hxxps://138[.]124[.]180[.]85/

Analysis

max time kernel
268s
max time network
291s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
25-04-2024 13:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://138.124.180.85/

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 1 IoCs

flow	pid	Process
206	3244	powershell.exe

Looks up external IP address via web service 3 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
120	api.ipify.org
122	api.ipify.org
119	api.ipify.org

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{2AB7FE0B-CE04-4610-9DFA-2DB3BDC1C6C7}	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
832	powershell.exe
832	powershell.exe
3244	powershell.exe
3244	powershell.exe
4728	msedge.exe
4728	msedge.exe
496	msedge.exe
496	msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeRestorePrivilege	3668	7zG.exe
Token: 35	3668	7zG.exe
Token: SeSecurityPrivilege	3668	7zG.exe
Token: SeSecurityPrivilege	3668	7zG.exe
Token: SeDebugPrivilege	832	powershell.exe
Token: SeDebugPrivilege	3244	powershell.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3668	7zG.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4728 wrote to memory of 2620	4728	msedge.exe	113
PID 4728 wrote to memory of 2620	4728	msedge.exe	113
PID 4728 wrote to memory of 4020	4728	msedge.exe	114
PID 4728 wrote to memory of 4020	4728	msedge.exe	114
PID 4728 wrote to memory of 4020	4728	msedge.exe	114
PID 4728 wrote to memory of 4020	4728	msedge.exe	114
PID 4728 wrote to memory of 4020	4728	msedge.exe	114
PID 4728 wrote to memory of 4020	4728	msedge.exe	114
PID 4728 wrote to memory of 4020	4728	msedge.exe	114
PID 4728 wrote to memory of 4020	4728	msedge.exe	114
PID 4728 wrote to memory of 4020	4728	msedge.exe	114
PID 4728 wrote to memory of 4020	4728	msedge.exe	114
PID 4728 wrote to memory of 4020	4728	msedge.exe	114
PID 4728 wrote to memory of 4020	4728	msedge.exe	114
PID 4728 wrote to memory of 4020	4728	msedge.exe	114
PID 4728 wrote to memory of 4020	4728	msedge.exe	114
PID 4728 wrote to memory of 4020	4728	msedge.exe	114
PID 4728 wrote to memory of 4020	4728	msedge.exe	114
PID 4728 wrote to memory of 4020	4728	msedge.exe	114
PID 4728 wrote to memory of 4020	4728	msedge.exe	114
PID 4728 wrote to memory of 4020	4728	msedge.exe	114
PID 4728 wrote to memory of 4020	4728	msedge.exe	114
PID 4728 wrote to memory of 4020	4728	msedge.exe	114
PID 4728 wrote to memory of 4020	4728	msedge.exe	114
PID 4728 wrote to memory of 4020	4728	msedge.exe	114
PID 4728 wrote to memory of 4020	4728	msedge.exe	114
PID 4728 wrote to memory of 4020	4728	msedge.exe	114
PID 4728 wrote to memory of 4020	4728	msedge.exe	114
PID 4728 wrote to memory of 4020	4728	msedge.exe	114
PID 4728 wrote to memory of 4020	4728	msedge.exe	114
PID 4728 wrote to memory of 4020	4728	msedge.exe	114
PID 4728 wrote to memory of 4020	4728	msedge.exe	114
PID 4728 wrote to memory of 4020	4728	msedge.exe	114
PID 4728 wrote to memory of 4020	4728	msedge.exe	114
PID 4728 wrote to memory of 4020	4728	msedge.exe	114
PID 4728 wrote to memory of 4020	4728	msedge.exe	114
PID 4728 wrote to memory of 4020	4728	msedge.exe	114
PID 4728 wrote to memory of 4020	4728	msedge.exe	114
PID 4728 wrote to memory of 4020	4728	msedge.exe	114
PID 4728 wrote to memory of 4020	4728	msedge.exe	114
PID 4728 wrote to memory of 4020	4728	msedge.exe	114
PID 4728 wrote to memory of 4020	4728	msedge.exe	114
PID 4728 wrote to memory of 4020	4728	msedge.exe	114
PID 4728 wrote to memory of 4020	4728	msedge.exe	114
PID 4728 wrote to memory of 4020	4728	msedge.exe	114
PID 4728 wrote to memory of 4020	4728	msedge.exe	114
PID 4728 wrote to memory of 4020	4728	msedge.exe	114
PID 4728 wrote to memory of 4020	4728	msedge.exe	114
PID 4728 wrote to memory of 4020	4728	msedge.exe	114
PID 4728 wrote to memory of 4020	4728	msedge.exe	114
PID 4728 wrote to memory of 4020	4728	msedge.exe	114
PID 4728 wrote to memory of 4020	4728	msedge.exe	114
PID 4728 wrote to memory of 4020	4728	msedge.exe	114
PID 4728 wrote to memory of 4360	4728	msedge.exe	115
PID 4728 wrote to memory of 4360	4728	msedge.exe	115
PID 4728 wrote to memory of 700	4728	msedge.exe	116
PID 4728 wrote to memory of 700	4728	msedge.exe	116
PID 4728 wrote to memory of 700	4728	msedge.exe	116
PID 4728 wrote to memory of 700	4728	msedge.exe	116
PID 4728 wrote to memory of 700	4728	msedge.exe	116
PID 4728 wrote to memory of 700	4728	msedge.exe	116
PID 4728 wrote to memory of 700	4728	msedge.exe	116
PID 4728 wrote to memory of 700	4728	msedge.exe	116
PID 4728 wrote to memory of 700	4728	msedge.exe	116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://138.124.180.85/
1⤵
PID:824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4984 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:1
1⤵
PID:4748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5712 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:1
1⤵
PID:1868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5852 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8
1⤵
PID:1420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5336 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:1
1⤵
PID:1780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=1320 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:1
1⤵
PID:2936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=4104 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:1
1⤵
PID:1760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5728 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8
1⤵
PID:4340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --mojo-platform-channel-handle=6104 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8
1⤵
PID:2960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --mojo-platform-channel-handle=6136 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:1
1⤵
PID:260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=6408 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8
1⤵
PID:5016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5888 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8
1⤵
PID:2276

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6224 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8
1⤵
PID:4104

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x238,0x23c,0x240,0x234,0x2b0,0x7ffe66152e98,0x7ffe66152ea4,0x7ffe66152eb0
  2⤵
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2244 --field-trial-handle=2248,i,1155433534217786490,3025156525641754924,262144 --variations-seed-version /prefetch:2
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2436 --field-trial-handle=2248,i,1155433534217786490,3025156525641754924,262144 --variations-seed-version /prefetch:3
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2840 --field-trial-handle=2248,i,1155433534217786490,3025156525641754924,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:700
- C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4408 --field-trial-handle=2248,i,1155433534217786490,3025156525641754924,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:924
- C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4408 --field-trial-handle=2248,i,1155433534217786490,3025156525641754924,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4596 --field-trial-handle=2248,i,1155433534217786490,3025156525641754924,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4604 --field-trial-handle=2248,i,1155433534217786490,3025156525641754924,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4644 --field-trial-handle=2248,i,1155433534217786490,3025156525641754924,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=752 --field-trial-handle=2248,i,1155433534217786490,3025156525641754924,262144 --variations-seed-version /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:496

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\AdvancedIPScanner\" -spe -an -ai#7zMap19643:94:7zEvent24969
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3668

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "-Command" "if((Get-ExecutionPolicy ) -ne 'AllSigned') { Set-ExecutionPolicy -Scope Process Bypass }; & 'C:\Users\Admin\Desktop\AdvancedIPScanner\yxAEqSbV.ps1'"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:832
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
  2⤵
  - Blocklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3244

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
b6040772426f7bba41f079d2398b97d5

SHA1
a3a93336506aaf74d2a3d58e9790feebfb227667

SHA256
6ad028f65ce358c4e74f929458a47741e5283d8d8e84721dce461da20144df05

SHA512
d3f64435fa7ee273d108935d57f438e7d51374b2f069ee99d52046cee90b7c2dc4298fa9a39ac602a34975eca0b3de6c0b4559f44d78c9901b18ffe920539054

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
0006792329b026784616684d1afb8891

SHA1
e7ac167d20f7ee88d2ea6f307db551e0d17491e8

SHA256
1ef50f20f6305a5feaabafbff2b1293656d506874128d41b0888636756db214c

SHA512
888150473ce86d7c4076ff3f889862cda701a9940fa4c5cab82c9921b0d59126163b39376931df3bdedaea682bc458af10431f7e4274c85a0ca7280983e98d22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
ba7d861eb4ea1684f378721fc5f3f7bb

SHA1
e730f34a6cc97f1067c5e819406d6ccb0608a8d7

SHA256
5f261fee2db67ec39be11e2a8fbaf6cad922a85398cf35621763ad30562732da

SHA512
6edcc60f5c70e9030cf89d59fdba3615db8c82c2c0c6deecf6625ace0bc56d50e63549c943f51c51815a2086936f70355c9149469ca7942c91b5b2ea25e59dbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
4b5a3401b710720107f897509912f943

SHA1
f4601d0eb862f6899f062a5e2fa2c7b94bec3719

SHA256
7566560b93d59f8c22a4860308b880e5186de7e553054dc9cfa695aa64c1de66

SHA512
fedefe479469157cc7c55820c83df98d802186d045576b1288155c49ab15e0da9d79826182a21f68876a956a6583778c5d515155bf0f9cb4565cc67d608550b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
30KB

MD5
7997a69857e31a046a4b98c1dfa0e873

SHA1
b8c5a343da0eb249fe586d24785cfe99332dc1b2

SHA256
71cfbccac0a45eaf08bbff26688aa08cad940b128980672126b9ab541d78dccd

SHA512
fac39a5448bede894123322d2dc37b7335c8cb5d7edce6e945692961f2f27968c0d57dcbf9f1b1fac08d2a2d12e2de6db3a7ca255d6d0ecd52bf909d8ae0fb07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
77KB

MD5
cc4765255ac05e1e12f6d4324c9949c1

SHA1
25177ee8a502dd452bc51a1ee5971e99b6fe475b

SHA256
243e807dee82efcd9d01061e86176d5afb55124b09e81fd2badc26083b32aaff

SHA512
74273d9d3e57f9112036df3fa18ee90b8089bc436410cad0ad541c1f3ad31b883835228868b8d226543add4a58073aa2fca8806ead5910086025e728590f65fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
66KB

MD5
f57a158f57805fe121bd7d77b90eeafa

SHA1
07eb4f3222a45b5888db6808008ef121fc27a8e4

SHA256
1725de79ea32669b55c40cf4384f75a927bf02ef5b9358435abe3805a094d9b7

SHA512
dcf57411380b756b395d8d8957386192c27e35993e609c0057325f9074be12a6344a207b2a8af4aff25420cd108c3cdde059c1b7fd76f94282f3e3df82ced644

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_i015ywfw.5sx.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\Desktop\AdvancedIPScanner\yxAEqSbV.ps1

Filesize
5KB

MD5
6cc7d2135dbe7c41c59e58cb3d19b342

SHA1
9723dcc9509566d742034d57e28e6f562514f520

SHA256
9c5a2f3a82a50c726e7dfacf8b046ad6602ecf194203c567cf560e352b94d2d9

SHA512
fcad8717e149a6c09de16f484c671ce4c8ebc0a0941b911448816f9fc3603bedc7ed08a607f96fbe39561381bdda2da7cd56211005a0ef397ff6cf333e9572b2

Download Submit
memory/832-514-0x000001D3BB6A0000-0x000001D3BB6B0000-memory.dmp

Filesize
64KB

Download
memory/832-515-0x000001D3BB6A0000-0x000001D3BB6B0000-memory.dmp

Filesize
64KB

Download
memory/832-513-0x000001D3BB6A0000-0x000001D3BB6B0000-memory.dmp

Filesize
64KB

Download
memory/832-517-0x000001D3D5470000-0x000001D3D55E6000-memory.dmp

Filesize
1.5MB

Download
memory/832-518-0x000001D3D5800000-0x000001D3D5A0A000-memory.dmp

Filesize
2.0MB

Download
memory/832-531-0x00007FFE6B600000-0x00007FFE6C0C1000-memory.dmp

Filesize
10.8MB

Download
memory/832-512-0x00007FFE6B600000-0x00007FFE6C0C1000-memory.dmp

Filesize
10.8MB

Download
memory/832-553-0x00007FFE6B600000-0x00007FFE6C0C1000-memory.dmp

Filesize
10.8MB

Download
memory/832-503-0x000001D3D4F50000-0x000001D3D4F72000-memory.dmp

Filesize
136KB

Download
memory/3244-528-0x00007FFE6B600000-0x00007FFE6C0C1000-memory.dmp

Filesize
10.8MB

Download
memory/3244-529-0x000002954D8E0000-0x000002954D8F0000-memory.dmp

Filesize
64KB

Download
memory/3244-530-0x000002954D8E0000-0x000002954D8F0000-memory.dmp

Filesize
64KB

Download
memory/3244-552-0x00007FFE6B600000-0x00007FFE6C0C1000-memory.dmp

Filesize
10.8MB

Download