hxxps://www[.]google[.]ca/

Analysis

max time kernel
86s
max time network
87s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 17:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.google.ca/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1705699165-553239100-4129523827-1000\{13A17165-090F-48DD-8CD1-07982D54906B}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1104	msedge.exe
1104	msedge.exe
4076	msedge.exe
4076	msedge.exe
3124	identity_helper.exe
3124	identity_helper.exe
996	msedge.exe
996	msedge.exe
5280	msedge.exe
5280	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs

pid	Process
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4076 wrote to memory of 5084	4076	msedge.exe	85
PID 4076 wrote to memory of 5084	4076	msedge.exe	85
PID 4076 wrote to memory of 4688	4076	msedge.exe	86
PID 4076 wrote to memory of 4688	4076	msedge.exe	86
PID 4076 wrote to memory of 4688	4076	msedge.exe	86
PID 4076 wrote to memory of 4688	4076	msedge.exe	86
PID 4076 wrote to memory of 4688	4076	msedge.exe	86
PID 4076 wrote to memory of 4688	4076	msedge.exe	86
PID 4076 wrote to memory of 4688	4076	msedge.exe	86
PID 4076 wrote to memory of 4688	4076	msedge.exe	86
PID 4076 wrote to memory of 4688	4076	msedge.exe	86
PID 4076 wrote to memory of 4688	4076	msedge.exe	86
PID 4076 wrote to memory of 4688	4076	msedge.exe	86
PID 4076 wrote to memory of 4688	4076	msedge.exe	86
PID 4076 wrote to memory of 4688	4076	msedge.exe	86
PID 4076 wrote to memory of 4688	4076	msedge.exe	86
PID 4076 wrote to memory of 4688	4076	msedge.exe	86
PID 4076 wrote to memory of 4688	4076	msedge.exe	86
PID 4076 wrote to memory of 4688	4076	msedge.exe	86
PID 4076 wrote to memory of 4688	4076	msedge.exe	86
PID 4076 wrote to memory of 4688	4076	msedge.exe	86
PID 4076 wrote to memory of 4688	4076	msedge.exe	86
PID 4076 wrote to memory of 4688	4076	msedge.exe	86
PID 4076 wrote to memory of 4688	4076	msedge.exe	86
PID 4076 wrote to memory of 4688	4076	msedge.exe	86
PID 4076 wrote to memory of 4688	4076	msedge.exe	86
PID 4076 wrote to memory of 4688	4076	msedge.exe	86
PID 4076 wrote to memory of 4688	4076	msedge.exe	86
PID 4076 wrote to memory of 4688	4076	msedge.exe	86
PID 4076 wrote to memory of 4688	4076	msedge.exe	86
PID 4076 wrote to memory of 4688	4076	msedge.exe	86
PID 4076 wrote to memory of 4688	4076	msedge.exe	86
PID 4076 wrote to memory of 4688	4076	msedge.exe	86
PID 4076 wrote to memory of 4688	4076	msedge.exe	86
PID 4076 wrote to memory of 4688	4076	msedge.exe	86
PID 4076 wrote to memory of 4688	4076	msedge.exe	86
PID 4076 wrote to memory of 4688	4076	msedge.exe	86
PID 4076 wrote to memory of 4688	4076	msedge.exe	86
PID 4076 wrote to memory of 4688	4076	msedge.exe	86
PID 4076 wrote to memory of 4688	4076	msedge.exe	86
PID 4076 wrote to memory of 4688	4076	msedge.exe	86
PID 4076 wrote to memory of 4688	4076	msedge.exe	86
PID 4076 wrote to memory of 1104	4076	msedge.exe	87
PID 4076 wrote to memory of 1104	4076	msedge.exe	87
PID 4076 wrote to memory of 2780	4076	msedge.exe	88
PID 4076 wrote to memory of 2780	4076	msedge.exe	88
PID 4076 wrote to memory of 2780	4076	msedge.exe	88
PID 4076 wrote to memory of 2780	4076	msedge.exe	88
PID 4076 wrote to memory of 2780	4076	msedge.exe	88
PID 4076 wrote to memory of 2780	4076	msedge.exe	88
PID 4076 wrote to memory of 2780	4076	msedge.exe	88
PID 4076 wrote to memory of 2780	4076	msedge.exe	88
PID 4076 wrote to memory of 2780	4076	msedge.exe	88
PID 4076 wrote to memory of 2780	4076	msedge.exe	88
PID 4076 wrote to memory of 2780	4076	msedge.exe	88
PID 4076 wrote to memory of 2780	4076	msedge.exe	88
PID 4076 wrote to memory of 2780	4076	msedge.exe	88
PID 4076 wrote to memory of 2780	4076	msedge.exe	88
PID 4076 wrote to memory of 2780	4076	msedge.exe	88
PID 4076 wrote to memory of 2780	4076	msedge.exe	88
PID 4076 wrote to memory of 2780	4076	msedge.exe	88
PID 4076 wrote to memory of 2780	4076	msedge.exe	88
PID 4076 wrote to memory of 2780	4076	msedge.exe	88
PID 4076 wrote to memory of 2780	4076	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.ca/
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffdfb8046f8,0x7ffdfb804708,0x7ffdfb804718
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,18309514158490424330,7127139873231959390,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,18309514158490424330,7127139873231959390,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,18309514158490424330,7127139873231959390,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
  2⤵
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18309514158490424330,7127139873231959390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18309514158490424330,7127139873231959390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18309514158490424330,7127139873231959390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18309514158490424330,7127139873231959390,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
  2⤵
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18309514158490424330,7127139873231959390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18309514158490424330,7127139873231959390,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3948 /prefetch:1
  2⤵
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,18309514158490424330,7127139873231959390,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 /prefetch:8
  2⤵
  PID:2656
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,18309514158490424330,7127139873231959390,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18309514158490424330,7127139873231959390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18309514158490424330,7127139873231959390,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18309514158490424330,7127139873231959390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18309514158490424330,7127139873231959390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:1284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18309514158490424330,7127139873231959390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2060,18309514158490424330,7127139873231959390,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4800 /prefetch:8
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2060,18309514158490424330,7127139873231959390,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18309514158490424330,7127139873231959390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18309514158490424330,7127139873231959390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:5140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18309514158490424330,7127139873231959390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:5640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18309514158490424330,7127139873231959390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
  2⤵
  PID:5924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18309514158490424330,7127139873231959390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:6004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18309514158490424330,7127139873231959390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2760 /prefetch:1
  2⤵
  PID:6012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18309514158490424330,7127139873231959390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1
  2⤵
  PID:5212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18309514158490424330,7127139873231959390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1
  2⤵
  PID:5396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18309514158490424330,7127139873231959390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1700 /prefetch:1
  2⤵
  PID:5800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18309514158490424330,7127139873231959390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1
  2⤵
  PID:5808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18309514158490424330,7127139873231959390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18309514158490424330,7127139873231959390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1
  2⤵
  PID:5336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18309514158490424330,7127139873231959390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18309514158490424330,7127139873231959390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2060,18309514158490424330,7127139873231959390,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4732 /prefetch:8
  2⤵
  PID:5136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,18309514158490424330,7127139873231959390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2828 /prefetch:1
  2⤵
  PID:5160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,18309514158490424330,7127139873231959390,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6216 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5280
- C:\Program Files\Java\jre-1.8\bin\javaw.exe
  "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\Wurst-Client-v7.44-MC1.21.jar"
  2⤵
  PID:6028
- C:\Program Files\Java\jre-1.8\bin\javaw.exe
  "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\Wurst-Client-v7.44-MC1.21.jar"
  2⤵
  PID:5508
- C:\Program Files\Java\jre-1.8\bin\javaw.exe
  "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\Wurst-Client-v7.44-MC1.21.jar"
  2⤵
  PID:1684
- C:\Program Files\Java\jre-1.8\bin\javaw.exe
  "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\Wurst-Client-v7.44-MC1.21.jar"
  2⤵
  PID:5712
- C:\Program Files\Java\jre-1.8\bin\javaw.exe
  "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\Wurst-Client-v7.44-MC1.21.jar"
  2⤵
  PID:4772
- C:\Program Files\Java\jre-1.8\bin\javaw.exe
  "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\Wurst-Client-v7.44-MC1.21.jar"
  2⤵
  PID:1116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4032

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4884

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1576

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\Wurst-Client-v7.44-MC1.21.jar"
1⤵
PID:5680

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\Wurst-Client-v7.44-MC1.21.jar"
1⤵
PID:628

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\Wurst-Client-v7.44-MC1.21.jar"
1⤵
PID:4512

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\Wurst-Client-v7.44-MC1.21.jar"
1⤵
PID:5616

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\Wurst-Client-v7.44-MC1.21.jar"
1⤵
PID:2416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
103419ad56b1c50639f5b250a7cd6458

SHA1
65336ef011e2a3c137ca184b916ce2c18b34dc97

SHA256
f62cd9ff37aa289a65eef6070dddeadb9375cdab3ec8b3a9c460035408e3d470

SHA512
39b7f206ea0870178669b7a0e1e50181d343d26b2b2447ba5d96d88acdc0320d143a82932a32829aa13c658592c3a258ae68a6b5808a3b864f217c8d87b60960

Download Submit
C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
7107e946d94492d8c05f9985717e3ff9

SHA1
26e53f5f5dfb8333e6d739bc78c2534c1043c094

SHA256
df2713909cf6c1228e2ac30f72669318656c45fe824b51d0d791727dd6c486af

SHA512
611a41c942fc7a8d345bc10953e88a9ae07aaebe132d7cd3c2b4fc5497d26aef612c6111e4f913cdfa72c1f3062f62b4c0c0248c72192d3a908aa281a71b063d

Download Submit
C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
70dc73fc46967c8d1ba1a7f0ecf7d243

SHA1
ccd3fb2d8fca84077910ddf982e97729ed3689d0

SHA256
41367c035440c08f0c1713fdb5efb4a95466a8b136c6ae6f53a7323f510b3f7c

SHA512
8dc52644ed50fe768bd75208ce5159b25a929e441db3b030d721bce4100599ee9a45c1fcc19c7f6de5396be57dba7e9761ebb59cd583fb5a7c77bf9bb5873eb5

Download Submit
C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
edffe8195fb02f87aa88312005556974

SHA1
767a0f936220eca4441fe44058459b9a12f824c3

SHA256
00ad4fcd3cabd99b240b44f1b651439330ac4f175671f6b7945f49757cb244df

SHA512
dcb53d7ca217a838e38937dbdc650f2d316c9e2266bc0b4620f1fde7af1288d254b0dd9cf95dada93cc59a77ff0d2e178ac1a89c8b66c53401d64e97306d7964

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bafce9e4c53a0cb85310891b6b21791b

SHA1
5d70027cc137a7cbb38f5801b15fd97b05e89ee2

SHA256
71fb546b5d2210a56e90b448ee10120cd92c518c8f79fb960f01b918f89f2b00

SHA512
c0e4d3eccc0135ac92051539a18f64b8b8628cfe74e5b019d4f8e1dcbb51a9b49c486a1523885fe6be53da7118c013852e753c26a5490538c1e721fd0188836c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a499254d6b5d91f97eb7a86e5f8ca573

SHA1
03dbfebfec8c94a9c06f9b0cd81ebe0a2b8be3d1

SHA256
fb87b758c2b98989df851380293ff6786cb9a5cf2b3a384cec70d9f3eb064499

SHA512
d7adcc76d0470bcd68d7644de3c8d2b6d61df8485979a4752ceea3df4d85bd1c290f72b3d8d5c8d639d5a10afa48d80e457f76b44dd8107ac97eb80fd98c7b0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3f8d6ed6-e835-4ebd-8665-10397a15652b.tmp

Filesize
8KB

MD5
22c66de55ecbc01ef2f718de9c735bb1

SHA1
9d7a15d425f4a8fae599951fadb13beef2628df9

SHA256
6302dccd765fa3b27941c2221dcb7948b2708ab786d6df856c89c6a4300414b5

SHA512
6b25d7500d6c1c64a3fdba0701e9e6f64b0d164918b84424163f43c13d35c3789018e3c614b3ef48e1a6358029391f53b74cc8c8fb5883170669a6c088e81d31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
43KB

MD5
0db12c6458ef9b085cb7a92ba094d277

SHA1
667543ad4cdbd38b6aa66f6cd4e307a1d2b79681

SHA256
90e8d8bb9f421a90d4fe483afa15e446412eea14e53805f03405ed9ae805c41d

SHA512
c20c4b0d41b36d3d7888ce3c663d6175d538e28808e84f52551e7f693deec05761ba9459c5d15bc62e1d495087e8c157fd19e36f1f5a54b19563647157c50c9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
52KB

MD5
09a75971020931e86d31d4ec750a4de9

SHA1
a407798a97691a7d752c836c24b47ee8aedabbb6

SHA256
11cd2777e4901561e0a4b1fc8e80e3a96106ba73f045f2c6bc7a19cb9f54a2e1

SHA512
252866e02bea38f3c22ba4c0a52f743fb1434083cc5d1ce58f24c20c66f3b199c77af9365954ec0c526c5ee8b8d93223c240086430ed2fdc38a74044510e3a42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
143KB

MD5
4c49ce782838509ded6d78a8266d5ece

SHA1
e369584959c28e2a834eb43b57f16bd30b9ca733

SHA256
b385809b6157a63805b29e1684f360c7c6b336666158350f70a0f207c5a632b7

SHA512
8b1c506ef22fdbcc0fde809a3eac6a888355fe7c767f52ace2f93fd1a444829849c5e6f448bb76de26966c1dfc687ca0027ff647488144ece7905edcda33d678

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
20KB

MD5
4a2961dddc7ca6732df1c0646aad5129

SHA1
ff0b7265d2bef3824709ee3000621aca2d2c8724

SHA256
58a974546a65196f726ac5dbc25f1048991e8347bd53e7449102048a5a0dd597

SHA512
82c889adccb748ea06ced5db14b7f3f94b980215d350d7cf5463ad05de53b0421e0bc7fe6d0d3897480b2cbd6f34e0126814f166adb59b7f0a1c9cf960e8a2d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
373582b3984707fe93a57dc8cce56ff4

SHA1
8245a935dfa3f9155ea22b7fb11cdee266359647

SHA256
64e7371ff97426f9198bffc0710d9790a7b6f2428080bd36519289a038f87fd1

SHA512
f58c30dc2c05c7fc12cba0ab39c7dc4e651046cb88fb13c4c355071f9b1d35b50dd5eb5d3c35897d84f69b42dd772f7c37994babaa4182884e7d1bf2f1cda34b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d27513ede5ee9fa4312ee3443dab7707

SHA1
321cf5302faa14fc28d45990837243c50dc39579

SHA256
f2bfc845aeb9b9f2ff9a6dbcbfd0edb654a9e5b87c4cb0922ff621b07da71561

SHA512
b1f912a4d4be932ab1b261b7d34e5cdbaf673fe2209bd3689d85dfa939a4a48c41c7c7bbfe8d770421cd0b49bd9b3ee5ee1271fe8ffa56db1c8cdad018854a9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
59c23449d94af9ba6edc883a371f0b75

SHA1
eda277cfc21bcbffb4b0e500eb840c0fd1309ae4

SHA256
22f1830b04ad994fd6a0bfa573c9c66cf4715946311b93df9108fc42e77fd071

SHA512
72df378fe90b2ac27038a3034db0957c6668057930f0e9ba6cf29be4902d7b668d1f33b478e4db9e2af92c4661c755b57e149bc859647a9a7d78332ccce74fd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9eac0e42eccbb232a32e3fb19aed603f

SHA1
145688955ac99cce5f821d0804b5c46efd51ad0f

SHA256
cc946165a01616153a0b081fc6c88a303e8c3853071c2aa43ffd830cda482287

SHA512
b70bca6a1b70837679a992f31c41bbba03e55e2f9f28ba6912b649f5b7917ab457472560cf62223aa700805256d0995ae967566af855e57b57027af83a71882b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ff343a064319aea6f5602d6387fac634

SHA1
c0d298f75ed5dfcc83c7c38d8bee2ea57a082705

SHA256
07ad9b69a4f0f25102963f7a73755de3d5611172a5f16fecca6f7197d75515aa

SHA512
8cfc752bede1f28ebb726827855222ff5f997a2c2bcf7d4d861987e79e3eae865de2bb61d9ab2debf1bddb271e3b0ce193707186af3c8fd1f187713ed92ea5e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e4a0d6ec773518cc3af7366ca8bcf49a

SHA1
0aff02e1f00c5d26dce6f34e9e8a7bf3161cc8e1

SHA256
459375c46c8894216f8ded47763fdbeb778ec26ae5a22f0f4484d68477764d5d

SHA512
62e8e8ff1e5192cb92d4954585a6a3d31c46c8aca8085e27610a044188cd698d2fd1ad7e458ce56c5f7c6e7ffe981c5f6ced9bd5c14a8242e258eb2dd4b6b359

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
4aaa1d605f524f2f6482d26f17cf1aaa

SHA1
0a21426ebe106abbd2755a5c7f7ee37ecd4965b0

SHA256
f4f4108864b434903310b75dfddda956843f3a5f90c0ca0b47313906c19fd325

SHA512
581eacb5c5756861bb6427baca8e7597fbcf84bb2dc4c1f7a73fded918b7f505a6d2362f3022593e79f8824d0f87388b88266f5133b282dd2aecb23604013422

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
88a5ffd50875aa59271207cce0915cab

SHA1
28b98a24965b68adbb6f51e9572e6b579a584a06

SHA256
94c694653ad6913e97fd981ad3ada3e1d0da8c77fc34566ca03153eb78609bd5

SHA512
5d01ae9b3af6165118aec5447e04b6ee6ac89ad5630818dbe9bc7d8a0bd074931faa3e56208b47ce4df2ade4b2925350227ad4903718bb4fc2a829980daae8e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
67c399134f9c7d3b4aa294fcda4d2da4

SHA1
d107b9f417a202939c357e892d17e365a303e47b

SHA256
6a27ccd0e9d72a86cc3d4e56d6cf622b2965d161dd443d405088db790602d80c

SHA512
0ee5b5edfe5638c278654e5cdf4224098bdf3fcab1bf4bdd96e4fc63c9fe998ac6e3c06db5db5bd2f6a577012507646072b12438201d308512b98e8003a39c2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
9fcd4a0fd64848dbc33431a6001054a2

SHA1
569cdf39ffa064b03b3d0338974b526429f2779f

SHA256
955cf781cca669da774f2708ccc872d77be20906b7a2cf0bb801ffe9f81e359d

SHA512
823a42dcbff759190c24663737cdd9b15056445b7a8ed5a300e39c0bcb63042e2ff2bf9ded22bbdd2547cd59f5303aa4ef8be28878a5923d23bf55ebaf92f65d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
428fb31d628e922fb47a52380b1b6436

SHA1
f4e5f565f423c0ac4171bd3a93d963b46e5908cd

SHA256
ab9a47a3501468af21188325670bd53b2103e87999ea69e80aff0f31db2161ab

SHA512
610423310e6a55ab18eac820b7707c86ed7e99e45a27a58ad78c551498eb6c80da7ce33ccf479d3882d8d05c9bcdf52a0b83fbdf2f4e1d044efbb127252f86fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580bf2.TMP

Filesize
204B

MD5
eac8a029e2efd9e342de495dbaac8ac0

SHA1
4ec2736ff5654683922962cb285d44bd2a3a27a1

SHA256
ea975a378542ffb00e8e14e725813184fffefa2537e1d708da71bb16631c57ab

SHA512
7669d3b136e1f3dbd0f34375ba699e1ae9a6d1594e569c8b288d6fa5eb68ac9b1a513e16eed4fb162aab8330402de5e33c75c56e6c66e860185203bc6faa7800

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
fab3a4d692659a7de74164303fc61d0a

SHA1
066bc403a80c0eb6e4b28779aa728eac3f6323a3

SHA256
aca07d951862cbb2901cd3fbdc7e28bb9af7ee9a1973414141420e5c0419d83a

SHA512
cc361b846421a785764c2b6570e3e8a5fb2e32ae31cfc7e7ccee4616f21780137150e17dd6209f2f07e2fe60b3db577ed76595428edc613c3bc79d56cfdb5452

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
023722ea63b56ccb11341ba2787db652

SHA1
21ea42ae465e327f8d2a89fd98e47138d4747fa6

SHA256
fe87c877c147f40d9ea5ee4b4d7d0d11b104e9c59e82a531df48e62b5582ccc3

SHA512
6c55a5e59825418a4a76c3ece9f9d0dace4132a705e32cd06bb317e1f9abf19dca759f66b441befbba2cf3b918bc9a775b47af108f4cc15bd992aa09fd3eca27

Download Submit
C:\Users\Admin\Downloads\Wurst-Client-v7.44-MC1.21.jar

Filesize
1.6MB

MD5
f539441cd4d174dc5596ca7b166a7cbe

SHA1
651e0cdcd97c082860317f4a4622de6fdb688574

SHA256
b3abb69468bde2808e414451e6e8fac83b64cf6e327d067750098339c1cc8547

SHA512
4ab969648fe4e44ff386d480c3beab550ef1835ba0cb00a14bbcca2ed1ee978e26dd34226503d74b80092cb4e9b9c8d462771daf6ab0858916bba4e5d83606e7

Download Submit
memory/628-672-0x000001CFDB6E0000-0x000001CFDB6E1000-memory.dmp

Filesize
4KB

Download
memory/1116-643-0x000001F6579C0000-0x000001F6579C1000-memory.dmp

Filesize
4KB

Download
memory/1684-584-0x000001FE165E0000-0x000001FE165E1000-memory.dmp

Filesize
4KB

Download
memory/2416-717-0x00000249383D0000-0x00000249383D1000-memory.dmp

Filesize
4KB

Download
memory/4512-684-0x000001B1E4070000-0x000001B1E4071000-memory.dmp

Filesize
4KB

Download
memory/4772-631-0x00000198634F0000-0x00000198634F1000-memory.dmp

Filesize
4KB

Download
memory/5508-563-0x000001D8699E0000-0x000001D8699E1000-memory.dmp

Filesize
4KB

Download
memory/5616-705-0x000001EB6BAF0000-0x000001EB6BAF1000-memory.dmp

Filesize
4KB

Download
memory/5680-660-0x000001B0BE7E0000-0x000001B0BE7E1000-memory.dmp

Filesize
4KB

Download
memory/5712-621-0x000001C276860000-0x000001C276861000-memory.dmp

Filesize
4KB

Download
memory/6028-562-0x000002E1E5400000-0x000002E1E5401000-memory.dmp

Filesize
4KB

Download