e7ba1b74cefeacd9291f99384e6368181509b295e0f8fb3a274fc074ba38d634

Analysis

max time kernel
146s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 04:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0f4b00a8dc29ca0c6ed45b8a312d8cd2.exe
Size

1.3MB
MD5

0f4b00a8dc29ca0c6ed45b8a312d8cd2
SHA1

b3e7b72da13a3d5dbea71771bd065a88c6094978
SHA256

e7ba1b74cefeacd9291f99384e6368181509b295e0f8fb3a274fc074ba38d634
SHA512

09421118637179c3eb838dba44454bbfa41b5f543e590a2f1da6e5b165a26cc3388b2dbd54c2aa2dd8252ef0cbbd5af2fda95607b1ff69b0e244c07f3395201d
SSDEEP

12288:Ch/pCHxW4pbAOeeeZeeeeEhMEr6CX4zist5:U/eDNAuaE6tiY

Score

6^/10

evasion trojan

Malware Config

Signatures

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	0f4b00a8dc29ca0c6ed45b8a312d8cd2.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1504	msedge.exe
1504	msedge.exe
5040	msedge.exe
5040	msedge.exe
3328	identity_helper.exe
3328	identity_helper.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4384	0f4b00a8dc29ca0c6ed45b8a312d8cd2.exe
4384	0f4b00a8dc29ca0c6ed45b8a312d8cd2.exe
4384	0f4b00a8dc29ca0c6ed45b8a312d8cd2.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4384 wrote to memory of 5040	4384	0f4b00a8dc29ca0c6ed45b8a312d8cd2.exe	94
PID 4384 wrote to memory of 5040	4384	0f4b00a8dc29ca0c6ed45b8a312d8cd2.exe	94
PID 5040 wrote to memory of 3128	5040	msedge.exe	95
PID 5040 wrote to memory of 3128	5040	msedge.exe	95
PID 5040 wrote to memory of 2188	5040	msedge.exe	97
PID 5040 wrote to memory of 2188	5040	msedge.exe	97
PID 5040 wrote to memory of 2188	5040	msedge.exe	97
PID 5040 wrote to memory of 2188	5040	msedge.exe	97
PID 5040 wrote to memory of 2188	5040	msedge.exe	97
PID 5040 wrote to memory of 2188	5040	msedge.exe	97
PID 5040 wrote to memory of 2188	5040	msedge.exe	97
PID 5040 wrote to memory of 2188	5040	msedge.exe	97
PID 5040 wrote to memory of 2188	5040	msedge.exe	97
PID 5040 wrote to memory of 2188	5040	msedge.exe	97
PID 5040 wrote to memory of 2188	5040	msedge.exe	97
PID 5040 wrote to memory of 2188	5040	msedge.exe	97
PID 5040 wrote to memory of 2188	5040	msedge.exe	97
PID 5040 wrote to memory of 2188	5040	msedge.exe	97
PID 5040 wrote to memory of 2188	5040	msedge.exe	97
PID 5040 wrote to memory of 2188	5040	msedge.exe	97
PID 5040 wrote to memory of 2188	5040	msedge.exe	97
PID 5040 wrote to memory of 2188	5040	msedge.exe	97
PID 5040 wrote to memory of 2188	5040	msedge.exe	97
PID 5040 wrote to memory of 2188	5040	msedge.exe	97
PID 5040 wrote to memory of 2188	5040	msedge.exe	97
PID 5040 wrote to memory of 2188	5040	msedge.exe	97
PID 5040 wrote to memory of 2188	5040	msedge.exe	97
PID 5040 wrote to memory of 2188	5040	msedge.exe	97
PID 5040 wrote to memory of 2188	5040	msedge.exe	97
PID 5040 wrote to memory of 2188	5040	msedge.exe	97
PID 5040 wrote to memory of 2188	5040	msedge.exe	97
PID 5040 wrote to memory of 2188	5040	msedge.exe	97
PID 5040 wrote to memory of 2188	5040	msedge.exe	97
PID 5040 wrote to memory of 2188	5040	msedge.exe	97
PID 5040 wrote to memory of 2188	5040	msedge.exe	97
PID 5040 wrote to memory of 2188	5040	msedge.exe	97
PID 5040 wrote to memory of 2188	5040	msedge.exe	97
PID 5040 wrote to memory of 2188	5040	msedge.exe	97
PID 5040 wrote to memory of 2188	5040	msedge.exe	97
PID 5040 wrote to memory of 2188	5040	msedge.exe	97
PID 5040 wrote to memory of 2188	5040	msedge.exe	97
PID 5040 wrote to memory of 2188	5040	msedge.exe	97
PID 5040 wrote to memory of 2188	5040	msedge.exe	97
PID 5040 wrote to memory of 2188	5040	msedge.exe	97
PID 5040 wrote to memory of 1504	5040	msedge.exe	96
PID 5040 wrote to memory of 1504	5040	msedge.exe	96
PID 5040 wrote to memory of 4376	5040	msedge.exe	98
PID 5040 wrote to memory of 4376	5040	msedge.exe	98
PID 5040 wrote to memory of 4376	5040	msedge.exe	98
PID 5040 wrote to memory of 4376	5040	msedge.exe	98
PID 5040 wrote to memory of 4376	5040	msedge.exe	98
PID 5040 wrote to memory of 4376	5040	msedge.exe	98
PID 5040 wrote to memory of 4376	5040	msedge.exe	98
PID 5040 wrote to memory of 4376	5040	msedge.exe	98
PID 5040 wrote to memory of 4376	5040	msedge.exe	98
PID 5040 wrote to memory of 4376	5040	msedge.exe	98
PID 5040 wrote to memory of 4376	5040	msedge.exe	98
PID 5040 wrote to memory of 4376	5040	msedge.exe	98
PID 5040 wrote to memory of 4376	5040	msedge.exe	98
PID 5040 wrote to memory of 4376	5040	msedge.exe	98
PID 5040 wrote to memory of 4376	5040	msedge.exe	98
PID 5040 wrote to memory of 4376	5040	msedge.exe	98
PID 5040 wrote to memory of 4376	5040	msedge.exe	98
PID 5040 wrote to memory of 4376	5040	msedge.exe	98

C:\Users\Admin\AppData\Local\Temp\0f4b00a8dc29ca0c6ed45b8a312d8cd2.exe
"C:\Users\Admin\AppData\Local\Temp\0f4b00a8dc29ca0c6ed45b8a312d8cd2.exe"
1⤵
- Checks whether UAC is enabled
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://click.linksynergy.com/fs-bin/click?id=38gdzv6HYXQ&offerid=173286.1735102143010587316&type=2&subid=0
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:5040
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9764546f8,0x7ff976454708,0x7ff976454718
    3⤵
    PID:3128
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,4449485250562803683,10371845239461169837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1504
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,4449485250562803683,10371845239461169837,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
    3⤵
    PID:2188
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,4449485250562803683,10371845239461169837,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3024 /prefetch:8
    3⤵
    PID:4376
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4449485250562803683,10371845239461169837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
    3⤵
    PID:4360
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4449485250562803683,10371845239461169837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2612 /prefetch:1
    3⤵
    PID:520
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4449485250562803683,10371845239461169837,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
    3⤵
    PID:3164
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4449485250562803683,10371845239461169837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
    3⤵
    PID:2512
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4449485250562803683,10371845239461169837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
    3⤵
    PID:4524
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4449485250562803683,10371845239461169837,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
    3⤵
    PID:3212
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4449485250562803683,10371845239461169837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
    3⤵
    PID:2528
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,4449485250562803683,10371845239461169837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4232 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3328
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,4449485250562803683,10371845239461169837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4232 /prefetch:8
    3⤵
    PID:3936
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,4449485250562803683,10371845239461169837,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2548 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4604

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:672

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eb20b5930f48aa090358398afb25b683

SHA1
4892c8b72aa16c5b3f1b72811bf32b89f2d13392

SHA256
2695ab23c2b43aa257f44b6943b6a56b395ea77dc24e5a9bd16acc2578168a35

SHA512
d0c6012a0059bc1bb49b2f293e6c07019153e0faf833961f646a85b992b47896092f33fdccc893334c79f452218d1542e339ded3f1b69bd8e343d232e6c3d9e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3af278c6df131c7e8b09c195eaa33ecc

SHA1
a5e1675b8db1b55c40cbf76178d93615fcdb801d

SHA256
5516a0ed1b59cbe1e0785afd7cb927ea323f6f8e7d306f1b75a931ed630c4800

SHA512
70c04019cb19c2e779bb86530f845d9f4c84fc6fbb2b8da6708d65991384d9c78855b4ae292daca6965cc4cb2e249758b51906bc6da859bd4f260860d5216967

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e678d8cea96f0934143064fed97ef269

SHA1
9da59f6c81f03f7bdd5c947c2fdde310d958466b

SHA256
4258850027c21b93177c41c1c4e54e2bfb0d6336a12dadf8d778882b36bddbcd

SHA512
78276120f2a618d7e3d4e64933d9c79a95a5e6b5f898a792726ddde97c426c2b716fcd35bb0b573ca93ee5f35f5b0844292f34afe0c005414427cf58da95ea24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
db88087119a30723af3f20142a605230

SHA1
81e53cf6eea0d18cddc17179ff7cbd65d08e03dd

SHA256
5dab7605c3c14ad3b0717256588ed2d6a390a63d4a58715b488044c39bb4bf3c

SHA512
76f5dbf8c29855540e055f92a6e0caf0a41bcfeaee415b65344090fb540e35bafceffdde9235874357ad214e6c86df69395a7fd8ac43de4be227b711fb464e62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
2bbbdb35220e81614659f8e50e6b8a44

SHA1
7729a18e075646fb77eb7319e30d346552a6c9de

SHA256
73f853ad74a9ac44bc4edf5a6499d237c940c905d3d62ea617fbb58d5e92a8dd

SHA512
59c5c7c0fbe53fa34299395db6e671acfc224dee54c7e1e00b1ce3c8e4dfb308bf2d170dfdbdda9ca32b4ad0281cde7bd6ae08ea87544ea5324bcb94a631f899

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5a28b3dc01e9efe1b0f83b662c596814

SHA1
e9a0250240ed315483c9a89d07580c31136b2f36

SHA256
c8f0744888363250e743c728506828df9a114e51d46d9332ba62d4bf94ec0236

SHA512
da815729b462e17dfed0ae03febf0b42026405fe185c54c34c45aff856b255c5cd9443dd9e0d1286626ee31247bfef861f605a3283ae7ab433e4ca9e38dea368

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0ec583563f7cfe9b9bf1d9ca557c3aad

SHA1
96f37d6fa6efef7450501b673531e1fa5f0e0960

SHA256
83f8c55f5e4586f43f2f20114e2cb1cdcae325b28b61abc3518b4b5816a08bfc

SHA512
f3816294704b08e83ffce9d589beca7520337bb8508698880ed7b391dda50e0696b242d8cd8f0994cfea97363a8de3ca50f0a9d812e519e765e975ade311ae2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\FG.url

Filesize
192B

MD5
b32e479bd009ed83990c9673269a8679

SHA1
c90602796792d73b8e14df593d28c88639957537

SHA256
4da0710275fe2edc624ceae921dfed794450221c88daaac73467fc885cff1a3b

SHA512
d29415020d7ddc493ac36ad2351414523f9804f3031a50c6bfded58d8b9a83f13877ae73571e9dcc50eedd7014230196313dfab8618e587e118ae6ba4d94db12

Download Submit
C:\Users\Admin\Desktop\Fenomen Games.lnk

Filesize
1KB

MD5
4355b018d2437d0dc0baf9efed3f8eb6

SHA1
12b0c6e5df4f5a76a5dd52d702d507888f071770

SHA256
a6648f51852fc4c565413d965a716f6020da89c5c9bc4f50285633f385f46d83

SHA512
5a4ff93380578545383f96c16548b79fd7481f9047080313d1f49a9aa678b997dbf9b9db73ceeacce253f729183e63c2d3980379e66eb8d9a84ed7a51a6b5383

Download Submit
memory/4384-0-0x0000000000400000-0x000000000055F000-memory.dmp

Filesize
1.4MB

Download