2ca4803498d7d375a61bfab2a3a4cf7e0eec41d116e50a838791a55b164e0f8c

Resubmissions

17-01-2025 20:14

250117-yz7h3s1qfw 10

17-01-2025 20:12

17-01-2025 17:25

17-01-2025 17:21

17-01-2025 14:16

17-01-2025 14:12

16-01-2025 12:52

16-01-2025 12:50

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17-01-2025 17:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Malware-1-master/MEMZ-Clean.exe
Size

12KB
MD5

9c642c5b111ee85a6bccffc7af896a51
SHA1

eca8571b994fd40e2018f48c214fab6472a98bab
SHA256

4bbf7589615ebdb6c769d6d2e7bdcb26072bac0cda6e225a4133ba8819e688d5
SHA512

23cc74b5a7bdf70ba789d1730a0009414cfb9c780544e3d8d841be58782b9a9a089969c4295a0da25d07285505992386486d6ff0524e75605b96bb99cd3aaa1c
SSDEEP

192:BCMfc/GinpRBueYDw4+kEeN4FRrfMFFp3+f2dvGhT59uay:AMfceinpOeRENYhfOj+eGdKa

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	MEMZ-Clean.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ-Clean.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wordpad.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	Taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1020	msedge.exe
1020	msedge.exe
2312	msedge.exe
2312	msedge.exe
4396	identity_helper.exe
4396	identity_helper.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: 33	1712	mmc.exe
Token: SeIncBasePriorityPrivilege	1712	mmc.exe
Token: 33	1712	mmc.exe
Token: SeIncBasePriorityPrivilege	1712	mmc.exe
Token: 33	1712	mmc.exe
Token: SeIncBasePriorityPrivilege	1712	mmc.exe
Token: SeDebugPrivilege	3164	Taskmgr.exe
Token: SeSystemProfilePrivilege	3164	Taskmgr.exe
Token: SeCreateGlobalPrivilege	3164	Taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe
3164	Taskmgr.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
1852	mmc.exe
1712	mmc.exe
1712	mmc.exe
2020	wordpad.exe
2020	wordpad.exe
2020	wordpad.exe
2020	wordpad.exe
2020	wordpad.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3804 wrote to memory of 2312	3804	MEMZ-Clean.exe	96
PID 3804 wrote to memory of 2312	3804	MEMZ-Clean.exe	96
PID 2312 wrote to memory of 1892	2312	msedge.exe	97
PID 2312 wrote to memory of 1892	2312	msedge.exe	97
PID 2312 wrote to memory of 884	2312	msedge.exe	98
PID 2312 wrote to memory of 884	2312	msedge.exe	98
PID 2312 wrote to memory of 884	2312	msedge.exe	98
PID 2312 wrote to memory of 884	2312	msedge.exe	98
PID 2312 wrote to memory of 884	2312	msedge.exe	98
PID 2312 wrote to memory of 884	2312	msedge.exe	98
PID 2312 wrote to memory of 884	2312	msedge.exe	98
PID 2312 wrote to memory of 884	2312	msedge.exe	98
PID 2312 wrote to memory of 884	2312	msedge.exe	98
PID 2312 wrote to memory of 884	2312	msedge.exe	98
PID 2312 wrote to memory of 884	2312	msedge.exe	98
PID 2312 wrote to memory of 884	2312	msedge.exe	98
PID 2312 wrote to memory of 884	2312	msedge.exe	98
PID 2312 wrote to memory of 884	2312	msedge.exe	98
PID 2312 wrote to memory of 884	2312	msedge.exe	98
PID 2312 wrote to memory of 884	2312	msedge.exe	98
PID 2312 wrote to memory of 884	2312	msedge.exe	98
PID 2312 wrote to memory of 884	2312	msedge.exe	98
PID 2312 wrote to memory of 884	2312	msedge.exe	98
PID 2312 wrote to memory of 884	2312	msedge.exe	98
PID 2312 wrote to memory of 884	2312	msedge.exe	98
PID 2312 wrote to memory of 884	2312	msedge.exe	98
PID 2312 wrote to memory of 884	2312	msedge.exe	98
PID 2312 wrote to memory of 884	2312	msedge.exe	98
PID 2312 wrote to memory of 884	2312	msedge.exe	98
PID 2312 wrote to memory of 884	2312	msedge.exe	98
PID 2312 wrote to memory of 884	2312	msedge.exe	98
PID 2312 wrote to memory of 884	2312	msedge.exe	98
PID 2312 wrote to memory of 884	2312	msedge.exe	98
PID 2312 wrote to memory of 884	2312	msedge.exe	98
PID 2312 wrote to memory of 884	2312	msedge.exe	98
PID 2312 wrote to memory of 884	2312	msedge.exe	98
PID 2312 wrote to memory of 884	2312	msedge.exe	98
PID 2312 wrote to memory of 884	2312	msedge.exe	98
PID 2312 wrote to memory of 884	2312	msedge.exe	98
PID 2312 wrote to memory of 884	2312	msedge.exe	98
PID 2312 wrote to memory of 884	2312	msedge.exe	98
PID 2312 wrote to memory of 884	2312	msedge.exe	98
PID 2312 wrote to memory of 884	2312	msedge.exe	98
PID 2312 wrote to memory of 884	2312	msedge.exe	98
PID 2312 wrote to memory of 1020	2312	msedge.exe	99
PID 2312 wrote to memory of 1020	2312	msedge.exe	99
PID 2312 wrote to memory of 2896	2312	msedge.exe	100
PID 2312 wrote to memory of 2896	2312	msedge.exe	100
PID 2312 wrote to memory of 2896	2312	msedge.exe	100
PID 2312 wrote to memory of 2896	2312	msedge.exe	100
PID 2312 wrote to memory of 2896	2312	msedge.exe	100
PID 2312 wrote to memory of 2896	2312	msedge.exe	100
PID 2312 wrote to memory of 2896	2312	msedge.exe	100
PID 2312 wrote to memory of 2896	2312	msedge.exe	100
PID 2312 wrote to memory of 2896	2312	msedge.exe	100
PID 2312 wrote to memory of 2896	2312	msedge.exe	100
PID 2312 wrote to memory of 2896	2312	msedge.exe	100
PID 2312 wrote to memory of 2896	2312	msedge.exe	100
PID 2312 wrote to memory of 2896	2312	msedge.exe	100
PID 2312 wrote to memory of 2896	2312	msedge.exe	100
PID 2312 wrote to memory of 2896	2312	msedge.exe	100
PID 2312 wrote to memory of 2896	2312	msedge.exe	100
PID 2312 wrote to memory of 2896	2312	msedge.exe	100
PID 2312 wrote to memory of 2896	2312	msedge.exe	100

C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Clean.exe
"C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Clean.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=john+cena+midi+legit+not+converted
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2312
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff840f446f8,0x7ff840f44708,0x7ff840f44718
    3⤵
    PID:1892
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,14499341019582343371,17026062953557364387,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
    3⤵
    PID:884
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,14499341019582343371,17026062953557364387,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1020
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,14499341019582343371,17026062953557364387,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
    3⤵
    PID:2896
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14499341019582343371,17026062953557364387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
    3⤵
    PID:3324
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14499341019582343371,17026062953557364387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
    3⤵
    PID:4472
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14499341019582343371,17026062953557364387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
    3⤵
    PID:1984
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14499341019582343371,17026062953557364387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
    3⤵
    PID:3308
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,14499341019582343371,17026062953557364387,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:8
    3⤵
    PID:3100
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,14499341019582343371,17026062953557364387,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14499341019582343371,17026062953557364387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
    3⤵
    PID:1380
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14499341019582343371,17026062953557364387,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
    3⤵
    PID:2288
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14499341019582343371,17026062953557364387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
    3⤵
    PID:3872
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14499341019582343371,17026062953557364387,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:1
    3⤵
    PID:1792
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14499341019582343371,17026062953557364387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2648 /prefetch:1
    3⤵
    PID:3300
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14499341019582343371,17026062953557364387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
    3⤵
    PID:1380
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14499341019582343371,17026062953557364387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
    3⤵
    PID:2712
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14499341019582343371,17026062953557364387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
    3⤵
    PID:4100
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14499341019582343371,17026062953557364387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2640 /prefetch:1
    3⤵
    PID:2716
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14499341019582343371,17026062953557364387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
    3⤵
    PID:1840
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,14499341019582343371,17026062953557364387,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5144 /prefetch:2
    3⤵
    PID:5680
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14499341019582343371,17026062953557364387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
    3⤵
    PID:5836
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14499341019582343371,17026062953557364387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:1
    3⤵
    PID:5920
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14499341019582343371,17026062953557364387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
    3⤵
    PID:180
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14499341019582343371,17026062953557364387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
    3⤵
    PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays
  2⤵
  PID:1528
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff840f446f8,0x7ff840f44708,0x7ff840f44718
    3⤵
    PID:2444
- C:\Windows\SysWOW64\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2772
- C:\Windows\SysWOW64\mmc.exe
  "C:\Windows\System32\mmc.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1852
- - C:\Windows\system32\mmc.exe
    "C:\Windows\system32\mmc.exe"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:1712
- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
  "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2020
- - C:\Windows\splwow64.exe
    C:\Windows\splwow64.exe 12288
    3⤵
    PID:4616
- C:\Windows\SysWOW64\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Checks SCSI registry key(s)
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+download+memz
  2⤵
  PID:1972
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff840f446f8,0x7ff840f44708,0x7ff840f44718
    3⤵
    PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016
  2⤵
  PID:3764
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7ff840f446f8,0x7ff840f44708,0x7ff840f44718
    3⤵
    PID:1836
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus
  2⤵
  PID:5756
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff840f446f8,0x7ff840f44708,0x7ff840f44718
    3⤵
    PID:5772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+download+memz
  2⤵
  PID:3652
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff840f446f8,0x7ff840f44708,0x7ff840f44718
    3⤵
    PID:4100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3900

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8749e21d9d0a17dac32d5aa2027f7a75

SHA1
a5d555f8b035c7938a4a864e89218c0402ab7cde

SHA256
915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

SHA512
c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d2c4f40f47672ecdf6f66fea242f4a

SHA1
4bcad62542aeb44cae38a907d8b5a8604115ada2

SHA256
b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

SHA512
50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0415a402-f697-40eb-8d63-9d55c6c2979c.tmp

Filesize
6KB

MD5
49a33be74f09d28ce9363836aee578b7

SHA1
5199a6c30feee45f4352b1d7c15b54adc5cf8611

SHA256
5655307f998e6053485d195caf1bc35ad96fedc3c35004b6d3e2e1cbf2e44e65

SHA512
213d88592bc891f401514accfbee426b3db3c994ab9ce3aa8bf49dcbe4fb39eb76ff9132a0091129fbf3e8c2b05810d153eed7f66dd161499165c434dc6e7825

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
215KB

MD5
d474ec7f8d58a66420b6daa0893a4874

SHA1
4314642571493ba983748556d0e76ec6704da211

SHA256
553a19b6f44f125d9594c02231e4217e9d74d92b7065dc996d92f1e53f6bcb69

SHA512
344062d1be40db095abb7392b047b16f33ea3043158690cf66a2fa554aa2db79c4aa68de1308f1eddf6b9140b9ac5de70aad960b4e8e8b91f105213c4aace348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9b1f4209aab96ffc_0

Filesize
415KB

MD5
90207845706496dd9dd5a0c39763f29a

SHA1
aec72acb0845021c7c976b2978a9533f86eece2c

SHA256
bc795c826a735f8dab88d6559473da5779209ecb58ca9b5a468da12b6c5d580b

SHA512
b30f1da05dfc2fa960fbb07791412658b1bb24bc82db6046bdef011577ad2f19c574ba77ba1908392eee35c3f7f46447694781d1f04f0b6dc71c1be26989df00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f96c4e370537b4dd_0

Filesize
288B

MD5
3b741445d06aa051deff9922d6f18129

SHA1
1fc47b569f33767e62a1881b49cf9f1e9c9dc2a8

SHA256
22ad136e81f88474602a44fb55e6029815b331ac99b2d7e17d1fd87ca9cbccf4

SHA512
2f376ff5c87a83fbe48e3627a5afb486da8b0feda5292c96a9ea37b53bbbb9039450c20e74e6f336dc7d92aa7a42b6790daec880b9cca13968f41e0c4f1f28bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
3706ea16c5b69e2e3ef1d3b30c53bce9

SHA1
1b6138f6422f1d74b5a5a67284f8d2e972bb41e8

SHA256
ffe21f11f505f324fd035740523bef3c28f7b405b6b24ee71d75e9a25d111d8c

SHA512
fa98512d44d51956edde68472866474ce510117765d21f47438bb0601aee1af2c4386520c9b6365363edde7bc0728487d4410741009ed41cc969ce34278de82c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
c74c571a571bba2d11ece236fb10899e

SHA1
84df5dae083d98da6ccc7f8d2d2649066fcdcc9b

SHA256
9a7a00060b0f5cff1ab6a9136e1c6ea011b89c7ffbf4cceb90904c3377717d0b

SHA512
80484cff7f622d30bd2dae7c2c7de5bc14ad182bc29fe9e9a71358c2c8d4733ec4bed1503a86528e9bf08127cb8c1360b3923b0c3098401fe2ad9d3267a5a893

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
814B

MD5
2f1f12946dbad073bc399881fe7881bf

SHA1
55ecfa4757bc6ed18f29a6cd8eb903ffee05b2d4

SHA256
1008cc8b851b6b1d242d5a08801e267c0df07e2dbdbd3db47d77596fd7142141

SHA512
e9fc77dd494828e039ab3faf3352d07231fac55834e07e76bc3fb3a958adeee3c0d8e54b87aa2b31e035782df7b63b8a6f9c7e67703be6b98c5faa78f5b1f257

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
285945da6325dca5041872e6602d02fc

SHA1
19b3c134a4029ddd5fb1f1f3b840f2e3bfb4d388

SHA256
dfa98d1014cdaf3172db3602b3f80e32cad3e50686db02702222dd873268727a

SHA512
52f80c441d8bad6ea545cca60bf8f40bee44ec8b9f1ba5960c3be3bc2f23b414f5ae8cb4a208cbadf01624b4acf32a920e8ba19750213bf3a9219191df99cd32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
292247f2e700ac2c4a5554402acdf89f

SHA1
450d8b1af593a850e968f4deeab8fe8dc8ec9dd6

SHA256
f258218d6c874e6483ee79f036e9836766589fe30a47b41367b83b7755592a46

SHA512
e91ecaea5fa8638d338ccbffef441169356d890e69357c227335d80236d509dfda49caebf8a0239661781bb18257760c57d30f434494a584286c23671c6f6ca5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1a0033600dc9ad34b9977ae1f9ead469

SHA1
0bb5a424928dffbc6a8196ed4cc0705a2ca69570

SHA256
f589be447411616084038ecc6c22dc7dc8456d9adc4382dcd16a42202ea34913

SHA512
6c4936e3556db80182f33cd7dd1a7dc6223e2b54d2d58d5d214b6d6a1a5c976babadbc1305d3f3ade4f08b7f6bc52b8b8812ae28f3d44cfa6f4e879fbff5168d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1d9c2717cfeff3a18f76baa8c8803bb4

SHA1
d1d8b067670e507a3eb26650a035ab6d68209fe5

SHA256
3ab9f39a89ef637b4d6e280a9c2ce025ff374706c4672247cfb3d0b663cc96c1

SHA512
3dc1a15b636da23e6bee713cba69a9bfa89b2036c519f6b2a703042b0cce97e9942e18f7224b12ce24e4d525e24547daeb214a682ba995c5ae0e69cb8edc823d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2a75b1a06775640e5980fb226a945513

SHA1
5b41d9b05288db8151540df8857f994c45430a15

SHA256
f5f150e1e31f6e2ed28c3fcead01c8ab7c62c396d28ca1af7a3f1680746ab143

SHA512
254717d0427412e92a97536b3d45a537cdca0304f27228c8a780dd3e39784c7cf1a6181f5413e67e8358ef34e56ffc92f4f4f0c58b135f7f1ec4de2b48c026a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fbff68b71b079d64a39adbb77d01cb1c

SHA1
5137f9ea2876a1c3616dd0777ff83e5cda6edbef

SHA256
fbc65b36d65a4641dc9ba0691b31ddad07397c209df0156d3ae319b10e3a4d21

SHA512
ca0564926fcfad9a5ec948e7b231716b0ebc09fc405c6f264dda85e93522d1bdac7701166c6f3587c375e87fc0ada9dad05ff873a2b94605ebcabf97b36c8396

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7d8833fefecc51a8d846d0385914b632

SHA1
38a3cc3cbc00cd8931a02ea6a66084c61cc58f7d

SHA256
81d62b8bc41c9ed98c2635df371da90588c48673f3a1e6f62b14d3f54b9b6475

SHA512
4d0922964829bc6830118624538c0b9c5b91ee5e0f71149078e62b0355bf44c9ca82e61f6285ce0a4f1ded726dff33c0f4ea8bb52e09ac7da979a8f8a5542158

Download Submit
memory/3164-130-0x0000000005BC0000-0x0000000005BC1000-memory.dmp

Filesize
4KB

Download
memory/3164-134-0x0000000005BC0000-0x0000000005BC1000-memory.dmp

Filesize
4KB

Download
memory/3164-122-0x0000000005BC0000-0x0000000005BC1000-memory.dmp

Filesize
4KB

Download
memory/3164-133-0x0000000005BC0000-0x0000000005BC1000-memory.dmp

Filesize
4KB

Download
memory/3164-132-0x0000000005BC0000-0x0000000005BC1000-memory.dmp

Filesize
4KB

Download
memory/3164-131-0x0000000005BC0000-0x0000000005BC1000-memory.dmp

Filesize
4KB

Download
memory/3164-123-0x0000000005BC0000-0x0000000005BC1000-memory.dmp

Filesize
4KB

Download
memory/3164-129-0x0000000005BC0000-0x0000000005BC1000-memory.dmp

Filesize
4KB

Download
memory/3164-128-0x0000000005BC0000-0x0000000005BC1000-memory.dmp

Filesize
4KB

Download
memory/3164-124-0x0000000005BC0000-0x0000000005BC1000-memory.dmp

Filesize
4KB

Download