Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

1

URLScan

urlscan

1

http://23b44553.orso...

windows10-2004-x64

4

Analysis

  • max time kernel
    293s
  • max time network
    300s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/04/2023, 08:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://23b44553.orson-consulting.eu/?id=flying-lama.com

Score
4/10

Malware Config

Signatures

  • Drops file in Program Files directory 2 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell start shell:Appsfolder\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge http://23b44553.orson-consulting.eu/?id=flying-lama.com
    1⤵
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2416
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-redirect=Windows.Launch http://23b44553.orson-consulting.eu/?id=flying-lama.com
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:1164
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9578f46f8,0x7ff9578f4708,0x7ff9578f4718
      2⤵
        PID:2352
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,1473013533845279967,5385165965043715112,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:5092
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,1473013533845279967,5385165965043715112,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1960 /prefetch:2
        2⤵
          PID:3560
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1936,1473013533845279967,5385165965043715112,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
          2⤵
            PID:3844
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1473013533845279967,5385165965043715112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1
            2⤵
              PID:1960
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1473013533845279967,5385165965043715112,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3680 /prefetch:1
              2⤵
                PID:3516
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1473013533845279967,5385165965043715112,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
                2⤵
                  PID:3124
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1473013533845279967,5385165965043715112,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4448 /prefetch:1
                  2⤵
                    PID:1728
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,1473013533845279967,5385165965043715112,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 /prefetch:8
                    2⤵
                      PID:1672
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
                      2⤵
                      • Drops file in Program Files directory
                      PID:4176
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xd4,0x10c,0x110,0x180,0x108,0x7ff636e05460,0x7ff636e05470,0x7ff636e05480
                        3⤵
                          PID:4044
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,1473013533845279967,5385165965043715112,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:4512
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1473013533845279967,5385165965043715112,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
                        2⤵
                          PID:392
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1473013533845279967,5385165965043715112,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
                          2⤵
                            PID:3920
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1473013533845279967,5385165965043715112,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1692 /prefetch:1
                            2⤵
                              PID:4928
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1473013533845279967,5385165965043715112,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:1
                              2⤵
                                PID:3312
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1473013533845279967,5385165965043715112,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
                                2⤵
                                  PID:5040
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,1473013533845279967,5385165965043715112,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2408 /prefetch:2
                                  2⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:1220
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1473013533845279967,5385165965043715112,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
                                  2⤵
                                    PID:1544
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1473013533845279967,5385165965043715112,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4480 /prefetch:1
                                    2⤵
                                      PID:372
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:1728

                                    Network

                                    MITRE ATT&CK Enterprise v6

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      462f3c1360a4b5e319363930bc4806f6

                                      SHA1

                                      9ba5e43d833c284b89519423f6b6dab5a859a8d0

                                      SHA256

                                      fec64069c72a8d223ed89a816501b3950f5e4f5dd88f289a923c5f961d259f85

                                      SHA512

                                      5584ef75dfb8a1907c071a194fa78f56d10d1555948dffb8afcacaaa2645fd9d842a923437d0e94fad1d1919dcef5b25bf065863405c8d2a28216df27c87a417

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      d2642245b1e4572ba7d7cd13a0675bb8

                                      SHA1

                                      96456510884685146d3fa2e19202fd2035d64833

                                      SHA256

                                      3763676934b31fe2e3078256adb25b01fdf899db6616b6b41dff3062b68e20a1

                                      SHA512

                                      99e35f5eefc1e654ecfcf0493ccc02475ca679d3527293f35c3adea66879e21575ab037bec77775915ec42ac53e30416c3928bc3c57910ce02f3addd880392e9

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5c9112cc-418d-4a31-bfd2-74612e38d20d.tmp
                                      Filesize

                                      24KB

                                      MD5

                                      130644a5f79b27202a13879460f2c31a

                                      SHA1

                                      29e213847a017531e849139c7449bce6b39cb2fa

                                      SHA256

                                      1306a93179e1eaf354d9daa6043ae8ffb37b76a1d1396e7b8df671485582bcd1

                                      SHA512

                                      fbc8606bf988cf0a6dea28c16d4394c9b1e47f6b68256132b5c85caf1ec7b516c0e3d33034db275adf267d5a84af2854f50bd38a9ed5e86eb392144c63252e01

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
                                      Filesize

                                      70KB

                                      MD5

                                      e5e3377341056643b0494b6842c0b544

                                      SHA1

                                      d53fd8e256ec9d5cef8ef5387872e544a2df9108

                                      SHA256

                                      e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

                                      SHA512

                                      83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
                                      Filesize

                                      2KB

                                      MD5

                                      2546bb19630be512ba6bb2031b3d673e

                                      SHA1

                                      8229860e1b4b4455a160edc4070c5f169d6b471e

                                      SHA256

                                      d18f9a27d2da7c9c41c952678cfc7935a26897d144c59e5e707cf8b07c0c6424

                                      SHA512

                                      757da8c591b867ea7420f872ae50bee20e15f90b102f25ea1c46bb6b3c0bc670a7d5dad4730c1041fe8ca6ec9f9dc8b7f2c7f9fd18eaf826a23677629761d9bb

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                      Filesize

                                      111B

                                      MD5

                                      285252a2f6327d41eab203dc2f402c67

                                      SHA1

                                      acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                      SHA256

                                      5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                      SHA512

                                      11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                      Filesize

                                      180B

                                      MD5

                                      00a455d9d155394bfb4b52258c97c5e5

                                      SHA1

                                      2761d0c955353e1982a588a3df78f2744cfaa9df

                                      SHA256

                                      45a13c77403533b12fbeeeb580e1c32400ca17a32e15caa8c8e6a180ece27fed

                                      SHA512

                                      9553f8553332afbb1b4d5229bbf58aed7a51571ab45cbf01852b36c437811befcbc86f80ec422f222963fa7dabb04b0c9ae72e9d4ff2eeb1e58cde894fbe234f

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      4KB

                                      MD5

                                      c26466a97d665e0b173cd3827bda0075

                                      SHA1

                                      770a3e4ca4c74d8767efed5a911613aeff412f5b

                                      SHA256

                                      045a02537c0d70f1bdf3311ab7c9fba6b2037e46d1dbb08da1a4a8342f0659a8

                                      SHA512

                                      6cc93b9648db8fe4d52c4851429216b2f1220edd93276cbf60241727d359083f5db7666658c0335b5ece83f61c7f8f474615b5431825f7955d4870bbb796e4aa

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      5KB

                                      MD5

                                      216d275242f8c5d4c6b3fe2e5debbd86

                                      SHA1

                                      5ebd69d78d580063dbaf86ecfb4e52f47bffdf1a

                                      SHA256

                                      9af8d144238654bf536432b0a750a79df3ae5e435f25976989a958b0edd36672

                                      SHA512

                                      35f1a59a688bedc68054520246ec24833095772c8d6d32df457fa93c8ea7eaf871628b4dbfef92ae27c86a8970b616dae2ed636a12e747f5fe0f6219348894d9

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      5KB

                                      MD5

                                      4cab63911f016bf140a00677dd726b30

                                      SHA1

                                      2b248239f29cdd1a4fe25b28bc084e8ec11752dc

                                      SHA256

                                      7d541d2d09cd250ec76d467b9cc1cfcf61b18aaad2536324439304dff4e62f3b

                                      SHA512

                                      b693b642b9a6fe90dbdaac48f99a710446af4eee6925ad49616648306b3c8afac23a151cbfa19bdc1516c4ec34fa71cd5e962c7db951e286e29e59305ac1a2d2

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      206702161f94c5cd39fadd03f4014d98

                                      SHA1

                                      bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                      SHA256

                                      1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                      SHA512

                                      0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
                                      Filesize

                                      41B

                                      MD5

                                      5af87dfd673ba2115e2fcf5cfdb727ab

                                      SHA1

                                      d5b5bbf396dc291274584ef71f444f420b6056f1

                                      SHA256

                                      f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                      SHA512

                                      de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      46295cac801e5d4857d09837238a6394

                                      SHA1

                                      44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                      SHA256

                                      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                      SHA512

                                      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      10KB

                                      MD5

                                      dbe61fd5b9e8deea172bed145b0562f0

                                      SHA1

                                      5975bdc193441a6a406979cfc004d98624a21705

                                      SHA256

                                      4119f497e3cca2d8e2933bd82204e37909a644a21d8017845a83360a384b856c

                                      SHA512

                                      e32f4a8b9fa4954692c5c0678074345432115bc7e980e0fc787e982ff87cf09549f33553b99fc1f0d5054498c7c8aa37fdade0cfe8ef837284356925828de2c3

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_lefy3vu3.p5h.ps1
                                      Filesize

                                      60B

                                      MD5

                                      d17fe0a3f47be24a6453e9ef58c94641

                                      SHA1

                                      6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                      SHA256

                                      96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                      SHA512

                                      5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
                                      Filesize

                                      3KB

                                      MD5

                                      9095a30c1b6f3c64c8003e88833e40c3

                                      SHA1

                                      b9810130e4f7ee24cdc57dc11b8da1017f85afe8

                                      SHA256

                                      9316c11adebc4ee27e8b5f0eb3dbf8685c407da36f3a1387d7a81fd48936443f

                                      SHA512

                                      adf1d97b990bb774f905261c1332756ade71de4e2ac963c81ec2e16ec09f4a16910444704b3ea37dc9cd30e3a0318ba63a3c225e4a5b1aa4d051fe94686e168b

                                      Download Submit

                                    • memory/2416-138-0x000001D735C90000-0x000001D735CB2000-memory.dmp

                                      Filesize

                                      136KB

                                      Download

                                    • memory/2416-145-0x000001D735D30000-0x000001D735D40000-memory.dmp

                                      Filesize

                                      64KB

                                      Download

                                    • memory/2416-144-0x000001D735D30000-0x000001D735D40000-memory.dmp

                                      Filesize

                                      64KB

                                      Download

                                    • memory/2416-143-0x000001D735D30000-0x000001D735D40000-memory.dmp

                                      Filesize

                                      64KB

                                      Download