Overview
overview
10Static
static
10Channel.url
windows7_x64
6Channel.url
windows10-2004_x64
6Robot.url
windows7_x64
6Robot.url
windows10-2004_x64
3Thanks.vbs
windows7_x64
1Thanks.vbs
windows10-2004_x64
1Trinity to...ls.exe
windows7_x64
10Trinity to...ls.exe
windows10-2004_x64
1Web.url
windows7_x64
6Web.url
windows10-2004_x64
6Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
24-05-2022 17:42
Static task
static1
Behavioral task
behavioral1
Sample
Channel.url
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Channel.url
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
Robot.url
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
Robot.url
Resource
win10v2004-20220414-en
Behavioral task
behavioral5
Sample
Thanks.vbs
Resource
win7-20220414-en
Behavioral task
behavioral6
Sample
Thanks.vbs
Resource
win10v2004-20220414-en
Behavioral task
behavioral7
Sample
Trinity tools/Trinity tools.exe
Resource
win7-20220414-en
Behavioral task
behavioral8
Sample
Trinity tools/Trinity tools.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral9
Sample
Web.url
Resource
win7-20220414-en
Behavioral task
behavioral10
Sample
Web.url
Resource
win10v2004-20220414-en
General
-
Target
Channel.url
-
Size
113B
-
MD5
b4f5df5c0fd4afa01823efb05509eb7a
-
SHA1
f5eaf089f50742496ca1a9bb4bbbce39c7a79418
-
SHA256
db94deda654831aa1b36ce8eeeb29426af850294b4550639a68839deae28de62
-
SHA512
fedd94c86ac0bb7a7c530ab9d9c27b70ed93866f2f92b77115d1b028949a7fb17ff0114fdbd2ecce39e4cb577f483307624cd1b0666ee3c6a34cdbaae44c824d
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Windows\CurrentVersion\Run msedge.exe -
Drops file in Program Files directory 2 IoCs
Processes:
setup.exedescription ioc process File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20220524180441.pma setup.exe File created C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\8f3a6473-4415-4f13-a7aa-37b150f92c75.tmp setup.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 4660 msedge.exe 4660 msedge.exe 4656 msedge.exe 4656 msedge.exe 4888 identity_helper.exe 4888 identity_helper.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe 2216 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
Processes:
msedge.exepid process 4656 msedge.exe 4656 msedge.exe 4656 msedge.exe 4656 msedge.exe 4656 msedge.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
Processes:
msedge.exepid process 4656 msedge.exe 4656 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
rundll32.exemsedge.exedescription pid process target process PID 4028 wrote to memory of 4656 4028 rundll32.exe msedge.exe PID 4028 wrote to memory of 4656 4028 rundll32.exe msedge.exe PID 4656 wrote to memory of 4632 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 4632 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 1136 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 1136 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 1136 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 1136 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 1136 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 1136 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 1136 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 1136 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 1136 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 1136 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 1136 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 1136 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 1136 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 1136 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 1136 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 1136 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 1136 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 1136 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 1136 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 1136 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 1136 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 1136 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 1136 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 1136 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 1136 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 1136 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 1136 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 1136 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 1136 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 1136 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 1136 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 1136 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 1136 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 1136 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 1136 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 1136 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 1136 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 1136 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 1136 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 1136 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 4660 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 4660 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 4852 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 4852 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 4852 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 4852 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 4852 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 4852 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 4852 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 4852 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 4852 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 4852 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 4852 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 4852 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 4852 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 4852 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 4852 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 4852 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 4852 4656 msedge.exe msedge.exe PID 4656 wrote to memory of 4852 4656 msedge.exe msedge.exe
Processes
-
C:\Windows\System32\rundll32.exe"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\Channel.url1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/newsabaweb2⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffbc3a146f8,0x7ffbc3a14708,0x7ffbc3a147183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,513013455854154338,13348974535849967400,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2300 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,513013455854154338,13348974535849967400,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,513013455854154338,13348974535849967400,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,513013455854154338,13348974535849967400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,513013455854154338,13348974535849967400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2096,513013455854154338,13348974535849967400,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4936 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,513013455854154338,13348974535849967400,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2096,513013455854154338,13348974535849967400,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3596 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,513013455854154338,13348974535849967400,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,513013455854154338,13348974535849967400,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,513013455854154338,13348974535849967400,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5992 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings3⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff6fcfb5460,0x7ff6fcfb5470,0x7ff6fcfb54804⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,513013455854154338,13348974535849967400,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5992 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2096,513013455854154338,13348974535849967400,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2096,513013455854154338,13348974535849967400,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4140 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2096,513013455854154338,13348974535849967400,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4072 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2096,513013455854154338,13348974535849967400,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5856 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,513013455854154338,13348974535849967400,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4148 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2096,513013455854154338,13348974535849967400,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2008 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2096,513013455854154338,13348974535849967400,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2448 /prefetch:83⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k appmodel -p -s camsvc1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Trust Protection Lists\1.0.0.21\Mu\AdvertisingFilesize
24KB
MD54e9962558e74db5038d8073a5b3431aa
SHA13cd097d9dd4b16a69efbb0fd1efe862867822146
SHA2566f81212bd841eca89aa6f291818b4ad2582d7cdb4e488adea98261494bdcd279
SHA512fcd76bca998afc517c87de0db6ee54e45aa2263fa7b91653ac3adb34c41f3681fbe19d673ae9b24fdf3d53f5af4e4968e603a1eb557207f8860ac51372026b2e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Trust Protection Lists\1.0.0.21\Mu\AnalyticsFilesize
4KB
MD5fad197d6ffd32d1268b9e7e8d13ab32a
SHA1b0129887a75965bb2ef56a2c39d3231e5b87265d
SHA2564e446af739e1a06b48a73607e9441bc4aa34ceafd808ff845864408179a4d2c3
SHA51201d9f588bfa315e316ff0ff4a15a0a49144fd77ee89960882cd528d7f7a277b086667cea2357c3ca2bd16a2b3f4aeb7fcaf473501b499101be68acbe1e0126cb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Trust Protection Lists\1.0.0.21\Mu\CompatExceptionsFilesize
660B
MD5900263477e1368869fbf1be99990c878
SHA1e56e199aa4119f3cc4c4d46f96daea89bbf9685a
SHA2567f660d9db521646e9c6510d844b6c6ea26716b620c46f34edaf7ce318a9473e4
SHA5121035b388b4b00c744824d13c5ef48118d88abbb53e9d76896a2d96a2a127a7739c119e781d7d5f0b8d910e10539c0c502c9f937fc2487747c65e7285f4b1e6d2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Trust Protection Lists\1.0.0.21\Mu\ContentFilesize
6KB
MD594c183b842784d0ae69f8aa57c8ac015
SHA1c5b1ebc2b5c140ccbb21cd377ca18f3c5d0b80cd
SHA256aa5c4d50684aa478d5982e509cbf1f8347fbc9cc75cb847d54915c16c3a33d25
SHA5125808ddb81657acf4712fa845c95aacbab32a414ffda3b9d1218637e2d53bd3e0d6b95c872779ead6eaa13b4d2d563494ad5587337958bd17f1e791fad5d822fb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Trust Protection Lists\1.0.0.21\Mu\CryptominingFilesize
1KB
MD58c31feb9c3faaa9794aa22ce9f48bfbd
SHA1f5411608a15e803afc97961b310bb21a6a8bd5b6
SHA2566016fd3685046b33c7a2b1e785ac757df20e7c760abe0c27e1b8b0294222421d
SHA512ba4b5886c04ba8f7a7dbb87e96d639783a5969a245de181cf620b8f536e3ac95bbd910cd2f1f6aae6c3cd70fc1ef6209dc10d2b083ec51861b51d83f95811baa
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Trust Protection Lists\1.0.0.21\Mu\EntitiesFilesize
68KB
MD50d37c9d98f35f2c6524bd9b874ec93ed
SHA187d2d1149db8a1c2d91bc8d2d6e2827d2d8850f5
SHA25619ce05d2716fae5d0d6e2067a7a624c0fa7f8b02486d9469861fd30cf1c499ac
SHA51268e73804a144cbe7287c2136ab1986c4e2a97c497d5bfd36ef5db0f1fb1b4a28839d63d83019082ce61af9b42853934888ce05d6b28350742776b97fa310a575
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Trust Protection Lists\1.0.0.21\Mu\FingerprintingFilesize
1KB
MD5b51076d21461e00fcbf3dbd2c9e96b2b
SHA131311536cf570f2f9c88d21f03a935ac6e233231
SHA25621a8d3e85d76761a1aab9dca765efef5dfa08d49db037befd91833e4639dd993
SHA5123e193220ddddc47ecea32a2f777e55faa12c7a8052323455c8d7a89c01048155c77ae009fd0f5bebea89f1fae4a88b6b3ceca4e808064f474ea5b3a9497598cb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Trust Protection Lists\1.0.0.21\Mu\OtherFilesize
34B
MD5cd0395742b85e2b669eaec1d5f15b65b
SHA143c81d1c62fc7ff94f9364639c9a46a0747d122e
SHA2562b4a47b82cbe70e34407c7df126a24007aff8b45d5716db384d27cc1f3b30707
SHA5124df2ce734e2f7bc5f02bb7845ea801b57dcf649565dd94b1b71f578b453ba0a17c61ccee73e7cff8f23cdd6aa37e55be5cb15f4767ff88a9a06de3623604fbf0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Trust Protection Lists\1.0.0.21\Mu\SocialFilesize
999B
MD5152b745da17397ed5a2f3059bb157600
SHA147bf4e575ba1acf47dcc99f1800f753b4cc65ef6
SHA256ef994058a637f7b1b47c31c8670977084d1f86cc21a196920aa87f8ed31e98e8
SHA5124984a8a46eb452b3c62f2c2ca8c9d999de37c39895ad9a9ed91d12a7731b1cd227f335829f7a6927f19cd8bf4dd7d6749fc853461a46fc97853d5b9e23171d31
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Trust Protection Lists\1.0.0.21\Sigma\AdvertisingFilesize
459B
MD5d024831cae8599f0edee70275d99e843
SHA169e08b543802b130da5305cbb0140bda5601079c
SHA2560b75817b9ce2164f52e537c66bbff0fe53024bf9a00fb193efd63fe48f34a978
SHA512ee1096446f6a17bc3fde9aadb418ca4b2db5132cdde1e429300487aaf4d8b9865a3bbc95d3a3198cde137a6395f69c035b74a72f74edc22a490bccc3320b0b03
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Trust Protection Lists\1.0.0.21\Sigma\AnalyticsFilesize
50B
MD54cefbb980962973a354915a49d1b0f4d
SHA11d20148cab5cdadb85fad6041262584a12c2745d
SHA25666de8db363de02974a1471153112e51f014bb05936ce870c433fd9a85b34455a
SHA5126a088bbc6c40454165ddee3183667d2997dca5fcc8312f69e3c2397e61255e49b5146b24c2c64cd3c8867289e3abfdf1155e47722fdd8276f96d51e8f311d4b0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Trust Protection Lists\1.0.0.21\Sigma\ContentFilesize
36B
MD57f077f40c2d1ce8e95faa8fdb23ed8b4
SHA12c329e3e20ea559974ddcaabc2c7c22de81e7ad2
SHA256bda08f8b53c121bbc03da1f5c870c016b06fa620a2c02375988555dd12889cdf
SHA512c1fb5d40491ae22a155a9bd115c32cbe9dbcba615545af2f1a252475f9d59844763cd7c177f08277d8ef59e873b7d885fda17f2a504d9ec2c181d0f793cb542b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Trust Protection Lists\1.0.0.21\Sigma\CryptominingFilesize
32B
MD54ec1eda0e8a06238ff5bf88569964d59
SHA1a2e78944fcac34d89385487ccbbfa4d8f078d612
SHA256696e930706b5d391eb8778f73b0627ffc2be7f6c9a3e7659170d9d37fc4a97b5
SHA512c9b1ed7b61f26d94d7f5eded2d42d40f3e4300eee2319fe28e04b25cdb6dd92daf67828bff453bf5fc8d7b6ceb58cab319fc0daac9b0050e27a89efe74d2734e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Trust Protection Lists\1.0.0.21\Sigma\EntitiesFilesize
2KB
MD5ba60431b366f83677a5bf1a2e4601799
SHA183f828c27de5429e25c38c36ba77e069d5c7b2de
SHA256ab895ef5f75efd49dbb4fcdf7529e50ca622d13433e067bcf8a1f1127a944da3
SHA512aa9ff0374fb3d4bff7ee5a78dd5ace340da4af1a844f453a40b2723a91b32e6e3f4bd736fb3f3cb210b016109660a7b5cc8440901c6bb410e61530286a4e0200
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Trust Protection Lists\1.0.0.21\Sigma\FingerprintingFilesize
110B
MD5a004023825237dadc8f934758ff9eaf2
SHA1c981a900b5ce63884635cedfe5ba722416021cb2
SHA2563c4e82aae615a7bed985b4544afecb774b728df1cc9f7561ea25b97482119ef7
SHA512e49667fca51a6497ccae9b881d679b857c025f2945ab93c9a6769b1c0a632329993daefab6eda9ed70a32a75630d7b3d93dda5acda8ff87ffe5f090ca7b35e4f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Trust Protection Lists\1.0.0.21\Sigma\OtherFilesize
75B
MD5c6c7f3ee1e17acbff6ac22aa89b02e4e
SHA1bdbd0220e54b80b3d2ffbbddadc89bfbb8e64a8b
SHA256a2f9f27d6938a74979d34484bced535412969c2533dc694bfa667fe81d66d7d4
SHA51286ed28ffdd00b4a397a20968792fcd30dd4a891a187a7789c00c88b64689b334a11fa087eb54ccee813c181cf891b43184dde7af9a6f33caed2a71e2c445a7b4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Trust Protection Lists\1.0.0.21\Sigma\SocialFilesize
35B
MD5976b1cf7e3442f88cd8ba26d3f0965bb
SHA1b75438dc71de4ac761d94a215ddbffadcd1225b0
SHA256decde67630f29fc003cb1f2ccbd7371a05079985a9cce93ec93c4fadd8dc5541
SHA512d0472fed72e1eb0a7747a693a0e654fbe92dd028db3cc42377810d90474dd4099ac981cca333eb52c18e75ed04a1f1f79f3bf5957fe8b16086f1252b3454b8d5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Trust Protection Lists\1.0.0.21\Sigma\StagingFilesize
519B
MD59ca5eb41a53645be63d247ad8a9a7869
SHA12e98b04b5a2efb04d20bc7fe51b05c4e4841205b
SHA256f67c58a61ddef715b01debc66ddc0e3c365295ac9870328f6b8bdbcb02a6b8c9
SHA5127dd7d295ccce957490f025eef124b22c809f140a96003126b801bbbdd94eb2115ee59e7d16dd1f020b1d6eaaff66853b9de2cbf7092c1692f40dbe21ab346fd8
-
\??\pipe\LOCAL\crashpad_4656_XKEAXCMXBJSMPKGLMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/456-141-0x0000000000000000-mapping.dmp
-
memory/1096-158-0x0000000000000000-mapping.dmp
-
memory/1136-133-0x0000000000000000-mapping.dmp
-
memory/1768-147-0x0000000000000000-mapping.dmp
-
memory/2216-163-0x0000000000000000-mapping.dmp
-
memory/2324-149-0x0000000000000000-mapping.dmp
-
memory/2504-162-0x0000000000000000-mapping.dmp
-
memory/2568-143-0x0000000000000000-mapping.dmp
-
memory/3044-151-0x0000000000000000-mapping.dmp
-
memory/3348-160-0x0000000000000000-mapping.dmp
-
memory/3536-167-0x0000000000000000-mapping.dmp
-
memory/3608-165-0x0000000000000000-mapping.dmp
-
memory/3896-152-0x0000000000000000-mapping.dmp
-
memory/3928-153-0x0000000000000000-mapping.dmp
-
memory/4476-139-0x0000000000000000-mapping.dmp
-
memory/4580-156-0x0000000000000000-mapping.dmp
-
memory/4632-131-0x0000000000000000-mapping.dmp
-
memory/4656-130-0x0000000000000000-mapping.dmp
-
memory/4660-134-0x0000000000000000-mapping.dmp
-
memory/4808-145-0x0000000000000000-mapping.dmp
-
memory/4852-136-0x0000000000000000-mapping.dmp
-
memory/4888-154-0x0000000000000000-mapping.dmp