Overview

overview

10

Static

static

1

URLScan

urlscan

10

https://protect-us.m...

windows10-2004-x64

4

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-06-2023 13:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://protect-us.mimecast.com/s/gbPHCDk2oAT5W1pJt5DO9C

Score
4/10

Malware Config

Signatures

  • Drops file in Program Files directory 2 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 11 IoCs
  • Suspicious use of SendNotifyMessage 8 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell start shell:Appsfolder\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge https://protect-us.mimecast.com/s/gbPHCDk2oAT5W1pJt5DO9C
    1⤵
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2412
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-redirect=Windows.Launch https://protect-us.mimecast.com/s/gbPHCDk2oAT5W1pJt5DO9C
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3644
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xb0,0xdc,0x100,0xbc,0x104,0x7ff9700246f8,0x7ff970024708,0x7ff970024718
      2⤵
        PID:2260
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,135682691025867061,8902543748048049567,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
        2⤵
          PID:1852
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,135682691025867061,8902543748048049567,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1568
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,135682691025867061,8902543748048049567,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
          2⤵
            PID:4260
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,135682691025867061,8902543748048049567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
            2⤵
              PID:1280
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,135682691025867061,8902543748048049567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
              2⤵
                PID:3316
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,135682691025867061,8902543748048049567,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
                2⤵
                  PID:2112
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,135682691025867061,8902543748048049567,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5832 /prefetch:8
                  2⤵
                    PID:2116
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
                    2⤵
                    • Drops file in Program Files directory
                    PID:3744
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff62c335460,0x7ff62c335470,0x7ff62c335480
                      3⤵
                        PID:1164
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,135682691025867061,8902543748048049567,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5832 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:2000
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,135682691025867061,8902543748048049567,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
                      2⤵
                        PID:3480
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,135682691025867061,8902543748048049567,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3676 /prefetch:1
                        2⤵
                          PID:1648
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,135682691025867061,8902543748048049567,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
                          2⤵
                            PID:4740
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,135682691025867061,8902543748048049567,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
                            2⤵
                              PID:1700
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,135682691025867061,8902543748048049567,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
                              2⤵
                                PID:512
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,135682691025867061,8902543748048049567,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1832 /prefetch:2
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:1436
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:4500

                              Network

                              MITRE ATT&CK Matrix ATT&CK v6

                              Initial Access

                              Execution

                              Persistence

                              Privilege Escalation

                              Defense Evasion

                              Credential Access

                              Discovery

                              Query Registry

                              1
                              T1012

                              System Information Discovery

                              1
                              T1082

                              Lateral Movement

                              Collection

                              Exfiltration

                              Command and Control

                              Impact

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                Filesize

                                152B

                                MD5

                                ae2c65ccf1085f2a624551421576a3ee

                                SHA1

                                f1dea6ccfbd7803cc4489b9260758b8ad053e08e

                                SHA256

                                49bfbbfbdb367d1c91863108c87b4f2f2cfffbbbb5e9c1256344bc7f52038c54

                                SHA512

                                3abbfbb4804c6b1d1a579e56a04057f5d9c52cfd48ecbae42d919398f70da2eacd5a35cb3c3d0a559ad3515fadb1734b0d47be48dce0fdd9fd11578948a6c7ef

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                Filesize

                                152B

                                MD5

                                c3770be634be8da92e71a3f9f76d79d3

                                SHA1

                                f4538b79d313dd46e55d1fd3e6ca3d4681fe4c3f

                                SHA256

                                23549094c00feed7abf21e56caae3c8b22a7bd89cfc2f5ea369cf13259273432

                                SHA512

                                09c1a087be6dcb49fd0725936571946266f31298f8ae141d59b9ac60f3f0fe8e7d964f661818d72682633845b48dbb906d8c89bb33bd2060bb4971b3e14fc4a0

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                Filesize

                                48B

                                MD5

                                d5b6a609d4ecbde4be0ff7cdee01e2f6

                                SHA1

                                d88bb2cc187b5b0983ca7936441e39c2eecf6e88

                                SHA256

                                e293fc06d0ccf9baa94ae399cb8f1bff830b41fe8a23b6d7620c4c01c1748730

                                SHA512

                                54fd8345fbb19ea02879fb65d777f14353931848e969e36735c05e0e0fa9b7f0d909ca8fe52db3d0a684b1b14fd97b3adb649ab7df7cb34e6a0994e74619f56e

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                Filesize

                                216B

                                MD5

                                b639aeee297542dd03b6567576542805

                                SHA1

                                b1b5823c4f3f4009c3177e7482fb90deeb1dab68

                                SHA256

                                34d2a595a1f7567ab307a2091854df1b8b3f3aaca9e30b7a08c4515f80c8db57

                                SHA512

                                5d112b5c0c6eee1a18b5b1c751b428eddbd92921aa6c16dd76f69d4c74df9906a3fd60881dbfe20252b36f46f03611e96ae619f5af4d2ec2f9bb42740821dbdb

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
                                Filesize

                                70KB

                                MD5

                                e5e3377341056643b0494b6842c0b544

                                SHA1

                                d53fd8e256ec9d5cef8ef5387872e544a2df9108

                                SHA256

                                e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

                                SHA512

                                83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001
                                Filesize

                                41B

                                MD5

                                5af87dfd673ba2115e2fcf5cfdb727ab

                                SHA1

                                d5b5bbf396dc291274584ef71f444f420b6056f1

                                SHA256

                                f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                SHA512

                                de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
                                Filesize

                                2KB

                                MD5

                                6f4c864ddd959678c0e343d815acf683

                                SHA1

                                7ec1144389dd27377e976d802bb390e01b3cf13b

                                SHA256

                                50dfa027a26bbe691e8e090e368bdf6387cd24c4ad2b5997435881a038a9e8b6

                                SHA512

                                7ca8e369d1899677df039db7de7e813b74e505fede47efab9d4089b392585cb034d6cc1f94be32272afb98ab21926ced5f81ce3e7591d20f401b4ee6836c1777

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                Filesize

                                111B

                                MD5

                                285252a2f6327d41eab203dc2f402c67

                                SHA1

                                acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                SHA256

                                5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                SHA512

                                11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                Filesize

                                845B

                                MD5

                                db9a3f7af6e6a48fff3d5851e5dcfc16

                                SHA1

                                e82dbfe7bafffe166811f7cc15fdce575776ac1f

                                SHA256

                                cc2b92a3fe2538d75d3d174ea44d96380d935c542e1505cf9baf43024cf2be00

                                SHA512

                                7d26325cf3e15f647215c56eb4bb26ad82926ad37c01898dd6ab22b2ad5fa50631c3510448e541a12d9b89e7b8050e11db3f101162991cce5a1da39df103ddd8

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                5KB

                                MD5

                                94a53e3564b20c5387be3c49ed0f55a4

                                SHA1

                                b237f4f577bcb212307cace490412893e5c382d0

                                SHA256

                                1f01f70fbadc8425e288a3af0d0a337ea9d1d9b9b5b72b548374ccd55c3a62ff

                                SHA512

                                f1b3a5cd236e2843956ca1355a47b75ce71ff79768151f085ed2fc039f5cfd28c9307d035af2bc3ccfb2198d2c62dce323eeffbff842f750cf99aaafaddc2dc9

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                4KB

                                MD5

                                73dca0362925193567ced4596218735a

                                SHA1

                                5ba0f0fa814f6a455f47aa7cbd45e39806b51c2e

                                SHA256

                                44887c383b1a905a6e20e7c55e9ab02bea71d4953be219d9ec3e1b5f7d66fe1f

                                SHA512

                                a258e5aab922b691322713c6051c009d4d2e1d63a3e3baf4ca0d05d0dc93d5b93a2a9cbc00603cc7457363615f8c67902d9523186e67ae205dc20f9b6bf0442b

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                5KB

                                MD5

                                b03e2e51abeb86def2e481708e7364d9

                                SHA1

                                5a92d408e5fd71a976ef328205f542482423d658

                                SHA256

                                ffd34d4d1bec2d43632a424e359bb5107fc73f037d27f33a45bc6b174cd5dda4

                                SHA512

                                7b94ccf2dad4dde02dd658215be78a4dd22592afea9332613ceaa1f8dbc8863cd1a2b5a239ebe8c2545df168d40245080fa05ea7130eef72ea22ea0cb9da45ce

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                Filesize

                                24KB

                                MD5

                                b3fbb8a02260d5e41407a7e1af3ee2f6

                                SHA1

                                9180c8b9593405936b0fe52272571b63829525d4

                                SHA256

                                8c1434a31409aa606a51bdae37e0853597cb408a2cf199f05e02705df3fc15de

                                SHA512

                                8a6ec40722054025a8969a80e795b026fc806a0710eb2f9e016feb68cc09a19333404a8a62910e9b0335729fd64e8e1b6250513ffc334dc8d669d96de62eb5d9

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                Filesize

                                24KB

                                MD5

                                cfd585ce0db9a1484f8223dc2cfce2f8

                                SHA1

                                4e5e287160c05ecdff8acdfa0899faa5bad4de82

                                SHA256

                                0bcae3ddcadfadb917e4f910daefde07af8d2708b7795f3a1146102dcf6cf445

                                SHA512

                                b45dd6c3231a79155508d807d4b6f839d49e6120841c4f31147a83039515d3358822fa1fa4ae6f770b4369b96f221326c0b80dc2f0cd99d605440b12c93fb648

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                Filesize

                                16B

                                MD5

                                206702161f94c5cd39fadd03f4014d98

                                SHA1

                                bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                SHA256

                                1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                SHA512

                                0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT
                                Filesize

                                16B

                                MD5

                                46295cac801e5d4857d09837238a6394

                                SHA1

                                44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                SHA256

                                0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                SHA512

                                8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                Filesize

                                9KB

                                MD5

                                abdf0ecccf8c1568c2ca4326d9ba6576

                                SHA1

                                6c53ba93f7204e0765dd4085445d4f69f29c92e2

                                SHA256

                                ffc31060fba9445e97d287e218ae17eb6ad1b7e39ccc4a1c855ee6c0c92e2c49

                                SHA512

                                fbebb669f3b5431da5c52a1fe5befbcd6324ea3bedf6ea1eaf80d21185eb287319e1b289370073987746cd975edbbb8057fa753fd57fdc9618062561ad59c675

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                Filesize

                                12KB

                                MD5

                                4a18b824b94e0bfc83855bf17e064f33

                                SHA1

                                cab92e5d5d1123bee1edc1eaedd85225f4fb2b5e

                                SHA256

                                e41d8e9bf99b85e4caf9caa8020f0f5b0ddf4ab02f4a1c9d19f880fd43785fbd

                                SHA512

                                02b131f27a102e7cd60b6e54efb80c26bd369081587912e5e1a3fc7f536f33fc09fabbd5e1135ff4b8dcbbd9a552b5b4549b9a7fc3faa5da053ba504fccbbcb8

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_kexfszwb.qgd.ps1
                                Filesize

                                60B

                                MD5

                                d17fe0a3f47be24a6453e9ef58c94641

                                SHA1

                                6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                SHA256

                                96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                SHA512

                                5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                Download Submit
                              • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
                                Filesize

                                3KB

                                MD5

                                1547c793a9ea8d92c1d9f3777fd0134f

                                SHA1

                                fad6f74f28db7666c11bd6b9f2c765e7fee64e1f

                                SHA256

                                df5eeb84f74fd45bab0abde5165a39625ad3e2874e730bdd7d669a58f6d0b472

                                SHA512

                                45ace7e10dc6fff17ca204d8f0b7d56c5f83140bd4a85de16885bfdb0e9493aa98265e4fb9c6ac54f7824294e40c64b87981d5ec79bc882a8f6e2e0ca89c6436

                                Download Submit
                              • \??\pipe\LOCAL\crashpad_3644_VGKOIALQEIUVHWVX
                                MD5

                                d41d8cd98f00b204e9800998ecf8427e

                                SHA1

                                da39a3ee5e6b4b0d3255bfef95601890afd80709

                                SHA256

                                e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                SHA512

                                cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                Download Submit
                              • memory/2412-138-0x00000213FDEF0000-0x00000213FDF12000-memory.dmp
                                Filesize

                                136KB

                                Download
                              • memory/2412-143-0x00000213E1F80000-0x00000213E1F90000-memory.dmp
                                Filesize

                                64KB

                                Download
                              • memory/2412-144-0x00000213E1F80000-0x00000213E1F90000-memory.dmp
                                Filesize

                                64KB

                                Download