hxxp://henrikformemphis[.]com

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23/07/2024, 23:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://henrikformemphis.com

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation	BluescreenSimulator.exe

Executes dropped EXE 1 IoCs

pid	Process
5432	BluescreenSimulator.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-464762018-485119342-1613148473-1000\{60239253-4556-4DD6-8625-4EB4FA6EBFA7}	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 268312.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2284	msedge.exe
2284	msedge.exe
4652	msedge.exe
4652	msedge.exe
3972	identity_helper.exe
3972	identity_helper.exe
5200	msedge.exe
5200	msedge.exe
776	msedge.exe
776	msedge.exe
5172	msedge.exe
5172	msedge.exe
5172	msedge.exe
5172	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5432	BluescreenSimulator.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4652 wrote to memory of 1636	4652	msedge.exe	87
PID 4652 wrote to memory of 1636	4652	msedge.exe	87
PID 4652 wrote to memory of 1128	4652	msedge.exe	88
PID 4652 wrote to memory of 1128	4652	msedge.exe	88
PID 4652 wrote to memory of 1128	4652	msedge.exe	88
PID 4652 wrote to memory of 1128	4652	msedge.exe	88
PID 4652 wrote to memory of 1128	4652	msedge.exe	88
PID 4652 wrote to memory of 1128	4652	msedge.exe	88
PID 4652 wrote to memory of 1128	4652	msedge.exe	88
PID 4652 wrote to memory of 1128	4652	msedge.exe	88
PID 4652 wrote to memory of 1128	4652	msedge.exe	88
PID 4652 wrote to memory of 1128	4652	msedge.exe	88
PID 4652 wrote to memory of 1128	4652	msedge.exe	88
PID 4652 wrote to memory of 1128	4652	msedge.exe	88
PID 4652 wrote to memory of 1128	4652	msedge.exe	88
PID 4652 wrote to memory of 1128	4652	msedge.exe	88
PID 4652 wrote to memory of 1128	4652	msedge.exe	88
PID 4652 wrote to memory of 1128	4652	msedge.exe	88
PID 4652 wrote to memory of 1128	4652	msedge.exe	88
PID 4652 wrote to memory of 1128	4652	msedge.exe	88
PID 4652 wrote to memory of 1128	4652	msedge.exe	88
PID 4652 wrote to memory of 1128	4652	msedge.exe	88
PID 4652 wrote to memory of 1128	4652	msedge.exe	88
PID 4652 wrote to memory of 1128	4652	msedge.exe	88
PID 4652 wrote to memory of 1128	4652	msedge.exe	88
PID 4652 wrote to memory of 1128	4652	msedge.exe	88
PID 4652 wrote to memory of 1128	4652	msedge.exe	88
PID 4652 wrote to memory of 1128	4652	msedge.exe	88
PID 4652 wrote to memory of 1128	4652	msedge.exe	88
PID 4652 wrote to memory of 1128	4652	msedge.exe	88
PID 4652 wrote to memory of 1128	4652	msedge.exe	88
PID 4652 wrote to memory of 1128	4652	msedge.exe	88
PID 4652 wrote to memory of 1128	4652	msedge.exe	88
PID 4652 wrote to memory of 1128	4652	msedge.exe	88
PID 4652 wrote to memory of 1128	4652	msedge.exe	88
PID 4652 wrote to memory of 1128	4652	msedge.exe	88
PID 4652 wrote to memory of 1128	4652	msedge.exe	88
PID 4652 wrote to memory of 1128	4652	msedge.exe	88
PID 4652 wrote to memory of 1128	4652	msedge.exe	88
PID 4652 wrote to memory of 1128	4652	msedge.exe	88
PID 4652 wrote to memory of 1128	4652	msedge.exe	88
PID 4652 wrote to memory of 1128	4652	msedge.exe	88
PID 4652 wrote to memory of 2284	4652	msedge.exe	89
PID 4652 wrote to memory of 2284	4652	msedge.exe	89
PID 4652 wrote to memory of 920	4652	msedge.exe	90
PID 4652 wrote to memory of 920	4652	msedge.exe	90
PID 4652 wrote to memory of 920	4652	msedge.exe	90
PID 4652 wrote to memory of 920	4652	msedge.exe	90
PID 4652 wrote to memory of 920	4652	msedge.exe	90
PID 4652 wrote to memory of 920	4652	msedge.exe	90
PID 4652 wrote to memory of 920	4652	msedge.exe	90
PID 4652 wrote to memory of 920	4652	msedge.exe	90
PID 4652 wrote to memory of 920	4652	msedge.exe	90
PID 4652 wrote to memory of 920	4652	msedge.exe	90
PID 4652 wrote to memory of 920	4652	msedge.exe	90
PID 4652 wrote to memory of 920	4652	msedge.exe	90
PID 4652 wrote to memory of 920	4652	msedge.exe	90
PID 4652 wrote to memory of 920	4652	msedge.exe	90
PID 4652 wrote to memory of 920	4652	msedge.exe	90
PID 4652 wrote to memory of 920	4652	msedge.exe	90
PID 4652 wrote to memory of 920	4652	msedge.exe	90
PID 4652 wrote to memory of 920	4652	msedge.exe	90
PID 4652 wrote to memory of 920	4652	msedge.exe	90
PID 4652 wrote to memory of 920	4652	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://henrikformemphis.com
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa942846f8,0x7ffa94284708,0x7ffa94284718
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,17314084150374939979,9800417475425861387,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,17314084150374939979,9800417475425861387,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,17314084150374939979,9800417475425861387,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17314084150374939979,9800417475425861387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17314084150374939979,9800417475425861387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17314084150374939979,9800417475425861387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,17314084150374939979,9800417475425861387,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 /prefetch:8
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,17314084150374939979,9800417475425861387,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17314084150374939979,9800417475425861387,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:1240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17314084150374939979,9800417475425861387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17314084150374939979,9800417475425861387,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17314084150374939979,9800417475425861387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17314084150374939979,9800417475425861387,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17314084150374939979,9800417475425861387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:5636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17314084150374939979,9800417475425861387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1
  2⤵
  PID:5792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17314084150374939979,9800417475425861387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:6044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2112,17314084150374939979,9800417475425861387,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6064 /prefetch:8
  2⤵
  PID:1240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2112,17314084150374939979,9800417475425861387,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6116 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17314084150374939979,9800417475425861387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17314084150374939979,9800417475425861387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17314084150374939979,9800417475425861387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17314084150374939979,9800417475425861387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17314084150374939979,9800417475425861387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2780 /prefetch:1
  2⤵
  PID:5312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17314084150374939979,9800417475425861387,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1
  2⤵
  PID:5292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17314084150374939979,9800417475425861387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:6056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17314084150374939979,9800417475425861387,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
  2⤵
  PID:6052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17314084150374939979,9800417475425861387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17314084150374939979,9800417475425861387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
  2⤵
  PID:636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,17314084150374939979,9800417475425861387,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4816 /prefetch:8
  2⤵
  PID:5596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17314084150374939979,9800417475425861387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2112,17314084150374939979,9800417475425861387,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7056 /prefetch:8
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2112,17314084150374939979,9800417475425861387,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6908 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:776
- C:\Users\Admin\Downloads\BluescreenSimulator.exe
  "C:\Users\Admin\Downloads\BluescreenSimulator.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5432
- - C:\Windows\system32\iexpress.exe
    "C:\Windows\system32\iexpress.exe" /N C:\Users\Admin\AppData\Local\Temp\\optionfile.SED
    3⤵
    PID:6032
  - - C:\Windows\system32\makecab.exe
      C:\Windows\system32\makecab.exe /f "C:\Users\Admin\Downloads\\~ro4bu1qo.2xd.DDF"
      4⤵
      PID:5828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,17314084150374939979,9800417475425861387,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4956 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5172

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3688

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3516

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f4 0x150
1⤵
PID:5656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
04b60a51907d399f3685e03094b603cb

SHA1
228d18888782f4e66ca207c1a073560e0a4cc6e7

SHA256
87a9d9f1bd99313295b2ce703580b9d37c3a68b9b33026fdda4c2530f562e6a3

SHA512
2a8e3da94eaf0a6c4a2f29da6fec2796ba6a13cad6425bb650349a60eb3204643fc2fd1ab425f0251610cb9cce65e7dba459388b4e00c12ba3434a1798855c91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9622e603d436ca747f3a4407a6ca952e

SHA1
297d9aed5337a8a7290ea436b61458c372b1d497

SHA256
ace0e47e358fba0831b508cd23949a503ae0e6a5c857859e720d1b6479ff2261

SHA512
f774c5c44f0fcdfb45847626f6808076dccabfbcb8a37d00329ec792e2901dc59636ef15c95d84d0080272571542d43b473ce11c2209ac251bee13bd611b200a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
67KB

MD5
1d9097f6fd8365c7ed19f621246587eb

SHA1
937676f80fd908adc63adb3deb7d0bf4b64ad30e

SHA256
a9dc0d556e1592de2aeef8eed47d099481cfb7f37ea3bf1736df764704f39ddf

SHA512
251bf8a2baf71cde89873b26ee77fe89586daf2a2a913bd8383b1b4eca391fdd28aea6396de3fdff029c6d188bf9bb5f169954e5445da2933664e70acd79f4e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
41KB

MD5
91be4e2bf6957e5b01200b15f83b9af1

SHA1
cb9b994eb27a6e41885e4b3dedc78fa1ea9324a9

SHA256
9951e1f58567cad50199fa9e5a1b380e3f0784da276fb2d5f859110d5832dd93

SHA512
c633e932eae25c5858ac035be15f99d273183306bdc1e296e9f0154219ec2da76126158c4a2e5f2af2d27473f6077f03f518d2edd0f1981f321079953f876c5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
1.2MB

MD5
931d16be2adb03f2d5df4d249405d6e6

SHA1
7b7076fb55367b6c0b34667b54540aa722e2f55f

SHA256
b6aa0f7290e59637a70586303507208aca637b63f77b5ce1795dfe9b6a248ff3

SHA512
41d44eafc7ade079fc52553bc792dace0c3ed6ee0c30430b876b159868010b8676c5302790d49bed75fa7daa158d4285e236a4be3d13f51ff244c68ca6a479ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
ecf4ed85410caedcdfd1e6fb52dcbb7a

SHA1
ad67d5eac9ef5540ee4902bca2eb04db5575e4fe

SHA256
0eca07f17ee0c588b426cb7d79eb621234c3e3b9e1e206369b67d1a1821f0923

SHA512
49ad245c063ee068c8d859ab112a81c659394553545e43dac880913807ebbc0d768845e2dd96a189bf385b1142a893b6cee026f6b518d4f9afd4e16235036f62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
865B

MD5
1e6745de21a247f6093355fb6707a18b

SHA1
f74cd33584723b0f1f1f9cdf72bca35c51aa612d

SHA256
3b13067afa136cbdbf99838425b0ca1bf115cdf70c8c9cd0df3b2da378a6cc34

SHA512
2d7489144492a0deb785de1e459158f6db2a93bc221e4b0e7593a1bdacb55f9b34d0ad470f4e1c8a6758368dbd3d512ee66aa1f7ba22ed5c42605252fe779f4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b0ff2c439acd56d86847e524927a3ad8

SHA1
7edb1f3b653199e6538a4fe956323176abab81ea

SHA256
c827b8baafb8d3346fcbc6fc5f2dadaaac7887b52cbe6a33a989e1a56e749048

SHA512
906a4a31aa0b99014f86f6b3ac4e234ddbaa9caeb11bd77e1c39810e6d6a81d1c07112ccada43ee0316e5275f222508d8eb3d3889214f251f32b34ec4c289f17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a665185fa1aa57f6ca9771f75ca67912

SHA1
3f671471f8286fb1233b67c5aa72458d39f48f96

SHA256
1a26fd6a45f82f3a03d3f06f85085c5d108ed63b5efc72c4bcb33e57aad6d83a

SHA512
9611827e1c08f9445faed82706e79809d03668f1e3c11e353d1de990ff5aaf04b7fe7d1a6a4091a1211a8823e13ef71480958388e6f6ed0d196455262890dc48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9752ec8ed15e39ce03abfe3bf6852395

SHA1
4d13306bb3d1670cfc1889fe2e3f3f34e8cf2fd4

SHA256
e418aee3e2786e715f60fe5fb417df5afa5825a594e2dd917bf4dfb637ae51d4

SHA512
51c27b75400dba33147b5f5dd8929f011143689c01bc58f9b190a3f8f76d06d0a88b714ec8b357792c5b52fd9c3708cf9c96ddd1d3121068d548bf197b62c461

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6c3dbe5e141cb3486d0f45b119d1bf15

SHA1
1c7dd3cc74dba3899839c28b00a0cde6895a6911

SHA256
525b3057b3a46b81b09fb765f8de31e67bd0d86d59690971832b4fe97d813b6c

SHA512
f1a75c68e45883226c05d8e2f4b6659633f5bf22ce355a6e89f36096d21cd6a96240a9dd5fb1eb0d2ee966c9f9be1cec3b05e1c7933d9cc3e29b488f8a01c4ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f9f6b85766b16f78c48479bbc9b3bbc2

SHA1
02538a0daff59336dd259cd6ec2cda196fbed483

SHA256
d41bc822de79ce5f6414411a7d2c3598364dbd4919b46c664dd149b1afc3dcd0

SHA512
f2acdf2226690acd17a2d1e100e0e28f4d9b1c2d036fb801f9853648d6e5105be58d0b0a9257a3e171a5c05fab71c14ed185f09c2ed5482a4a0ac0694103e2e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8c38f26dca53ec1786fcf70dfe34c538

SHA1
bd688ba634a1c68d34b00314ed7753036ab413d9

SHA256
c6494afbf9ae1580000ab2ff92156fc9b80eead6e2f4f3e5eb57f29c04d2d26f

SHA512
495ce19cb224ac9609d26f1f09ad74886c9098b677f9f52481dbcf50bed490e89c3e3258e37ac8e761b4890bdbda1effc28cd9869a0d2681da8c29f652e12c34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
f2d9463f19c63bf78634b962db486f6a

SHA1
d2dd20c9a9929feffdcad225528f9e865c605934

SHA256
17bd509332d48977b62ca2fada84888272e1020cf06ac93f86f026c0251ae173

SHA512
d7fbdb6af1d21ca4598ac651ac51cda0584d5d80d3289bb254e5ac58e997ce0f87f876652baa3db7335c86c96e7e262db8140c3548afef14cce794ce8e396dfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3349f014fcaa323ae7b6451beeaa276e

SHA1
b326f58eb633feb64992d7a7106686e4d345e962

SHA256
44a346f6e325186499398cd474119836172893c5b9e4c779f8d5265b3dda8d9b

SHA512
e919fdab80387b42f6db56d23e7a3c01e5a9306f79b162a7625bfe4530f6d879d96bfab021f3213efa055b5f241fc8e97e656a42315f0ba8dc15fc08cf3b4c85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
23114d2ba3a4b119f1b2ba660d6ffc2c

SHA1
0f1a1ef4dbaf64774e97149bb0373710d253af9e

SHA256
a28f56d68aaef65a5a303a6cb068e76b072e6886a84c4de78d5d8eca8f21e963

SHA512
a9bccae0c6d64c79366441e39f7f6f78a7ab85636fc358c028ed0ee46edde014836c99a9616e1e903725514a5d827279ce1e1d97a09adc89829261f43eb0dcd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9bf9e58557d47ada1dce0c80c660dba5

SHA1
23a86abfb023f50549ed7a084318861d4786fb60

SHA256
90ec54c32e17ec4e1fbfeda2ab94b984d2eb7d35f1dfb2c9f3354063d9408686

SHA512
9a5d9c258997cce579b6f52358d83b858b0c5f3b14733ccf08b960c4644cf8fc5ea38633bbdf2243344c8f6d6e1bcfc42cd5b99ae01c098d1bc0ca4b5f080d8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7e8799c08b990f0c9d71cb40532df1be

SHA1
b49f41fd15e102f87a93b844361ace301f28d3a1

SHA256
f3e0cfc262d8bd6f7893b22665cdcbf5959dcf896a952953751d91d1725868e4

SHA512
bd2c8716b1fedc54eb0c380a597290fe3608778c0cb516c8d39b1f3848f926f4fc4273e847ce2388b25852f772359be1ae23de5aedeee6cf76d48db21b1b0ca9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
ff83730ccb1ca01b0a117f7634743df9

SHA1
2ce8d271519e7c352525b640ee18ebc02daa4e42

SHA256
8bfe5ad23e30682496952cd3741ccbdda102816ab4337b7da96eda6cf571b1c8

SHA512
6412f579ef9831b0c8bf72cb372498590db27656cc021bdf4a51d16255ce7ce99e9cd5d15661b8cddf2f1a19942fe162b587cfc226648201ade035282eff9643

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
f5a4f921dcbc97fe0457eddbca6f4aa2

SHA1
0c429a05641ecebc05850421c7de49e258262e19

SHA256
5cc945dc329b9b4e3b7ca14e2d4bfe24afe023cde064f56b6f0ee81db89a733c

SHA512
3f11167200cd82f241325a402321b92887760cf590a16fa109b1cc78ca08c3f7d2d5a127eaabbd7694ec4ddc5aefb066e9d4a3378228dce3da97aaa19a1b9c90

Download Submit
C:\Users\Admin\AppData\Local\Temp\optionfile.SED

Filesize
841B

MD5
ff856e929b86f79affb8c17fc9fef6e9

SHA1
44d7f067f0908b3e4dd282df60850335029763ba

SHA256
3672a2efdf4bf672d11f8f4382fdf36e540b4a1ba3dba30b1dc6ad783bc031b7

SHA512
a9c12ed96a38e0657cc2a30aa066c6c6e23b31d969ce273071e488fcae1c23f0964823a5f5dacd6bf09669b07b88a35220d4cf8a619cce73d48c1227178b286b

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 268312.crdownload

Filesize
436KB

MD5
647af7197c5b9aa9d309ea47233d3134

SHA1
6d74bead5bc149ee03960c1fefe6a05779e8064c

SHA256
3a0f137e7b29fb6ec6636104d95588d4155cb188734299b61a87120fadeb6c9b

SHA512
a974c24c624f28a3e84f9189a069a0d89d412fbfde4e68f7494bf7c9ee1b610c21182a854a16f9fefed17be3488c6743083afd57e9c3fe790deaf7cee8aef09d

Download Submit
C:\Users\Admin\Downloads\command

Filesize
59B

MD5
090979a67c9a695258990e2cca2e7e55

SHA1
80f91893f8af71bd1e167d75b16c6e18f3a55aed

SHA256
a2e6def92b340f52e453a440bb56f504a51b8b87798a84d939850e05b2e3c99e

SHA512
52e487773b3825acec7fb95b615908742ecd3bc74186e88311f76c9603789137ed6096b89d2710cc97bb8591d1bffe6391eef47d37d3069c7a8316b6fb52dd6d

Download Submit
C:\Users\Admin\Downloads\~ro4bu1qo.2xd.CAB

Filesize
91KB

MD5
bc27deab6508ed33b12581809d192ed7

SHA1
e1fcbe869890e18146905a17e400bf4d60be3315

SHA256
ce7ebfd5695946c37194f2318186c89ec48f7e07f3fc3026cbab4425d52bf544

SHA512
64a391a06b45c7e12f9d05e9c3c70a745e0c902a627661e727197902e15a60997719237d5fb6ba1ffab034d5465a21cbbad90f0e8f10d325441ecf948dad93f5

Download Submit
C:\Users\Admin\Downloads\~ro4bu1qo.2xd.DDF

Filesize
862B

MD5
01b6e9794b7a72f5ba94b59aefa8f580

SHA1
2338f685e28295d49ea7c203e120de0b126e684c

SHA256
f8b54a71721f6063e7caf62aa735c46f04727317dcb79f5be57701075257607b

SHA512
9ce70dba88317f2356c99e89957f87eaafa1d7b512845882d3060d955e155be66bdb987187575e0f267cfe835760c87a53f27381e794d006cd6fb9c9ebb8a94a

Download Submit
C:\Users\Admin\Downloads\~ro4bu1qo.2xd.RPT

Filesize
283B

MD5
77ee4e1c790d3db68edf08c3f5f06291

SHA1
187ad3781f6dcf46e64a75e89e8c9568dcd53059

SHA256
71acffbf7e26dcc6464e0f99ce9c6524803c8d831f360df6a7bfcc56fecd1872

SHA512
46393e91951209e75b1867c125d88e01f2ad8c603afb99e12e13591a427e74b6638420e6016fd1677b68290d8f5f1304423c7295fe3a21e799a8d789e7715414

Download Submit
C:\Users\Admin\Downloads\~ro4bu1qo.2xd_LAYOUT.INF

Filesize
1017B

MD5
6b0e22e610d897f652b595b2c4cb5407

SHA1
f3f2decb512c9a3c96af662e3ad7a24d4e80e901

SHA256
611bdee3b08eb0b338085b98b43285c657872533216d60c558c6bae09e963626

SHA512
2fbf6ff0558220c44645432fcf225d00b31f93e64b4515c6495133f7b63af607887b8681853dcf15ebcbc845990b1f9cba50375c06c6cc57cdba78a554cab371

Download Submit
memory/5432-835-0x00000140AF060000-0x00000140AF06E000-memory.dmp

Filesize
56KB

Download
memory/5432-834-0x00000140CA810000-0x00000140CA848000-memory.dmp

Filesize
224KB

Download
memory/5432-833-0x00000140AEF00000-0x00000140AEF08000-memory.dmp

Filesize
32KB

Download
memory/5432-832-0x00000140C7990000-0x00000140C7A06000-memory.dmp

Filesize
472KB

Download
memory/5432-822-0x00000140AD040000-0x00000140AD0B2000-memory.dmp

Filesize
456KB

Download