Overview

overview

4

Static

static

1

URLScan

urlscan

1

https://kekwltd.ru/e...

windows10-2004-x64

4

Resubmissions

03/05/2023, 16:16

230503-tq9jvshb9y 6

03/05/2023, 16:13

230503-tpk5wafc58 4

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/05/2023, 16:13

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    https://kekwltd.ru/exodus/app.asar

Score
4/10

Malware Config

Signatures

  • Drops file in Program Files directory 2 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 28 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell start shell:Appsfolder\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge https://kekwltd.ru/exodus/app.asar
    1⤵
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4924
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-redirect=Windows.Launch https://kekwltd.ru/exodus/app.asar
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:4380
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffbc12b46f8,0x7ffbc12b4708,0x7ffbc12b4718
      2⤵
        PID:2604
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,17955639217714382492,9219061740707883183,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
        2⤵
          PID:4780
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,17955639217714382492,9219061740707883183,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4804
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,17955639217714382492,9219061740707883183,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
          2⤵
            PID:3348
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,17955639217714382492,9219061740707883183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3652 /prefetch:1
            2⤵
              PID:4852
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,17955639217714382492,9219061740707883183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3640 /prefetch:1
              2⤵
                PID:4440
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,17955639217714382492,9219061740707883183,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
                2⤵
                  PID:2732
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,17955639217714382492,9219061740707883183,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
                  2⤵
                    PID:3280
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,17955639217714382492,9219061740707883183,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
                    2⤵
                      PID:2760
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,17955639217714382492,9219061740707883183,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
                      2⤵
                        PID:4348
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,17955639217714382492,9219061740707883183,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4040 /prefetch:8
                        2⤵
                          PID:2128
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,17955639217714382492,9219061740707883183,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
                          2⤵
                            PID:4132
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,17955639217714382492,9219061740707883183,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6428 /prefetch:8
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:4340
                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,17955639217714382492,9219061740707883183,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6676 /prefetch:8
                            2⤵
                              PID:5044
                            • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
                              2⤵
                              • Drops file in Program Files directory
                              PID:4004
                              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff7589b5460,0x7ff7589b5470,0x7ff7589b5480
                                3⤵
                                  PID:1208
                              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,17955639217714382492,9219061740707883183,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6676 /prefetch:8
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:4416
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,17955639217714382492,9219061740707883183,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5580 /prefetch:2
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:5056
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,17955639217714382492,9219061740707883183,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1872 /prefetch:1
                                2⤵
                                  PID:4892
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,17955639217714382492,9219061740707883183,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3776 /prefetch:1
                                  2⤵
                                    PID:4556
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,17955639217714382492,9219061740707883183,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
                                    2⤵
                                      PID:972
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,17955639217714382492,9219061740707883183,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3884 /prefetch:1
                                      2⤵
                                        PID:484
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,17955639217714382492,9219061740707883183,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:1
                                        2⤵
                                          PID:4668
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,17955639217714382492,9219061740707883183,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6176 /prefetch:8
                                          2⤵
                                          • Suspicious behavior: EnumeratesProcesses
                                          PID:3748
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,17955639217714382492,9219061740707883183,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
                                          2⤵
                                            PID:4204
                                        • C:\Windows\System32\CompPkgSrv.exe
                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                          1⤵
                                            PID:4720
                                          • C:\Windows\system32\OpenWith.exe
                                            C:\Windows\system32\OpenWith.exe -Embedding
                                            1⤵
                                            • Modifies registry class
                                            • Suspicious use of SetWindowsHookEx
                                            PID:4672

                                          Network

                                                MITRE ATT&CK Enterprise v6

                                                Replay Monitor

                                                Loading Replay Monitor...

                                                Downloads

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                  Filesize

                                                  152B

                                                  MD5

                                                  5a10efe23009825eadc90c37a38d9401

                                                  SHA1

                                                  fd98f2ca011408d4b43ed4dfd5b6906fbc7b87c0

                                                  SHA256

                                                  05e135dee0260b4f601a0486401b64ff8653875d74bf259c2da232550dbfb4f5

                                                  SHA512

                                                  89416a3f5bf50cd4a432ac72cd0a7fb79d5aeb10bdcc468c55bbfa79b9f43fab17141305d44cb1fe980ec76cc6575c27e2bcfcbad5ccd886d45b9de03fb9d6d7

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
                                                  Filesize

                                                  72B

                                                  MD5

                                                  04fe5137c2897871a23cf6efcb536aa4

                                                  SHA1

                                                  2ff489f6f115dd8940f4f79c37d42d75486faaf8

                                                  SHA256

                                                  29edacc69272f6546b2eda0036d427fa50e0c8b152d8099b0f81dec04b95bee1

                                                  SHA512

                                                  b895dabe39ff3098b140c84ae450df68cc325f3cf04d1889bdf4d42fd11f2c337ebbf9cb9586f1e924c47738b27163ca5c0b0b6a8b232af449789efde60e5470

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                  Filesize

                                                  48B

                                                  MD5

                                                  e181dd3fc42361213645beb0ed357a8c

                                                  SHA1

                                                  26e68cbe961c63f763ec5a5a17d34adf068a66c1

                                                  SHA256

                                                  ba9efa59c7ad307f9b950e523487663bd387c406b6728ac2b51de6a24684721a

                                                  SHA512

                                                  39e2ed9b19575baed03ebe690e117099e07e2f736326d9351cf4159eba1929c131e594033aa9102477840eddb9617bf511b4520348bd667ef94344a147c4385c

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
                                                  Filesize

                                                  70KB

                                                  MD5

                                                  e5e3377341056643b0494b6842c0b544

                                                  SHA1

                                                  d53fd8e256ec9d5cef8ef5387872e544a2df9108

                                                  SHA256

                                                  e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

                                                  SHA512

                                                  83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001
                                                  Filesize

                                                  41B

                                                  MD5

                                                  5af87dfd673ba2115e2fcf5cfdb727ab

                                                  SHA1

                                                  d5b5bbf396dc291274584ef71f444f420b6056f1

                                                  SHA256

                                                  f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                  SHA512

                                                  de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
                                                  Filesize

                                                  2KB

                                                  MD5

                                                  c74b993c0742cd767fef518ee92db03a

                                                  SHA1

                                                  b11a5018384cbed3cb3f8285435b12e239a8e015

                                                  SHA256

                                                  d9827134c2a337e290211915cba7e33465f724acb928f8f102d460fdc7cd7c86

                                                  SHA512

                                                  70d87a1894f1b0e9189acd653f7b13cf5bcc37018c965d6f834e5a4084db4579d6d86c2bf94b8ffdce8a06a2512df432feb36e22af7fb0ada5e709c327094d61

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                  Filesize

                                                  299B

                                                  MD5

                                                  3bf860e61625c5b29beb5cdeb0f3d8a4

                                                  SHA1

                                                  e5622de74cab63053c9b75581b8fc994bbc104da

                                                  SHA256

                                                  b48af57eb9a5ebd2051ab14ceb65e33877f69f36fc4c3d3cc0e566cffebf43dd

                                                  SHA512

                                                  01e0afebf31efee0393e9e3b56969e8c964354dfc05e6f91164e390a1521d9a7bfac8cfc34dc6823b39403779f61f13b0e1d8428a28e7e3e9515d62e77210f2f

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                  Filesize

                                                  111B

                                                  MD5

                                                  285252a2f6327d41eab203dc2f402c67

                                                  SHA1

                                                  acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                                  SHA256

                                                  5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                                  SHA512

                                                  11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                  Filesize

                                                  5KB

                                                  MD5

                                                  75a617f2957dafa49bb18239976f26d1

                                                  SHA1

                                                  a940232fb734f5c2994f57899893675648ffde3a

                                                  SHA256

                                                  b366d01056714428003ba2783b260760de36d395176761c1c62010db351aaf76

                                                  SHA512

                                                  f3c9540c77d8059a4c8af61bb49c2f7bdd7e57aeb8c0f2ee481027a0588c4bc0ddf81757d6da26b6a75257cc1b9c5cb9ee0cf34e6359b6b519643daa4223ecba

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                  Filesize

                                                  5KB

                                                  MD5

                                                  c4eaef8deeeaa4fb721a188a9bef2813

                                                  SHA1

                                                  1973a6787fcb9808f7f52c07a8923b4fe73e33fa

                                                  SHA256

                                                  66186ac614ebc5c6aed867580870acd0b9251234598bcf7c5e6373a76b42c24d

                                                  SHA512

                                                  55c61f5db1d49ba530ad9b30fa4668bc4d3aab32c5c5aacd80e8657b07615b3226e11aaf7e724b93e69d9d14d731359e46e72c02612e85b7be1b33be3e6d9d69

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                  Filesize

                                                  5KB

                                                  MD5

                                                  153339bf7f12e15125f62fa5f9d4305d

                                                  SHA1

                                                  f926f7bdbaed246e742faa44705bc4d4b827b20d

                                                  SHA256

                                                  fa217061fa11e80e85b6a13e385fdfbc0a83170ef96eed7539eb7b7c50a549a8

                                                  SHA512

                                                  8443811dcb9dbbeb7bc395ffcd7f02f9ae5e5dae384380914f1f10b5472341820caad640369a538e0ed7be8572c8414aa0130d6f6f18f710333a6c6b810725fa

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                  Filesize

                                                  7KB

                                                  MD5

                                                  8b50839af9e2f484b49e6bbc1393d047

                                                  SHA1

                                                  5c3dd53851732e5705000e0bd41fd7a727d091d0

                                                  SHA256

                                                  ae853f83958e12bd9e7c5beeb9af5ac37a8bb1d503749bce4cf3036a59cd8ef0

                                                  SHA512

                                                  8069ea8a43c04e1e411a28d072c7759bc4dfa5789abebf705dcc212f9f8cf739b9717207fb5361acd6e41f1047ec72a430c59ac34b1daa28f66f0667de3d0bfc

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                  Filesize

                                                  4KB

                                                  MD5

                                                  4fddc96c2e12230d0ef323eef11a32c4

                                                  SHA1

                                                  7e9f10018b42d1a9a8916babae547d8cc34f69c9

                                                  SHA256

                                                  eca70c758cc11b7b87f83c37e839a9b83c5ac806d89f3be63416d2846619f3e7

                                                  SHA512

                                                  5e5bcffac0801d8bfd6065935260e78ccabc52959b80fae8c1f7e32b8e492b48a75f70e746901c480642e0b9351a67236e547b5278e60ded2e9a8fda77fccf52

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                  Filesize

                                                  5KB

                                                  MD5

                                                  ca29bf882fd8aa068eca01b5d245c416

                                                  SHA1

                                                  80b31c75b8492739a2876c9731d12730c5ff1671

                                                  SHA256

                                                  870ebfc65580f063172bcd17f9be0d675e25263976d2bbb7cbb524b0bb3f4b6d

                                                  SHA512

                                                  b21fc129a75ebac3da1513f54b232de14aed756dc3cd245568cc0e77624195a52bb0ba398f7ca9ff09a7e04ae8e0fff49e13f5ef4bfb7718b9c181218a8260e7

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                  Filesize

                                                  5KB

                                                  MD5

                                                  03ed9bed0edb047bd7022fac7d60f701

                                                  SHA1

                                                  20975de8c25624a48c72b6082dece4a716deb4e1

                                                  SHA256

                                                  e0e56737d6fa55de2f48e3764d85fb15388effd9784727ca92eab25633165443

                                                  SHA512

                                                  0aaa6a342fbbf50dc7721a6fe043b396e1e53c4c332d22ec7f8c2ae7203b9505ae49239ce68d98adfdcd28aed45387345fefc40c6f179d481f631296b06b6570

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                                  Filesize

                                                  24KB

                                                  MD5

                                                  5edab6d3ffbeee247ccb4423f929a323

                                                  SHA1

                                                  a4ad201d149d59392a2a3163bd86ee900e20f3d9

                                                  SHA256

                                                  460cddb95ea1d9bc8d95d295dd051b49a1436437a91ddec5f131235b2d516933

                                                  SHA512

                                                  263fa99f03ea1ef381ca19f10fbe0362c1f9c129502dc6b730b076cafcf34b40a70ee8a0ee9446ec9c89c3a2d9855450609ec0f8cf9d0a1b2aebdd12be58d38c

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                                  Filesize

                                                  24KB

                                                  MD5

                                                  784a51387993e9aeb34d4ad4ed93ab48

                                                  SHA1

                                                  1cbf9ea1b6c2ea18c8670f26ebf9c11d7d245bc4

                                                  SHA256

                                                  567af49b26f4676e8c8ad07b34db13ae7a9e19ba01e6bd1af390a611b44413f8

                                                  SHA512

                                                  ba34c55cea5840723b16f09f0a790f823a5a65657f8163018cbfcbc3a13c83b1b4b6a1f8ca0fe188c1ba7d78cc9319889235c0f6042a2013755fc6d820e4b9e6

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT
                                                  Filesize

                                                  16B

                                                  MD5

                                                  46295cac801e5d4857d09837238a6394

                                                  SHA1

                                                  44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                  SHA256

                                                  0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                  SHA512

                                                  8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                  Filesize

                                                  16B

                                                  MD5

                                                  206702161f94c5cd39fadd03f4014d98

                                                  SHA1

                                                  bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                  SHA256

                                                  1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                  SHA512

                                                  0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                  Filesize

                                                  9KB

                                                  MD5

                                                  8bf42b3da71030a410b56ca5fb458a0e

                                                  SHA1

                                                  5997dc02fa766ace02ac5b8b7b82eae175051e7c

                                                  SHA256

                                                  97e5a201fa2fb5c20d9bb3aaab3d2ebac3e85930dbbc9e0c5cef55d280771792

                                                  SHA512

                                                  b2862aac770fdbc053323c7f40580905afd7d4bccc288f26badd0fc15105d41124cc69e272b59e1fa21250898b19406d39a7ff72db851a76ffcd0ca75afc5000

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                  Filesize

                                                  12KB

                                                  MD5

                                                  2d3d64395fd354b222f168a566f5f590

                                                  SHA1

                                                  3760188caae9d79451a172ef9be95bcf0d90ba23

                                                  SHA256

                                                  7050353e3aee37c7616961a4eed82a0b8c8620caf27a271c6734f4635f51780f

                                                  SHA512

                                                  c47ed649220c553397c47a7fbb7ee6a6259ecc70e56926aaae0001e3050dd38377586cc9a4616b206daadbf4e261fc0e648059037caad8d14b315df5e59b6765

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_4tybsnn3.tf5.ps1
                                                  Filesize

                                                  60B

                                                  MD5

                                                  d17fe0a3f47be24a6453e9ef58c94641

                                                  SHA1

                                                  6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                  SHA256

                                                  96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                  SHA512

                                                  5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
                                                  Filesize

                                                  2B

                                                  MD5

                                                  f3b25701fe362ec84616a93a45ce9998

                                                  SHA1

                                                  d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                                  SHA256

                                                  b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                                  SHA512

                                                  98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
                                                  Filesize

                                                  3KB

                                                  MD5

                                                  de72530ed9875f567e734f77a8ac81b5

                                                  SHA1

                                                  1a2aae6d657eb72d18f389a190bf2df391d05076

                                                  SHA256

                                                  022b3d0470022d41c769267c8eaa40835e5c2206f7d4a375b72fba7c4734204d

                                                  SHA512

                                                  226dfc693b96734def3570d5e5dedd5da3291e2cec9d11c7d5ab1aff09862a99f2d4eb8e5af8f700fe77efb243809be57ade78cf496c900e72b0454137c93e4d

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
                                                  Filesize

                                                  3KB

                                                  MD5

                                                  cb771ec465ce73afe0946526ef021cc7

                                                  SHA1

                                                  28c71498df3d876b68fb1399e929c88efd214d41

                                                  SHA256

                                                  cf271c1b85731fc5f94509c1c5dbf4cbf2d94708b01b019f4f43944221b50683

                                                  SHA512

                                                  fe99929bcbf3cbb6766a1042c6d04402ab265d88d2c3427d7e32da144f4ff18259354c43a4ca7979b11e00f49114bf7322a117c6fedb5a76c7dd006972a0a7b0

                                                  Download Submit

                                                • C:\Users\Admin\Downloads\Asar.zip
                                                  Filesize

                                                  199KB

                                                  MD5

                                                  366fa619513ab099c5771bc4197bb978

                                                  SHA1

                                                  9a1b3592fdfaf2abe1d262fef21ccc4819ced978

                                                  SHA256

                                                  f8cfb536bc04b0a8e7f9d4cd3146b86dfa6e85fed36f70ef39cacde71cbbce73

                                                  SHA512

                                                  960a50673ed97de3b1ce07d8362828e5182c31f15d053f94caf84194a855cc8f5be5a4ee5a9d753ce7a0f43fb6255dbb496e1b17b80dba425f97dfec723a7676

                                                  Download Submit

                                                • C:\Users\Admin\Downloads\app.asar
                                                  Filesize

                                                  118.8MB

                                                  MD5

                                                  56b2ab8c3c614753ba3171f9faef0be6

                                                  SHA1

                                                  4a19b69d6755f88f88dc3e40469beec17d88cd6b

                                                  SHA256

                                                  e51bfda17e0b28d7d2063c75c5380888e2c63e0ce33e55c8a70c0276fae95c32

                                                  SHA512

                                                  911cb726db782d9434ef90214adede3cf8645b4dab86f8d6120bf8b609eec49a50c2160c3db4d628bb3d91862673e2f21dca5fe0a7783f8d0378c9c4ad65826a

                                                  Download Submit

                                                • memory/4924-143-0x00000260F7BE0000-0x00000260F7C02000-memory.dmp

                                                  Filesize

                                                  136KB

                                                  Download

                                                • memory/4924-142-0x00000260F7C40000-0x00000260F7C50000-memory.dmp

                                                  Filesize

                                                  64KB

                                                  Download

                                                • memory/4924-144-0x00000260F7C40000-0x00000260F7C50000-memory.dmp

                                                  Filesize

                                                  64KB

                                                  Download