a2706ced712d733502af5ba0f15945a7c9744aa2fb1d9d98cc7aa3c128c5b523

Resubmissions

27-10-2024 06:37

241027-hdl29asnap 10

27-10-2024 06:34

241027-hbv75ssrav 8

Analysis

max time kernel
1037s
max time network
992s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
27-10-2024 06:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

The-MALWARE-Repo
Size

298KB
MD5

07c71f38ba70d3cd08780578f673366b
SHA1

91920288a31959a00ba02ee68dbe64c874203e01
SHA256

a2706ced712d733502af5ba0f15945a7c9744aa2fb1d9d98cc7aa3c128c5b523
SHA512

56b93f6a9f77f715bca4b4fa07bfde2adf7440d8b01b8048bf1eb7cb6b446e15d0b4eaa9299dd001e3ea33d4c9fd30761334aebbccd9eb55528eeb50297b3cf6
SSDEEP

6144:yLouSpOL/saqkPV9FemLtcsDSsmwF9VvZJT3CqbMrhryf65NRPaCieMjAkvCJv1N:AouSpOL/saqkPV9FemLtcsDSsmwF9Vv4

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file
Executes dropped EXE 4 IoCs

Processes:

WinNuke.98.exeWinNuke.98.exeWinNuke.98 (1).exeWinNuke.98 (1).exe

pid process

5972 WinNuke.98.exe
5980 WinNuke.98.exe
5300 WinNuke.98 (1).exe
6044 WinNuke.98 (1).exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

110 raw.githubusercontent.com
111 raw.githubusercontent.com
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

pid	process
5972	WinNuke.98.exe
5980	WinNuke.98.exe
5300	WinNuke.98 (1).exe
6044	WinNuke.98 (1).exe

flow	ioc
110	raw.githubusercontent.com
111	raw.githubusercontent.com

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

WinNuke.98 (1).exeWinNuke.98 (1).exeWinNuke.98.exeWinNuke.98.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WinNuke.98 (1).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WinNuke.98 (1).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WinNuke.98.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WinNuke.98.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

NTFS ADS 2 IoCs

Processes:

msedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 852977.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 998254.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exe

pid	process
4208	msedge.exe
4208	msedge.exe
3760	msedge.exe
3760	msedge.exe
4808	identity_helper.exe
4808	identity_helper.exe
5860	msedge.exe
5860	msedge.exe
5872	msedge.exe
5872	msedge.exe
5208	msedge.exe
5208	msedge.exe
5208	msedge.exe
5208	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs

Processes:

msedge.exe

pid	process
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe

Suspicious use of FindShellTrayWindow 45 IoCs

Processes:

msedge.exe

pid	process
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3760 wrote to memory of 920	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 920	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 4452	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 4452	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 4452	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 4452	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 4452	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 4452	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 4452	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 4452	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 4452	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 4452	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 4452	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 4452	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 4452	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 4452	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 4452	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 4452	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 4452	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 4452	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 4452	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 4452	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 4452	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 4452	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 4452	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 4452	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 4452	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 4452	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 4452	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 4452	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 4452	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 4452	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 4452	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 4452	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 4452	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 4452	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 4452	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 4452	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 4452	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 4452	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 4452	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 4452	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 4208	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 4208	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2136	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2136	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2136	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2136	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2136	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2136	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2136	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2136	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2136	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2136	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2136	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2136	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2136	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2136	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2136	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2136	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2136	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2136	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2136	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2136	3760	msedge.exe	msedge.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo
1⤵
PID:4948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe759f46f8,0x7ffe759f4708,0x7ffe759f4718
  2⤵
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,11209295203693478911,7503549424782610413,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1984 /prefetch:2
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1968,11209295203693478911,7503549424782610413,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1968,11209295203693478911,7503549424782610413,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
  2⤵
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,11209295203693478911,7503549424782610413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,11209295203693478911,7503549424782610413,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:2684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,11209295203693478911,7503549424782610413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,11209295203693478911,7503549424782610413,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,11209295203693478911,7503549424782610413,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:8
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,11209295203693478911,7503549424782610413,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,11209295203693478911,7503549424782610413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,11209295203693478911,7503549424782610413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:2664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,11209295203693478911,7503549424782610413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:1164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,11209295203693478911,7503549424782610413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,11209295203693478911,7503549424782610413,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,11209295203693478911,7503549424782610413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
  2⤵
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,11209295203693478911,7503549424782610413,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1
  2⤵
  PID:5216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,11209295203693478911,7503549424782610413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:5400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,11209295203693478911,7503549424782610413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4300 /prefetch:1
  2⤵
  PID:5480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1968,11209295203693478911,7503549424782610413,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4216 /prefetch:8
  2⤵
  PID:5292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,11209295203693478911,7503549424782610413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1968,11209295203693478911,7503549424782610413,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6400 /prefetch:8
  2⤵
  PID:5608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1968,11209295203693478911,7503549424782610413,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6108 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5860
- C:\Users\Admin\Downloads\WinNuke.98.exe
  "C:\Users\Admin\Downloads\WinNuke.98.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5972
- C:\Users\Admin\Downloads\WinNuke.98.exe
  "C:\Users\Admin\Downloads\WinNuke.98.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,11209295203693478911,7503549424782610413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4480 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1968,11209295203693478911,7503549424782610413,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5092 /prefetch:8
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1968,11209295203693478911,7503549424782610413,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6788 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5872
- C:\Users\Admin\Downloads\WinNuke.98 (1).exe
  "C:\Users\Admin\Downloads\WinNuke.98 (1).exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5300
- C:\Users\Admin\Downloads\WinNuke.98 (1).exe
  "C:\Users\Admin\Downloads\WinNuke.98 (1).exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:6044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,11209295203693478911,7503549424782610413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1740 /prefetch:1
  2⤵
  PID:6120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,11209295203693478911,7503549424782610413,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,11209295203693478911,7503549424782610413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:5516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,11209295203693478911,7503549424782610413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1968,11209295203693478911,7503549424782610413,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3652 /prefetch:8
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,11209295203693478911,7503549424782610413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,11209295203693478911,7503549424782610413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,11209295203693478911,7503549424782610413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6952 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,11209295203693478911,7503549424782610413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,11209295203693478911,7503549424782610413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7004 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,11209295203693478911,7503549424782610413,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5576 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,11209295203693478911,7503549424782610413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1884 /prefetch:1
  2⤵
  PID:5840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,11209295203693478911,7503549424782610413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7136 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,11209295203693478911,7503549424782610413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:5436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,11209295203693478911,7503549424782610413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:1
  2⤵
  PID:6028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4356

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2480

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f0 0x2f8
1⤵
PID:5700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7cb450b1315c63b1d5d89d98ba22da5

SHA1
694005cd9e1a4c54e0b83d0598a8a0c089df1556

SHA256
38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

SHA512
df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37f660dd4b6ddf23bc37f5c823d1c33a

SHA1
1c35538aa307a3e09d15519df6ace99674ae428b

SHA256
4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

SHA512
807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
67KB

MD5
fb2f02c107cee2b4f2286d528d23b94e

SHA1
d76d6b684b7cfbe340e61734a7c197cc672b1af3

SHA256
925dd883d5a2eb44cf1f75e8d71346b98f14c4412a0ea0c350672384a0e83e7a

SHA512
be51d371b79f4cc1f860706207d5978d18660bf1dc0ca6706d43ca0375843ec924aa4a8ed44867661a77e3ec85e278c559ab6f6946cba4f43daf3854b838bb82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
81b297bd091bd449c00993a5ee7d3dc0

SHA1
133502dbed59aaa5a18bb820ab32fc5684b0c9f9

SHA256
a236e34f012b1d297cce8bb4a2889d76f579b68b4af37a29421fdff2476b0d47

SHA512
f8b06a1bc2544eac83799b0e14a1a6875a83ae8b4c865dfa067a8274673e962dc70087c8b42bbaa8797c43b5c59cebfbbfaf1a6c5c4a002cc765170627a7f1be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
8c189a5a164ce006e05f068382fcb6f7

SHA1
b66e9c65458314e4a8c1f82fcb01739d101a4b68

SHA256
8a42c782be63d1bb57ea7dd1304d10755cef964cec5416542c68ef17a5de4775

SHA512
5d5d9154ef773f126f6d45dbd4bd72ff330f7319b6e2683062534153752d3512af2f4614a9ebb6c66d41c23d2165f833552011648867e6154d107109b9ce47d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
77fdce243c62c284f546c13efe583dbb

SHA1
807d386567df5955e4a97748201b95301985877f

SHA256
2136128477b460849ef10f9e1c25a8f480ee989fb982df7db2b7f17a182f69cd

SHA512
09f0aad84de2081c748a72b657d91107ac38573e0a7a0934bddf90ab85a086855cc60258b49f76cc03c47e4d799428d09601daed6f9b65de0ffa2d08391dc69b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
cfe0b1e9a296516690cc6d60d7b0967b

SHA1
b97b8547547912ee5c0fe98f42e2b95cc24f1d11

SHA256
81457a488677d42503220726faedf9eb94abad38d51d4af0ad371655463ab55e

SHA512
643eef344aa8f5e9aee1c45186aef5feabefc387d74b7c093ebb51c6b73bb2dc24bd59e63666a1df4d998a1834fedf05c4950d48e97fd0d81ffb3f93a4143b7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b81dfd13370834259a8c90c8700b04ef

SHA1
5e1787dfce114a6516507b965813e7f3e16f1dd4

SHA256
09307bd5b55c85ac70283656daa24751690c449c3067b749c3c17de9a2da09aa

SHA512
31585ebdc14108fe1f1b0860d24584d48786712cbafdeb3fb16208cb2a23a6df4d7a391cf500f5224e43659d311d18328e912ad55d3a97a6b119d8a76c8d7e56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
bb96d04210e0e8d21508d07900459e67

SHA1
ef24018153792bf1c97547238b8fad298285d4c9

SHA256
1b5f1af0496fec81b5eae8fb2e62667e7a2ce346299e0be30457714f74a4b258

SHA512
ab508afd00c32da4df16f347a0f9092c393eca9f09e9481805bf2298256aa9c9ff0412e7dbfaa0e5f60d0dabe80f6cfb4c03e831c439f2429c36d8b4f41eac89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0346bf602684f2dc0855d9f41ccb0b69

SHA1
e70d3da3e2c2ed91e10488b50dd5a3a4f5212088

SHA256
9abb8cf86eae3ddd3048924d0c2b787969ecbbbb92323411675660a079c86cd7

SHA512
694bfebaace9a1217dad4fe41cd71d4971805c432bf3d52b404abe037aed11111b4cf2e40064fe72d33d5999e94c781c3ddc00874f18a513880b338c8e91969d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
250126e14470e44607b9b9982a6e2800

SHA1
f1dfe7ad61b317a6d574341fd61d3176199a228e

SHA256
a3814b098d8b0b0286dc7372076f4e8873f4968e6c4e22c55a8793f9a6b4b10a

SHA512
2f6863543510c84439ccce6e0d5d781f83b107be98799f7287f61284c38184ef52d69f734a09c3aad83417fd7a541569b38405a0b73ea65d2319574e274acab2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
7e8b0c886d64e7c49a689983a2e7f850

SHA1
2beeea17bac509d345608f77ff31b0892e25da74

SHA256
da478d946dfb53c925ce99eeb12392e66f6ed3565e006aaff8bf09baa1561ead

SHA512
5961751e8cb10f90a2435bde4db0f82c5100363ce6407006378d5459e42709d3dbb3cb7208088a184615ff54495add5baf30d9a47f47c9e5c4699f5aaa9c45af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5a508105ea33b7d38f13aec7223f779c

SHA1
8696cce83f4bbde8411b3883179ea69dc4d568d6

SHA256
3c8359ff0e1de7c96e8a982c17fec2989113f310163983a182c2fddd361e0629

SHA512
0dd719cb3d92be06146ff569e79ab8fdfce7ba2a6c9e9cfdf0a97e34007dac1c0fa65a23e6d0833c7d82e461b5e0d6502fd1b8becfa75aa6f7299df882ee84e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f2bec5377f342dd02aa2dbbdd6a1d5a6

SHA1
2469b75387076c346634314b1aad3a0f81a8dfbc

SHA256
1b0bcad50384f6ad36be444c6aaf0b6e5039023d20c6720e9e39cd94d32a22ed

SHA512
89edee8fc101f5d8f13bb9e5c86238cd82be91cdc55932b9e825ca6936eef5768253843fc02073b0e8fea027dbc517fcb60655198363ab3dc67354dee806d1b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
61420ea571ec65f65c84f24bbaca4c58

SHA1
995ea8fa29f0e5a5dd2ed26030b2b9886f5776e2

SHA256
f961699750472992999c660d9942ecfd48e8401e1c3fd32fff5bd6d4674853c0

SHA512
e3b1da57b5b298580e7e62226ce8429c804f58dd46fb1c0ad0b25197c3aeca9060e178b697a6b004d70681db2ab888434f8c5f37755422bf8148cf7e82fee08d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
936e4c34c4c54afc27256598b2876fc8

SHA1
c6ab11b46ec3f2a4c6d41ee3bc696ed5ffcf0fe9

SHA256
c717dd64b16ba0a01a9773a074a9ab6e49bc6e1bbdeb1b1f6af551236672f67e

SHA512
87020df892dbec2242e58e78d661619d285f3a807db8ff8d1c6926f8654bb36d19e92c26048798ede60e96d08809fa8e8c6f12c78d9a5bc6a8cbe093451b744b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2e7e9a18e56adef660ef59a58485fe36

SHA1
e28fa05f81424317f51d59d05153d1fec86ac4db

SHA256
a36e7b649fb72cdb1ad862e482f0ad5ba937ed41ffd8d123786c39aba280b379

SHA512
0a5d5a2c58a84c0c347ce5b421f42ad2dab98891b5bba798463d109633bfd65f75e2cc366ef5978fbdb2cb939ed114fce73eb7da3e4268656d6cfb6f512f4c7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3e1fa4e1e7c6a9ad00b95a8e620df370

SHA1
a1bf8b6acd34ddac1dee323e9b117c906569e8ae

SHA256
4ebd40c9d5da91f20c09fd029365f5edcaa6f63ae1254b841fde314d6b8056bb

SHA512
da12d617536e6a06901c9e78ce872747a01fe4d3ebef41dd748b41e11a53f874fae0ec640580264bf9d6b70fc98d04c3aa3b035c4c0e817058db3727a7287a02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
21c8e868c44e59cb5502a1287a98c1d4

SHA1
3ade4fb960dc3c3117c2c432cacd5656b0fee357

SHA256
e11d89b9495aa0284e79b7bf5c73b9f96e7eaee194548aff4411726e80778c86

SHA512
9f37dd37a9bc25efc9774eafe7421acf86473455c420fd52433d03a606af8326534fc91edbffc07cc27d55aa397b94b3e45bee237886b622cdc627a770a84768

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3cbaf472fe5a5c111b4a7863788b0aab

SHA1
3616325664945b936572b538b9aaef8b7ca68d1d

SHA256
20b194d601a90ca1d69347ae09391919c3bcdaecd5b30c3f1934eb42a0142de8

SHA512
9451ba35db9c051bb5f364c8948f3e47f0a7f87ef3238ee312ed86fc8bc3a81637c74c08299417a08f6642d6c9f9472f096ae9a79856566201cd88e59f39217e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d3fbb7a75f1686897cd7d901b44f191d

SHA1
79499d69c8751d7feacd5d7cc59b20fc9d1d9416

SHA256
a2bc3cb8028ae6febb9807a8cd15b60879d5fb84d517a87573e9ce0f9165810b

SHA512
d2fbe5b65bbb89421acbdccd534d2fc037f1004c2f4afc3a60cc2f973080e6ef76175baeb550283665f85650a93e302dde3259861d08824a8228f52cf346a9a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
debff65f36fa524cb04cf0531b01e0f4

SHA1
d6d5773d366ee33e146b3f49f2c0c62349ffdcca

SHA256
12be4029ec312701cf6f74da04538303d0ccec06b533d9794c69c0da578605b0

SHA512
70641192c6e9f15f40820461192685c127c02c8f6dbfd88fe130ca102b38b00642b2ff19522de4ee574401f5448482a1b735eea2707a6909a4f1f95053f68a4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
77221756dd428dfee0f0a85ed5e9f8f4

SHA1
abaa8325ea24d39f55e5d2bce1546833939ab25f

SHA256
42d6e54b8a2b0345e066540830710666fce7b1e6daa51d6165b7238e1dec6f90

SHA512
c778654ae65f02e040fe4fa1580fab937830f33ac6cb6023cb1bc7ed0f884695ec34c58fd2a01a6f8da42c5d6a5ff98005d7664bcd7528fb61fe862ea6b1a2a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a5da5f36f11c4d7d9c2a4708b832de7e

SHA1
336fe97eb60e91d7c4da68daafd6a6cfaaa27666

SHA256
ad51388cc21fb284d2130aced7373bd961b3f4588d0e0fdd0038f4ba477ac502

SHA512
84dc4e8001bef061739b2e9314a76d2d4501c24eb489923a545d8c4a2ad43994dafb45deb236bb8b326437f22dcb963f326953db5eb38175aaf6e8ea3d3561f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2f7295c8b77d435deb9a3665b990f0f2

SHA1
e8eef4c6d007c999e238cbe19d9f833753e74c45

SHA256
3feef7d496b94da5fdd3b685ff4774a39126f960754e63166de1e17687f0c1e4

SHA512
cf7197895197f3fd584e2bdcf33c410153f1906975d7041b90e70ebea66a240c6bbf1045cc7ed24d924321466c7c0f20334aafcdd0ee756dd0727f323a5d2107

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7ba230a3d775a04ae8f67b255cd9aec2

SHA1
0616b62b52f0c337b30a89d878748b1b37ae6e19

SHA256
507b17113ff898b3b537c1d116823d5878450f51311522d3fae1e9f7b099facc

SHA512
8a5b723965217c79486ff5a9e06bddc85d0dd3c0566c86769d37ef7c25dac5f25a56d13ac9b78402eb62d6c1525d06803529394b3921fe10b30578e1308d14dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5845de.TMP

Filesize
1KB

MD5
2a0e47b51a7dd8512c14da43caaa9c88

SHA1
4bace0a478f0708b6163fed4b52516d2b4a03949

SHA256
3dfa51fc217d4186a28db62b9d06313d837a9c8d8312d0835f4db010a3e26308

SHA512
1db49b8cdbbf1991a66acd93b95ce7e7ef87c4d2caa22a266c4d9a175b6a9a65de40ab405fc434417606e51ea28c99d4803de68292003c3d40bf85c6200bf7ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\bcd51961-858f-4e70-b132-031dbd896a14.tmp

Filesize
2KB

MD5
63ed4bb43e4f80f5c5aa1c2bc8fdb7ad

SHA1
e5a9c29bbe89218a392fb94d96332f40154d2a00

SHA256
f0a2405848c8c406864e4a30a36701f285978697e8ea6c541cfddae5613e840f

SHA512
71601f5b93f3c6b3ede271e3853ebe936a931a1a1005cd0ec8f513ac3f374ab9e0a2cb5859b7de1b866ae65a760f7b8439115d0ee070ee1e9d0687b63a720371

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d10028d1bb261d62cfcbeca86d383083

SHA1
9656ae9a97557b1e3fce259043427045edda626c

SHA256
793a44e4cf896f70f998165c3d4574769fc3bc185a39b481165d0ccd99668fa1

SHA512
15a8e413e03b9b947866ecd056e45bbf101df24ba4cd0143bc78e3d399585e8bbf863dd2d2379296e139e169dc18049ae2e8a24227150dc650e2e8a251b06aa4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
353a16bb56d370ae3d6592619ba39380

SHA1
a5a560b17dbdb50488137083c9303c65575a1178

SHA256
74ec7db88b408aefc0aad17b55c8dbf76361267a310df05807dcb99c444fb9f4

SHA512
70da638cc6fd987c2c96c6dbc85eb9f744b97276f6742487cc59999f5481403f5c32b472a4a081fc794de4a2439373bcab21666bd9420a10a8e046f55cb4d85e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
e85fb7da1c2f81fde0e209f993200b76

SHA1
ddd74d9e1ed1b842a833fdf06e64597b82dcea98

SHA256
0b54d98db1402f1d1c50788540831d316f53ce812221db4245c680d0cbbaa011

SHA512
8ec728e166108e45d717defedf91cff0544c9af8e73c1d1b8918d4a8517b6ac3523c29f2d4250cf33cb5d4297b1cff5f0dc76806b0d7af74a8cdbc5c81adcc4e

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 998254.crdownload

Filesize
32KB

MD5
eb9324121994e5e41f1738b5af8944b1

SHA1
aa63c521b64602fa9c3a73dadd412fdaf181b690

SHA256
2f1f93ede80502d153e301baf9b7f68e7c7a9344cfa90cfae396aac17e81ce5a

SHA512
7f7a702ddec8d94cb2177b4736d94ec53e575be3dd2d610410cb3154ba9ad2936c98e0e72ed7ab5ebbcbe0329be0d9b20a3bcd84670a6d1c8d7e0a9a3056edd2

Download Submit
\??\pipe\LOCAL\crashpad_3760_BCXDDQXYLSTTUDSW

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit