hxxps://www[.]google[.]com/

Analysis

max time kernel
185s
max time network
190s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/09/2024, 20:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.google.com/

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
126	raw.githubusercontent.com
127	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2392887640-1187051047-2909758433-1000\{BE2B7240-1696-4743-B2EB-E5D499BD66B0}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 253515.crdownload:SmartScreen	msedge.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4968	vlc.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
3524	msedge.exe
3524	msedge.exe
2996	msedge.exe
2996	msedge.exe
4956	identity_helper.exe
4956	identity_helper.exe
3632	msedge.exe
3632	msedge.exe
1860	msedge.exe
1860	msedge.exe
2712	msedge.exe
2712	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2828	msedge.exe
2840	msedge.exe
2840	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
2096	OpenWith.exe
4968	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe

Suspicious use of FindShellTrayWindow 55 IoCs

pid	Process
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
4968	vlc.exe
4968	vlc.exe
4968	vlc.exe
4968	vlc.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
4968	vlc.exe
4968	vlc.exe
4968	vlc.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2096	OpenWith.exe
2096	OpenWith.exe
2096	OpenWith.exe
2096	OpenWith.exe
2096	OpenWith.exe
4968	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2996 wrote to memory of 2728	2996	msedge.exe	86
PID 2996 wrote to memory of 2728	2996	msedge.exe	86
PID 2996 wrote to memory of 3348	2996	msedge.exe	87
PID 2996 wrote to memory of 3348	2996	msedge.exe	87
PID 2996 wrote to memory of 3348	2996	msedge.exe	87
PID 2996 wrote to memory of 3348	2996	msedge.exe	87
PID 2996 wrote to memory of 3348	2996	msedge.exe	87
PID 2996 wrote to memory of 3348	2996	msedge.exe	87
PID 2996 wrote to memory of 3348	2996	msedge.exe	87
PID 2996 wrote to memory of 3348	2996	msedge.exe	87
PID 2996 wrote to memory of 3348	2996	msedge.exe	87
PID 2996 wrote to memory of 3348	2996	msedge.exe	87
PID 2996 wrote to memory of 3348	2996	msedge.exe	87
PID 2996 wrote to memory of 3348	2996	msedge.exe	87
PID 2996 wrote to memory of 3348	2996	msedge.exe	87
PID 2996 wrote to memory of 3348	2996	msedge.exe	87
PID 2996 wrote to memory of 3348	2996	msedge.exe	87
PID 2996 wrote to memory of 3348	2996	msedge.exe	87
PID 2996 wrote to memory of 3348	2996	msedge.exe	87
PID 2996 wrote to memory of 3348	2996	msedge.exe	87
PID 2996 wrote to memory of 3348	2996	msedge.exe	87
PID 2996 wrote to memory of 3348	2996	msedge.exe	87
PID 2996 wrote to memory of 3348	2996	msedge.exe	87
PID 2996 wrote to memory of 3348	2996	msedge.exe	87
PID 2996 wrote to memory of 3348	2996	msedge.exe	87
PID 2996 wrote to memory of 3348	2996	msedge.exe	87
PID 2996 wrote to memory of 3348	2996	msedge.exe	87
PID 2996 wrote to memory of 3348	2996	msedge.exe	87
PID 2996 wrote to memory of 3348	2996	msedge.exe	87
PID 2996 wrote to memory of 3348	2996	msedge.exe	87
PID 2996 wrote to memory of 3348	2996	msedge.exe	87
PID 2996 wrote to memory of 3348	2996	msedge.exe	87
PID 2996 wrote to memory of 3348	2996	msedge.exe	87
PID 2996 wrote to memory of 3348	2996	msedge.exe	87
PID 2996 wrote to memory of 3348	2996	msedge.exe	87
PID 2996 wrote to memory of 3348	2996	msedge.exe	87
PID 2996 wrote to memory of 3348	2996	msedge.exe	87
PID 2996 wrote to memory of 3348	2996	msedge.exe	87
PID 2996 wrote to memory of 3348	2996	msedge.exe	87
PID 2996 wrote to memory of 3348	2996	msedge.exe	87
PID 2996 wrote to memory of 3348	2996	msedge.exe	87
PID 2996 wrote to memory of 3348	2996	msedge.exe	87
PID 2996 wrote to memory of 3524	2996	msedge.exe	88
PID 2996 wrote to memory of 3524	2996	msedge.exe	88
PID 2996 wrote to memory of 1332	2996	msedge.exe	89
PID 2996 wrote to memory of 1332	2996	msedge.exe	89
PID 2996 wrote to memory of 1332	2996	msedge.exe	89
PID 2996 wrote to memory of 1332	2996	msedge.exe	89
PID 2996 wrote to memory of 1332	2996	msedge.exe	89
PID 2996 wrote to memory of 1332	2996	msedge.exe	89
PID 2996 wrote to memory of 1332	2996	msedge.exe	89
PID 2996 wrote to memory of 1332	2996	msedge.exe	89
PID 2996 wrote to memory of 1332	2996	msedge.exe	89
PID 2996 wrote to memory of 1332	2996	msedge.exe	89
PID 2996 wrote to memory of 1332	2996	msedge.exe	89
PID 2996 wrote to memory of 1332	2996	msedge.exe	89
PID 2996 wrote to memory of 1332	2996	msedge.exe	89
PID 2996 wrote to memory of 1332	2996	msedge.exe	89
PID 2996 wrote to memory of 1332	2996	msedge.exe	89
PID 2996 wrote to memory of 1332	2996	msedge.exe	89
PID 2996 wrote to memory of 1332	2996	msedge.exe	89
PID 2996 wrote to memory of 1332	2996	msedge.exe	89
PID 2996 wrote to memory of 1332	2996	msedge.exe	89
PID 2996 wrote to memory of 1332	2996	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc538f46f8,0x7ffc538f4708,0x7ffc538f4718
  2⤵
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,13630093074107326707,16143612962972866343,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,13630093074107326707,16143612962972866343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,13630093074107326707,16143612962972866343,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13630093074107326707,16143612962972866343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:1120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13630093074107326707,16143612962972866343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13630093074107326707,16143612962972866343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,13630093074107326707,16143612962972866343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:8
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,13630093074107326707,16143612962972866343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13630093074107326707,16143612962972866343,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13630093074107326707,16143612962972866343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13630093074107326707,16143612962972866343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2144,13630093074107326707,16143612962972866343,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2144,13630093074107326707,16143612962972866343,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5380 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13630093074107326707,16143612962972866343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13630093074107326707,16143612962972866343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13630093074107326707,16143612962972866343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13630093074107326707,16143612962972866343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
  2⤵
  PID:1232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13630093074107326707,16143612962972866343,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13630093074107326707,16143612962972866343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13630093074107326707,16143612962972866343,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2144,13630093074107326707,16143612962972866343,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6712 /prefetch:8
  2⤵
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13630093074107326707,16143612962972866343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2144,13630093074107326707,16143612962972866343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13630093074107326707,16143612962972866343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13630093074107326707,16143612962972866343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1728 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2144,13630093074107326707,16143612962972866343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6312 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,13630093074107326707,16143612962972866343,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1880 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13630093074107326707,16143612962972866343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13630093074107326707,16143612962972866343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13630093074107326707,16143612962972866343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7076 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2144,13630093074107326707,16143612962972866343,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5784 /prefetch:8
  2⤵
  PID:428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2144,13630093074107326707,16143612962972866343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6280 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2516

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2096
- C:\Program Files\VideoLAN\VLC\vlc.exe
  "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\memz.by.iTzDrK_.rar"
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4968

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
67KB

MD5
929b1f88aa0b766609e4ca5b9770dc24

SHA1
c1f16f77e4f4aecc80dadd25ea15ed10936cc901

SHA256
965eaf004d31e79f7849b404d0b8827323f9fe75b05fe73b1226ccc4deea4074

SHA512
fe8d6b94d537ee9cae30de946886bf7893d3755c37dd1662baf1f61e04f47fa66e070210c990c4a956bde70380b7ce11c05ad39f9cbd3ea55b129bb1f573fa07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
41KB

MD5
58756d99d2376dcfbede6057dd25a745

SHA1
76f81b96664cd8863210bb03cc75012eaae96320

SHA256
f5d0da7b010b28a7fe2c314724a966c44068a8c8fa7e9a495e1284aa501067fa

SHA512
476e35c3da0cf223e773c2d26403c12f8c8d034273cca9e3c4cba9359f8506159c2a5267793c8bd9982b636191ddda62e9119593f5599053894c7027a58acc10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
1.3MB

MD5
af79d4fc626118fef6de11536494fa93

SHA1
fc93dd671ef898efed28b91979d53796dd4d0570

SHA256
f49a2c6412b03ca7b938015269cb915e199f9a46fe64a0a8844124b19b3e3a5e

SHA512
265f2f13b01cb0692ddf93997c51361304c6cecd9955bc19cd49c562cfd81bc92f856b87f0c8164f035c62cb1507154eb2848d4ac82d429fbb35f3bb843ab207

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
43KB

MD5
d9b427d32109a7367b92e57dae471874

SHA1
ce04c8aeb6d89d0961f65b28a6f4a03381fc9c39

SHA256
9b02f8fe6810cacb76fbbcefdb708f590e22b1014dcae2732b43896a7ac060f3

SHA512
dcabc4223745b69039ea6a634b2c5922f0a603e5eeb339f42160adc41c33b74911bb5a3daa169cd01c197aeaca09c5e4a34e759b64f552d15f7a45816105fb07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
74KB

MD5
b07f576446fc2d6b9923828d656cadff

SHA1
35b2a39b66c3de60e7ec273bdf5e71a7c1f4b103

SHA256
d261915939a3b9c6e9b877d3a71a3783ed5504d3492ef3f64e0cb508fee59496

SHA512
7358cbb9ddd472a97240bd43e9cc4f659ff0f24bf7c2b39c608f8d4832da001a95e21764160c8c66efd107c55ff1666a48ecc1ad4a0d72f995c0301325e1b1df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
27KB

MD5
da9335cc11a14227b61d8663d09ec33f

SHA1
8ff0398d03e930beaf80697ff8d28a0e47c0bd50

SHA256
f0b14d3cce2f618df61a2134588d44964ec9b35fbfc7d9388e3facf9e3d41933

SHA512
ea18ce7caa4c59069a1546ce390bee4f9f713fef8bebb6046a43d7344eec3c0944bb9bde2386ccf0b997cebc5dca12fd7243bb1ed4eb9acf30987ef12a9a7716

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
3adb02f258c8ebbfc0067194ec393270

SHA1
fce3cf34e062965690969238f14bc619c2b8bc61

SHA256
1fa3ed62f242a8ad8f17d10da434e6883c70c3b390f25d0dda747e5865c7065f

SHA512
d53666938c21fa3b7043492f772b7d8ad3e269ac3d6360392157865af157d8f9f61fb5480b12300cee1c02e752571560ce577bdbb89cc4daa54f0a80186a5d1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
72d78c7312bc6ee66fe497e4ab975a32

SHA1
f691377730b27f0432275f680f6b44ba62e38306

SHA256
b36b311cc4fa954538e30e441cb8dc4f2813b3d670624a217c77547fcfa66ea1

SHA512
43f78673638aa13789a1b3f89a04a389474b87d89a19908a67af7774c4dd56b500a64d799bca0cbb121d170b066dd5113d168a17aca5dd2b366983219e0bf4ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c48f0377e1af040bc784b6397cbb5b76

SHA1
97671664295a481e97b6686e735c2e495f3a9fa6

SHA256
14bc9f287b735ea71a43bc4280a12fb7b3dce14c53d61d0686b777003463b5b4

SHA512
2f911e9dc748a33f4457b1665d563b137ddf29f28a580857e811afe7d1ef5a2740fc8d6c55ee6f68235e00a4a7f8858b12bcf479ddec0e3be125725d22fe4c69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8630b12f12b19f6bf35042a0e075c58a

SHA1
0843143f35b77354721a9b271b859da46b8af085

SHA256
ff412810cbfc14a3f541e7b7963135321956b95a2c8402924c50d4e9df6d87b3

SHA512
354a9dc2773bc6dd56302a3b64d0bf2f14180094a983bc8df428ecd8aebe56a0c920f27b6ba1af88331c949017b093d57dc474368620c2bd209ca012d765a4fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
479b295d106e076eaa7960925aa6f3bb

SHA1
3fc58a01eb50a55b155166e8c8cff8e575256517

SHA256
cac9b92a53aff12a9b3a25a80b1a3eff2c6cc869d5198e7b6713eb94d432f073

SHA512
a3bbc9d2e5da3d0861ad781ad1bfa0a6f55ef01c8a0172b18d49b64c581dba31ac0cdbb69d078327b1af501863a99cc92216e44af6bed96197356ada5bcc3ff7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e2ab352934dcf8a25ef331619ab71d2f

SHA1
cb7d199db6f4d2ad4ec49dd3427631f393d7e5b0

SHA256
50ad4cd611759be26777c863791e59fa33cbc1013cce772a0606a0985472937a

SHA512
ff0640f92b061cfe0af10d48034a248c9bf7bf3d8d0a04fbeabf9e763d79b8c199c991019fe71c610c5bce3d32c2c7128dee1318b3258519e14f05f5fb84d0a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0453646c95c1df7c4a7d0458f0d3298c

SHA1
b9f10d31647fcaf39b024852d8194589b83ccfdb

SHA256
64716386d02ce47e1818b0b57be85e77398533ea65715c147a5fa59838e9c120

SHA512
9f12d447a9bf14efcbfc0630e886b0b211ffd3209e656f5b5c8ac8f24c3dbf02a23597645ece942d51fe94fbe415acdc04fa38604b18f05a7bae93a27fa6a244

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
098f0216cfa1bfdd1c3282b4a60fcdbc

SHA1
b8f8846ed3bfc50a2ea9d9fb7e735dc4b70fa61e

SHA256
4844535415aa9242c8a224164a1bf8ba539878c0ee2b9a98618f0e00e56779f6

SHA512
b04fe0c10f805f4cdb9c878a15bb0383eedf40eef129d18dc27a774d7d1503bd82ddc347e866cf397b7973ea253499bb0f9778fe73376b779e1e23f3c2d90866

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fa0af87efba003500ff85010c823a499

SHA1
cee8c83f079f78e8e8a403300c39b6c3a4259295

SHA256
e571f18931c807b7d1df9d4e10009c26718c0063071d69e88ee7dd62a4ef3073

SHA512
af4ea00b9bddbe26223330493b4e5ab76fabdcbf053f5abd08b54ce7f57c47bb336d958fb9a9672a1d7cfe2debb59b4b5cb3e093c78504590df4c7adc0236b67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5af8bf84fb0fee7c160e70c5acf1f9c1

SHA1
0462a93ffe3e1736237d4447738c8ce2dea11e4b

SHA256
12d27f8d8fb4d6de0052a75931899af78a0b858f34765f2ac4f2627c664dc284

SHA512
73df36eef8b01e588e9e405a87e2c574b3e2fdddb46722698ba853361f652542a189952aa2f7dbcac994072a4509595767b1a4cef36b8ea5fe4c01cec744a42b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
227f2cd940d4efe6ab277bbdc578f02f

SHA1
8d23f2f26f77c574930580668b4049686987b746

SHA256
081cc4cb2ce6e697a3b18b2788dfc70962e648a1e3df1a65c0ca9da13633ddaa

SHA512
f312df0fd5edc5680b23c653fc7b83865d184d9ea0230f41a498b59f00a16efd4754b841374178cfb63fc282c493e15a2196ced3a0096f95c0433da069179954

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6fb7eb7523d67e71700d1e5cc7785c4d

SHA1
6b7819d9c260245b30907d79cd02e096c3dcb652

SHA256
9498f9cb2ee94644dec2fab5711abf6af8b5c72fffe73d51b293f3e650a6c7a3

SHA512
37a7a23e841cb1e62d84b48c29639a28b6cb38571f7aaddacf23b0537070e417015bcaabf49bf62c2ce5a98257d1a2245310ca95503e0a2e7d44a18b99213f64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7c340b8841aae1ea791aada175a72dd6

SHA1
86ed526c146380988145241d7ca0d38a9eb9a21d

SHA256
26c68c5d192c46bf354adeac453e9f75ab8d13a255c7cc027fabaf2ba59fd004

SHA512
0e8ba4076e46ce5d414b5ebf195b61117b64b6a40a9b38fa3cf35eac7fd8210d3f7e6135eff14fa92c5f7246a4cce938520c5c1bec49523cf72245c433619513

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e5693952b96c33eda00c822e650bafb7

SHA1
c7ed317bc1e249d64409ee2cac2b8776d991e186

SHA256
76e16251ba4739cf7cb4fa6f9afc0739ca074105db7bd104c69c5e2a2caceff2

SHA512
2168cd372bdd08f854120f48121c6f750e564525d2e426d4f36f0bea00b18583901c2a2329876f859767509081e96ed9d6d1e77e91e04fa68dfc5ad52082a699

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7d8ebfe9d0fc5326c3444decbd139a30

SHA1
7779eeb6a5f809ef94dc09de3acc595c9e5dd814

SHA256
d608ecb9e1ef9373e2d4ea3ae0b457586688bdec481718eaaff2a4e96fc010eb

SHA512
5cd050fe116a08077c408ee9f4cb077462e1ba6afec22b1ea0e48728cc6b71b611e7119451dbe54dffeaf04f21c1ac6348dfc9cffd3de3b7ac1594d5b52b387a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f4b62f1bc04fd24425ae123a26cb3509

SHA1
4452324b634e1d72a9a091e09451573416e5b97c

SHA256
7252ac11e4d5c1852785008166944aa429124acf9eca04146428e7a1a5b38c6e

SHA512
dd6816fb319f70b3e8c599d712a59bd24027d0504d6b55ec708d05e0ea882d0c9e24faf268c34034fa18a2be34143d7af0526d7ab51b4eef5928b246291a5b93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
88e153ff46b3f62161e320bedf3f5f5b

SHA1
8a1d9d2ca7461d19e03c2c493535cd19015f5dee

SHA256
b2169b7689f4f9bdded52ac0f108a6716dd7d717a854b7a3079f34f040c0ce2c

SHA512
229a7e085c005a9e2d962e3936a829f9f4cbf8848ebbe61db5fa4758bb7b6b5d5812a1d3d7e9d423ba75b5b6304608ce99178a59b0bf1735018431c9cbdddd60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b5c0bb1e8f5a58fd4c86bc89e224e1c4

SHA1
982ed2478ce3ec6dd44185dab18eba2bad3b109c

SHA256
c363fda6d29b3be7f4924f225314d1f8bb800c1709c041b03d3f921680f1ddd6

SHA512
77b0c7a5fe0175ed8c6a6bcf2da7595cc92c7eefebcbe915c3115fb72033feef22c37a67c4d2256e3fd214f78a12bb9e2106cf3d656c9a1d6b3c1909dcb8e6c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582f68.TMP

Filesize
706B

MD5
c4fb3b65044d1c7eccbc5093e9d6b707

SHA1
6a9c7d6af743fdb95e0fd07dc9ded6d50cca256f

SHA256
b930e788362211e2f333431cb8ab242043894b592280bbc60fb456bcc4919573

SHA512
bea57225d998d23d2475fc22ba91fbba550297c075efda2b8e7503bea5df630ea7aa9115b7037e97567cce65b1c960ad1172edcf9a422693f0d582186f1ad850

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a7401f34897b7950a6e1a87ee97ddf31

SHA1
fe36afc09954dd242aafdd6015d2b893bd527312

SHA256
00674a27db8c0ab21f769a42728c4e769ebbe3e111969770ca4d68954d1f78fb

SHA512
20b815817ad265b784f929aa288505a66dcb331ce37ae1af5ea3b18ff3e204b54123bd7df8664f04c923445e1eff31be4e16f6bc17641484439cb634f167be0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0d3a430f75dad6a42d260c379b20ec24

SHA1
f3449dd47e55652c8aaa5031c53d1875ac3c81f7

SHA256
be866d107cdcdb44cd51f6e93d5bc1c71f32f8cb9ffb5aa254531091aacf5745

SHA512
91c3a6e6240e7c74ca49ce762a67dc6763902bf31dcfb0ee7f40565f8d61325520b279faa2c86b212646466e16ecf30d4ac759ec9cb30ba4c1dc9dc830af0e7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d168752efb7a6e72cfd264219d81caf5

SHA1
758d781970b162cad79d05dbdab2ec83a5922f3a

SHA256
e72ade6c76d242e4e8b5fbae3e268755d3bc067a4518b1f04725cf39a875bf8e

SHA512
8e1437feee4e7f7ac8910e8b1757908b21eea6fdf1b202b1827576b6aff2e462a6cebe4e8612e000eebe909059e9d8305b63a5171cc85d3aa556df9d1ce6e16f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cd78785f7a994f20db3b578fe014bdd1

SHA1
9b40230e97d58b9cf4eb8b9c386b4aa18aba6651

SHA256
fd6a76a4edca5b7f5fecd7a75079b019fcdba752c4b43cdee3dd890fb5be52d3

SHA512
18ab49db12cb1b248869be1ee0bb6d7b80f9eeb17831ef3a3df891c30a300f24c92311b90964b8f2e40badc8b19b44fd1f7ae468f128f15b9d1642ab15530c45

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 253515.crdownload

Filesize
32KB

MD5
eb9324121994e5e41f1738b5af8944b1

SHA1
aa63c521b64602fa9c3a73dadd412fdaf181b690

SHA256
2f1f93ede80502d153e301baf9b7f68e7c7a9344cfa90cfae396aac17e81ce5a

SHA512
7f7a702ddec8d94cb2177b4736d94ec53e575be3dd2d610410cb3154ba9ad2936c98e0e72ed7ab5ebbcbe0329be0d9b20a3bcd84670a6d1c8d7e0a9a3056edd2

Download Submit
C:\Users\Admin\Downloads\memz.by.iTzDrK_.rar

Filesize
17KB

MD5
352c9d71fa5ab9e8771ce9e1937d88e9

SHA1
7ef6ee09896dd5867cff056c58b889bb33706913

SHA256
3d5d9bc94be3d1b7566a652155b0b37006583868311f20ef00283c30314b5c61

SHA512
6c133aa0c0834bf3dbb3a4fb7ff163e3b17ae2500782d6bba72812b4e703fb3a4f939a799eeb17436ea24f225386479d3aa3b81fdf35975c4f104914f895ff23

Download Submit
memory/4968-400-0x00007FFC44690000-0x00007FFC446C4000-memory.dmp

Filesize
208KB

Download
memory/4968-399-0x00007FF732570000-0x00007FF732668000-memory.dmp

Filesize
992KB

Download
memory/4968-401-0x00007FFC40470000-0x00007FFC40726000-memory.dmp

Filesize
2.7MB

Download
memory/4968-402-0x000002755EFD0000-0x0000027560080000-memory.dmp

Filesize
16.7MB

Download