cryptbot | hxxps://www[.]youtube[.]com/redirect?event=video_description&redir_token=QUFFLUhqa3JPaDQ5cENpZUotVnBnc2E2MlRFd3dId1Utd3xBQ3Jtc0trWXZfX28zOHV0SVdwNTNWcUsxUWNMS1lWLWdNcjI0Um02Vmg1UElVdVgwRHJTUmNSUEdoT0UxVE1YVVlXeGZYdllOdDY1bUlvdDNiV2dkcGNEMzVEYy1zZ0IyS3pydEdJQi0zOEt2SWF0VVFoS016TQ&q=https%3A%2F%2Fwww[.]velvoxpack[.]xyz%2F2024%2F07%2Fhow-to-boost-fps-in-valorant-2024[.]html&v=It2hfVMQ_Q0

Resubmissions

18-10-2024 19:55

241018-ym7cjsxcqk 10

14-08-2024 14:48

240814-r6xtwsshjm 8

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18-10-2024 19:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa3JPaDQ5cENpZUotVnBnc2E2MlRFd3dId1Utd3xBQ3Jtc0trWXZfX28zOHV0SVdwNTNWcUsxUWNMS1lWLWdNcjI0Um02Vmg1UElVdVgwRHJTUmNSUEdoT0UxVE1YVVlXeGZYdllOdDY1bUlvdDNiV2dkcGNEMzVEYy1zZ0IyS3pydEdJQi0zOEt2SWF0VVFoS016TQ&q=https%3A%2F%2Fwww.velvoxpack.xyz%2F2024%2F07%2Fhow-to-boost-fps-in-valorant-2024.html&v=It2hfVMQ_Q0

Score

10^/10

cryptbot discovery spyware stealer

Malware Config

Signatures

CryptBot
CryptBot is a C++ stealer distributed widely in bundle with other software.
spyware stealer cryptbot

Detects CryptBot payload 1 IoCs

CryptBot is a C++ stealer distributed widely in bundle with other software.

spyware stealer

resource	yara_rule
behavioral1/memory/3268-561-0x0000000069CC0000-0x000000006A37B000-memory.dmp	family_cryptbot_v3

Downloads MZ/PE file

Executes dropped EXE 4 IoCs

pid	Process
4260	winrar-x64-701.exe
3268	8ad7c506b6c146384ab9b6effd12c9bd586518100e35c4fcb4744b40d10bf25a.exe
6064	8ad7c506b6c146384ab9b6effd12c9bd586518100e35c4fcb4744b40d10bf25a.exe
4332	8ad7c506b6c146384ab9b6effd12c9bd586518100e35c4fcb4744b40d10bf25a.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ad7c506b6c146384ab9b6effd12c9bd586518100e35c4fcb4744b40d10bf25a.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8ad7c506b6c146384ab9b6effd12c9bd586518100e35c4fcb4744b40d10bf25a.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 875250.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
628	msedge.exe
628	msedge.exe
2128	msedge.exe
2128	msedge.exe
3388	identity_helper.exe
3388	identity_helper.exe
4008	msedge.exe
4008	msedge.exe
5840	msedge.exe
5840	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4536	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	4536	7zFM.exe
Token: 35	4536	7zFM.exe
Token: SeSecurityPrivilege	4536	7zFM.exe
Token: SeSecurityPrivilege	4536	7zFM.exe

Suspicious use of FindShellTrayWindow 55 IoCs

pid	Process
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
4536	7zFM.exe
4536	7zFM.exe
2128	msedge.exe
4536	7zFM.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4260	winrar-x64-701.exe
4260	winrar-x64-701.exe
4260	winrar-x64-701.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2128 wrote to memory of 1500	2128	msedge.exe	84
PID 2128 wrote to memory of 1500	2128	msedge.exe	84
PID 2128 wrote to memory of 4636	2128	msedge.exe	85
PID 2128 wrote to memory of 4636	2128	msedge.exe	85
PID 2128 wrote to memory of 4636	2128	msedge.exe	85
PID 2128 wrote to memory of 4636	2128	msedge.exe	85
PID 2128 wrote to memory of 4636	2128	msedge.exe	85
PID 2128 wrote to memory of 4636	2128	msedge.exe	85
PID 2128 wrote to memory of 4636	2128	msedge.exe	85
PID 2128 wrote to memory of 4636	2128	msedge.exe	85
PID 2128 wrote to memory of 4636	2128	msedge.exe	85
PID 2128 wrote to memory of 4636	2128	msedge.exe	85
PID 2128 wrote to memory of 4636	2128	msedge.exe	85
PID 2128 wrote to memory of 4636	2128	msedge.exe	85
PID 2128 wrote to memory of 4636	2128	msedge.exe	85
PID 2128 wrote to memory of 4636	2128	msedge.exe	85
PID 2128 wrote to memory of 4636	2128	msedge.exe	85
PID 2128 wrote to memory of 4636	2128	msedge.exe	85
PID 2128 wrote to memory of 4636	2128	msedge.exe	85
PID 2128 wrote to memory of 4636	2128	msedge.exe	85
PID 2128 wrote to memory of 4636	2128	msedge.exe	85
PID 2128 wrote to memory of 4636	2128	msedge.exe	85
PID 2128 wrote to memory of 4636	2128	msedge.exe	85
PID 2128 wrote to memory of 4636	2128	msedge.exe	85
PID 2128 wrote to memory of 4636	2128	msedge.exe	85
PID 2128 wrote to memory of 4636	2128	msedge.exe	85
PID 2128 wrote to memory of 4636	2128	msedge.exe	85
PID 2128 wrote to memory of 4636	2128	msedge.exe	85
PID 2128 wrote to memory of 4636	2128	msedge.exe	85
PID 2128 wrote to memory of 4636	2128	msedge.exe	85
PID 2128 wrote to memory of 4636	2128	msedge.exe	85
PID 2128 wrote to memory of 4636	2128	msedge.exe	85
PID 2128 wrote to memory of 4636	2128	msedge.exe	85
PID 2128 wrote to memory of 4636	2128	msedge.exe	85
PID 2128 wrote to memory of 4636	2128	msedge.exe	85
PID 2128 wrote to memory of 4636	2128	msedge.exe	85
PID 2128 wrote to memory of 4636	2128	msedge.exe	85
PID 2128 wrote to memory of 4636	2128	msedge.exe	85
PID 2128 wrote to memory of 4636	2128	msedge.exe	85
PID 2128 wrote to memory of 4636	2128	msedge.exe	85
PID 2128 wrote to memory of 4636	2128	msedge.exe	85
PID 2128 wrote to memory of 4636	2128	msedge.exe	85
PID 2128 wrote to memory of 628	2128	msedge.exe	86
PID 2128 wrote to memory of 628	2128	msedge.exe	86
PID 2128 wrote to memory of 1588	2128	msedge.exe	87
PID 2128 wrote to memory of 1588	2128	msedge.exe	87
PID 2128 wrote to memory of 1588	2128	msedge.exe	87
PID 2128 wrote to memory of 1588	2128	msedge.exe	87
PID 2128 wrote to memory of 1588	2128	msedge.exe	87
PID 2128 wrote to memory of 1588	2128	msedge.exe	87
PID 2128 wrote to memory of 1588	2128	msedge.exe	87
PID 2128 wrote to memory of 1588	2128	msedge.exe	87
PID 2128 wrote to memory of 1588	2128	msedge.exe	87
PID 2128 wrote to memory of 1588	2128	msedge.exe	87
PID 2128 wrote to memory of 1588	2128	msedge.exe	87
PID 2128 wrote to memory of 1588	2128	msedge.exe	87
PID 2128 wrote to memory of 1588	2128	msedge.exe	87
PID 2128 wrote to memory of 1588	2128	msedge.exe	87
PID 2128 wrote to memory of 1588	2128	msedge.exe	87
PID 2128 wrote to memory of 1588	2128	msedge.exe	87
PID 2128 wrote to memory of 1588	2128	msedge.exe	87
PID 2128 wrote to memory of 1588	2128	msedge.exe	87
PID 2128 wrote to memory of 1588	2128	msedge.exe	87
PID 2128 wrote to memory of 1588	2128	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa3JPaDQ5cENpZUotVnBnc2E2MlRFd3dId1Utd3xBQ3Jtc0trWXZfX28zOHV0SVdwNTNWcUsxUWNMS1lWLWdNcjI0Um02Vmg1UElVdVgwRHJTUmNSUEdoT0UxVE1YVVlXeGZYdllOdDY1bUlvdDNiV2dkcGNEMzVEYy1zZ0IyS3pydEdJQi0zOEt2SWF0VVFoS016TQ&q=https%3A%2F%2Fwww.velvoxpack.xyz%2F2024%2F07%2Fhow-to-boost-fps-in-valorant-2024.html&v=It2hfVMQ_Q0
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc69e246f8,0x7ffc69e24708,0x7ffc69e24718
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,16620040834391112963,16380686083701389321,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,16620040834391112963,16380686083701389321,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,16620040834391112963,16380686083701389321,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16620040834391112963,16380686083701389321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16620040834391112963,16380686083701389321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,16620040834391112963,16380686083701389321,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,16620040834391112963,16380686083701389321,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16620040834391112963,16380686083701389321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16620040834391112963,16380686083701389321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16620040834391112963,16380686083701389321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16620040834391112963,16380686083701389321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16620040834391112963,16380686083701389321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:5160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16620040834391112963,16380686083701389321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:5500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16620040834391112963,16380686083701389321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:5620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2128,16620040834391112963,16380686083701389321,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  PID:5848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16620040834391112963,16380686083701389321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:5856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2128,16620040834391112963,16380686083701389321,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5600 /prefetch:8
  2⤵
  PID:5912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2128,16620040834391112963,16380686083701389321,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6440 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4008
- C:\Users\Admin\Downloads\winrar-x64-701.exe
  "C:\Users\Admin\Downloads\winrar-x64-701.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16620040834391112963,16380686083701389321,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1828 /prefetch:1
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16620040834391112963,16380686083701389321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:5964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16620040834391112963,16380686083701389321,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1
  2⤵
  PID:6044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16620040834391112963,16380686083701389321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1888 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16620040834391112963,16380686083701389321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1364 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16620040834391112963,16380686083701389321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6652 /prefetch:1
  2⤵
  PID:5472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16620040834391112963,16380686083701389321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16620040834391112963,16380686083701389321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1
  2⤵
  PID:5516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16620040834391112963,16380686083701389321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1260 /prefetch:1
  2⤵
  PID:5952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16620040834391112963,16380686083701389321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16620040834391112963,16380686083701389321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6800 /prefetch:1
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2128,16620040834391112963,16380686083701389321,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6892 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,16620040834391112963,16380686083701389321,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5564 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4360

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5888

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\8ad7c506b6c146384ab9b6effd12c9bd586518100e35c4fcb4744b40d10bf25a.zip"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4536
- C:\Users\Admin\AppData\Local\Temp\7zO8B1CF029\8ad7c506b6c146384ab9b6effd12c9bd586518100e35c4fcb4744b40d10bf25a.exe
  "C:\Users\Admin\AppData\Local\Temp\7zO8B1CF029\8ad7c506b6c146384ab9b6effd12c9bd586518100e35c4fcb4744b40d10bf25a.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3268

C:\Users\Admin\Desktop\8ad7c506b6c146384ab9b6effd12c9bd586518100e35c4fcb4744b40d10bf25a.exe
"C:\Users\Admin\Desktop\8ad7c506b6c146384ab9b6effd12c9bd586518100e35c4fcb4744b40d10bf25a.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:6064

C:\Users\Admin\Desktop\8ad7c506b6c146384ab9b6effd12c9bd586518100e35c4fcb4744b40d10bf25a.exe
"C:\Users\Admin\Desktop\8ad7c506b6c146384ab9b6effd12c9bd586518100e35c4fcb4744b40d10bf25a.exe"
1⤵
- Executes dropped EXE
PID:4332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
85ba073d7015b6ce7da19235a275f6da

SHA1
a23c8c2125e45a0788bac14423ae1f3eab92cf00

SHA256
5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

SHA512
eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7de1bbdc1f9cf1a58ae1de4951ce8cb9

SHA1
010da169e15457c25bd80ef02d76a940c1210301

SHA256
6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

SHA512
e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\87c2db4e-fe72-46b8-ae46-2956648cd758.tmp

Filesize
3KB

MD5
dfe1200b241a37da97a8aa06f9ae78df

SHA1
b9a7af39d7e72b981d6319bca973f84e39b1dc1e

SHA256
2b2de93174d35d0f620a8b4906ff027303a6f8cb4bce8d45f22f7fe755564452

SHA512
cb01077bb73766e7a44a02c7588dbba266acb3e9a7687f1fe7b9c110869595c4ce536d2ce0dc58c35fd10a0052f67760f66a93463f4ec06d658e71a9d5e9a463

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
215KB

MD5
0e3d96124ecfd1e2818dfd4d5f21352a

SHA1
098b1aa4b26d3c77d24dc2ffd335d2f3a7aeb5d7

SHA256
eef545efdb498b725fbabeedd5b80cec3c60357df9bc2943cfd7c8d5ae061dcc

SHA512
c02d65d901e26d0ed28600fa739f1aa42184e00b4e9919f1e4e9623fe9d07a2e2c35b0215d4f101afc1e32fc101a200ca4244eb1d9ca846065d387144451331c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
100KB

MD5
46171ec99dd3a18e0439864cdd7794e9

SHA1
d84e3aad3629a799a48d3fd4446df3e562513b58

SHA256
f31d5a384198997143283920156f694ba7e5cb25d929b064aa983b0102b1d821

SHA512
93921b4fa0291cde529243f086a70462e0025e18ab9b6e0d3f7bceb0b25b6ee39a544f88ebdc3aed46c3e848a6786a0db2c03b87a134d3c1674db541b30db0fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
9c588f06a6030dba960e797cbdd0ae16

SHA1
19ff750a4221dd9915b7c64f3cf9ce90141cc43a

SHA256
da2e9d0ecb35ed5f9d5c7cccd0de114312b5695633964d5a838e58290e57efab

SHA512
ad30a4e8ab8b5981411af9b400ee0227348e07e26d3ecb77fbf60fc662086c07e7dfceef491ffde5227720dbb6509677f51ed1683f567f7a82e25c853b88c53f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4713c255aa51c6d46c1b998dd7da19c3

SHA1
be98e2c8ddc72bb76c52b3fcee3121bea6c5d3e1

SHA256
7dadb4828a994da40a5624cf0f799bf87ca3bae8b7a1212215ce68e197d40f60

SHA512
eb321e99b283eceeede605a32d4ff42495007a9225adaf9993be94bf3caa548f569637454afbc04f8c9fe9f80ecc722cc196ee31e38d51330f65855d5a6f0043

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
30878dedd52befce070cc4adfe2862ce

SHA1
ecac15d3377174e0deb113abfe717e7a4b2652ad

SHA256
d5e16b41d476b739cf2fd07aa0def1cc7fed393754bf9d090fe0470205ee6647

SHA512
b50103fbb9c8c275f5bc6d1f74bd429569d2dfcfd94f553ff72e3df0910c8b81da5d53b53ac7a000a6f55f80c6471e958bf710ca98f90e517a0948ebf0525b4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0476cf9cab73236addd4332efb800304

SHA1
a50085df575b24d9f6ecafe9e88f7ae9a3069b87

SHA256
f816d562fb0a593138a3fa6c3722bc8452a1294d55c6288abdd432f772925043

SHA512
2715b3def80efa492020f36a19d757ee2ee4cc684b46964bfa5f833e7e93575983f08c5995f5666b63a26a9812651f76d4ad77330e391db15382acad951681aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c0b27ec2752b7ac7c1f0ea9ba08a201a

SHA1
3c698f8b33411a9e13010865b182b38f9ac5d9ca

SHA256
1082719c2709c6e288a3fdd1655f18ba5a3a17920d8853fe286402ee55e719da

SHA512
7568e987638889af223dcd7e9f470a20c1940fc3ddc4faa05e951c8f5790ffcff438edb4bb9206a4a0bebbecb92ed2a4bd74609cd77f6c93d6ec2833b04a7b1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0fa6c7dcb7a869e496c042aaba297431

SHA1
4ceb9adccb868df3c85bc665898fea2153288e35

SHA256
57c86a74160092b2f461de99574fbe7c3dac67ac7d13a4ce465fede951fbfb44

SHA512
1014685ac63586c2303b3094a8c8f321a9b6267b1da881a1599d9fbd1c9a6413a3eb223c634dc6e0611fb54c09bb7fb29f4f90f33e347d0cc69b1cfb74f1fe81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e6af959902e8aedc0f23f4264093e7fa

SHA1
17cdbe3344102391f36d568c23f22a73ae9604a4

SHA256
67d933eee3bcdb5f02b0e4c3c51bbb273d67ce4eb6c79212d5f71401e46fd421

SHA512
3d8e3663653dd75a74ba5a059659e6ac3d433c8c41fb611e42971f16d4e2b1973b98bb820b46645c152e04eac10e74e2e0667fcf7ed4bd67b99f25afd96c559b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7a175fac370111249f54fa3aa151386b

SHA1
08088f0947c003dda0a67192ac5731ea11cfaefe

SHA256
2d6881b40576c4c08dc5f043062b271df23add3715b71743e41efadb36c64be8

SHA512
e6c9bdeca7379fb806c26950c98bd9032c25eee3cb6d73b98e33a8163ccd1d3d66d006170a33ff019412dd8186ca4bc6a5ceb5cf6992324ea97dadc438b347a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4677b84f171099d5fd679b1cce6702e4

SHA1
45e45119783b782d52290c6d0cf49018d8409f04

SHA256
5a963624cb88789e3674d544c5d6fe11075bbead0480535157f91c4bc7c10eee

SHA512
41ce2460990d3ae92394fb21d2f1e51fe02064ac80537ff5172b2fd764f64f47a93e0315bc5c5e0ce56fa3413615919a410dd4c9bc56577ba86410a3b14a4f37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
df8b4577ed3542db7cfc17bc8f4ea665

SHA1
f7a949976d1d9169283acd4e9990ebd533db9371

SHA256
44d92d2c31f4ca68323d472bae2a2d43190dd0ec91fbac14c66b6d50ec7ba4a4

SHA512
36313d2d06a925bac38b5821f152d90b56c3f6738015f0f303785142079ef5f9e5becc5b41cf68574e5b8a4569d03b6e575b496b8f5dfb087d72edb74f12e13e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
20557cadc490fec6be3f4497f6066e90

SHA1
2fd466bf3839731eda22813135f79e88bafb926f

SHA256
88a7567db4b367fb5484f71e431d60993d765e71771d00f404425d7c13427181

SHA512
e35df419796d2f38711a7d6167b8a13946aaaabc88dd79e8d24f8c251da6aaee998d35c711ea7eb660f98607be4fd080899328815a706acc05107e29d96605e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9ad9f3097ce79e52681078d2864c3a73

SHA1
ffd31fa93a6a9078d631974c926b2b7e8eb02d3e

SHA256
94e6177e75b84e4c426889f53d93737456707f005d0d8be9d0d1261f9096fdc3

SHA512
32b570f5c8a07ea51e740e4576e244dede921f44c619712ed6688d200953a39512f9a2b28af7b45f90d26c971a6fddb04546e7ebc63ad2de61a60ba3ff195fd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0d148cf633eeffaf73b38359e5722c6d

SHA1
6d269626468fa0b6265078488f8f058deb51d1a8

SHA256
532499c5e4b75f8bf92d2bd1b7a291286688e04379394721948b28b3ec3c9352

SHA512
9325a08664156925e0bd6ecdbc22b237cb360cfdf5e9bd519a4006963fda2fe52afaac7e9f95096af23e7e7aaf725a94ee65242c415be599c0c538739f732dd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6727b0fd300aa052e24a23f74e21313e

SHA1
f4102fc03db35170ea830f97e9b78a8b723f9430

SHA256
7083c78815b43362cd05f801d81e0677052cbfe4bbbf807a8854b22aeb688539

SHA512
138c46f5944cb18a2dbe8d45338614ce99d8ab75badd362c370b43f80b00aacd336cda3b84d868387b0eaae8b63b227826e4540bffd1296dfb883454f669e202

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e30d.TMP

Filesize
873B

MD5
df25cf5ae14783eab236d5e53d188185

SHA1
cce1001e39f78b8b39cb846e3dccec938a8f326d

SHA256
0ca1c3e76252d74832dd5cb2fb4f1a9a36d66139cde29acfc9210a936a411595

SHA512
27260cf24ffed95624ea64b83a359579c28a9a85d10375465c43b9e05f628f21064430e74f369ebe6bf6ec9e14bfb16d5d049d2c05871c90a6cdb81ee433c801

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6247c5a9c3738b20e915bc5235b04836

SHA1
a90c7800a5a6237262317b5fe6909dd4ced08503

SHA256
ab3717aac6c04567843fccb7f8334b901fa6aac183377aca1c0b8b79e37f2a0b

SHA512
e168c5e5a3742e5ae2735c87999d348e3b0998631f399309eb2651b74848dd6361994cbc8de7dd452bbb37ed4851f4f28ed5b6216bf9dbd8fe25c4963d3a3d74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
63cbb418edb6e755333fd612da249974

SHA1
01c45ad5334511349f1f2e1d24f548ecee8046b9

SHA256
9f5550569d1bf070d7664bad74aab63abafa0627171aaaffcd2cdf927a658946

SHA512
766f623feb5a58957394900747455caf4994a4bce5ca201e7598c7494dd904ebc1d95dd0426b4159774ecac6a6797e623b409c21334b8e70d717ce571e16a911

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
03dae829b2ece2e1f87619841c9e6f71

SHA1
d121727d28102e03dc14dce5fe1beb9fad57c2cf

SHA256
b032c08f4ff243da4d2f1bb64a056d21cdb5afcacec8ba13fa84b05c1740afdf

SHA512
558f0f2b83c1cb4009142423c3f1027267b26b30e36579c73bde76ddd65e6573442a666e10f294e0217565e1138c289278e0e8d0ac42cd6c45651fe82c529c22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
0b3a4d57daa32ebb6b18d28478b04d5c

SHA1
45272a45941534e5f57909354427fa1c17b47bb8

SHA256
d18abdf2a374aee8bcc98f42c9ffd64d37e49d5e5f26e7117034ce882e263313

SHA512
089ac92a2e7bf29ec240ba1848651b201c434984fbfeda927b80bb446bd97b5459e75f60fbb8662896ef787aef84903812c553ef3aacbe24ceaa96c3949fcdfb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO8B1CF029\8ad7c506b6c146384ab9b6effd12c9bd586518100e35c4fcb4744b40d10bf25a.exe

Filesize
6.3MB

MD5
bfe2f72aaf59ad12fe5479d4936d9d52

SHA1
1eb38144e825af65babd0f1e5651f74123413c93

SHA256
8ad7c506b6c146384ab9b6effd12c9bd586518100e35c4fcb4744b40d10bf25a

SHA512
e1e070feec3cc1ef4506976d6c839564f9a2487fbdfeb77c29027c3c0634f8990f3e48aba0560030e8f823ee48ca2055f16256d1d87e68b565dd8bbfcc4bdba7

Download Submit
C:\Users\Admin\Desktop\8ad7c506b6c146384ab9b6effd12c9bd586518100e35c4fcb4744b40d10bf25a.exe

Filesize
2.1MB

MD5
96687c047445a1bb0eb9ccf2da99d1a4

SHA1
f345c70d907cc43c2645c4069c47faf73d8ef859

SHA256
e5530dc2366a8ba5608fcf5336371cf3b5e4b8407a3726bec3a987f5deeddcdb

SHA512
2f7dd07678d9345cdb02dd0ab418f62fefcf0291ab32e4b9c9940bed99e1af43c12f3ba22cdb3876b21ec6b292342684e4ee7318c8a340cc670f784b6559be1f

Download Submit
C:\Users\Admin\Downloads\8ad7c506b6c146384ab9b6effd12c9bd586518100e35c4fcb4744b40d10bf25a.zip

Filesize
1.5MB

MD5
fa4f534e643c64a6c287aaec036b6b90

SHA1
91b6fd5d5bfcdb79dc82bb665b07c51602c348db

SHA256
2d311e24453cfcec8f4c9b76ca90b491f8ad4064ae499ae6bae9d87229763cd9

SHA512
ee048e8310271ca532c2dbafb9e4ac6e485df8e361dfe8599e2c71903328c4d6dbbefc06ad40a23b1f9beddeb5cb056f60f60e46ec7b8fe05072ba897671062a

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 875250.crdownload

Filesize
3.8MB

MD5
46c17c999744470b689331f41eab7df1

SHA1
b8a63127df6a87d333061c622220d6d70ed80f7c

SHA256
c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a

SHA512
4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6

Download Submit
memory/3268-561-0x0000000069CC0000-0x000000006A37B000-memory.dmp

Filesize
6.7MB

Download
memory/3268-704-0x0000000000190000-0x00000000007EA000-memory.dmp

Filesize
6.4MB

Download
memory/6064-714-0x0000000000FE0000-0x000000000163A000-memory.dmp

Filesize
6.4MB

Download