Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/05/2024, 02:28

General

  • Target

    https://cdn.discordapp.com/attachments/1169948126703009824/1179101879381266554/spoofer_v1.exe?ex=663cfeb2&is=663bad32&hm=1a05280d3341a6b0df1bd1e06904a99dc77286d205da2ca92c0649f7c7c46369&

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
  • Downloads MZ/PE file
  • Checks BIOS information in registry 2 TTPs 3 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE 1 IoCs
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Modifies system certificate store 2 TTPs 4 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of FindShellTrayWindow 36 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1169948126703009824/1179101879381266554/spoofer_v1.exe?ex=663cfeb2&is=663bad32&hm=1a05280d3341a6b0df1bd1e06904a99dc77286d205da2ca92c0649f7c7c46369&
    1⤵
    • Enumerates system info in registry
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4900
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbdcb646f8,0x7ffbdcb64708,0x7ffbdcb64718
      2⤵
        PID:1064
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,345461841761317579,10924406556364403733,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
        2⤵
          PID:3056
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,345461841761317579,10924406556364403733,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3616
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,345461841761317579,10924406556364403733,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
          2⤵
            PID:3672
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,345461841761317579,10924406556364403733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
            2⤵
              PID:4536
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,345461841761317579,10924406556364403733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
              2⤵
                PID:4040
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,345461841761317579,10924406556364403733,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
                2⤵
                  PID:828
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,345461841761317579,10924406556364403733,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:436
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,345461841761317579,10924406556364403733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
                  2⤵
                    PID:3200
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,345461841761317579,10924406556364403733,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
                    2⤵
                      PID:4716
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,345461841761317579,10924406556364403733,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4948 /prefetch:8
                      2⤵
                        PID:4484
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,345461841761317579,10924406556364403733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
                        2⤵
                          PID:1212
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2112,345461841761317579,10924406556364403733,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6172 /prefetch:8
                          2⤵
                            PID:2988
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,345461841761317579,10924406556364403733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
                            2⤵
                              PID:4444
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,345461841761317579,10924406556364403733,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1
                              2⤵
                                PID:4808
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2112,345461841761317579,10924406556364403733,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5884 /prefetch:8
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:1496
                              • C:\Users\Admin\Downloads\spoofer_v1.exe
                                "C:\Users\Admin\Downloads\spoofer_v1.exe"
                                2⤵
                                • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                • Checks BIOS information in registry
                                • Executes dropped EXE
                                • Checks whether UAC is enabled
                                • Writes to the Master Boot Record (MBR)
                                • Suspicious use of NtSetInformationThreadHideFromDebugger
                                • Modifies system certificate store
                                • Suspicious use of SetWindowsHookEx
                                PID:2452
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/skywalkertools
                                  3⤵
                                    PID:5244
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffbdcb646f8,0x7ffbdcb64708,0x7ffbdcb64718
                                      4⤵
                                        PID:5260
                                    • C:\Windows\system32\cmd.exe
                                      C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\Downloads\spoofer_v1.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
                                      3⤵
                                        PID:5464
                                        • C:\Windows\system32\certutil.exe
                                          certutil -hashfile "C:\Users\Admin\Downloads\spoofer_v1.exe" MD5
                                          4⤵
                                            PID:5480
                                          • C:\Windows\system32\find.exe
                                            find /i /v "md5"
                                            4⤵
                                              PID:5488
                                            • C:\Windows\system32\find.exe
                                              find /i /v "certutil"
                                              4⤵
                                                PID:5528
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,345461841761317579,10924406556364403733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1
                                            2⤵
                                              PID:5324
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,345461841761317579,10924406556364403733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:1
                                              2⤵
                                                PID:5424
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2112,345461841761317579,10924406556364403733,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6532 /prefetch:8
                                                2⤵
                                                  PID:5812
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2112,345461841761317579,10924406556364403733,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6224 /prefetch:8
                                                  2⤵
                                                  • Modifies registry class
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:5820
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,345461841761317579,10924406556364403733,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5792 /prefetch:2
                                                  2⤵
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:2548
                                              • C:\Windows\System32\CompPkgSrv.exe
                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                1⤵
                                                  PID:864
                                                • C:\Windows\System32\CompPkgSrv.exe
                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                  1⤵
                                                    PID:3632

                                                  Network

                                                        MITRE ATT&CK Enterprise v15

                                                        Replay Monitor

                                                        Loading Replay Monitor...

                                                        Downloads

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                          Filesize

                                                          152B

                                                          MD5

                                                          c9c4c494f8fba32d95ba2125f00586a3

                                                          SHA1

                                                          8a600205528aef7953144f1cf6f7a5115e3611de

                                                          SHA256

                                                          a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

                                                          SHA512

                                                          9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                          Filesize

                                                          152B

                                                          MD5

                                                          4dc6fc5e708279a3310fe55d9c44743d

                                                          SHA1

                                                          a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

                                                          SHA256

                                                          a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

                                                          SHA512

                                                          5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

                                                          Filesize

                                                          840B

                                                          MD5

                                                          03730cc6c1d0f3bc7bc87a2603267056

                                                          SHA1

                                                          f1f68c89116cfa0378ca2c1e166f3dd2a37f88f6

                                                          SHA256

                                                          a474be926a76761d02a59987300ccc37b5ac55d5831bc1bcc7a6935832d220b2

                                                          SHA512

                                                          72375cb4eb663aefb3412ff0d6f2c9064bacc04d9dd1c312d6a2d0c8ef804c00f49e23be27d358bcd5de678cae33eb9cfc3e6c3e7c3d9122e14ff31eabcb8ae1

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                          Filesize

                                                          323B

                                                          MD5

                                                          74c9e7193b0cb61e692095d8d9e01ae8

                                                          SHA1

                                                          2f60d0b754e400d545d5f3829ae3b0a0b990d821

                                                          SHA256

                                                          b51c6699b167d0179b11f965336dd9133829945e8992fb391043536d336d9baf

                                                          SHA512

                                                          e3abb8a66b88de18aa084934f2d481d7f10060d35b0426a12b7dc1e7a3a8199261be181e889a4054c5d108884a16eb304a7e1b575de21820bd97acb48c13d747

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                          Filesize

                                                          5KB

                                                          MD5

                                                          b994b644621f9aee5ee23106bb6b6a7c

                                                          SHA1

                                                          2eb8714636def4af33d9a69b5bed7be93cc3dac9

                                                          SHA256

                                                          4fc3bd171159a693c1a30c885f88bd92e0914695aaf4527b57a65baaeae26d82

                                                          SHA512

                                                          d54eca9db6494b9a59a19682d82f22350c8d560829d721bca4817d7b5548e8c09c84aa2fd007b6f6fdde928ba804295b49b798e365744f0ea7dc90f40bafaa6f

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                          Filesize

                                                          6KB

                                                          MD5

                                                          7a5ee6d96298cfcf10e47ad960db487b

                                                          SHA1

                                                          d7801943b2396ba1c44fed632300596d20d895bf

                                                          SHA256

                                                          8e3762124ff7b98463fb6f5a34193b4270cc99f9b1e0dc4937d1279d21a37587

                                                          SHA512

                                                          94870c0def305120f6ddf5df8ee4e945faee9677148620374e264fd13075e507c9240b81008bd386ed30c2513247891a57c12520b039f86ea811440b1eb83fda

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                          Filesize

                                                          6KB

                                                          MD5

                                                          fc424d651b0561a034c1b35df5ac0a69

                                                          SHA1

                                                          4f4c4e8cb4a3433b28ef28e4f974023e0c49b7db

                                                          SHA256

                                                          883b031dc1e3e52c046af0f84abe06228e4dadf340abf4d18924cfbd728104c4

                                                          SHA512

                                                          b167be7f5aaaf547d6e11099e0bb98466695d3183dbeef0623edfa723e125beb761ea677ee4b4928eedc7123f441fc691d4fc3b87a529f374c3430aada06be57

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                          Filesize

                                                          16B

                                                          MD5

                                                          46295cac801e5d4857d09837238a6394

                                                          SHA1

                                                          44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                          SHA256

                                                          0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                          SHA512

                                                          8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                          Filesize

                                                          16B

                                                          MD5

                                                          206702161f94c5cd39fadd03f4014d98

                                                          SHA1

                                                          bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                          SHA256

                                                          1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                          SHA512

                                                          0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                          Filesize

                                                          11KB

                                                          MD5

                                                          f6a31e78ab15a903f51e8a002652d872

                                                          SHA1

                                                          f922c5919252d85f0daa472a01951f27b5ca5394

                                                          SHA256

                                                          fd22fb2028a87ec46027dbc949e599640f51126c4e88de726ff6058bbb354dba

                                                          SHA512

                                                          2084a93c5e41270af1cf59044ba5c07b698aa2a746df38d6aa064a3b37d451d18f77dc300ce3989a6fb177b63a3dd6bcf76997de9d67d23d7f812a2e716cbf9f

                                                        • C:\Users\Admin\Downloads\Unconfirmed 200724.crdownload

                                                          Filesize

                                                          5.0MB

                                                          MD5

                                                          ad19ff51c028f187d2c25b3cf056344c

                                                          SHA1

                                                          e70e4a06a9bde76a18bca1e19c9226879411a1ff

                                                          SHA256

                                                          5794cec133f9c2c111f97504ee26c268985fbfaa3eac2ba81dc129caebd3e14a

                                                          SHA512

                                                          579f4fbccb5c0097e1e2f279178e4a174d54a852952b9970f0c1bff34e1a3f71988b7e719241342cd09424b822b60c3708e97a9a72155ee95badae025e1c5c02

                                                        • memory/2452-88-0x00007FF7E0690000-0x00007FF7E13CF000-memory.dmp

                                                          Filesize

                                                          13.2MB

                                                        • memory/2452-86-0x00007FF7E0690000-0x00007FF7E13CF000-memory.dmp

                                                          Filesize

                                                          13.2MB

                                                        • memory/2452-87-0x00007FF7E0690000-0x00007FF7E13CF000-memory.dmp

                                                          Filesize

                                                          13.2MB

                                                        • memory/2452-89-0x00007FF7E0690000-0x00007FF7E13CF000-memory.dmp

                                                          Filesize

                                                          13.2MB

                                                        • memory/2452-183-0x00007FF7E0690000-0x00007FF7E13CF000-memory.dmp

                                                          Filesize

                                                          13.2MB

                                                        • memory/2452-69-0x00007FF7E0690000-0x00007FF7E13CF000-memory.dmp

                                                          Filesize

                                                          13.2MB