1d17937f2141570de62b437ff6bf09b1b58cfdb13ff02ed6592e077e2d368252

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05-10-2024 01:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MYPIntkPkondCCoYfHjXt.ps1
Size

5KB
MD5

99b82bdc2f4559929a3a884aebacd11c
SHA1

af34b30695539f108741648a1fce012bdf81cc75
SHA256

1f38a9e17e5096bca84b6ec87eb5470b2ce4450a6a03b3e41b38dbd91ab281da
SHA512

888e40c5ee48e538adef05518fa55cbb2dbcca4366a6101b5bcdd031a0dd37db34773ccfe261063d74d31d5efdb3556a9cf5b14741a7e27a7b10b52588baa6ef
SSDEEP

96:Dqcl8CXUYNR7PCbYnyiHzlPY9lGxNTtPIdVGBwyaFlGxNTtPIdVGBwyL5q:DqU8I7PCbYnyiHzlPY9leNtPIdVewyah

Score

3^/10

discovery execution

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
4708	powershell.exe
1036	powershell.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 7 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe

Suspicious behavior: EnumeratesProcesses 15 IoCs

pid	Process
4708	powershell.exe
4708	powershell.exe
1036	powershell.exe
1036	powershell.exe
60	msedge.exe
60	msedge.exe
816	msedge.exe
816	msedge.exe
4624	msedge.exe
3204	identity_helper.exe
3204	identity_helper.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4708	powershell.exe
Token: SeDebugPrivilege	1036	powershell.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4708 wrote to memory of 1036	4708	powershell.exe	85
PID 4708 wrote to memory of 1036	4708	powershell.exe	85
PID 4708 wrote to memory of 816	4708	powershell.exe	87
PID 4708 wrote to memory of 816	4708	powershell.exe	87
PID 816 wrote to memory of 3160	816	msedge.exe	88
PID 816 wrote to memory of 3160	816	msedge.exe	88
PID 816 wrote to memory of 3496	816	msedge.exe	89
PID 816 wrote to memory of 3496	816	msedge.exe	89
PID 816 wrote to memory of 3496	816	msedge.exe	89
PID 816 wrote to memory of 3496	816	msedge.exe	89
PID 816 wrote to memory of 3496	816	msedge.exe	89
PID 816 wrote to memory of 3496	816	msedge.exe	89
PID 816 wrote to memory of 3496	816	msedge.exe	89
PID 816 wrote to memory of 3496	816	msedge.exe	89
PID 816 wrote to memory of 3496	816	msedge.exe	89
PID 816 wrote to memory of 3496	816	msedge.exe	89
PID 816 wrote to memory of 3496	816	msedge.exe	89
PID 816 wrote to memory of 3496	816	msedge.exe	89
PID 816 wrote to memory of 3496	816	msedge.exe	89
PID 816 wrote to memory of 3496	816	msedge.exe	89
PID 816 wrote to memory of 3496	816	msedge.exe	89
PID 816 wrote to memory of 3496	816	msedge.exe	89
PID 816 wrote to memory of 3496	816	msedge.exe	89
PID 816 wrote to memory of 3496	816	msedge.exe	89
PID 816 wrote to memory of 3496	816	msedge.exe	89
PID 816 wrote to memory of 3496	816	msedge.exe	89
PID 816 wrote to memory of 3496	816	msedge.exe	89
PID 816 wrote to memory of 3496	816	msedge.exe	89
PID 816 wrote to memory of 3496	816	msedge.exe	89
PID 816 wrote to memory of 3496	816	msedge.exe	89
PID 816 wrote to memory of 3496	816	msedge.exe	89
PID 816 wrote to memory of 3496	816	msedge.exe	89
PID 816 wrote to memory of 3496	816	msedge.exe	89
PID 816 wrote to memory of 3496	816	msedge.exe	89
PID 816 wrote to memory of 3496	816	msedge.exe	89
PID 816 wrote to memory of 3496	816	msedge.exe	89
PID 816 wrote to memory of 3496	816	msedge.exe	89
PID 816 wrote to memory of 3496	816	msedge.exe	89
PID 816 wrote to memory of 3496	816	msedge.exe	89
PID 816 wrote to memory of 3496	816	msedge.exe	89
PID 816 wrote to memory of 3496	816	msedge.exe	89
PID 816 wrote to memory of 3496	816	msedge.exe	89
PID 816 wrote to memory of 3496	816	msedge.exe	89
PID 816 wrote to memory of 3496	816	msedge.exe	89
PID 816 wrote to memory of 3496	816	msedge.exe	89
PID 816 wrote to memory of 3496	816	msedge.exe	89
PID 816 wrote to memory of 60	816	msedge.exe	90
PID 816 wrote to memory of 60	816	msedge.exe	90
PID 816 wrote to memory of 4636	816	msedge.exe	91
PID 816 wrote to memory of 4636	816	msedge.exe	91
PID 816 wrote to memory of 4636	816	msedge.exe	91
PID 816 wrote to memory of 4636	816	msedge.exe	91
PID 816 wrote to memory of 4636	816	msedge.exe	91
PID 816 wrote to memory of 4636	816	msedge.exe	91
PID 816 wrote to memory of 4636	816	msedge.exe	91
PID 816 wrote to memory of 4636	816	msedge.exe	91
PID 816 wrote to memory of 4636	816	msedge.exe	91
PID 816 wrote to memory of 4636	816	msedge.exe	91
PID 816 wrote to memory of 4636	816	msedge.exe	91
PID 816 wrote to memory of 4636	816	msedge.exe	91
PID 816 wrote to memory of 4636	816	msedge.exe	91
PID 816 wrote to memory of 4636	816	msedge.exe	91
PID 816 wrote to memory of 4636	816	msedge.exe	91
PID 816 wrote to memory of 4636	816	msedge.exe	91

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\MYPIntkPkondCCoYfHjXt.ps1
1⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4708
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://edition.cnn.com/
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:816
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff94fb046f8,0x7ff94fb04708,0x7ff94fb04718
    3⤵
    PID:3160
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,16760317582006576865,3896437150802272189,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
    3⤵
    PID:3496
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,16760317582006576865,3896437150802272189,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:60
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,16760317582006576865,3896437150802272189,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
    3⤵
    PID:4636
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16760317582006576865,3896437150802272189,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
    3⤵
    PID:3696
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16760317582006576865,3896437150802272189,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
    3⤵
    PID:4432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2040,16760317582006576865,3896437150802272189,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4756 /prefetch:8
    3⤵
    PID:1104
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2040,16760317582006576865,3896437150802272189,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5772 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4624
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,16760317582006576865,3896437150802272189,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4204 /prefetch:8
    3⤵
    PID:776
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,16760317582006576865,3896437150802272189,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4204 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3204
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16760317582006576865,3896437150802272189,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
    3⤵
    PID:656
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16760317582006576865,3896437150802272189,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
    3⤵
    PID:4940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16760317582006576865,3896437150802272189,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
    3⤵
    PID:316
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,16760317582006576865,3896437150802272189,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
    3⤵
    PID:4820
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,16760317582006576865,3896437150802272189,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2424

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:940

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1536

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x468 0x470
1⤵
PID:1760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
792B

MD5
90fbbd5731a21fb06c90bf9e73fd941b

SHA1
384e824540c5d016a596cea2621692194c311282

SHA256
59b1decfd6ce8ed7ea12f5e5d89a0757b89bfafae2b00297d8472350a622efd4

SHA512
40e556a340b867426517eca45e8ce792dc98f88b12a17c0ab02bfa393b775d8d6fbc78ec2466b7049420fc99a04ab9115d7540bcec9cb8a8151ee95bfa930d89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
055b6dce541c55dce19be3b400e1ae77

SHA1
4a782fe85fd03f1d2b57eb298f8ecfb9bdb3468e

SHA256
72130bfcaa5d1a6e54c5647395223f7807f012de286e75aefbcf2bbb96a82e50

SHA512
cc9147d96a768dfe9151459a1aea0a35b5067fb82dd1bbeaad8fd663feae972691b1e84b8691781424b9b531702e583eb27c9e2e36510d0d7c37f4c37018b9d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5ac7513fa91ade0c82693b502aa8f901

SHA1
3ed30d13d6de3f0b8cff41d6e665b4fbbc4bdbca

SHA256
42c418016c13d237d66170f8ec186942d232f80f499b4e3c84dcd4863a6e578c

SHA512
d0ac9ed69adbacde6aa9acf4a14873d6bd8832fbed0b70a73da16f3aa862ba9d2c404898cbd79fe6d21655f921d9f85f2c7d7c2db423701a1e48af8bf4f32964

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
94e2b3bbd4b731745d87d422fd7ddc4a

SHA1
94bd8a9fcd5b38e3816ae317f0076f495714b703

SHA256
0337fbee9151b2741b25fd5473dfb68cd91d5533f88fd6faa4b70f445ba6901b

SHA512
c90b7191e083fef633c3b8b53d6fcd800541039d26754838e00cfe6af200fc23a9c407a7175e9467245ef1742a64a515ef060d862d9f119ea0a9c95f9d9501e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f3d692f6f7d28eda752ddfb4650b7d2b

SHA1
7a5d7169a2ac7e29ab5354c37166f3d492e7030e

SHA256
6488b5e313199bbe1c9a2adda922688048a8166a6ead8864739db2574b5e31de

SHA512
0e5292305b67e6395e60c65672f56540d140e09ff6a8552b611c4cd81edf9bda8d2e61d68a1e6203fc86d6be6fdaa3eb63765f7d2dd7ac80b2749916eb1c0727

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
b4440b2e0a823e28124b5d658a8abc67

SHA1
eea94477fc17f4e6105611e515959ccc8ab7861b

SHA256
80765fd0481e0e2be449f572db81e4833dc321a82508cba90a522c4842164b50

SHA512
32b41abca00846af2bbaa9bb93c2fe92afff0d803a0241ab6bbc6ad14edd4fbffea56216e770f8eb798048a4724824858942954356975a20622d854370e6e10e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585d5d.TMP

Filesize
538B

MD5
76069d491b96777b02b35e9d1614389f

SHA1
c893dc5d837e87a54d408e40ab21f9d2d594bcba

SHA256
26d8de8c64f5e5ddccb8f136ab11a74ecf446113ab0a9e06e312129f2be08b81

SHA512
aec9eec966cdc6ab97228e6953c0c6bb39f2791d8d99b9865c975b30680a8c47c46ecf32fae56235b6ffe4c4b0e9d77c9bd0549f9664d59662dcadaf6746d99f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3857473b64109d2413fe708461e86a35

SHA1
860874cde5b132d3992525f7db86f1f7267a0a67

SHA256
e083f811a8bac68f64d50284de3057aaf3cca1ea836eb311f0c19c0a73185b38

SHA512
b6d1bf706d5ff244cfc046669b4de506f3dccc7ad7e91b8061f4f2c43f4bd5db2f69483e9e293ca244e7f42fb6b99627bfadd9527f91f75fd10f8fd928955618

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_nfiulwnk.r4m.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/1036-217-0x00007FF95A470000-0x00007FF95AF31000-memory.dmp

Filesize
10.8MB

Download
memory/1036-26-0x00007FF95A470000-0x00007FF95AF31000-memory.dmp

Filesize
10.8MB

Download
memory/1036-25-0x00007FF95A470000-0x00007FF95AF31000-memory.dmp

Filesize
10.8MB

Download
memory/1036-15-0x00007FF95A470000-0x00007FF95AF31000-memory.dmp

Filesize
10.8MB

Download
memory/4708-213-0x00007FF95A473000-0x00007FF95A475000-memory.dmp

Filesize
8KB

Download
memory/4708-220-0x00007FF95A470000-0x00007FF95AF31000-memory.dmp

Filesize
10.8MB

Download
memory/4708-216-0x00007FF95A470000-0x00007FF95AF31000-memory.dmp

Filesize
10.8MB

Download
memory/4708-0-0x00007FF95A473000-0x00007FF95A475000-memory.dmp

Filesize
8KB

Download
memory/4708-14-0x000001FC32C80000-0x000001FC32E8A000-memory.dmp

Filesize
2.0MB

Download
memory/4708-13-0x000001FC328F0000-0x000001FC32A66000-memory.dmp

Filesize
1.5MB

Download
memory/4708-12-0x00007FF95A470000-0x00007FF95AF31000-memory.dmp

Filesize
10.8MB

Download
memory/4708-11-0x00007FF95A470000-0x00007FF95AF31000-memory.dmp

Filesize
10.8MB

Download
memory/4708-182-0x00007FF95A470000-0x00007FF95AF31000-memory.dmp

Filesize
10.8MB

Download
memory/4708-1-0x000001FC32340000-0x000001FC32362000-memory.dmp

Filesize
136KB

Download