Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://objects.gith...

windows10-2004-x64

10

Analysis

  • max time kernel
    172s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-12-2024 00:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://objects.githubusercontent.com/github-production-release-asset-2e65be/895135672/7d015390-2da1-4fd7-aa69-a047963792b8?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20241204%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241204T004551Z&X-Amz-Expires=300&X-Amz-Signature=fd8999324688327379908797af14a53eef695a1ab6aaebdfc9190ade32a367a0&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3DUpdate.zip&response-content-type=application%2Foctet-stream

Score
10/10
meduzacollectiondiscoveryspywarestealer

Malware Config

Extracted

Family

meduza

C2

45.130.145.152

Attributes
  • anti_dbg

    true

  • anti_vm

    true

  • build_name

    Oxoxox

  • extensions

    .txt;.doc;.docx;.pdf;.xls;.xlsx;.log;.db;.sqlite

  • grabber_max_size

    3.145728e+06

  • port

    15666

  • self_destruct

    true

Signatures

  • Meduza

    Meduza is a crypto wallet and info stealer written in C++.

    stealermeduza
  • Meduza Stealer payload 35 IoCs
  • Meduza family
    meduza
  • Downloads MZ/PE file
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses Microsoft Outlook profiles 1 TTPs 5 IoCs
    collection
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • outlook_office_path 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://objects.githubusercontent.com/github-production-release-asset-2e65be/895135672/7d015390-2da1-4fd7-aa69-a047963792b8?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20241204%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241204T004551Z&X-Amz-Expires=300&X-Amz-Signature=fd8999324688327379908797af14a53eef695a1ab6aaebdfc9190ade32a367a0&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3DUpdate.zip&response-content-type=application%2Foctet-stream
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3612
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc69e246f8,0x7ffc69e24708,0x7ffc69e24718
      2⤵
        PID:412
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,13152155446646184508,9708102176138467692,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
        2⤵
          PID:1396
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,13152155446646184508,9708102176138467692,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:652
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,13152155446646184508,9708102176138467692,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
          2⤵
            PID:5100
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13152155446646184508,9708102176138467692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
            2⤵
              PID:4056
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13152155446646184508,9708102176138467692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
              2⤵
                PID:812
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,13152155446646184508,9708102176138467692,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 /prefetch:8
                2⤵
                  PID:5056
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,13152155446646184508,9708102176138467692,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:1556
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2092,13152155446646184508,9708102176138467692,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5112 /prefetch:8
                  2⤵
                    PID:5104
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13152155446646184508,9708102176138467692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
                    2⤵
                      PID:3648
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13152155446646184508,9708102176138467692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
                      2⤵
                        PID:2936
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13152155446646184508,9708102176138467692,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
                        2⤵
                          PID:4376
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13152155446646184508,9708102176138467692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
                          2⤵
                            PID:4332
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13152155446646184508,9708102176138467692,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
                            2⤵
                              PID:2988
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2092,13152155446646184508,9708102176138467692,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4536 /prefetch:8
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:3500
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:3068
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:4060
                              • C:\Windows\System32\rundll32.exe
                                C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                1⤵
                                  PID:1368
                                • C:\Windows\system32\taskmgr.exe
                                  "C:\Windows\system32\taskmgr.exe" /4
                                  1⤵
                                  • Checks SCSI registry key(s)
                                  • Suspicious behavior: EnumeratesProcesses
                                  • Suspicious use of AdjustPrivilegeToken
                                  • Suspicious use of SendNotifyMessage
                                  PID:1548
                                • C:\Users\Admin\Documents\Last_Update\Xeno.exe
                                  "C:\Users\Admin\Documents\Last_Update\Xeno.exe"
                                  1⤵
                                  • Suspicious use of AdjustPrivilegeToken
                                  PID:3648
                                  • C:\Users\Admin\AppData\Local\Temp\29ec4c72-6b8f-4b3f-9e7a-c17ebb0f71cc\55e1b77c-d36a-4cec-b186-de974b34176d.exe
                                    "C:\Users\Admin\AppData\Local\Temp\29ec4c72-6b8f-4b3f-9e7a-c17ebb0f71cc\55e1b77c-d36a-4cec-b186-de974b34176d.exe"
                                    2⤵
                                    • Checks computer location settings
                                    • Executes dropped EXE
                                    • Accesses Microsoft Outlook profiles
                                    • Suspicious behavior: EnumeratesProcesses
                                    • Suspicious use of AdjustPrivilegeToken
                                    • Suspicious use of SetWindowsHookEx
                                    • outlook_office_path
                                    • outlook_win_path
                                    PID:4356
                                    • C:\Windows\System32\cmd.exe
                                      "C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\Admin\AppData\Local\Temp\29ec4c72-6b8f-4b3f-9e7a-c17ebb0f71cc\55e1b77c-d36a-4cec-b186-de974b34176d.exe"
                                      3⤵
                                      • System Network Configuration Discovery: Internet Connection Discovery
                                      PID:3976
                                      • C:\Windows\system32\PING.EXE
                                        ping 1.1.1.1 -n 1 -w 3000
                                        4⤵
                                        • System Network Configuration Discovery: Internet Connection Discovery
                                        • Runs ping.exe
                                        PID:3168
                                • C:\Users\Admin\Documents\Last_Update\Xeno.exe
                                  "C:\Users\Admin\Documents\Last_Update\Xeno.exe"
                                  1⤵
                                    PID:3660

                                  Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Xeno.exe.log
                                    Filesize

                                    1KB

                                    MD5

                                    638ba0507fa15cd4462cdd879c2114fa

                                    SHA1

                                    f23dfc22ea05f6abb8f9aa11a855ef8f3c51d7f2

                                    SHA256

                                    f91ebecc8963ff1840636f0c2a8f5350beb6eebab8b7d99068ad0b19bcccb478

                                    SHA512

                                    23d440dc8ecfa6c43e89895de038c564bb5e09174a6818a5952d5d589296a6ae77e71a4fc5de3773a6bf27aebb69bdb670f2a2609cf8658668759b50dffc8520

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                    Filesize

                                    152B

                                    MD5

                                    85ba073d7015b6ce7da19235a275f6da

                                    SHA1

                                    a23c8c2125e45a0788bac14423ae1f3eab92cf00

                                    SHA256

                                    5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

                                    SHA512

                                    eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                    Filesize

                                    152B

                                    MD5

                                    7de1bbdc1f9cf1a58ae1de4951ce8cb9

                                    SHA1

                                    010da169e15457c25bd80ef02d76a940c1210301

                                    SHA256

                                    6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

                                    SHA512

                                    e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
                                    Filesize

                                    264KB

                                    MD5

                                    d0a37fe01ff4775544f4736e4ba2db1d

                                    SHA1

                                    bd4162ae49ca2d4e50f959055150e866f7428eba

                                    SHA256

                                    b114f54c2815b75d949a82aea4f6066ca764516e7e37b9445ebf3dcf702b8724

                                    SHA512

                                    c285b61f09a43a5b8ae544bee8ef54ac64b4220bd7db706a17770d06220318dd183cef64a3251c27a0c8be1854489aaf3938e060686b8eeaebdb4ab4f38374f6

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
                                    Filesize

                                    124KB

                                    MD5

                                    f529dbfd0919fd19e5676cc4c63fc808

                                    SHA1

                                    5ae8078507805543a77701114ef5fb1368cf2997

                                    SHA256

                                    4e6fd4ff93946fc6b3dc174019e7187afdebb56075017b4bef9b6d78ee992c33

                                    SHA512

                                    936e3a4c488edb73aa0699933ea2b6d794d8546a83aa03f39c8a4ef1c43b6f5bcb9fb1c107f5b7ba7ce1554b264944c1d32d31e1d7c2677f857f69c73adf490f

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
                                    Filesize

                                    331B

                                    MD5

                                    6c373d50c3bca2e35b3c9b99d2172231

                                    SHA1

                                    825cfa44f95cacf859946181b9697c497d72d404

                                    SHA256

                                    4a8bc8b85a295f83f0b4490781104239cfafc98d9cf5c25ccaa06cf38076fc5b

                                    SHA512

                                    43ff0a73372d0a2f2a0e5c6bbd434f186713f6ad943c80d383488ed050ad5d6e9410e83850e04da7059ecce300b188462f0e33811bc497f70fbb5abfdee71057

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                    Filesize

                                    197B

                                    MD5

                                    5dfbec0d7bb161b275dcc53d0e0c61ff

                                    SHA1

                                    4101c246a54c78fbb6692e60815002de35b55988

                                    SHA256

                                    bc7bebd5c501d787e4097d766fe6bda162e83f80825b9a5bfb54f0fd41a4c2ff

                                    SHA512

                                    fc1dba9bf7c0c9020389703ae6a5fb92e60356ceade7d1f1cb9a06e3ef541c1cd4efc9e5930b2a3e6bd45d9d494480f18e938a716105d4c720f99bcc06cdd296

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    5KB

                                    MD5

                                    daa2dd3d6ef813fdd4910f3c8b23cc6b

                                    SHA1

                                    29d51888168384bee5f1ebe708f5ed1509090e6c

                                    SHA256

                                    b3a4b6c3a467f17539db866f48db816422cb3f84afb69021aadcb1b50d7c036b

                                    SHA512

                                    4d80cf79a206da173f7405b6699ef0700be98f7ce9c8da41594b20ed3d049c7b7585c4a7818a1cb70e18bed46666f23e10fbee2479e97ddb3f1b184e1d9ea579

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    344cb15151f5ef5ce6ce25adcc4dccf8

                                    SHA1

                                    b7d526db078e1a7615a04d842a9499ddaa126954

                                    SHA256

                                    9000a787235a56178d7c6843d2e135f57a6b1e2fe3f147838bc8b536cacf0ff7

                                    SHA512

                                    0291874681446543de93b03d2b630bd65e645b40197afe9d7e22f60465f4990ae30a04ade4a2eba0fe2c75e83624d0380cef9fecc32f979ca3a8e7401a6fc801

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    e056d6955610c7ef71166d3636c1d423

                                    SHA1

                                    21c80b27fc948000a53a7f9e1f57dd8687c02454

                                    SHA256

                                    9d5ac8c880a25afdd1e6c36953888d49a40d9f82854ed8c84102d50b8fd48968

                                    SHA512

                                    92ba9040275b5a31fcb95b9ac96c5870f91bf015e10d525a9644ceb1e6cf9d5de0c787f46bd0535105025900a13ebf9db4f025c46929c5563a992b4fd7044c92

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                    Filesize

                                    16B

                                    MD5

                                    206702161f94c5cd39fadd03f4014d98

                                    SHA1

                                    bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                    SHA256

                                    1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                    SHA512

                                    0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                    Filesize

                                    16B

                                    MD5

                                    46295cac801e5d4857d09837238a6394

                                    SHA1

                                    44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                    SHA256

                                    0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                    SHA512

                                    8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    10KB

                                    MD5

                                    391ae6aa54503f82ddcc29fa3be063a7

                                    SHA1

                                    eb3b936eda3062c4c1bfd06bb933c7805e95c00f

                                    SHA256

                                    91de0d6036580c4696694e290b9ec43e178b2d9ccb411b8eb9869adc69888e6e

                                    SHA512

                                    b55b5c7be610836225903e840e0e106827df796d11b3a54a112341e345778a256fae102b36591dfa33621f3645df5a79f70188d682d17d13c0181bf729d301e5

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    10KB

                                    MD5

                                    cdd91ee177c61a696046245a058e0f96

                                    SHA1

                                    02c3ba5ca8149ffb8134b2a2bb8ac981d880b35d

                                    SHA256

                                    fa9f73a1f1b3240bd613fd29371ebe60b8db59204944237ee3524ec76d6f425a

                                    SHA512

                                    c65a4675eaed78166afb0bc9207224ebed7e9173aa4730c25f55b00dfb3601147630f3d40fedce55354f355d0288983b88aaa974b7bd6bfbe5e676f508944c7e

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Temp\29ec4c72-6b8f-4b3f-9e7a-c17ebb0f71cc\55e1b77c-d36a-4cec-b186-de974b34176d.exe
                                    Filesize

                                    3.2MB

                                    MD5

                                    831160fa50069e68d836381d8d793010

                                    SHA1

                                    596b3ce9c86f516f6b4e53693a33d9751e55d3ff

                                    SHA256

                                    e4734d69d67cf9bae175e61edcf2449458335ae0ac592a080ee7b2e2ccb61c2a

                                    SHA512

                                    c8031fc95ad21edacfa0dfecffb7df0bf590d22758e530a14e77dde0f03361aea5a18d32f888226fdbed10d18a9d4ad578ede8320e87d77f555eeabfaba8b0ee

                                    Download Submit

                                  • memory/1548-182-0x000001A294070000-0x000001A294071000-memory.dmp

                                    Filesize

                                    4KB

                                    Download

                                  • memory/1548-191-0x000001A294070000-0x000001A294071000-memory.dmp

                                    Filesize

                                    4KB

                                    Download

                                  • memory/1548-190-0x000001A294070000-0x000001A294071000-memory.dmp

                                    Filesize

                                    4KB

                                    Download

                                  • memory/1548-189-0x000001A294070000-0x000001A294071000-memory.dmp

                                    Filesize

                                    4KB

                                    Download

                                  • memory/1548-188-0x000001A294070000-0x000001A294071000-memory.dmp

                                    Filesize

                                    4KB

                                    Download

                                  • memory/1548-187-0x000001A294070000-0x000001A294071000-memory.dmp

                                    Filesize

                                    4KB

                                    Download

                                  • memory/1548-192-0x000001A294070000-0x000001A294071000-memory.dmp

                                    Filesize

                                    4KB

                                    Download

                                  • memory/1548-186-0x000001A294070000-0x000001A294071000-memory.dmp

                                    Filesize

                                    4KB

                                    Download

                                  • memory/1548-181-0x000001A294070000-0x000001A294071000-memory.dmp

                                    Filesize

                                    4KB

                                    Download

                                  • memory/1548-180-0x000001A294070000-0x000001A294071000-memory.dmp

                                    Filesize

                                    4KB

                                    Download

                                  • memory/3648-193-0x0000020D4D6B0000-0x0000020D4E6B0000-memory.dmp

                                    Filesize

                                    16.0MB

                                    Download

                                  • memory/4356-215-0x000001A657DF0000-0x000001A657FEA000-memory.dmp

                                    Filesize

                                    2.0MB

                                    Download

                                  • memory/4356-214-0x000001A657DF0000-0x000001A657FEA000-memory.dmp

                                    Filesize

                                    2.0MB

                                    Download

                                  • memory/4356-209-0x000001A657DF0000-0x000001A657FEA000-memory.dmp

                                    Filesize

                                    2.0MB

                                    Download

                                  • memory/4356-208-0x000001A657DF0000-0x000001A657FEA000-memory.dmp

                                    Filesize

                                    2.0MB

                                    Download

                                  • memory/4356-220-0x000001A657DF0000-0x000001A657FEA000-memory.dmp

                                    Filesize

                                    2.0MB

                                    Download

                                  • memory/4356-219-0x000001A657DF0000-0x000001A657FEA000-memory.dmp

                                    Filesize

                                    2.0MB

                                    Download

                                  • memory/4356-213-0x000001A657DF0000-0x000001A657FEA000-memory.dmp

                                    Filesize

                                    2.0MB

                                    Download

                                  • memory/4356-216-0x000001A657DF0000-0x000001A657FEA000-memory.dmp

                                    Filesize

                                    2.0MB

                                    Download

                                  • memory/4356-227-0x000001A657DF0000-0x000001A657FEA000-memory.dmp

                                    Filesize

                                    2.0MB

                                    Download

                                  • memory/4356-228-0x000001A657DF0000-0x000001A657FEA000-memory.dmp

                                    Filesize

                                    2.0MB

                                    Download

                                  • memory/4356-232-0x000001A657DF0000-0x000001A657FEA000-memory.dmp

                                    Filesize

                                    2.0MB

                                    Download

                                  • memory/4356-231-0x000001A657DF0000-0x000001A657FEA000-memory.dmp

                                    Filesize

                                    2.0MB

                                    Download

                                  • memory/4356-241-0x000001A657DF0000-0x000001A657FEA000-memory.dmp

                                    Filesize

                                    2.0MB

                                    Download

                                  • memory/4356-236-0x000001A657DF0000-0x000001A657FEA000-memory.dmp

                                    Filesize

                                    2.0MB

                                    Download

                                  • memory/4356-240-0x000001A657DF0000-0x000001A657FEA000-memory.dmp

                                    Filesize

                                    2.0MB

                                    Download

                                  • memory/4356-237-0x000001A657DF0000-0x000001A657FEA000-memory.dmp

                                    Filesize

                                    2.0MB

                                    Download

                                  • memory/4356-210-0x000001A657DF0000-0x000001A657FEA000-memory.dmp

                                    Filesize

                                    2.0MB

                                    Download

                                  • memory/4356-204-0x00007FFC78C70000-0x00007FFC78E65000-memory.dmp

                                    Filesize

                                    2.0MB

                                    Download

                                  • memory/4356-242-0x000001A657DF0000-0x000001A657FEA000-memory.dmp

                                    Filesize

                                    2.0MB

                                    Download

                                  • memory/4356-243-0x000001A657DF0000-0x000001A657FEA000-memory.dmp

                                    Filesize

                                    2.0MB

                                    Download

                                  • memory/4356-277-0x000001A657DF0000-0x000001A657FEA000-memory.dmp

                                    Filesize

                                    2.0MB

                                    Download

                                  • memory/4356-276-0x000001A657DF0000-0x000001A657FEA000-memory.dmp

                                    Filesize

                                    2.0MB

                                    Download

                                  • memory/4356-273-0x000001A657DF0000-0x000001A657FEA000-memory.dmp

                                    Filesize

                                    2.0MB

                                    Download

                                  • memory/4356-271-0x000001A657DF0000-0x000001A657FEA000-memory.dmp

                                    Filesize

                                    2.0MB

                                    Download

                                  • memory/4356-260-0x000001A657DF0000-0x000001A657FEA000-memory.dmp

                                    Filesize

                                    2.0MB

                                    Download

                                  • memory/4356-258-0x000001A657DF0000-0x000001A657FEA000-memory.dmp

                                    Filesize

                                    2.0MB

                                    Download

                                  • memory/4356-255-0x000001A657DF0000-0x000001A657FEA000-memory.dmp

                                    Filesize

                                    2.0MB

                                    Download

                                  • memory/4356-253-0x000001A657DF0000-0x000001A657FEA000-memory.dmp

                                    Filesize

                                    2.0MB

                                    Download

                                  • memory/4356-249-0x000001A657DF0000-0x000001A657FEA000-memory.dmp

                                    Filesize

                                    2.0MB

                                    Download

                                  • memory/4356-246-0x000001A657DF0000-0x000001A657FEA000-memory.dmp

                                    Filesize

                                    2.0MB

                                    Download

                                  • memory/4356-270-0x000001A657DF0000-0x000001A657FEA000-memory.dmp

                                    Filesize

                                    2.0MB

                                    Download

                                  • memory/4356-265-0x000001A657DF0000-0x000001A657FEA000-memory.dmp

                                    Filesize

                                    2.0MB

                                    Download

                                  • memory/4356-264-0x000001A657DF0000-0x000001A657FEA000-memory.dmp

                                    Filesize

                                    2.0MB

                                    Download

                                  • memory/4356-252-0x000001A657DF0000-0x000001A657FEA000-memory.dmp

                                    Filesize

                                    2.0MB

                                    Download

                                  • memory/4356-248-0x000001A657DF0000-0x000001A657FEA000-memory.dmp

                                    Filesize

                                    2.0MB

                                    Download

                                  • memory/4356-207-0x000001A657DF0000-0x000001A657FEA000-memory.dmp

                                    Filesize

                                    2.0MB

                                    Download