20a9eab621664a80ed4f69176d7a2c591699bcd2587c8c22fb6433151e743fbb

Analysis

max time kernel
80s
max time network
75s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12/06/2024, 19:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Postman-win64-Setup.exe
Size

134.7MB
MD5

736c41f0d893228fa399f59cc9d83d66
SHA1

8fff8c6acc17d24bcce14e7a7edb7f90f49bdc67
SHA256

20a9eab621664a80ed4f69176d7a2c591699bcd2587c8c22fb6433151e743fbb
SHA512

bae09ec2ca86f1db733b35c9b158e8758caf5e38f66a25b8310fb88240eb0fee298851dd22e0a2dfedd964dc2d49394fe45f10641834ecdb2276002c3ea8a661
SSDEEP

3145728:nSOQ0NaLbvKErbt91lBHCzegVCx3rqp33LzgXaq:lJNa3vKEX/1l5kegVCx3GtXeV

Score

5^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	Postman.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	Postman.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	Update.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Executes dropped EXE 20 IoCs

pid	Process
4748	Update.exe
4764	Squirrel.exe
1276	Postman.exe
904	Postman.exe
3896	Postman.exe
3144	Postman.exe
1016	Postman.exe
2312	Postman.exe
4752	Postman.exe
3312	Postman.exe
5072	Postman.exe
4808	Postman.exe
2060	Postman.exe
3652	Postman.exe
924	Postman.exe
3464	Postman.exe
1476	Postman.exe
2784	Postman.exe
388	Postman.exe
3168	Postman.exe

Loads dropped DLL 25 IoCs

pid	Process
1276	Postman.exe
904	Postman.exe
3896	Postman.exe
3896	Postman.exe
3896	Postman.exe
3896	Postman.exe
3896	Postman.exe
3144	Postman.exe
1016	Postman.exe
4752	Postman.exe
3312	Postman.exe
2060	Postman.exe
3652	Postman.exe
924	Postman.exe
3660	taskmgr.exe
3660	taskmgr.exe
3464	Postman.exe
3660	taskmgr.exe
1476	Postman.exe
3660	taskmgr.exe
2784	Postman.exe
3660	taskmgr.exe
388	Postman.exe
3660	taskmgr.exe
3168	Postman.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Modifies registry class 7 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\postman\shell\open\command	Postman.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\postman\shell	Postman.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\postman\shell\open	Postman.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\postman\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Postman\\app-11.1.14\\Postman.exe\" \"%1\""	Postman.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\postman	Postman.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\postman\URL Protocol	Postman.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\postman\ = "URL:postman"	Postman.exe

Suspicious behavior: EnumeratesProcesses 35 IoCs

pid	Process
4748	Update.exe
4748	Update.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1276	Postman.exe
Token: SeCreatePagefilePrivilege	1276	Postman.exe
Token: SeShutdownPrivilege	1276	Postman.exe
Token: SeCreatePagefilePrivilege	1276	Postman.exe
Token: SeShutdownPrivilege	1276	Postman.exe
Token: SeCreatePagefilePrivilege	1276	Postman.exe
Token: SeShutdownPrivilege	1276	Postman.exe
Token: SeCreatePagefilePrivilege	1276	Postman.exe
Token: SeShutdownPrivilege	1276	Postman.exe
Token: SeCreatePagefilePrivilege	1276	Postman.exe
Token: SeShutdownPrivilege	1276	Postman.exe
Token: SeCreatePagefilePrivilege	1276	Postman.exe
Token: SeShutdownPrivilege	1276	Postman.exe
Token: SeCreatePagefilePrivilege	1276	Postman.exe
Token: SeShutdownPrivilege	1276	Postman.exe
Token: SeCreatePagefilePrivilege	1276	Postman.exe
Token: SeShutdownPrivilege	1276	Postman.exe
Token: SeCreatePagefilePrivilege	1276	Postman.exe
Token: SeShutdownPrivilege	1276	Postman.exe
Token: SeCreatePagefilePrivilege	1276	Postman.exe
Token: SeShutdownPrivilege	1276	Postman.exe
Token: SeCreatePagefilePrivilege	1276	Postman.exe
Token: SeShutdownPrivilege	1276	Postman.exe
Token: SeCreatePagefilePrivilege	1276	Postman.exe
Token: SeShutdownPrivilege	1276	Postman.exe
Token: SeCreatePagefilePrivilege	1276	Postman.exe
Token: SeShutdownPrivilege	1276	Postman.exe
Token: SeCreatePagefilePrivilege	1276	Postman.exe
Token: SeShutdownPrivilege	1276	Postman.exe
Token: SeCreatePagefilePrivilege	1276	Postman.exe
Token: SeShutdownPrivilege	1276	Postman.exe
Token: SeCreatePagefilePrivilege	1276	Postman.exe
Token: SeShutdownPrivilege	1276	Postman.exe
Token: SeCreatePagefilePrivilege	1276	Postman.exe
Token: SeShutdownPrivilege	1276	Postman.exe
Token: SeCreatePagefilePrivilege	1276	Postman.exe
Token: SeShutdownPrivilege	1276	Postman.exe
Token: SeCreatePagefilePrivilege	1276	Postman.exe
Token: SeShutdownPrivilege	1276	Postman.exe
Token: SeCreatePagefilePrivilege	1276	Postman.exe
Token: SeShutdownPrivilege	1276	Postman.exe
Token: SeCreatePagefilePrivilege	1276	Postman.exe
Token: SeShutdownPrivilege	1276	Postman.exe
Token: SeCreatePagefilePrivilege	1276	Postman.exe
Token: SeShutdownPrivilege	1276	Postman.exe
Token: SeCreatePagefilePrivilege	1276	Postman.exe
Token: SeShutdownPrivilege	1276	Postman.exe
Token: SeCreatePagefilePrivilege	1276	Postman.exe
Token: SeShutdownPrivilege	4752	Postman.exe
Token: SeCreatePagefilePrivilege	4752	Postman.exe
Token: SeShutdownPrivilege	1276	Postman.exe
Token: SeCreatePagefilePrivilege	1276	Postman.exe
Token: SeShutdownPrivilege	1276	Postman.exe
Token: SeCreatePagefilePrivilege	1276	Postman.exe
Token: SeShutdownPrivilege	1276	Postman.exe
Token: SeCreatePagefilePrivilege	1276	Postman.exe
Token: SeShutdownPrivilege	1276	Postman.exe
Token: SeCreatePagefilePrivilege	1276	Postman.exe
Token: SeShutdownPrivilege	1276	Postman.exe
Token: SeCreatePagefilePrivilege	1276	Postman.exe
Token: SeShutdownPrivilege	1276	Postman.exe
Token: SeCreatePagefilePrivilege	1276	Postman.exe
Token: SeShutdownPrivilege	1276	Postman.exe
Token: SeCreatePagefilePrivilege	1276	Postman.exe

Suspicious use of FindShellTrayWindow 61 IoCs

pid	Process
4748	Update.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe

Suspicious use of SendNotifyMessage 59 IoCs

pid	Process
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1300 wrote to memory of 4748	1300	Postman-win64-Setup.exe	95
PID 1300 wrote to memory of 4748	1300	Postman-win64-Setup.exe	95
PID 4748 wrote to memory of 4764	4748	Update.exe	96
PID 4748 wrote to memory of 4764	4748	Update.exe	96
PID 4748 wrote to memory of 1276	4748	Update.exe	97
PID 4748 wrote to memory of 1276	4748	Update.exe	97
PID 1276 wrote to memory of 904	1276	Postman.exe	99
PID 1276 wrote to memory of 904	1276	Postman.exe	99
PID 1276 wrote to memory of 3896	1276	Postman.exe	100
PID 1276 wrote to memory of 3896	1276	Postman.exe	100
PID 1276 wrote to memory of 3896	1276	Postman.exe	100
PID 1276 wrote to memory of 3896	1276	Postman.exe	100
PID 1276 wrote to memory of 3896	1276	Postman.exe	100
PID 1276 wrote to memory of 3896	1276	Postman.exe	100
PID 1276 wrote to memory of 3896	1276	Postman.exe	100
PID 1276 wrote to memory of 3896	1276	Postman.exe	100
PID 1276 wrote to memory of 3896	1276	Postman.exe	100
PID 1276 wrote to memory of 3896	1276	Postman.exe	100
PID 1276 wrote to memory of 3896	1276	Postman.exe	100
PID 1276 wrote to memory of 3896	1276	Postman.exe	100
PID 1276 wrote to memory of 3896	1276	Postman.exe	100
PID 1276 wrote to memory of 3896	1276	Postman.exe	100
PID 1276 wrote to memory of 3896	1276	Postman.exe	100
PID 1276 wrote to memory of 3896	1276	Postman.exe	100
PID 1276 wrote to memory of 3896	1276	Postman.exe	100
PID 1276 wrote to memory of 3896	1276	Postman.exe	100
PID 1276 wrote to memory of 3896	1276	Postman.exe	100
PID 1276 wrote to memory of 3896	1276	Postman.exe	100
PID 1276 wrote to memory of 3896	1276	Postman.exe	100
PID 1276 wrote to memory of 3896	1276	Postman.exe	100
PID 1276 wrote to memory of 3896	1276	Postman.exe	100
PID 1276 wrote to memory of 3896	1276	Postman.exe	100
PID 1276 wrote to memory of 3896	1276	Postman.exe	100
PID 1276 wrote to memory of 3896	1276	Postman.exe	100
PID 1276 wrote to memory of 3896	1276	Postman.exe	100
PID 1276 wrote to memory of 3896	1276	Postman.exe	100
PID 1276 wrote to memory of 3896	1276	Postman.exe	100
PID 1276 wrote to memory of 3896	1276	Postman.exe	100
PID 1276 wrote to memory of 3896	1276	Postman.exe	100
PID 1276 wrote to memory of 3896	1276	Postman.exe	100
PID 1276 wrote to memory of 3896	1276	Postman.exe	100
PID 1276 wrote to memory of 3896	1276	Postman.exe	100
PID 1276 wrote to memory of 3896	1276	Postman.exe	100
PID 1276 wrote to memory of 3896	1276	Postman.exe	100
PID 1276 wrote to memory of 3896	1276	Postman.exe	100
PID 1276 wrote to memory of 3896	1276	Postman.exe	100
PID 1276 wrote to memory of 3144	1276	Postman.exe	101
PID 1276 wrote to memory of 3144	1276	Postman.exe	101
PID 1276 wrote to memory of 1016	1276	Postman.exe	102
PID 1276 wrote to memory of 1016	1276	Postman.exe	102
PID 2312 wrote to memory of 4752	2312	Postman.exe	107
PID 2312 wrote to memory of 4752	2312	Postman.exe	107
PID 4752 wrote to memory of 3312	4752	Postman.exe	108
PID 4752 wrote to memory of 3312	4752	Postman.exe	108
PID 4752 wrote to memory of 5072	4752	Postman.exe	109
PID 4752 wrote to memory of 5072	4752	Postman.exe	109
PID 4752 wrote to memory of 5072	4752	Postman.exe	109
PID 4752 wrote to memory of 5072	4752	Postman.exe	109
PID 4752 wrote to memory of 5072	4752	Postman.exe	109
PID 4752 wrote to memory of 5072	4752	Postman.exe	109
PID 4752 wrote to memory of 5072	4752	Postman.exe	109
PID 4752 wrote to memory of 5072	4752	Postman.exe	109
PID 4752 wrote to memory of 5072	4752	Postman.exe	109
PID 4752 wrote to memory of 5072	4752	Postman.exe	109

C:\Users\Admin\AppData\Local\Temp\Postman-win64-Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Postman-win64-Setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1300
- C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
  "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4748
- - C:\Users\Admin\AppData\Local\Postman\app-11.1.14\Squirrel.exe
    "C:\Users\Admin\AppData\Local\Postman\app-11.1.14\Squirrel.exe" --updateSelf=C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
    3⤵
    - Executes dropped EXE
    PID:4764
- - C:\Users\Admin\AppData\Local\Postman\app-11.1.14\Postman.exe
    "C:\Users\Admin\AppData\Local\Postman\app-11.1.14\Postman.exe" --squirrel-firstrun
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:1276
  - - C:\Users\Admin\AppData\Local\Postman\app-11.1.14\Postman.exe
      C:\Users\Admin\AppData\Local\Postman\app-11.1.14\Postman.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\Postman /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\Postman\Crashpad --annotation=_productName=Postman --annotation=_version=11.1.14 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=20.3.11 --initial-client-data=0x470,0x478,0x47c,0x44c,0x480,0x7ff7576b58f8,0x7ff7576b5908,0x7ff7576b5918
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:904
  - - C:\Users\Admin\AppData\Local\Postman\app-11.1.14\Postman.exe
      "C:\Users\Admin\AppData\Local\Postman\app-11.1.14\Postman.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Postman" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1832 --field-trial-handle=1912,i,8494072330481096024,17524430353801630151,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3896
  - - C:\Users\Admin\AppData\Local\Postman\app-11.1.14\Postman.exe
      "C:\Users\Admin\AppData\Local\Postman\app-11.1.14\Postman.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Postman" --mojo-platform-channel-handle=2140 --field-trial-handle=1912,i,8494072330481096024,17524430353801630151,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3144
  - - C:\Users\Admin\AppData\Local\Postman\app-11.1.14\Postman.exe
      "C:\Users\Admin\AppData\Local\Postman\app-11.1.14\Postman.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Postman" --app-user-model-id=com.squirrel.Postman.Postman --app-path="C:\Users\Admin\AppData\Local\Postman\app-11.1.14\resources\app.asar" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2476 --field-trial-handle=1912,i,8494072330481096024,17524430353801630151,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:1016
  - - C:\Users\Admin\AppData\Local\Postman\app-11.1.14\Postman.exe
      "C:\Users\Admin\AppData\Local\Postman\app-11.1.14\Postman.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Postman" --mojo-platform-channel-handle=2560 --field-trial-handle=1912,i,8494072330481096024,17524430353801630151,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3464
  - - C:\Users\Admin\AppData\Local\Postman\app-11.1.14\Postman.exe
      "C:\Users\Admin\AppData\Local\Postman\app-11.1.14\Postman.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Postman" --mojo-platform-channel-handle=1700 --field-trial-handle=1912,i,8494072330481096024,17524430353801630151,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1476
  - - C:\Users\Admin\AppData\Local\Postman\app-11.1.14\Postman.exe
      "C:\Users\Admin\AppData\Local\Postman\app-11.1.14\Postman.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Postman" --mojo-platform-channel-handle=2472 --field-trial-handle=1912,i,8494072330481096024,17524430353801630151,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2784
  - - C:\Users\Admin\AppData\Local\Postman\app-11.1.14\Postman.exe
      "C:\Users\Admin\AppData\Local\Postman\app-11.1.14\Postman.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Postman" --mojo-platform-channel-handle=2624 --field-trial-handle=1912,i,8494072330481096024,17524430353801630151,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:388
  - - C:\Users\Admin\AppData\Local\Postman\app-11.1.14\Postman.exe
      "C:\Users\Admin\AppData\Local\Postman\app-11.1.14\Postman.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Postman" --mojo-platform-channel-handle=2208 --field-trial-handle=1912,i,8494072330481096024,17524430353801630151,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4232,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=4400 /prefetch:8
1⤵
PID:4068

C:\Users\Admin\AppData\Local\Postman\Postman.exe
"C:\Users\Admin\AppData\Local\Postman\Postman.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2312
- C:\Users\Admin\AppData\Local\Postman\app-11.1.14\Postman.exe
  "C:\Users\Admin\AppData\Local\Postman\app-11.1.14\Postman.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4752
- - C:\Users\Admin\AppData\Local\Postman\app-11.1.14\Postman.exe
    C:\Users\Admin\AppData\Local\Postman\app-11.1.14\Postman.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\Postman /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\Postman\Crashpad --annotation=_productName=Postman --annotation=_version=11.1.14 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=20.3.11 --initial-client-data=0x498,0x4a0,0x4a4,0x474,0x4a8,0x7ff7576b58f8,0x7ff7576b5908,0x7ff7576b5918
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3312
- - C:\Users\Admin\AppData\Local\Postman\app-11.1.14\Postman.exe
    "C:\Users\Admin\AppData\Local\Postman\app-11.1.14\Postman.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Postman" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1844 --field-trial-handle=1888,i,4293990452269456521,1839410604618722815,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    PID:5072

C:\Users\Admin\AppData\Local\Postman\Postman.exe
"C:\Users\Admin\AppData\Local\Postman\Postman.exe"
1⤵
- Executes dropped EXE
PID:4808
- C:\Users\Admin\AppData\Local\Postman\app-11.1.14\Postman.exe
  "C:\Users\Admin\AppData\Local\Postman\app-11.1.14\Postman.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2060
- - C:\Users\Admin\AppData\Local\Postman\app-11.1.14\Postman.exe
    C:\Users\Admin\AppData\Local\Postman\app-11.1.14\Postman.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\Postman /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\Postman\Crashpad --annotation=_productName=Postman --annotation=_version=11.1.14 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=20.3.11 --initial-client-data=0x46c,0x474,0x478,0x448,0x47c,0x7ff7576b58f8,0x7ff7576b5908,0x7ff7576b5918
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3652
- - C:\Users\Admin\AppData\Local\Postman\app-11.1.14\Postman.exe
    "C:\Users\Admin\AppData\Local\Postman\app-11.1.14\Postman.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Postman" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1828 --field-trial-handle=1868,i,8826518218661287671,8806654707011449201,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:924

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Loads dropped DLL
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Postman\Postman.exe

Filesize
365KB

MD5
220f9b36c8bfd0405311a96430f9f5cc

SHA1
d469a223ebebde4e72fe7a9a451a775da6be7468

SHA256
67201dc9df6d1535c60ae2643eec5371b96bba9721335e568bb4fa546bbfd0e9

SHA512
78dd53b4d476f2323568460556dff17b0bfa7bb43f667c5ec1ea6977c1fcaf22d49b7b4a183fd89278a1d5496cc3f72919fe851bc6bbf2d91c254d7938b3fd99

Download Submit
C:\Users\Admin\AppData\Local\Postman\app-11.1.14\chrome_100_percent.pak

Filesize
126KB

MD5
a3d4515d3a33a407d313a62818e82a5d

SHA1
967ff9a6774a66f7b3299af4fd5d70961ed54d79

SHA256
662a9db6ef4197cb4b6c50648a2cafceb7fd903015828df3fee605a602370be0

SHA512
0c757e1beccbca1ae0791fa0c51a9e2019696bd0965c73de67b364fba6f317ea2cf20fa65e4fa7dd22519683528e5112dc8c530049170f4e702e0c8d4e065801

Download Submit
C:\Users\Admin\AppData\Local\Postman\app-11.1.14\chrome_200_percent.pak

Filesize
175KB

MD5
3bab45c70f22646cf8452c30903810cb

SHA1
40b31d4c79b5a2b8d12f8cf8b6c49c962c31f766

SHA256
d4282ae977f23afe252e19e421c8d09696ea3b83a1e73a6aaebaaa5547c74cbc

SHA512
85eda055494f0233c963e821906cf69d94e664d8396e8b08e7a8f412e1c16af71252fef1bfe3ed43cfad157aa90c0dcbb375626e2ddf0e807c9b23ad27e61d9c

Download Submit
C:\Users\Admin\AppData\Local\Postman\app-11.1.14\d3dcompiler_47.dll

Filesize
4.7MB

MD5
3c1c2a510363dff11417d783aa3b3a0f

SHA1
11cefef6836286a052834521ac1abaff0c214274

SHA256
1314c1681488acdcaa5b94972e15e47a2e6bee0282bca41558291600eca1286f

SHA512
18059ca29691e859100a3c6233280fa8c9d0cd5c4f046dca511523f9dd99ef73a86733958f4c3650ba55bb1109db30fb126288ba1389af3c2d3c8b3a9dd16108

Download Submit
C:\Users\Admin\AppData\Local\Postman\app-11.1.14\ffmpeg.dll

Filesize
2.7MB

MD5
df863d5baffe78ba173e27cd25f8e312

SHA1
1d5a6da5518fc5025331c3c76dd7f4589e072c19

SHA256
06c22c08af6b727a6ae1d186f556a26d5960e4f75c3267f674d02f61514c89b6

SHA512
7d7d484434d56d7067e865a94948bcffbcd6b7729cd7dc841fff80c6b7aca2b1ed7de7f38ad4b192d084dcda8205311e56d55fb2b47a2dfe25263f02f74f539f

Download Submit
C:\Users\Admin\AppData\Local\Postman\app-11.1.14\icudtl.dat

Filesize
10.0MB

MD5
516f6b90d1539bd1eaeaa2fc32dadb92

SHA1
8017789bef98902cdc95c18e67b84378ddd293c0

SHA256
51edd31f6c5d298c662af320424b632172a31e3348cdbb201380636c95ded794

SHA512
db4b5fd7f8a0e0a331ffa7c574d011b059df8654cdc6ee4970f84fda20b88a3b8706f2605d91d19a6dd86d2702cc9542e026a054d28f85c51b676daa8d3f3bb0

Download Submit
C:\Users\Admin\AppData\Local\Postman\app-11.1.14\libEGL.dll

Filesize
435KB

MD5
9767d2c88e35e9994567a4ecdd3fab6f

SHA1
d1133645b8af59ada6a0e6f5d9608ad47fd84933

SHA256
d9c550a9bf20357ef785239cc346a7e74f824a9357870f25dba68112678962dd

SHA512
e39402a211bfffef543c2a67c3e4d2ae5f9cfff49e0469bc2afa12f547f8f80483ef7403ccf78902c7a7e02c8da3a45bd0873cbf58487322fd2a60bb48b23dc0

Download Submit
C:\Users\Admin\AppData\Local\Postman\app-11.1.14\libGLESv2.dll

Filesize
6.2MB

MD5
b38a002a3645823c55cc09d40d882141

SHA1
2dae207097400845407e289252faedce5889b33d

SHA256
abad51688c68d2a16b0056a4a6901cc8d720702a213fb0054bfdc8c5e52977f2

SHA512
8596ecc74849255a5e9b5ad87488080ef345849d5e1bc53d3f73a2bc4b4ac6fdb8e1158b0adbefa4217c2aaaa28e90d9c3d60513bfbb9f671e14073770ef6e68

Download Submit
C:\Users\Admin\AppData\Local\Postman\app-11.1.14\locales\en-US.pak

Filesize
295KB

MD5
a2ed0e17819c287b824cae5c0ac03af7

SHA1
9694627f89cd65fbb511eacc6c785ab045525ff2

SHA256
c4a2c6a90945868a02ad14b3a994e94b123981d56190bd34cc3cb14f31f2270b

SHA512
a527351a1c61e6ed4e999c6549ec04b2096712644c4e1f28b48872c031c9f0a4bb118c0ceb40dc3a35315ddc7cf244e3c0c03d864a53d4a76f6dcf1b3889c109

Download Submit
C:\Users\Admin\AppData\Local\Postman\app-11.1.14\resources.pak

Filesize
5.1MB

MD5
189c5871e67cc067293ef65ab1cb6a71

SHA1
c8a233ccb51b1fcdaf604f7c06dcdf9d57719628

SHA256
ec076cef33458d85b8e0869c64cd9179853445657cc71051c5ccea47639e336d

SHA512
668732fef5e032beda61b4cc6901968885a39d7a121e2492b0fd7b52d69aac4a093694fc6ea06b4b0f29a4e31bcd50717034f77df1754a7702c3d7be66bd3a21

Download Submit
C:\Users\Admin\AppData\Local\Postman\app-11.1.14\squirrel.exe

Filesize
1.8MB

MD5
07580580176bcc4fba3b31ae91b08aa7

SHA1
95f3b452c4e694d2e527f2cb37a9d4d2e3929fd2

SHA256
132ad33de47b5de348df94f9d4c7a00ea0f0f990433c84a101e4461ca5d4a5f4

SHA512
c608839f289ba72e0f1ba1aa9e94f39359c19f5aeebf7500b7c55bac09becc1803815c391c707050810da612a1242edb1df8a85a8f6195d1b1b027e5957108f0

Download Submit
C:\Users\Admin\AppData\Local\Postman\app-11.1.14\v8_context_snapshot.bin

Filesize
716KB

MD5
7ea15faff14c6631ef7ef7899ec8235d

SHA1
b398fb7e8e3afa7886c483b054be4358aba5b800

SHA256
1717afb2f6958e37a34ab35b5b796ff2d9fa7d0d4828a405221ac3260b722973

SHA512
57e6fdf0c6c64f232fe6c247b955689bba09a9c2bd37124b3b4b419403ee1f1028b5eed6b1e3f96263cbc1762d3c2637e06ffb3a04891772d67487ee2fd8db45

Download Submit
C:\Users\Admin\AppData\Local\Postman\app-11.1.14\vk_swiftshader.dll

Filesize
3.9MB

MD5
8ef7816f0aea14f584f1f2bf72b1f0f0

SHA1
96db780d599d41de48aa3f798ab93eb1e68071f3

SHA256
1f51639d0895b412cf895959fd3814c45bf06c8fd1cdfe096097255d04f9b7b2

SHA512
2234d853436a28ca28350070a6fdb1c0475740fb4c56199aa3cd14e5430ce506c4d941d40a79109e9d34977d26c49411938ddfc7f03b0cc8cd78234f35e35a83

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

Filesize
80B

MD5
735b58c3e9384fe445c16bdac4bbfc9d

SHA1
2fa3522ddb910e821baee8929172354a82c55e34

SHA256
679076785eba627f5162931e5a71f858e2f91ef456379c5288085acca991cde2

SHA512
0ba37913bae3043f547afbfe5e62d4d7c1c8afd317b0af100542be6a00de3eecf889fa8359a21f6f509c65d0f8474b0e4b2bb7a72708e3b34b0e8f36134ab439

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
1.8MB

MD5
182ed800b082825b1673b9155bfd58e3

SHA1
f664b3c1a07cbd7f76c42ed9afedc44396164472

SHA256
1fd6880a2d4b20c7755d271e54fd17630f2053fff558094cd594365291d2ee53

SHA512
f286e8bb37e8167e4be3c44910bdd59f770e0dc019b7153716e9ae4b9ea74c8eae9df1da48dd5c04cc477aabfa9d0dc351d57b464bbf6891db70cd117fb516ee

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\background.gif

Filesize
669KB

MD5
7c6f62944249c7992b1d79b8e9959eaa

SHA1
1aff0f7534e4e69d5f370841a9fc6cdca237ccc3

SHA256
ddb17e0a1467c378db245f29804d9740885212f83988069cceb98c62f7dfa3da

SHA512
297e3edf919a8d4ce168d3e9dbab69988f72c7ebd978ff926eb54f875bf7e89823d15059544f662aee62f378678de6b64873dee836103dc7a04ce4e3af23abd9

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\setupIcon.ico

Filesize
24KB

MD5
1cb89146c50ffa12878fcb603a042406

SHA1
cfa33191218440c58fac904aa0f7c7e063f01c61

SHA256
8e7200c658334b2ac4c142ed3a24890782b655f86415739b3717c87b4851911c

SHA512
8185c20b686b3cc0937dab203cb50f09746ecf2741a9d894e98b6eb64963ceeb68726dd17cfd98e74a8611a1d0f00e1a807aef3184a298af0e877c966b54bed3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Postman\Crashpad\settings.dat

Filesize
40B

MD5
40a89bce5396c77615da96e47e4eef8f

SHA1
7192399293f1efc8d7d5af8d656c4fc4759aa603

SHA256
4084b466e62e9aaf2430e918c32632784cc630e4455eb3282700df3bfc9e534c

SHA512
d2b2cac00f022d71b5eb22b335a0e7dcc5f2c3b9748b9987d83c9fbfc1a10cb1d1c3aff0827ca04914d15b7ebcfb5a93b2947d2dfc3f4a901fb66455f7dfbf3b

Download Submit
C:\Users\Admin\AppData\Roaming\Postman\Local State

Filesize
389B

MD5
cbeda770fe9b8deda458550d227c7fa6

SHA1
c7a3da4267bce97134ff81471763761449b6f731

SHA256
a72fa68160a5d2a58062eef50d927c26beebc4e96d206f90927bfd764036805e

SHA512
9e5fe7b38b5b2d719765f65556106e7b95fb8eaca539e30a6c848d3b8e43fac56900bc681a64fccbe608022e6a1fe7a990e216e7b82adc686e5680729c05d271

Download Submit
C:\Users\Admin\AppData\Roaming\Postman\Partitions\postman_shell\Cache\Cache_Data\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Roaming\Postman\Partitions\postman_shell\Cache\Cache_Data\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Roaming\Postman\Partitions\postman_shell\Cache\Cache_Data\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\Postman\Partitions\postman_shell\Cache\Cache_Data\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\Postman\Partitions\postman_shell\Cache\Cache_Data\index

Filesize
256KB

MD5
b7d05d94d4b88baf7be54c085d7a723e

SHA1
67c61481e0b5be24662b04dc558eacaf3b623e17

SHA256
d6dc783a324d11b46b0ec1c671b6c5ba97f81980be0ae7fca1fe3255032a28cd

SHA512
41b596519eeff914e3ceb41a85db873c7396e8531d51953c25e2a13c3650e1d51175d5793bc7dd175905d6ce5c8ca494e6d683c01ff9bcf74bd0104917334dc4

Download Submit
C:\Users\Admin\AppData\Roaming\Postman\Partitions\postman_shell\Network\Network Persistent State

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\Postman\Partitions\postman_shell\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\Postman\storage\settings.json

Filesize
33B

MD5
ca6ee9d087387204c8949821d2f81d6e

SHA1
af414c5f6d9f8ee74ad1af16c3071f415babba2d

SHA256
bc6997959b599aa5eca457d65d6ea8db1f8571877b453db4c2b7a5ed882c4953

SHA512
0bda79d6fa6fb4b5a65c63fb1fa116da11ff188b2bde19621c4ec2272a25a2728f668e7383c7345768bbe4b3328d73ca02287e2f9d4e063a9a79da34ea7513f1

Download Submit
C:\Users\Admin\AppData\Roaming\Postman\storage\userPartitionData.json

Filesize
27B

MD5
1a315c4fc216855ad5d2da20e61e2d9d

SHA1
3843e928165fdc9e838224312286c5d7c2ed5f43

SHA256
c2115c763cbfff93ecf43c0771a9b3d22525557ebb76abd0154e4e405f5b9089

SHA512
efe152d07c76252bcdead5589825d413951d2bace8ba474543de4532a66b003b239df0febe84bcfbcfbc797f1dbd098eeee511494c43062fa6cf44999ae9e257

Download Submit
C:\Users\Admin\AppData\Roaming\Postman\storage\userPartitionData.json

Filesize
43B

MD5
c67667b1b33b51f50c958ac19a2b468f

SHA1
f2d5911bb5e390495a5c665babca20fc736e58d6

SHA256
24eada04aa6d95ad5476585e348c227b3b9280a1a53682a153c580b8db0f17f0

SHA512
0a1e5f3a23766b3c16482a52a742ebba210f91b5df5c5628a376ec53ef67cff754ddafc9f7e1f258f7d8f7a975fbae2b2a8d09b57d4189d080ac03681eb931f8

Download Submit
C:\Users\Admin\AppData\Roaming\Postman\storage\userPartitionData.json

Filesize
54B

MD5
62277ac04e00704de145d19d6b97c6b0

SHA1
7af61bc528ab9c8e4cb21345d613e320741a2e5e

SHA256
54657e8e4df0afb2606730e9d0e6fecce8123740b5d738815fa9bb64ac1d8f9f

SHA512
aac0bbb0e5f69d1b67663eac569aa7340fda63973464a1cf00d7320cbc30dd66e0488443582eaaf553d72a58c7878c7427dabe8682aaf4cdb74fe4cc1e4629c6

Download Submit
memory/3660-341-0x000001FD892F0000-0x000001FD892F1000-memory.dmp

Filesize
4KB

Download
memory/3660-350-0x000001FD892F0000-0x000001FD892F1000-memory.dmp

Filesize
4KB

Download
memory/3660-339-0x000001FD892F0000-0x000001FD892F1000-memory.dmp

Filesize
4KB

Download
memory/3660-346-0x000001FD892F0000-0x000001FD892F1000-memory.dmp

Filesize
4KB

Download
memory/3660-345-0x000001FD892F0000-0x000001FD892F1000-memory.dmp

Filesize
4KB

Download
memory/3660-347-0x000001FD892F0000-0x000001FD892F1000-memory.dmp

Filesize
4KB

Download
memory/3660-351-0x000001FD892F0000-0x000001FD892F1000-memory.dmp

Filesize
4KB

Download
memory/3660-340-0x000001FD892F0000-0x000001FD892F1000-memory.dmp

Filesize
4KB

Download
memory/3660-349-0x000001FD892F0000-0x000001FD892F1000-memory.dmp

Filesize
4KB

Download
memory/3660-348-0x000001FD892F0000-0x000001FD892F1000-memory.dmp

Filesize
4KB

Download
memory/3896-161-0x00007FFC15A20000-0x00007FFC15A21000-memory.dmp

Filesize
4KB

Download
memory/4748-115-0x00000000232F0000-0x00000000232FE000-memory.dmp

Filesize
56KB

Download
memory/4748-8-0x0000000000B10000-0x0000000000CD4000-memory.dmp

Filesize
1.8MB

Download
memory/4748-114-0x0000000023330000-0x0000000023368000-memory.dmp

Filesize
224KB

Download
memory/4748-109-0x000000001EEA0000-0x000000001EEC0000-memory.dmp

Filesize
128KB

Download
memory/4764-102-0x00000000000C0000-0x000000000028A000-memory.dmp

Filesize
1.8MB

Download