50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326

max time kernel
606s
max time network
438s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
03-02-2025 06:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ubuntu2404-amd64-20240523-uk.ps1
Size

1B
MD5

f1290186a5d0b1ceab27f4e77c0c5d68
SHA1

aff024fe4ab0fece4091de044c58c9ae4233383a
SHA256

50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326
SHA512

aa66509891ad28030349ba9581e8c92528faab6a34349061a44b6f8fcd8d6877a67b05508983f12f8610302d1783401a07ec41c7e9ebd656de34ec60d84d9511

Score

3^/10

discovery execution

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
1388	powershell.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1388	powershell.exe
1388	powershell.exe
568	msedge.exe
568	msedge.exe
3004	msedge.exe
3004	msedge.exe
1156	msedge.exe
1156	msedge.exe
4664	identity_helper.exe
4664	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	1388	powershell.exe
Token: 33	3140	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3140	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 568 wrote to memory of 1088	568	msedge.exe	81
PID 568 wrote to memory of 1088	568	msedge.exe	81
PID 568 wrote to memory of 2912	568	msedge.exe	82
PID 568 wrote to memory of 2912	568	msedge.exe	82
PID 568 wrote to memory of 2912	568	msedge.exe	82
PID 568 wrote to memory of 2912	568	msedge.exe	82
PID 568 wrote to memory of 2912	568	msedge.exe	82
PID 568 wrote to memory of 2912	568	msedge.exe	82
PID 568 wrote to memory of 2912	568	msedge.exe	82
PID 568 wrote to memory of 2912	568	msedge.exe	82
PID 568 wrote to memory of 2912	568	msedge.exe	82
PID 568 wrote to memory of 2912	568	msedge.exe	82
PID 568 wrote to memory of 2912	568	msedge.exe	82
PID 568 wrote to memory of 2912	568	msedge.exe	82
PID 568 wrote to memory of 2912	568	msedge.exe	82
PID 568 wrote to memory of 2912	568	msedge.exe	82
PID 568 wrote to memory of 2912	568	msedge.exe	82
PID 568 wrote to memory of 2912	568	msedge.exe	82
PID 568 wrote to memory of 2912	568	msedge.exe	82
PID 568 wrote to memory of 2912	568	msedge.exe	82
PID 568 wrote to memory of 2912	568	msedge.exe	82
PID 568 wrote to memory of 2912	568	msedge.exe	82
PID 568 wrote to memory of 2912	568	msedge.exe	82
PID 568 wrote to memory of 2912	568	msedge.exe	82
PID 568 wrote to memory of 2912	568	msedge.exe	82
PID 568 wrote to memory of 2912	568	msedge.exe	82
PID 568 wrote to memory of 2912	568	msedge.exe	82
PID 568 wrote to memory of 2912	568	msedge.exe	82
PID 568 wrote to memory of 2912	568	msedge.exe	82
PID 568 wrote to memory of 2912	568	msedge.exe	82
PID 568 wrote to memory of 2912	568	msedge.exe	82
PID 568 wrote to memory of 2912	568	msedge.exe	82
PID 568 wrote to memory of 2912	568	msedge.exe	82
PID 568 wrote to memory of 2912	568	msedge.exe	82
PID 568 wrote to memory of 2912	568	msedge.exe	82
PID 568 wrote to memory of 2912	568	msedge.exe	82
PID 568 wrote to memory of 2912	568	msedge.exe	82
PID 568 wrote to memory of 2912	568	msedge.exe	82
PID 568 wrote to memory of 2912	568	msedge.exe	82
PID 568 wrote to memory of 2912	568	msedge.exe	82
PID 568 wrote to memory of 2912	568	msedge.exe	82
PID 568 wrote to memory of 2912	568	msedge.exe	82
PID 568 wrote to memory of 3004	568	msedge.exe	83
PID 568 wrote to memory of 3004	568	msedge.exe	83
PID 568 wrote to memory of 4088	568	msedge.exe	84
PID 568 wrote to memory of 4088	568	msedge.exe	84
PID 568 wrote to memory of 4088	568	msedge.exe	84
PID 568 wrote to memory of 4088	568	msedge.exe	84
PID 568 wrote to memory of 4088	568	msedge.exe	84
PID 568 wrote to memory of 4088	568	msedge.exe	84
PID 568 wrote to memory of 4088	568	msedge.exe	84
PID 568 wrote to memory of 4088	568	msedge.exe	84
PID 568 wrote to memory of 4088	568	msedge.exe	84
PID 568 wrote to memory of 4088	568	msedge.exe	84
PID 568 wrote to memory of 4088	568	msedge.exe	84
PID 568 wrote to memory of 4088	568	msedge.exe	84
PID 568 wrote to memory of 4088	568	msedge.exe	84
PID 568 wrote to memory of 4088	568	msedge.exe	84
PID 568 wrote to memory of 4088	568	msedge.exe	84
PID 568 wrote to memory of 4088	568	msedge.exe	84
PID 568 wrote to memory of 4088	568	msedge.exe	84
PID 568 wrote to memory of 4088	568	msedge.exe	84
PID 568 wrote to memory of 4088	568	msedge.exe	84
PID 568 wrote to memory of 4088	568	msedge.exe	84

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\ubuntu2404-amd64-20240523-uk.ps1
1⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff824a53cb8,0x7ff824a53cc8,0x7ff824a53cd8
  2⤵
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,239175712421561586,3174864274571167725,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1900 /prefetch:2
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,239175712421561586,3174864274571167725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,239175712421561586,3174864274571167725,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,239175712421561586,3174864274571167725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,239175712421561586,3174864274571167725,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,239175712421561586,3174864274571167725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
  2⤵
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,239175712421561586,3174864274571167725,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,239175712421561586,3174864274571167725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,239175712421561586,3174864274571167725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,239175712421561586,3174864274571167725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,239175712421561586,3174864274571167725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,239175712421561586,3174864274571167725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,239175712421561586,3174864274571167725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,239175712421561586,3174864274571167725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,239175712421561586,3174864274571167725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,239175712421561586,3174864274571167725,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,239175712421561586,3174864274571167725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,239175712421561586,3174864274571167725,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1884,239175712421561586,3174864274571167725,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3840 /prefetch:8
  2⤵
  PID:3468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2188

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3604

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x0000000000000494 0x00000000000004E4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3140

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e11c77d0fa99af6b1b282a22dcb1cf4a

SHA1
2593a41a6a63143d837700d01aa27b1817d17a4d

SHA256
d96f9bfcc81ba66db49a3385266a631899a919ed802835e6fb6b9f7759476ea0

SHA512
c8f69f503ab070a758e8e3ae57945c0172ead1894fdbfa2d853e5bb976ed3817ecc8f188eefd5092481effd4ef650788c8ff9a8d9a5ee4526f090952d7c859f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c0a1774f8079fe496e694f35dfdcf8bc

SHA1
da3b4b9fca9a3f81b6be5b0cd6dd700603d448d3

SHA256
c041da0b90a5343ede7364ccf0428852103832c4efa8065a0cd1e8ce1ff181cb

SHA512
60d9e87f8383fe3afa2c8935f0e5a842624bb24b03b2d8057e0da342b08df18cf70bf55e41fa3ae54f73bc40a274cf6393d79ae01f6a1784273a25fa2761728b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

Filesize
55KB

MD5
fdf2600d905a0faa060d691e0212e1a7

SHA1
62550f0993a219e265ff9a0795a4d9f49b28748f

SHA256
52a37b3a78eb5b59df3bdb129b9115c6fed9bec6ca62b55ae56d8c2701de5972

SHA512
7118d2ea3aafe3d77709842da20acbe3faaf4c6c92a50ab05ecd4986916bbb92fe297a1b00357572683b02c61762cdf31dc425f03221dd169803252db5f04f7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

Filesize
57KB

MD5
26a1891f272dc17f5ac69a8cfde2991d

SHA1
097239d7cb11b964bd6a745f24e5f82267fcaf0f

SHA256
e4dd3bb15ae6492d5ddff59e08075a6023463b82cfe6c284470fec0d86fe52ae

SHA512
2b78bc3b2e57aeaacdbce5315b117c8900f9cfb99e331704c80f871882b1f0ad88ef7d6808fea6a8e93e1e65a239beaff9c3d61a07191b96bc21c0fac759d783

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000045

Filesize
55KB

MD5
cfd886e1ca849a7f8e2600763f236d78

SHA1
c1fc2b10d20c529c01b465a1edc0ed2fe04f0bd5

SHA256
c0b1c3c6995c24eabd1a6fcc4f00523e022b546cf1fa4fce6c30d04763244d1b

SHA512
254e37e3650b2c87b524c96f517586b690094abf7c8e0539b050ecdc4c56c2593bedab7b1a830b827ddc19f1c3e05ff4096ebdf4cc969b5bc5fd33cb34e94fd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004f

Filesize
422KB

MD5
173816416e8602d9b0d3e76da1ece928

SHA1
7fb09ca26a363700163d2c0349e778b634cbec6f

SHA256
e22c376af1d51d0fb3d1756f1f815283b6e9573d93759814893b3098767cf92d

SHA512
25b8f9bd042713aaa2fd6b7ef16ab1e2f55860ba2a817035a6606857181305ae20fabd63cae8bc4fbf68d7d752bf34961aa7d193083d7146a4fe0cb3cc0405d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
6ab8e486c3259cb2429d8b8c76e98231

SHA1
9d3423afcaaed81953b040d51ac0936a74478809

SHA256
e776b36608726679642b270974650308f9bdd986d5a9d96d7942a44bd47d3f97

SHA512
1523c133fa97c410b7f1a6b4926ce207f146aa8c2f1dbf0fc8326ccdf11a6569902d01d262dd2f82bccb3fc765beea14ea5308bac7f167244f244b0500e4b448

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
dc68cbf3319803c7a61c69d464e41dd1

SHA1
52882ad4d6cd1310983351e7f0c97bdc446ef703

SHA256
bc97650e4532071819710298f8ff19069c79bacf4d78de175436f8cbda6e494a

SHA512
ea5337db5aa50b5b6445a1322d08886e93105c860bb6404f95de42950ad2e11058a3a6499255430c91947ed9ca83b0b9518823e92f70f38984bf89689b707488

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a438610a1a4ce8a3f4be00a7fc9ea460

SHA1
ec13caa1dd8d3b1691d8918e5875c97625a74ab0

SHA256
3492ebf224524d38d8e2b4aa16e719ee68d6207cb3ccc4e7e56f0d5b454da555

SHA512
d3f34afa66a440eda9d195c95a9266795c46d7dfb7188e575ba74530a066cce5f941672e5e589fa6054970bf032577442a76d6e9bf3406b5f9c730048d396df0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
901c2298f37c3b8a61cf1af6cd434934

SHA1
dec43bb151bdf620837e12f57aebc36c2e37c53d

SHA256
0232cd1c7e9a8d8fa6435632beb941fc846278943fd506b46a3e4716a0b5b8eb

SHA512
4371302ac4846e0a37e7b6efde67df9e6157641e7a6934f5af60f83d13676f305dc58d627c1d011e63d1d9fea587fb96ea5c9589bfd10131ae7b852e99a75ce6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
99c8f05dc3541807922183f73c016d76

SHA1
e1f1c3f08085547036694b1c80e2d72fca7c3669

SHA256
99ab534e5a96c098e7ebe99f52bb2c88775fce55acc5423d5c5b9a12534c88b9

SHA512
7789851150466a50dac30a37145f4d1c32e5bf701673e733e30ef6f1a3ae521a005f8fccaa08132175b3ffe69a85718ea4f7206fbe77e975486c4a27cb4ee928

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
282954397991725f61e3b3b2498a4156

SHA1
96b246c5cf4fac349783c683e7ae7183aedb5382

SHA256
39fc2bbed3a3afeb49fe4d383a8dd458b0641c11f1d6ae1de8bea95f3f1b1689

SHA512
59dc9755635ee8cbad09876d64f2f1c97bf5189939f57f0f0cdcf004ccac3892ad70ed500173023b3bcced088fe70b72aa5ed5f882ab31a6740c4ce56b8740e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\79e5e096-aff9-4a3b-8a85-c4fd7cc07203\index-dir\the-real-index

Filesize
456B

MD5
b249bd651a4efdead7daf8f7733104cf

SHA1
63845a1e2b2762ebce5f56c0a9ae99b07ea82cc4

SHA256
f4b54978a0af05b48b4d803ea75d1882877d6db446ffdab84c6d83e5b304bebc

SHA512
f9a9015b757c36f8b3cbedf1d85366794115a493762f0cb01a876c2422944c4d6fa2bbdab0bf8e9d53df6a55f160c826153be7e8b36ff3bae04998a398565dba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\79e5e096-aff9-4a3b-8a85-c4fd7cc07203\index-dir\the-real-index~RFe585e57.TMP

Filesize
48B

MD5
eaea2024376ad6e20c897f4a5030cf04

SHA1
6d9aec0973f905d2d942882d5374f9cbff352ae1

SHA256
7f0fde6c168632f81275b80fa57428213da76c9a7bd49376ae89f99fa30fdcf0

SHA512
4427973f95032f8d30c2e07bf9ceae8620279d8eebd0bec58594b61cd48dc90771d907ca3d9ea3bf774ca170c6d5c5845daae7054f874a41264830e00e8d1404

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\83447df6-34e1-4dd6-bcbe-4e8f785bfa91\index-dir\the-real-index

Filesize
72B

MD5
2b4458a5d2cf93d4130eeadcc2d19e8b

SHA1
15d89a3ee620371946ce8638cd3ebf65bc127c4f

SHA256
e1312c5db0dcfc18bdd70894f3b82f33f9b1d86c502a001ee259cbdf549aff37

SHA512
a3d174ec65169390fb89b243f27ecc099552ec0349c6f0c6d18a9ec3d6f9b1468c5e3e190855b291b73234a6f9d6003c3f12b8a2f0bd18bfd1a9635d68577c65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\83447df6-34e1-4dd6-bcbe-4e8f785bfa91\index-dir\the-real-index~RFe585e57.TMP

Filesize
48B

MD5
ac729163934cf80bd6157b6720298f82

SHA1
6958b009222b53f875b1fc82c22bdc71a2c79231

SHA256
4f6af222ba7c04544e71975af9e04fdb5dd0aca83302436c6ca47fbab2c1031a

SHA512
e73312b4dd740b29691d7bd3c9e8a31dee7cbae15f275d767ebb6c413ceb33ece26f34a3c5c1301fc8efa53cf382ab7c5d13f7291497e360d93c9fb64235ce48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\index.txt

Filesize
168B

MD5
f87191db03bc5073d454fe02292c27e6

SHA1
f384583f91cc2279c985e75edc96ee40c7ecc9f6

SHA256
7c9ea77c59b374044bce1a274b6e2a1baabca6898fe8da6905997a293d1faf63

SHA512
ea0c02174989f3acb85168ca82441eb937ba72d3af3ca9d30a8cb5f99a88f7e9305272f2770a71f19e7a218a4f679eecb47b492550e176fa9ec22becc4bba82e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\index.txt

Filesize
164B

MD5
512eae946f503fb698f5270b8a434971

SHA1
0d861ac6e6f0f90548cb112bcd2fc0dd01d0f04d

SHA256
bc1f2f5080adf89afb989b735ce2c5d330a9e5d9dfcff9ac4344cddf4f2b355c

SHA512
d9cff490dd53d787ee49815f9b9e40db85bc679274467f48314f273c78f4801c2b8a5c29d9b93d9833ac390777346e93ca9a8e7b016d84d568c6b7916d2687b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\index.txt~RFe581e03.TMP

Filesize
102B

MD5
74c7452ef33a85ee218fc288a8348f1d

SHA1
bf654d288e744c9d93fe8b9bac2095fbd7b05bf9

SHA256
ab7e69a1ca4309e08bdb235e0628aebf92dabec4fc3dea8efcf0b7fb5379d171

SHA512
185b9d97a1c7203b031b1d24e321b4684c85269a4211818d203bdc7c5175959c3a8d817d748e57ef7362125964827c9fbece4b5ae5b535e59cd8ba24cded2ed5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
264B

MD5
fe127d70aa4c98aeeb1519dcf9117d07

SHA1
6470f34711eeaab3773348fcec0c260cb90fee7f

SHA256
58fb669c9806d63ca7ce09a4df78a177632b24ed95b0ca44ac480640bc3a43f5

SHA512
dbcf03308d1ac16b734c4065d5b682c93dab4d64e72247c7b4df4d1f46d51d63e1cb47ddc68f44fda4e494fc93013286bb308dca66957477a068e447c1bc1238

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe585e57.TMP

Filesize
48B

MD5
74500c5c3cbc35640f901e01bdb20d7f

SHA1
197978133ae2cae4894e176dcf4d2ed6370c02f2

SHA256
697cc9dafb957226c63902169aa2e7bf8cef27aa6d8b53ffab625a4e4c9cf49c

SHA512
8f91ec4ef8eae865213ec9d9ecc8569b692dc3e60ea7da4611dc6c24883726fa3f47b45d518c45ff0974bc88e3c50c13e3d5d85189a8009d951aa6c06cdb3fb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b49b6df0eb937dcaff40918c953a6f0f

SHA1
f6234f1b681382b74f0b84374633b3a8b48db270

SHA256
ce1af6635cd51fc75685a9204339c962f7f07fb6587bebef4f9b9516a9c12589

SHA512
7a1113fd491aebe4fc318e46fcb9196dfcfd644ff09546bae8704e0d181062bc124b1c33e170ec36b027130a00d78ee60fc4a380b75d2f11bb403ca7d0988d3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
20ae93d6baf8cf2ea46094aa94cc7055

SHA1
21b587e024ca176742bc11d301a855370e9e9768

SHA256
4a05606ce5b545664b282f4e6176b3c574ecaf4be1f55d8eb4268407181215b5

SHA512
0993f684a53380de6dc8d44c91b6eda0842df222c611e7bec15c4685979147442aaa760549176864532a0136d059880ba84a05f0e300470826c0e2d979de7a72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5846a9.TMP

Filesize
1KB

MD5
1a9dac3826fa413c112d6ac45968e0f5

SHA1
60d6e31f39994fcf8ae0f8c27ef51f55854897e9

SHA256
a67a4ade66be7f044575b3504d6f4f60a0c2e22a16de7f7ecdd4c9b4c5adc029

SHA512
5eacecbc9b75516f2e0f6b0a70906643a37a7e51ac548b3b1d3654af8c8d1abf27af54059e831daadfa3882f39d93f8c20624759291cbf0d75e904a5ee3ae05f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0e0894319b883794fc3d45b5fe8ac6c7

SHA1
c8f7b198261567a8f9be49446f19fb2b475c0023

SHA256
f888d3c5b9b1ea9d96ebcf078bc9f95ab3b33977d500ebcbf42d83d4024c089f

SHA512
51e8ec6eb1a064f3ed3407465405c5a43ed46cde8b3f994661f9b758d6852ba5fdd039d6b2703ab703645cdd8aab1d8045dc9058c0709defc1c6be63ff0d8aac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8786aca1a1acb94639304298cf5bacdc

SHA1
c2f07c06108597e31457bd16b88a715d001af2c2

SHA256
a47eec5b02087d4cbda52900ea4bc3c868dec1ea5b5c1970c8a03c68b460f06f

SHA512
3aeed8715241bb83f064ff5b10f4955c35f77400ec77a2a6a673cac74cd0605ead0eab2e25912c462a08d1d5c7d24795046431811326a622c7e520b20186c51f

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_bpkoi0og.dnp.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/1388-12-0x00007FF8289D0000-0x00007FF829492000-memory.dmp

Filesize
10.8MB

Download
memory/1388-11-0x00007FF8289D0000-0x00007FF829492000-memory.dmp

Filesize
10.8MB

Download
memory/1388-9-0x0000023C7C3F0000-0x0000023C7C412000-memory.dmp

Filesize
136KB

Download
memory/1388-10-0x00007FF8289D0000-0x00007FF829492000-memory.dmp

Filesize
10.8MB

Download
memory/1388-13-0x00007FF8289D0000-0x00007FF829492000-memory.dmp

Filesize
10.8MB

Download
memory/1388-0-0x00007FF8289D3000-0x00007FF8289D5000-memory.dmp

Filesize
8KB

Download
memory/1388-36-0x00007FF8289D0000-0x00007FF829492000-memory.dmp

Filesize
10.8MB

Download
memory/1388-43-0x00007FF8289D0000-0x00007FF829492000-memory.dmp

Filesize
10.8MB

Download