Analysis
-
max time kernel
106s -
max time network
111s -
platform
windows10-2004_x64 -
resource
win10v2004-20230221-en -
resource tags
-
submitted
23-03-2023 08:54
General
-
Target
https://drlindawong.com/xzd/#cGFibG8uYXJlbGxhbm9AY2xwLmNvbS5oaw==
Malware Config
Signatures
-
Drops file in Program Files directory 2 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 3 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell start shell:Appsfolder\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge https://drlindawong.com/xzd/#cGFibG8uYXJlbGxhbm9AY2xwLmNvbS5oaw==1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-redirect=Windows.Launch https://drlindawong.com/xzd/#cGFibG8uYXJlbGxhbm9AY2xwLmNvbS5oaw==1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffae60f46f8,0x7ffae60f4708,0x7ffae60f47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,7452319128785743604,287931849615647474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,7452319128785743604,287931849615647474,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,7452319128785743604,287931849615647474,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7452319128785743604,287931849615647474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7452319128785743604,287931849615647474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,7452319128785743604,287931849615647474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings2⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff6759f5460,0x7ff6759f5470,0x7ff6759f54803⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,7452319128785743604,287931849615647474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7452319128785743604,287931849615647474,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7452319128785743604,287931849615647474,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7452319128785743604,287931849615647474,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7452319128785743604,287931849615647474,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7452319128785743604,287931849615647474,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7452319128785743604,287931849615647474,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7452319128785743604,287931849615647474,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD55a10efe23009825eadc90c37a38d9401
SHA1fd98f2ca011408d4b43ed4dfd5b6906fbc7b87c0
SHA25605e135dee0260b4f601a0486401b64ff8653875d74bf259c2da232550dbfb4f5
SHA51289416a3f5bf50cd4a432ac72cd0a7fb79d5aeb10bdcc468c55bbfa79b9f43fab17141305d44cb1fe980ec76cc6575c27e2bcfcbad5ccd886d45b9de03fb9d6d7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5c1a3c45dc07f766430f7feaa3000fb18
SHA1698a0485bcf0ab2a9283d4ebd31ade980b0661d1
SHA256adaba08026551b1b8f6c120143686da79f916d02adbef4a8d1c184e32a19fd48
SHA5129fc93f01ab4b14f555791d757ffe881787cc697102547c61847552e597e206e70c6d35fedff559c72a0a67d1b95e769095ecb0a8a7d4f07cf58a7a0d57d3e9f4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\953b7a6d-52ea-4156-85b4-444d7151cff5.tmpFilesize
6KB
MD5fa62de4e7e506b69a055262de5ad908d
SHA1463ddf50111bc2e9f138e96c17fa70e92abd731f
SHA2569bfce9e47921231b9dc183783e5c20ed96e3b45e5a03b394cf701e93909fc605
SHA5129ddca06dfa1b0a8fdb750a9d4c6b0aae7958be61e6ff85309637d1a99f8254fee12f75e3bce7bc326a5bb2e126b6bc9e874a4167bd2d5d9dfbb449cdfa3a3e8d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000aFilesize
30KB
MD5588f010c0aa12a16be80141d1c0e105b
SHA11ec1237a7bde6046822d78adc7005fc52c01a62b
SHA256da792c99188b907f0d275c6fc01c561d37ed02d87207f804d3b5bccc9c3ec179
SHA5128837918683339fe8dd26dcd5e829e912e702a1c3eeb62461e9b08ddf4c89d5965a592f3a91053ee41523c088b7c3c772107d31786b8ef4dfc37dab79565d11bf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
360B
MD5a3df1598cd49c8739e1f5e1f7f68be16
SHA13d2e7e00db17d8ae0ccc4a9f35f2549df88f7704
SHA25622ce63869eba53fa4d1a14f17cb79b8216ff2f595517fc88fb291ec9d9054b5c
SHA5120b0b60c3255be0c66b3eaf24ad8f99a12893c34616c54f8db778fcb074fe474258715d8ba7999b9100554c223a1c82d2dc90a63fcd35d191c11aa7ec6d5f8c47
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
288B
MD5d514027ea04c107a85a5af3a974eb2de
SHA1310d05f6e388c9f5f43ff1f06afe6e35753f9d1b
SHA256b28b6453e743bc77058b12dc9ae3b5f144714d47362e2404571d6b8426b3be0d
SHA5121f5a285bf5cdb186d6b18e8a94211bfc8a4a70b761afe54439702eb89522be42827e853785743fc7961e9b2337a49d7f76222bc9444b562cf5d5e3b415554a32
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
48B
MD5cd55d144e65389cdc908dc5c2f8679f5
SHA1862782a197d47c58d13883cb73fceb82c73ca5fd
SHA256e74c2f082952ed26dd67863ab0ee6b3ff5c74701a179dc14707f4cb046c3e7ce
SHA512a27dc35ef749b687b2534fa3266bd1e308c1abd1f818b058fdf88848ffb0b3a8413bfe93536ce99044b6791384e1abfcc7d9b2a0b3444285abf2b5db81404ce3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.icoFilesize
70KB
MD5e5e3377341056643b0494b6842c0b544
SHA1d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA51283f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnkFilesize
2KB
MD59006b0a766d50f505648a1b8a653cac1
SHA1d13e6ef47a1974213afeeb661ee9da997612b9be
SHA256533d164a890dbd2622c51b7285f2d85c91631e9f1c577a7f06af6ea3c49a9af4
SHA5120145db9e4cbba20175cba22a38561e93056ced966e7b5c8444dae13d8f69ad5c7bf428bda600d5c132fce50e25f926e28e8424ddd6b15dacb453ca33c8e2a269
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
1KB
MD51c8dfcec7e59b2ad818a676ced92cd5f
SHA10032bff659bc3ae2117083cdc3eb59c3540a2b72
SHA25603a81a4e82e46e193a7e8cb40bd41ce8c1b89d44cb978218b10a3d9180bed551
SHA512c8f10eef43406e3ac0259a06421ad30db3e205b6ebd18523594836f5c53ea43fca902e8e6131aaf1723f18560635cf91a2dbe700977a947fb83213491eb84b09
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD559eb5ef4c02110908dd16b277ff3569e
SHA14888453cd61d1ba62575609e3267c750a36b3228
SHA2563cebf7ab60f7160e614c9df9e2052bcf80fb0e444bcd92e57c0f1c34f09329e1
SHA512d92d419142114535dcfe0ffc6d0ac710c7764541e21a300d08342add513a6a33b170de0fabb88b3e06bd33d259a34bba8bee70ddcf1643541c4d8b15137ba91b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
4KB
MD509651947d1222007efd3116e19c8bca8
SHA12bf3b8d7cfb486e3ffa0e8da0502a0559bdd3a06
SHA2567905253f0a9a68417dfb335b49d9690c83aff8d206756d5af364c7c85765ebfb
SHA512c05c9f85fb140657940af942fd63538f3451c7ce0b6e091005df8189688bd84b07b8e64b786de4c3f44d515b227819188d32ab3a908d3cf1f1bb36ea7c0b4ce5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD55400235c163ca3dfa7c0364f16087731
SHA1d92598b43fbe68bd275a0865a9f36262883faecd
SHA256a70bf5a3f8ed622b4371e2592a4c48933dfc59f59df9a2ebfeee7e9d75ec7b9c
SHA512bd69e368a61be57b48f77de7acc11ee4ad4052974eca4da4366feec7c7635db3bf07a020452d0454f10f6bad551e0cbc40f6091a078229cd2d3cb8ab3e024319
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure PreferencesFilesize
24KB
MD55edab6d3ffbeee247ccb4423f929a323
SHA1a4ad201d149d59392a2a3163bd86ee900e20f3d9
SHA256460cddb95ea1d9bc8d95d295dd051b49a1436437a91ddec5f131235b2d516933
SHA512263fa99f03ea1ef381ca19f10fbe0362c1f9c129502dc6b730b076cafcf34b40a70ee8a0ee9446ec9c89c3a2d9855450609ec0f8cf9d0a1b2aebdd12be58d38c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
203B
MD58fac4b414cc8d76ec14cadadc684c0ae
SHA1767a58ce5d34780430e1a215364dcb75642d0b85
SHA2566bab46beb6ab41cea17d9f3df236fed8e6b2018b18cf54149c163a055a8f57c7
SHA5126a85e571e27c8d829ba01fc4bdc5e9c2273358502c735c8fca0656042a896dcc230fed62c775abc3356e0b9d9938e15f0ac4897c49c40ec2de76c6697fa96f9d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe575f66.TMPFilesize
203B
MD5223011d73517b1f2d13ea0890ea16041
SHA1d82fe2c47879e1e34d2086e13ef18be0e6550b62
SHA2562e88510bbe9b1c9c3e0840264b85f77f84eb9fb502ba8de65fa862f68eb922be
SHA512e1f4b7f6db0bea96a65b27c4cb8d424160d44684b727c6e435c10b2015e1c60a6eb055112ef66d83b87dd89d2ab7c5b6aabba2e017a19dd4c0fec3f71506533a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
10KB
MD5f18edd4c026d02170472d7366359ae6d
SHA1d3f1047b7e1da4c0c8e969ac1797cc8f9b9283ce
SHA25659ab223393de2c54e6da075aaa0feccd145d7f2b230880a82e0c06e4c83d170c
SHA512b6465e063d62e2f397ebf17d7248e2a9d0a2280cc36495b64e090a05a24bd806fc15d377b22547fbf0f12831206281a1590bb40977f2b6f2c4be28851dde1d2d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD5710d6102edcf25c8f31a19df3198d292
SHA14f1762b49ec51eadc7868082cc0005c20f44f45d
SHA2567e326b6c0a68ab86fa0f8a32dd8daec192fac7c3fa6dd677806db3ebc69e1618
SHA512ecf1f880e4c946b073d358254d4bc8e754eb886511d0d0efd8d100ca6bc83fd638dc37bef33c01caaea9dd32cac37b9676e17f687edc197ec7265d42fca9ac3a
-
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_1yikaqdz.3qy.ps1Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-msFilesize
3KB
MD5923c7edaffa5b7bc1278e70905c13f82
SHA1f45744b8311565656271f57071c9bdbbbc51b6cc
SHA256295b61e5c2e9864efc3941a6b2cd24b8a79fc69865c5f20224f0e2475fb8f934
SHA512b192f0df674c01f77c7a945c95bfbd6a66aeb62a7297b43a55ad38105ce38ca49389cc82a458e75926a4fc92cc5bfaaf7edab960f45404dc80305ba6b3aa93d7
-
\??\pipe\LOCAL\crashpad_60_PVESSAUSSFDFYLGQMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/4832-143-0x0000021EB65B0000-0x0000021EB65C0000-memory.dmpFilesize
64KB
-
memory/4832-147-0x0000021EB65B0000-0x0000021EB65C0000-memory.dmpFilesize
64KB
-
memory/4832-146-0x0000021EB65B0000-0x0000021EB65C0000-memory.dmpFilesize
64KB
-
memory/4832-142-0x0000021ED1750000-0x0000021ED1772000-memory.dmpFilesize
136KB