hxxp://www[.]msftconnecttest[.]com/redirect

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
10/03/2023, 12:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://www.msftconnecttest.com/redirect

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\bf1f1d94-72e9-4fb1-aed8-67e6593e3d3a.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230310133852.pma	setup.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings	powershell.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4588	powershell.exe
4588	powershell.exe
4708	msedge.exe
4708	msedge.exe
3736	msedge.exe
3736	msedge.exe
4440	identity_helper.exe
4440	identity_helper.exe
7072	msedge.exe
7072	msedge.exe
7072	msedge.exe
7072	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4588	powershell.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3736 wrote to memory of 3616	3736	msedge.exe	87
PID 3736 wrote to memory of 3616	3736	msedge.exe	87
PID 3736 wrote to memory of 3104	3736	msedge.exe	88
PID 3736 wrote to memory of 3104	3736	msedge.exe	88
PID 3736 wrote to memory of 3104	3736	msedge.exe	88
PID 3736 wrote to memory of 3104	3736	msedge.exe	88
PID 3736 wrote to memory of 3104	3736	msedge.exe	88
PID 3736 wrote to memory of 3104	3736	msedge.exe	88
PID 3736 wrote to memory of 3104	3736	msedge.exe	88
PID 3736 wrote to memory of 3104	3736	msedge.exe	88
PID 3736 wrote to memory of 3104	3736	msedge.exe	88
PID 3736 wrote to memory of 3104	3736	msedge.exe	88
PID 3736 wrote to memory of 3104	3736	msedge.exe	88
PID 3736 wrote to memory of 3104	3736	msedge.exe	88
PID 3736 wrote to memory of 3104	3736	msedge.exe	88
PID 3736 wrote to memory of 3104	3736	msedge.exe	88
PID 3736 wrote to memory of 3104	3736	msedge.exe	88
PID 3736 wrote to memory of 3104	3736	msedge.exe	88
PID 3736 wrote to memory of 3104	3736	msedge.exe	88
PID 3736 wrote to memory of 3104	3736	msedge.exe	88
PID 3736 wrote to memory of 3104	3736	msedge.exe	88
PID 3736 wrote to memory of 3104	3736	msedge.exe	88
PID 3736 wrote to memory of 3104	3736	msedge.exe	88
PID 3736 wrote to memory of 3104	3736	msedge.exe	88
PID 3736 wrote to memory of 3104	3736	msedge.exe	88
PID 3736 wrote to memory of 3104	3736	msedge.exe	88
PID 3736 wrote to memory of 3104	3736	msedge.exe	88
PID 3736 wrote to memory of 3104	3736	msedge.exe	88
PID 3736 wrote to memory of 3104	3736	msedge.exe	88
PID 3736 wrote to memory of 3104	3736	msedge.exe	88
PID 3736 wrote to memory of 3104	3736	msedge.exe	88
PID 3736 wrote to memory of 3104	3736	msedge.exe	88
PID 3736 wrote to memory of 3104	3736	msedge.exe	88
PID 3736 wrote to memory of 3104	3736	msedge.exe	88
PID 3736 wrote to memory of 3104	3736	msedge.exe	88
PID 3736 wrote to memory of 3104	3736	msedge.exe	88
PID 3736 wrote to memory of 3104	3736	msedge.exe	88
PID 3736 wrote to memory of 3104	3736	msedge.exe	88
PID 3736 wrote to memory of 3104	3736	msedge.exe	88
PID 3736 wrote to memory of 3104	3736	msedge.exe	88
PID 3736 wrote to memory of 3104	3736	msedge.exe	88
PID 3736 wrote to memory of 3104	3736	msedge.exe	88
PID 3736 wrote to memory of 4708	3736	msedge.exe	89
PID 3736 wrote to memory of 4708	3736	msedge.exe	89
PID 3736 wrote to memory of 3812	3736	msedge.exe	91
PID 3736 wrote to memory of 3812	3736	msedge.exe	91
PID 3736 wrote to memory of 3812	3736	msedge.exe	91
PID 3736 wrote to memory of 3812	3736	msedge.exe	91
PID 3736 wrote to memory of 3812	3736	msedge.exe	91
PID 3736 wrote to memory of 3812	3736	msedge.exe	91
PID 3736 wrote to memory of 3812	3736	msedge.exe	91
PID 3736 wrote to memory of 3812	3736	msedge.exe	91
PID 3736 wrote to memory of 3812	3736	msedge.exe	91
PID 3736 wrote to memory of 3812	3736	msedge.exe	91
PID 3736 wrote to memory of 3812	3736	msedge.exe	91
PID 3736 wrote to memory of 3812	3736	msedge.exe	91
PID 3736 wrote to memory of 3812	3736	msedge.exe	91
PID 3736 wrote to memory of 3812	3736	msedge.exe	91
PID 3736 wrote to memory of 3812	3736	msedge.exe	91
PID 3736 wrote to memory of 3812	3736	msedge.exe	91
PID 3736 wrote to memory of 3812	3736	msedge.exe	91
PID 3736 wrote to memory of 3812	3736	msedge.exe	91
PID 3736 wrote to memory of 3812	3736	msedge.exe	91
PID 3736 wrote to memory of 3812	3736	msedge.exe	91

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell start shell:Appsfolder\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge http://www.msftconnecttest.com/redirect
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-redirect=Windows.Launch http://www.msftconnecttest.com/redirect
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd3a7446f8,0x7ffd3a744708,0x7ffd3a744718
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,6924050327297878011,6829952256496277645,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,6924050327297878011,6829952256496277645,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,6924050327297878011,6829952256496277645,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:3812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6924050327297878011,6829952256496277645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6924050327297878011,6829952256496277645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6924050327297878011,6829952256496277645,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6924050327297878011,6829952256496277645,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6924050327297878011,6829952256496277645,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6924050327297878011,6829952256496277645,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6924050327297878011,6829952256496277645,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6924050327297878011,6829952256496277645,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6924050327297878011,6829952256496277645,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6924050327297878011,6829952256496277645,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1
  2⤵
  PID:5292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6924050327297878011,6829952256496277645,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1
  2⤵
  PID:5540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6924050327297878011,6829952256496277645,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:5552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6924050327297878011,6829952256496277645,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:5960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6924050327297878011,6829952256496277645,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7328 /prefetch:1
  2⤵
  PID:6108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6924050327297878011,6829952256496277645,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7320 /prefetch:1
  2⤵
  PID:6128
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,6924050327297878011,6829952256496277645,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6920 /prefetch:8
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:2716
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff7452b5460,0x7ff7452b5470,0x7ff7452b5480
    3⤵
    PID:1076
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,6924050327297878011,6829952256496277645,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6920 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6924050327297878011,6829952256496277645,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:6192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6924050327297878011,6829952256496277645,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3820 /prefetch:1
  2⤵
  PID:5588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,6924050327297878011,6829952256496277645,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2756 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:7072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2084

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5a10efe23009825eadc90c37a38d9401

SHA1
fd98f2ca011408d4b43ed4dfd5b6906fbc7b87c0

SHA256
05e135dee0260b4f601a0486401b64ff8653875d74bf259c2da232550dbfb4f5

SHA512
89416a3f5bf50cd4a432ac72cd0a7fb79d5aeb10bdcc468c55bbfa79b9f43fab17141305d44cb1fe980ec76cc6575c27e2bcfcbad5ccd886d45b9de03fb9d6d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c1a3c45dc07f766430f7feaa3000fb18

SHA1
698a0485bcf0ab2a9283d4ebd31ade980b0661d1

SHA256
adaba08026551b1b8f6c120143686da79f916d02adbef4a8d1c184e32a19fd48

SHA512
9fc93f01ab4b14f555791d757ffe881787cc697102547c61847552e597e206e70c6d35fedff559c72a0a67d1b95e769095ecb0a8a7d4f07cf58a7a0d57d3e9f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
16KB

MD5
9c6b5ce6b3452e98573e6409c34dd73c

SHA1
de607fadef62e36945a409a838eb8fc36d819b42

SHA256
cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc

SHA512
4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
26KB

MD5
3f3e5176c70a15daa549a047730ce9e1

SHA1
bffa3987be4f3336bf4079759c4059143364f215

SHA256
01748b20204714ba2887166c4eac83bac26bd6e0f01c455014a2419e5277b1ca

SHA512
6c83bea4afcdccba59985a19cc26754a2c37fefa5ebe52ecee5e7c1df4f04eca0ac0aa1c8d91e0168c20383facf2dfea9e66bfe90c86c0f69bd5c29652d5b989

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
26KB

MD5
6f88ca66f71f37f08f23978de69a13ea

SHA1
2c89c319bb4e18588f69a4433eeb717311575895

SHA256
d66cef6c44d2b06900560fb5c7dfd31b940122e78fecd201d3efb9d7a25185c8

SHA512
143a536fe0549007f76cca59c70ef40d213439e208f12e39c9b3a4ef867540d168983191b05eebd6e68677b40599f54663c83487e3de8b19242732a98a41d4bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f3bb424c65ea16a2b2ded5c7fbac82c2

SHA1
fe473ce9b7dc6bff073fac8a443e6b747d47d7f0

SHA256
cf39cead868d34b9f3ac1f7d345a0aa3e4e0e20fcff4f57651401363105e6746

SHA512
66b199633bfc4836cc97acec513fa48a31fce2c4ed632cdcd821fddd27ab269a283421a8b3c6e0240b2bbab7c350b876440ac8015cc4a923b76ff61737d27763

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ab279483589b1cafb267139b0971d3aa

SHA1
f176778ceacf13a97e50830cedfa16b492082b8e

SHA256
3ac34884050d77992c5887d4039fd6749cc86d2ba1a7ea8e5fe63ff096954d55

SHA512
77edddf8ed6632da62fddd238d3126980a305cecbafbdf33c60c8d88499702a1515018bdafd18c009f9cc643720f512c9a2e8e239b7552383f0c1a4b19021dd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe56f206.TMP

Filesize
48B

MD5
f0d8735f3fcd7906bb7b3291a1b7f01b

SHA1
a563aeb576956ab8d21d9cbb7a5ac1a70c7721d1

SHA256
ad4b6414e1827ea04a0b7e43573b0db53e731bfc0fe2192f55456203b9700d57

SHA512
dbf229ced0615585d2432ad690147883ca329057d78d4cb32b617c7b304099dc85ff312e62abadf2dbca31e553dc017061379a1cbf678c0798881d88ad2dc6e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
35fb096e008b4a1ea3944d40f834ef38

SHA1
d0f1d1b663457fdb4d12d36334cc845c990e53d0

SHA256
b904ada98f01ef274c7ad36b9dc367918483c8fb73a10227a8d79c78071d77bf

SHA512
91bb11eacbeeda16ebd1d7a20f08341a8eea94a9ea16aa924ecc4b5859fb8700e8930cbc3584d4443ab19e3f19cb58defd3ed6924f3ba4cab2e60628a5e795cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
0ae8399c6c2f43d76fe1eb3a3e26f71c

SHA1
f6688c16e2542c7e9f6e39331ffd29cbac3b6c20

SHA256
4d0aef10e471ace9ef7e9621d4d10a71c0298276a53ac221434ee3c87c680dc9

SHA512
a23738e7d02274b651a675880ff745b6946bfaca6bd9195171918bd0c5fb393a20639f60e2067c299faba6827ff7c0ef4e6d659d35accf437e56bee6e41fc0e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
a3c6b89bce3e70e914a1ac9cd2577339

SHA1
399d42442ec66bc1db73904aa5416c79219a0059

SHA256
25e1cba0654d0935527df1e5107c797e5d6d538568b86c5c8aed864a696ef699

SHA512
85338ff614727f0ed9a4b27c562a7f4b01a1992bc8b19e58ba3840bd6c1bc74d9b4a27f511c6b6adcaa2f15f453038dfe47a1fa010263776c5f9a71c3406bea0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
767a0c3d7c33abf6a2f48c715a75484f

SHA1
2c73cace2e79f5b7b5037590115ad77cd7e58da0

SHA256
b9fc169b715644ee0ae6f1c27ae6c46bbaeeb3050806b015aae8f5c05a12b383

SHA512
beb32797013542ee6c7c9cace8c25c2913420d5e3c2c116e9a10873ceb86549646be934ddfd7665de51e4b9c40e3789b8bb5b0f07c6c7d785dc9275fc95e6d21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
951dfc6e5cdaeab6dc55b8e90fb76883

SHA1
abdb6dadddd41da6c096eb47e96a6a304522ae27

SHA256
ff6258c3dd4ed17322396a7598cb8ff23f59c43f28803854c5c66aa913af9580

SHA512
653dbfe7e12a1b21cd58dac85c16155213345614d3c98df2be418b5df6b33c907b506c5fb02182d9d8a709769959cad298e4b3046c09098a6cb3cf99e86173dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
4c00581d86af860e4a4678d94c75532a

SHA1
120ead1be7c103714abe4745be5ce812b94e1d5a

SHA256
ce7f131404147cb32a568efd4bf0d0094a6ff4888d6e56ba77055f82e350b41e

SHA512
fbff3bf06a7cc661726c38270fe6ecdbf3a4f5653ffa65125d7e0b07556909707dd8019a37138d064e56f570bec48a72b342e0cd568267765a74745292a3cd4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
5edab6d3ffbeee247ccb4423f929a323

SHA1
a4ad201d149d59392a2a3163bd86ee900e20f3d9

SHA256
460cddb95ea1d9bc8d95d295dd051b49a1436437a91ddec5f131235b2d516933

SHA512
263fa99f03ea1ef381ca19f10fbe0362c1f9c129502dc6b730b076cafcf34b40a70ee8a0ee9446ec9c89c3a2d9855450609ec0f8cf9d0a1b2aebdd12be58d38c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c1eb0cde2406b6af565f825dcd492589d40ab644\a69a02f8-e9fb-48e7-b89f-ad45952aa130\index-dir\the-real-index

Filesize
3KB

MD5
9b5a79ab4a29a28bf1a6ef774e3529d5

SHA1
a3785054f078ceef53b36032b04fe7c50d3a24a0

SHA256
b750523ddda8c0797b577b1390618a5ac582ee8e7796469fc4bddbc65bf973ea

SHA512
c46fa44f2fe406fb428d6c2f0688f725f9a4ada7adb3c5f769d7019adc6535d25faa456946fc83b637beb580462e4d34731520131a7018e71cfc8374a2b7cb03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c1eb0cde2406b6af565f825dcd492589d40ab644\a69a02f8-e9fb-48e7-b89f-ad45952aa130\index-dir\the-real-index~RFe570dea.TMP

Filesize
48B

MD5
7ddb53e067f1cac6c9d4b9163c103192

SHA1
36a5f20c12235533f42034c57ed3f994aadcf589

SHA256
843303c78e124218aa74d7b5c1cbb2f980434393f5d7d7e95cfe6a2f8b34b8e8

SHA512
e645f673c24855b6554abd1d5fb8aff42d9a8ebce8648b18fc940d28218991552055d08d9d0ce4539937ecd8c3f1967c14b377661b885410335f184824bbffe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c1eb0cde2406b6af565f825dcd492589d40ab644\index.txt

Filesize
93B

MD5
f092fc3598aabea8a5ff8261579adf23

SHA1
a7684197b9829ae570f7ff821395a9b2de46f7bc

SHA256
085a7e59abaa4ff6f3e8a7cdfdc160e220c574071189a68e9f98d53bad1d6f3c

SHA512
513118e3fb5a3aede749ac9cc3d6571cde5f0f3ac7450e25fc87782667214d1952df0dd7cc6b5c18633110fd0dffb92a7e9363c4fddd2ef044d6371fca9c0d07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c1eb0cde2406b6af565f825dcd492589d40ab644\index.txt

Filesize
89B

MD5
78a3a1f9c95aa061dd84224b1f99ffc7

SHA1
3fd58e017a947ab9b220fdc94e9e3c74631530df

SHA256
00b63eedc1a5288fc0fda1bcf139b966188891a5801770acc15febb699fd300f

SHA512
6a4c63191965e7e8e82268748547750d330af1a8dae043417155c5debd375a8df5d9882e92706111de191240ff12483196640f23093ae1093973ba34788d156f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
c718e4765b236916b2753127eca3ff69

SHA1
31bc132f9205ae03abb10ddb35dde9550f71a086

SHA256
928ee131116f387b38ee65c64dcd9dbe3af89f23647d71e417b4c27f6734ca0f

SHA512
1efa44a0dd23a174bb270b79096504120d7f13c8a20d1197b25378b89e437b33587fc8ae17219e021ef2972a7749371d13b67df43a1b07c45c8d96e7f1c9c484

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe56d110.TMP

Filesize
48B

MD5
df5640a288c7590663ef8c41c737dcc1

SHA1
5b84f707a27414a956653e23c948a0c9e80004df

SHA256
232b3800c6d5bd1c47e5a9e92d2abdb9d7f08965807cd16e7f30b505ed2b2b21

SHA512
c68dcdaca611592eca6c7105f3458daf423d3cf0e16d0823a1cc03bc4b6dfa99532bb85c723baca1352001dfbd85df1a4b4681ad13e233a4cb53115d87baf389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3abb7e428a0325fc4bc8b48fb4444561

SHA1
df59f5f3b0ef3f59db6b7a16d854427a70c013f6

SHA256
56a8742c37e8d81285508d1dc0b1db16817b2d5386f9e3a13f3c0d21be34e812

SHA512
97e68e7748ba24f41c0620a70233137061b7ec3c6ecdb34e3c439b4626c3ded3759fe652e61b8a5f14307c2a9f356ce6d0cee65efcdc967faa19c9961bf72021

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e955e158b7a5521444dcb917472732b5

SHA1
8c25715767dd02ca28164828a3f617af3f3aeda0

SHA256
41079dda8983f09dbe8dc7ef29a55b7792ec0ef3677dc800509339b25b4b24e9

SHA512
f396bc9142587d000a6d20e61736e3505ae4fa3a215eddb1888340f033abaa84f4aa58f90eccb25d7d5eddbc6840d111dc419dbc7d494967c0cfa445144e6356

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2bb33b6a538cc6d85ebad8e58c32ea3f

SHA1
97f0d111585e5e998753db2842f3af83eae85653

SHA256
a205158bcf7e518056c2c2673f5b95c0cbaa2d033e5d6464d1aeaa42d21a0640

SHA512
66dd04f5be2ba1c27f090bd2a446625a78173069670261a4b226d7a336d37d8b01878db41cd5def7c5b208d24a8cec8e1e2603fbbfa385dc07b70e1a795a2fe5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
bc395f85c281ecc8c17541f5f1284014

SHA1
30d1b67a9f5db0c7220bbefaf2cfbdea844a2e1e

SHA256
01f0734cc5ace47b14a617a4732584a295129e46aa98ffc61cae710803254546

SHA512
821abb7a33b936bff10e55113f01a6cb9fe77d03e11ac6232f2266704748ac9c50860c1bf79dec7191430991cad794176f0faf21a7367e7126d11dce58415b27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
62732dbe7e67deb12f129a7e1877bf3a

SHA1
d644b8e39c9232c6555e5514801080342711560c

SHA256
5c88343fb9389c36dcecaf68324e1c12b60d83afdc282e7e4246a0de95499ee1

SHA512
41a782477f9b7a4a29b9b135d2e3088fc5f493a449fdfb0f534cfce08ccc88f5acda96065f23400dd1dff617ee9153e4259114dc6e8905ef00d641b54260b995

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5c6aa84d0778b2675bf16d86f547d4e6

SHA1
a01d0383ce3cb53c07138d0a80995f954fc3b725

SHA256
0ef005d92152c7399106428a9a923045727c53b16a07e8763623c2fed9fe03cd

SHA512
e233781492604f844eb89c6b4e398bed36e48d903d5b585a8d698359d96f8dab6109621bafc69b1846c1124acd7fbd7d9fa9a6f70923316e0abae9d99794f48d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e6c26ec5b8f9027805434829f485101e

SHA1
65831258065d89bac27b0376faa2097c06f55bd7

SHA256
2d6f414719df03ee5567df1b596b4c52e360eda590dd31a11615772a44bf6c15

SHA512
b56a5a2d88968b1a09c60e269914ac5a244158ace0acd85cdb35d81b85dc8a902b5377fd2b5b057b3a9b6e871427a8d6fbd06c2771f4e9597fa526a383a2b64c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
3ad709e5b2a579b90bc22965a61701a4

SHA1
a641036075d0deab89384eb69fc3aef3ba07db2b

SHA256
11964155a0b32b4f150800e5fd0399aa4628166831bc2caec6471e10eca2e945

SHA512
86a1291e19697242e33551fcb6baa885d9ba9e96556714e53517e7716e02609dcb572526d1f6410edfaf17a70da6cb45300851d47fadeb0f125ccd0b666423a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5d04d24580514c14219c254fad8e59ff

SHA1
e91fc321cf5cac560a0bdadcf207632662dac8b5

SHA256
3ccdcd1bc448bd6148f8b7e1e362ae254ea50bc53683c17b02f82387e0cf71d4

SHA512
e1762386dbba064161eba2c58f869ed0dd565267b7d199fc23112a5fd18838622c678338ccf3fc01e490a7d8059d4e681b148c771ad8496471ecf64af00c1f23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5a8e127cce1788494f179d465d1159ef

SHA1
1940419131f909da7f19902e51532e4734d26c0f

SHA256
2641746771bc208e46118b3968cd7e1fa22a6f78c454777c7cfa4de758c10e43

SHA512
1a8b479bdcbca2a95ce36dd6359242aff9be9f9365d175852041125aada22aa7b49c143411994df12bf795a0e44c59782b0a74aa55a4ec563a6193037dc039db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe56c6cf.TMP

Filesize
1KB

MD5
460207278f30e1a5327ee01550c7fe94

SHA1
306d40f66832ab407b928acd863261f78d769c73

SHA256
8d8429a9b028e0ee3dc8b551c4a332bd7c39d58536ee3629f5db0a739cc93969

SHA512
41f85be4c62ab017f832480b490fd18e3e0231d9614e3c3acdbac78919deadcc5d609dbda2888a16199ce1653d4b4cf9f91fa34a0716d2091e74d17dece52b51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
d4574e609fb83bd3f6b35ed3f0b0c349

SHA1
59960c8208af82a8e9a74c65ee021c5d2bebbf12

SHA256
00baf1da78b731df7fdfb3f542d31c668e565aec3017038e772d90f37cbab76a

SHA512
7d698a990372470f800701feb2f061ea296e4b51e3e57832663cb8c0016aa2ec86dcb35bf7fd777ff6351d683ff7043ee0c6cc914ffc1ea7552cd6248f60c70d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
422f5ea615d69c1628d6bc1ab3b1ea72

SHA1
4fad6e1f0e7e7964a0bd6d3c4fd3be64a85fbe35

SHA256
cb078f9358e7a9c0e07f6ebec96d2a6a9f6de12c8ce8d3d45ab868bee8c7be8e

SHA512
b70befea7e92d44e73effd36bbe8528c17ef2ab00d400c3d307b71aede46b8cc2b57d96bcffe29dcaf6900d07f692e32566840b5071e107e27fb5f5a1fdecfd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_l1fmsy3c.2h0.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
efa57e00305fce34c0dd19655af722ea

SHA1
0a30422cc0ab03be379633f83ffbf4819baaa09e

SHA256
17ddb5b8e0eb9dc987f7b490854aa0beaed3b8645173a6be9ca6ca90c53c14d1

SHA512
261a196c02fff03c73831e69a5dcb2ce43a9636037052e278ab2ad7f5ff70dfffc0263b838117836594ac52681d169b425c2157ae5105d37cd9ad4a5ab0b6f44

Download Submit
memory/3104-160-0x00007FFD57DA0000-0x00007FFD57DA1000-memory.dmp

Filesize
4KB

Download
memory/4588-144-0x000001ED61F70000-0x000001ED61F80000-memory.dmp

Filesize
64KB

Download
memory/4588-143-0x000001ED61F70000-0x000001ED61F80000-memory.dmp

Filesize
64KB

Download
memory/4588-133-0x000001ED49990000-0x000001ED499B2000-memory.dmp

Filesize
136KB

Download
memory/4588-145-0x000001ED61F70000-0x000001ED61F80000-memory.dmp

Filesize
64KB

Download