116db0a513724853553b0

SHA1
a8dae2e265636cc7035678e2f322ce394604df27

SHA256
a8552407e6e0c8e4cf4f629b36342d2b3b54d09b4f949cd77141252915394fc0

SHA512
b5c2edec6dbfbe0234b63061e3716c50299209216411bf7b130c33f069ff44a5e4afa401f6da3aaefb564d1cb31ab20d5fedee787ff986c0aa9488c730af8100

Download Submit
C:\Users\Admin\Downloads\Melting.exe

Filesize
12KB

MD5
833619a4c9e8c808f092bf477af62618

SHA1
b4a0efa26f790e991cb17542c8e6aeb5030d1ebf

SHA256
92a284981c7ca33f1af45ce61738479fbcbb5a4111f5498e2cb54931c8a36c76

SHA512
4f231fc16339d568b5cf9353133aeae835eb262dab68bc80d92f37b43df64dce4fae0e913cbaa3bb61351a759aeecf9d280bc5779b0853c980559a654d6cca11

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 189227.crdownload

Filesize
122KB

MD5
d043ba91e42e0d9a68c9866f002e8a21

SHA1
e9f177e1c57db0a15d1dc6b3e6c866d38d85b17c

SHA256
6820c71df417e434c5ad26438c901c780fc5a80b28a466821b47d20b8424ef08

SHA512
3e9783646e652e9482b3e7648fb0a5f7c8b6c386bbc373d5670d750f6f99f6137b5501e21332411609cbcc0c20f829ab8705c2835e2756455f6754c9975ac6bd

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 266579.crdownload

Filesize
68KB

MD5
bc1e7d033a999c4fd006109c24599f4d

SHA1
b927f0fc4a4232a023312198b33272e1a6d79cec

SHA256
13adae722719839af8102f98730f3af1c5a56b58069bfce8995acd2123628401

SHA512
f5d9b8c1fd9239894ec9c075542bff0bcef79871f31038e627ae257b8c1db9070f4d124448a78e60ccc8bc12f138102a54825e9d7647cd34832984c7c24a6276

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 273268.crdownload

Filesize
50KB

MD5
7d595027f9fdd0451b069c0c65f2a6e4

SHA1
a4556275c6c45e19d5b784612c68b3ad90892537

SHA256
d2518df72d5cce230d98a435977d9283b606a5a4cafe8cd596641f96d8555254

SHA512
b8f37ecc78affa30a0c7c00409f2db1e2fd031f16c530a8c1d4b4bffaa5d55ac235b11540c8a611ae1a90b748b04498e3954cfb1529236937ef693c6b20e893b

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 842956.crdownload:SmartScreen

Filesize
7B

MD5
4047530ecbc0170039e76fe1657bdb01

SHA1
32db7d5e662ebccdd1d71de285f907e3a1c68ac5

SHA256
82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750

SHA512
8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 958515.crdownload

Filesize
4KB

MD5
93ceffafe7bb69ec3f9b4a90908ece46

SHA1
14c85fa8930f8bfbe1f9102a10f4b03d24a16d02

SHA256
b87b48dcbf779b06c6ca6491cd31328cf840578d29a6327b7a44f9043ce1eb07

SHA512
c1cb5f15e2487f42d57ae0fa340e29c677fe24b44c945615ef617d77c2737ce4227d5a571547714973d263ed0a69c8893b6c51e89409261cdbedff612339d144

Download Submit
memory/4532-747-0x000000001B860000-0x000000001BD2E000-memory.dmp

Filesize
4.8MB

Download
memory/4532-750-0x000000001C060000-0x000000001C0AC000-memory.dmp

Filesize
304KB

Download
memory/4532-749-0x0000000000E00000-0x0000000000E08000-memory.dmp

Filesize
32KB

Download
memory/4532-748-0x000000001BDD0000-0x000000001BE6C000-memory.dmp

Filesize
624KB

Download
memory/4532-746-0x000000001B2E0000-0x000000001B386000-memory.dmp

Filesize
664KB

Download
memory/5832-701-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/5832-700-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download