11bf0c36322d987b12c4a944672f9ab5b095db9e66181b641f8fa1bbe0b9e193

Resubmissions

27/03/2024, 16:01

240327-tgmczaah2s 8

27/03/2024, 15:52

240327-tbdhwafd87 8

Analysis

max time kernel
151s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27/03/2024, 15:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

UnlockTool-2024-03-22-0.exe
Size

184.6MB
MD5

49297f37905a3d9497115cb2cfea4d8a
SHA1

f52fdd473233453bf037e0d15089035d3d481ac2
SHA256

11bf0c36322d987b12c4a944672f9ab5b095db9e66181b641f8fa1bbe0b9e193
SHA512

d23b30c6645ac8fbaf5b33526702720cc4f1a6db6c8b5b35036c7d4207898d10adbcce5f9ca8615ec68729f300910b04a5e452877dfab8543a36caf176b8023c
SSDEEP

3145728:H7fHpOE8Q/K6jVx913QrdPoBRGLj6+4jn5G1U72k32SriPd3:HbFXLjVx9tQqBRG36+475p77N4

Score

8^/10

Malware Config

Signatures

Manipulates Digital Signatures 1 TTPs 2 IoCs

Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\0E68FCF27C261EAA0F0DE3053E2B3A5692F6CA2E\Blob = 0300000001000000140000000e68fcf27c261eaa0f0de3053e2b3a5692f6ca2e2000000001000000e0020000308202dc30820245a003020102021073418b10d7cd62ac4030c34e3ecb6f66300d06092a864886f70d01010b0500306d316b306906035504031e62006c00690062007500730062004b00200028004100700070006c0065005f004d006f00620069006c0065005f004400650076006900630065005f004400460055005f004d006f00640065002e0069006e006600290020005b00530065006c0066005d301e170d3232313131303034323033345a170d3239303130313030303030305a306d316b306906035504031e62006c00690062007500730062004b00200028004100700070006c0065005f004d006f00620069006c0065005f004400650076006900630065005f004400460055005f004d006f00640065002e0069006e006600290020005b00530065006c0066005d30819f300d06092a864886f70d010101050003818d0030818902818100a4ee10ebc746ae724fc8d91af422afa9fd558688b0c55f6c43f3114f3e227854e801d665beb5adb2763043e74121e4096dc475303884e10b1838ee74e0c3d65cfbb12bed4de738f06152617e894c21ed07773dcb0f36ec93f46ce5b5597f0ff2c3a68b4ba346bfecc053371f7266ad434fce59b4fb4954ee5f24af4aab607c2d0203010001a37d307b30160603551d250101ff040c300a06082b0601050507030330200603551d07041930178615687474703a2f2f6c69627764692e616b656f2e6965303f0603551d2004383036303406082b060105050702013028302606082b06010505070201161a687474703a2f2f6c69627764692d6370732e616b656f2e696500300d06092a864886f70d01010b050003818100701893371ccb5bdeea602d51459632aa48e3ff738fc14e95a16f85a231a406a54afa6238e8897828176d7f28c6e881387263c4927a31d8e1f1a57928e297eb62222bcc41da7d59085571acad6dc2642a3d9d21cb48b993f231d560b0be671ad5e7841cb18dc9386e883fa2499902672d25ba4e5258a240a9f7376003a57910c4	UnlockTool-2024-03-22-0.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\FBE11F6170659F4A3064D3159FE8FFCE0CE06C67\Blob = 030000000100000014000000fbe11f6170659f4a3064d3159fe8ffce0ce06c672000000001000000e7050000308205e3308203cba00302010202107eb0af01977017a545f699ea3889f612300d06092a864886f70d01010b050030633161305f06035504031e58005500530042005c005600490044005f00300035004100430026005000490044005f003100320032003700200028006c006900620077006400690020006100750074006f00670065006e0065007200610074006500640029301e170d3232303431393136343931325a170d3239303130313030303030305a30633161305f06035504031e58005500530042005c005600490044005f00300035004100430026005000490044005f003100320032003700200028006c006900620077006400690020006100750074006f00670065006e006500720061007400650064002930820222300d06092a864886f70d01010105000382020f003082020a028202010090641fdbf995019ade845ff65c0399997699266ef2b60a1cd75df5c7e5d4926ca7c845797cc3885a0ec6dada1b7d546f63eda5631db386ba7828bb7532f1e2abf3c6c8e9e672a2c8766e78087b46e275d49b2e7573b2c8260a6e0605ee347105d7dfea689b90e5af33881b92498ef19bedcce12b1bec6c5f1dfb0b51c5bae578269c9910b68ad0cef9dfbec9586c63bac5ad13711187f007627f9a4cee19dfa59fbd798378f269dbc5866ce56b5938116e5d5c59600f5099c03065c7c2e99bcf94d749f0dc84c9de5e6bdf9695bd4384a1ec131175a34800b7a2fbfcee562a0a2bc282ecc288d068169d81b9b48db5723fb97a0d7f8106901ea27c15edb45df2278c6dce0515b70c35c9a58fb91bec0bfec791a7a7f172469521e1340f88e867bd98fb3507ced81a6f91379628d96528786360bf7bc55a1e871efd46e6997b1ab119aa6c020d221552aab92b4964b62f647a107eb35855a4f288abbf87fca6ee39344486a37de1b2ad7b5f537e4126e7ca57dbb580b9384b4ff84689bd40c0529bc4b28be5f11b3a48b2ea527ed918565c716c2374353b18a723b978334db6f46d244450ae9df4c2f496078dae28b5ab1fe0d05e5fb597450a43f578429d6c2cee799a919db0c9a47b999372126dc8d36286ddcbd472f09c616611c409190b2e511ce5ed0086d522ccd615e4f513a2f898d652fdfebd7928f47b103438941c510203010001a3819230818f30160603551d250101ff040c300a06082b0601050507030330340603551d07042d302b812943726561746564206279206c69627764692028687474703a2f2f6c69627764692e616b656f2e696529303f0603551d2004383036303406082b060105050702013028302606082b06010505070201161a687474703a2f2f6c69627764692d6370732e616b656f2e696500300d06092a864886f70d01010b050003820201000a3dde4665593726d8e543f39c750cdfe780b154c5241b979420c9153c595e2c2b4e36516c5cc4925f4cd161389cfc2c3a527141f5670b5862648be14cb8012d4581e1d117c5f58421d91d0f7e99ee27e370dbe60af3c9087efd51db9d25947348056610452e93f6503897cf03c4bf7d90873d18e790666ac47a69fef3a66667229b440d39b57ec3d73c9838f95d0368faf7aeded3c68a95dd8b06c1a512412646908e28c6497406bc313b92386e25bd70541ecedf2b2ee95aae6fc0fbba442939c403ce4d8c23103d972e8aef0eec76d807f50f5c1043738a2b183deb34d880d1e33eadaa085f520b19f17ccd41d9739b2d25ec524e5ae5afd52f5c5409f3db801764630a307e15557d1023df8bd2fabccc4229424f5f00cf7ebbe8c7b30e769ee8a30b55e38415aa747b0a4bf8dad24cd220d4b3d2a3e9e9175e2767a5d26cea925c0d4e5fe9139d52aa22236eca16802bd593dc8e91afe55c39b0ea441f74c4ed9491137f8a997220ac6f8f3314bad918e72fa7b5a6086058a4e928bd0003c7618c43015a843e5d7aca890c2717bea5b30954ac6aaee5b940af506a3b13d4bd14f4da34c2ed7b78ac9588d1df6a282b9058a704bba2ed4672886e673d1b60f0011933bbde15cf7980592b84ad13dfae1396d9294f4dfa28efaf4eb3c7069e17093af78a3cd4c73a172119ae4d7abdf8932bbe09891e06e62e93cd72697e96	UnlockTool-2024-03-22-0.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
3028	UnlockTool-2024-03-22-0.exe
3028	UnlockTool-2024-03-22-0.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	UnlockTool-2024-03-22-0.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	UnlockTool-2024-03-22-0.exe

Enumerates system info in registry 2 TTPs 7 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	UnlockTool-2024-03-22-0.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	UnlockTool-2024-03-22-0.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	UnlockTool-2024-03-22-0.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	UnlockTool-2024-03-22-0.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-399997616-3400990511-967324271-1000\{CC5C39E9-FC90-41E8-BC29-414DD67BC4DC}	msedge.exe

Modifies system certificate store 2 TTPs 8 IoCs

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0E68FCF27C261EAA0F0DE3053E2B3A5692F6CA2E	UnlockTool-2024-03-22-0.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0E68FCF27C261EAA0F0DE3053E2B3A5692F6CA2E\Blob = 0300000001000000140000000e68fcf27c261eaa0f0de3053e2b3a5692f6ca2e2000000001000000e0020000308202dc30820245a003020102021073418b10d7cd62ac4030c34e3ecb6f66300d06092a864886f70d01010b0500306d316b306906035504031e62006c00690062007500730062004b00200028004100700070006c0065005f004d006f00620069006c0065005f004400650076006900630065005f004400460055005f004d006f00640065002e0069006e006600290020005b00530065006c0066005d301e170d3232313131303034323033345a170d3239303130313030303030305a306d316b306906035504031e62006c00690062007500730062004b00200028004100700070006c0065005f004d006f00620069006c0065005f004400650076006900630065005f004400460055005f004d006f00640065002e0069006e006600290020005b00530065006c0066005d30819f300d06092a864886f70d010101050003818d0030818902818100a4ee10ebc746ae724fc8d91af422afa9fd558688b0c55f6c43f3114f3e227854e801d665beb5adb2763043e74121e4096dc475303884e10b1838ee74e0c3d65cfbb12bed4de738f06152617e894c21ed07773dcb0f36ec93f46ce5b5597f0ff2c3a68b4ba346bfecc053371f7266ad434fce59b4fb4954ee5f24af4aab607c2d0203010001a37d307b30160603551d250101ff040c300a06082b0601050507030330200603551d07041930178615687474703a2f2f6c69627764692e616b656f2e6965303f0603551d2004383036303406082b060105050702013028302606082b06010505070201161a687474703a2f2f6c69627764692d6370732e616b656f2e696500300d06092a864886f70d01010b050003818100701893371ccb5bdeea602d51459632aa48e3ff738fc14e95a16f85a231a406a54afa6238e8897828176d7f28c6e881387263c4927a31d8e1f1a57928e297eb62222bcc41da7d59085571acad6dc2642a3d9d21cb48b993f231d560b0be671ad5e7841cb18dc9386e883fa2499902672d25ba4e5258a240a9f7376003a57910c4	UnlockTool-2024-03-22-0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\FBE11F6170659F4A3064D3159FE8FFCE0CE06C67	UnlockTool-2024-03-22-0.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\FBE11F6170659F4A3064D3159FE8FFCE0CE06C67\Blob = 030000000100000014000000fbe11f6170659f4a3064d3159fe8ffce0ce06c672000000001000000e7050000308205e3308203cba00302010202107eb0af01977017a545f699ea3889f612300d06092a864886f70d01010b050030633161305f06035504031e58005500530042005c005600490044005f00300035004100430026005000490044005f003100320032003700200028006c006900620077006400690020006100750074006f00670065006e0065007200610074006500640029301e170d3232303431393136343931325a170d3239303130313030303030305a30633161305f06035504031e58005500530042005c005600490044005f00300035004100430026005000490044005f003100320032003700200028006c006900620077006400690020006100750074006f00670065006e006500720061007400650064002930820222300d06092a864886f70d01010105000382020f003082020a028202010090641fdbf995019ade845ff65c0399997699266ef2b60a1cd75df5c7e5d4926ca7c845797cc3885a0ec6dada1b7d546f63eda5631db386ba7828bb7532f1e2abf3c6c8e9e672a2c8766e78087b46e275d49b2e7573b2c8260a6e0605ee347105d7dfea689b90e5af33881b92498ef19bedcce12b1bec6c5f1dfb0b51c5bae578269c9910b68ad0cef9dfbec9586c63bac5ad13711187f007627f9a4cee19dfa59fbd798378f269dbc5866ce56b5938116e5d5c59600f5099c03065c7c2e99bcf94d749f0dc84c9de5e6bdf9695bd4384a1ec131175a34800b7a2fbfcee562a0a2bc282ecc288d068169d81b9b48db5723fb97a0d7f8106901ea27c15edb45df2278c6dce0515b70c35c9a58fb91bec0bfec791a7a7f172469521e1340f88e867bd98fb3507ced81a6f91379628d96528786360bf7bc55a1e871efd46e6997b1ab119aa6c020d221552aab92b4964b62f647a107eb35855a4f288abbf87fca6ee39344486a37de1b2ad7b5f537e4126e7ca57dbb580b9384b4ff84689bd40c0529bc4b28be5f11b3a48b2ea527ed918565c716c2374353b18a723b978334db6f46d244450ae9df4c2f496078dae28b5ab1fe0d05e5fb597450a43f578429d6c2cee799a919db0c9a47b999372126dc8d36286ddcbd472f09c616611c409190b2e511ce5ed0086d522ccd615e4f513a2f898d652fdfebd7928f47b103438941c510203010001a3819230818f30160603551d250101ff040c300a06082b0601050507030330340603551d07042d302b812943726561746564206279206c69627764692028687474703a2f2f6c69627764692e616b656f2e696529303f0603551d2004383036303406082b060105050702013028302606082b06010505070201161a687474703a2f2f6c69627764692d6370732e616b656f2e696500300d06092a864886f70d01010b050003820201000a3dde4665593726d8e543f39c750cdfe780b154c5241b979420c9153c595e2c2b4e36516c5cc4925f4cd161389cfc2c3a527141f5670b5862648be14cb8012d4581e1d117c5f58421d91d0f7e99ee27e370dbe60af3c9087efd51db9d25947348056610452e93f6503897cf03c4bf7d90873d18e790666ac47a69fef3a66667229b440d39b57ec3d73c9838f95d0368faf7aeded3c68a95dd8b06c1a512412646908e28c6497406bc313b92386e25bd70541ecedf2b2ee95aae6fc0fbba442939c403ce4d8c23103d972e8aef0eec76d807f50f5c1043738a2b183deb34d880d1e33eadaa085f520b19f17ccd41d9739b2d25ec524e5ae5afd52f5c5409f3db801764630a307e15557d1023df8bd2fabccc4229424f5f00cf7ebbe8c7b30e769ee8a30b55e38415aa747b0a4bf8dad24cd220d4b3d2a3e9e9175e2767a5d26cea925c0d4e5fe9139d52aa22236eca16802bd593dc8e91afe55c39b0ea441f74c4ed9491137f8a997220ac6f8f3314bad918e72fa7b5a6086058a4e928bd0003c7618c43015a843e5d7aca890c2717bea5b30954ac6aaee5b940af506a3b13d4bd14f4da34c2ed7b78ac9588d1df6a282b9058a704bba2ed4672886e673d1b60f0011933bbde15cf7980592b84ad13dfae1396d9294f4dfa28efaf4eb3c7069e17093af78a3cd4c73a172119ae4d7abdf8932bbe09891e06e62e93cd72697e96	UnlockTool-2024-03-22-0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\0E68FCF27C261EAA0F0DE3053E2B3A5692F6CA2E	UnlockTool-2024-03-22-0.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\0E68FCF27C261EAA0F0DE3053E2B3A5692F6CA2E\Blob = 0300000001000000140000000e68fcf27c261eaa0f0de3053e2b3a5692f6ca2e2000000001000000e0020000308202dc30820245a003020102021073418b10d7cd62ac4030c34e3ecb6f66300d06092a864886f70d01010b0500306d316b306906035504031e62006c00690062007500730062004b00200028004100700070006c0065005f004d006f00620069006c0065005f004400650076006900630065005f004400460055005f004d006f00640065002e0069006e006600290020005b00530065006c0066005d301e170d3232313131303034323033345a170d3239303130313030303030305a306d316b306906035504031e62006c00690062007500730062004b00200028004100700070006c0065005f004d006f00620069006c0065005f004400650076006900630065005f004400460055005f004d006f00640065002e0069006e006600290020005b00530065006c0066005d30819f300d06092a864886f70d010101050003818d0030818902818100a4ee10ebc746ae724fc8d91af422afa9fd558688b0c55f6c43f3114f3e227854e801d665beb5adb2763043e74121e4096dc475303884e10b1838ee74e0c3d65cfbb12bed4de738f06152617e894c21ed07773dcb0f36ec93f46ce5b5597f0ff2c3a68b4ba346bfecc053371f7266ad434fce59b4fb4954ee5f24af4aab607c2d0203010001a37d307b30160603551d250101ff040c300a06082b0601050507030330200603551d07041930178615687474703a2f2f6c69627764692e616b656f2e6965303f0603551d2004383036303406082b060105050702013028302606082b06010505070201161a687474703a2f2f6c69627764692d6370732e616b656f2e696500300d06092a864886f70d01010b050003818100701893371ccb5bdeea602d51459632aa48e3ff738fc14e95a16f85a231a406a54afa6238e8897828176d7f28c6e881387263c4927a31d8e1f1a57928e297eb62222bcc41da7d59085571acad6dc2642a3d9d21cb48b993f231d560b0be671ad5e7841cb18dc9386e883fa2499902672d25ba4e5258a240a9f7376003a57910c4	UnlockTool-2024-03-22-0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\FBE11F6170659F4A3064D3159FE8FFCE0CE06C67	UnlockTool-2024-03-22-0.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\FBE11F6170659F4A3064D3159FE8FFCE0CE06C67\Blob = 030000000100000014000000fbe11f6170659f4a3064d3159fe8ffce0ce06c672000000001000000e7050000308205e3308203cba00302010202107eb0af01977017a545f699ea3889f612300d06092a864886f70d01010b050030633161305f06035504031e58005500530042005c005600490044005f00300035004100430026005000490044005f003100320032003700200028006c006900620077006400690020006100750074006f00670065006e0065007200610074006500640029301e170d3232303431393136343931325a170d3239303130313030303030305a30633161305f06035504031e58005500530042005c005600490044005f00300035004100430026005000490044005f003100320032003700200028006c006900620077006400690020006100750074006f00670065006e006500720061007400650064002930820222300d06092a864886f70d01010105000382020f003082020a028202010090641fdbf995019ade845ff65c0399997699266ef2b60a1cd75df5c7e5d4926ca7c845797cc3885a0ec6dada1b7d546f63eda5631db386ba7828bb7532f1e2abf3c6c8e9e672a2c8766e78087b46e275d49b2e7573b2c8260a6e0605ee347105d7dfea689b90e5af33881b92498ef19bedcce12b1bec6c5f1dfb0b51c5bae578269c9910b68ad0cef9dfbec9586c63bac5ad13711187f007627f9a4cee19dfa59fbd798378f269dbc5866ce56b5938116e5d5c59600f5099c03065c7c2e99bcf94d749f0dc84c9de5e6bdf9695bd4384a1ec131175a34800b7a2fbfcee562a0a2bc282ecc288d068169d81b9b48db5723fb97a0d7f8106901ea27c15edb45df2278c6dce0515b70c35c9a58fb91bec0bfec791a7a7f172469521e1340f88e867bd98fb3507ced81a6f91379628d96528786360bf7bc55a1e871efd46e6997b1ab119aa6c020d221552aab92b4964b62f647a107eb35855a4f288abbf87fca6ee39344486a37de1b2ad7b5f537e4126e7ca57dbb580b9384b4ff84689bd40c0529bc4b28be5f11b3a48b2ea527ed918565c716c2374353b18a723b978334db6f46d244450ae9df4c2f496078dae28b5ab1fe0d05e5fb597450a43f578429d6c2cee799a919db0c9a47b999372126dc8d36286ddcbd472f09c616611c409190b2e511ce5ed0086d522ccd615e4f513a2f898d652fdfebd7928f47b103438941c510203010001a3819230818f30160603551d250101ff040c300a06082b0601050507030330340603551d07042d302b812943726561746564206279206c69627764692028687474703a2f2f6c69627764692e616b656f2e696529303f0603551d2004383036303406082b060105050702013028302606082b06010505070201161a687474703a2f2f6c69627764692d6370732e616b656f2e696500300d06092a864886f70d01010b050003820201000a3dde4665593726d8e543f39c750cdfe780b154c5241b979420c9153c595e2c2b4e36516c5cc4925f4cd161389cfc2c3a527141f5670b5862648be14cb8012d4581e1d117c5f58421d91d0f7e99ee27e370dbe60af3c9087efd51db9d25947348056610452e93f6503897cf03c4bf7d90873d18e790666ac47a69fef3a66667229b440d39b57ec3d73c9838f95d0368faf7aeded3c68a95dd8b06c1a512412646908e28c6497406bc313b92386e25bd70541ecedf2b2ee95aae6fc0fbba442939c403ce4d8c23103d972e8aef0eec76d807f50f5c1043738a2b183deb34d880d1e33eadaa085f520b19f17ccd41d9739b2d25ec524e5ae5afd52f5c5409f3db801764630a307e15557d1023df8bd2fabccc4229424f5f00cf7ebbe8c7b30e769ee8a30b55e38415aa747b0a4bf8dad24cd220d4b3d2a3e9e9175e2767a5d26cea925c0d4e5fe9139d52aa22236eca16802bd593dc8e91afe55c39b0ea441f74c4ed9491137f8a997220ac6f8f3314bad918e72fa7b5a6086058a4e928bd0003c7618c43015a843e5d7aca890c2717bea5b30954ac6aaee5b940af506a3b13d4bd14f4da34c2ed7b78ac9588d1df6a282b9058a704bba2ed4672886e673d1b60f0011933bbde15cf7980592b84ad13dfae1396d9294f4dfa28efaf4eb3c7069e17093af78a3cd4c73a172119ae4d7abdf8932bbe09891e06e62e93cd72697e96	UnlockTool-2024-03-22-0.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3028	UnlockTool-2024-03-22-0.exe
3028	UnlockTool-2024-03-22-0.exe
3028	UnlockTool-2024-03-22-0.exe
3028	UnlockTool-2024-03-22-0.exe
5760	msedge.exe
5760	msedge.exe
3988	msedge.exe
3988	msedge.exe
1912	identity_helper.exe
1912	identity_helper.exe
1544	msedge.exe
1544	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 44 IoCs

pid	Process
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe
3988	msedge.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
3028	UnlockTool-2024-03-22-0.exe
3028	UnlockTool-2024-03-22-0.exe
3028	UnlockTool-2024-03-22-0.exe
3028	UnlockTool-2024-03-22-0.exe
3028	UnlockTool-2024-03-22-0.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 3988	3028	UnlockTool-2024-03-22-0.exe	103
PID 3028 wrote to memory of 3988	3028	UnlockTool-2024-03-22-0.exe	103
PID 3988 wrote to memory of 4412	3988	msedge.exe	104
PID 3988 wrote to memory of 4412	3988	msedge.exe	104
PID 3988 wrote to memory of 4964	3988	msedge.exe	105
PID 3988 wrote to memory of 4964	3988	msedge.exe	105
PID 3988 wrote to memory of 4964	3988	msedge.exe	105
PID 3988 wrote to memory of 4964	3988	msedge.exe	105
PID 3988 wrote to memory of 4964	3988	msedge.exe	105
PID 3988 wrote to memory of 4964	3988	msedge.exe	105
PID 3988 wrote to memory of 4964	3988	msedge.exe	105
PID 3988 wrote to memory of 4964	3988	msedge.exe	105
PID 3988 wrote to memory of 4964	3988	msedge.exe	105
PID 3988 wrote to memory of 4964	3988	msedge.exe	105
PID 3988 wrote to memory of 4964	3988	msedge.exe	105
PID 3988 wrote to memory of 4964	3988	msedge.exe	105
PID 3988 wrote to memory of 4964	3988	msedge.exe	105
PID 3988 wrote to memory of 4964	3988	msedge.exe	105
PID 3988 wrote to memory of 4964	3988	msedge.exe	105
PID 3988 wrote to memory of 4964	3988	msedge.exe	105
PID 3988 wrote to memory of 4964	3988	msedge.exe	105
PID 3988 wrote to memory of 4964	3988	msedge.exe	105
PID 3988 wrote to memory of 4964	3988	msedge.exe	105
PID 3988 wrote to memory of 4964	3988	msedge.exe	105
PID 3988 wrote to memory of 4964	3988	msedge.exe	105
PID 3988 wrote to memory of 4964	3988	msedge.exe	105
PID 3988 wrote to memory of 4964	3988	msedge.exe	105
PID 3988 wrote to memory of 4964	3988	msedge.exe	105
PID 3988 wrote to memory of 4964	3988	msedge.exe	105
PID 3988 wrote to memory of 4964	3988	msedge.exe	105
PID 3988 wrote to memory of 4964	3988	msedge.exe	105
PID 3988 wrote to memory of 4964	3988	msedge.exe	105
PID 3988 wrote to memory of 4964	3988	msedge.exe	105
PID 3988 wrote to memory of 4964	3988	msedge.exe	105
PID 3988 wrote to memory of 4964	3988	msedge.exe	105
PID 3988 wrote to memory of 4964	3988	msedge.exe	105
PID 3988 wrote to memory of 4964	3988	msedge.exe	105
PID 3988 wrote to memory of 4964	3988	msedge.exe	105
PID 3988 wrote to memory of 4964	3988	msedge.exe	105
PID 3988 wrote to memory of 4964	3988	msedge.exe	105
PID 3988 wrote to memory of 4964	3988	msedge.exe	105
PID 3988 wrote to memory of 4964	3988	msedge.exe	105
PID 3988 wrote to memory of 4964	3988	msedge.exe	105
PID 3988 wrote to memory of 4964	3988	msedge.exe	105
PID 3988 wrote to memory of 5760	3988	msedge.exe	106
PID 3988 wrote to memory of 5760	3988	msedge.exe	106
PID 3988 wrote to memory of 3668	3988	msedge.exe	107
PID 3988 wrote to memory of 3668	3988	msedge.exe	107
PID 3988 wrote to memory of 3668	3988	msedge.exe	107
PID 3988 wrote to memory of 3668	3988	msedge.exe	107
PID 3988 wrote to memory of 3668	3988	msedge.exe	107
PID 3988 wrote to memory of 3668	3988	msedge.exe	107
PID 3988 wrote to memory of 3668	3988	msedge.exe	107
PID 3988 wrote to memory of 3668	3988	msedge.exe	107
PID 3988 wrote to memory of 3668	3988	msedge.exe	107
PID 3988 wrote to memory of 3668	3988	msedge.exe	107
PID 3988 wrote to memory of 3668	3988	msedge.exe	107
PID 3988 wrote to memory of 3668	3988	msedge.exe	107
PID 3988 wrote to memory of 3668	3988	msedge.exe	107
PID 3988 wrote to memory of 3668	3988	msedge.exe	107
PID 3988 wrote to memory of 3668	3988	msedge.exe	107
PID 3988 wrote to memory of 3668	3988	msedge.exe	107
PID 3988 wrote to memory of 3668	3988	msedge.exe	107
PID 3988 wrote to memory of 3668	3988	msedge.exe	107

C:\Users\Admin\AppData\Local\Temp\UnlockTool-2024-03-22-0.exe
"C:\Users\Admin\AppData\Local\Temp\UnlockTool-2024-03-22-0.exe"
1⤵
- Manipulates Digital Signatures
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Checks processor information in registry
- Enumerates system info in registry
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://unlocktool.net/register/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3988
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffdf95746f8,0x7ffdf9574708,0x7ffdf9574718
    3⤵
    PID:4412
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,17603728423547522808,15388379387857152184,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
    3⤵
    PID:4964
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,17603728423547522808,15388379387857152184,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5760
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,17603728423547522808,15388379387857152184,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
    3⤵
    PID:3668
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17603728423547522808,15388379387857152184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
    3⤵
    PID:1252
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17603728423547522808,15388379387857152184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
    3⤵
    PID:4252
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17603728423547522808,15388379387857152184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
    3⤵
    PID:5404
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17603728423547522808,15388379387857152184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
    3⤵
    PID:4652
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17603728423547522808,15388379387857152184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
    3⤵
    PID:2216
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,17603728423547522808,15388379387857152184,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:8
    3⤵
    PID:3348
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,17603728423547522808,15388379387857152184,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1912
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17603728423547522808,15388379387857152184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
    3⤵
    PID:3728
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17603728423547522808,15388379387857152184,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
    3⤵
    PID:3688
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17603728423547522808,15388379387857152184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
    3⤵
    PID:4584
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17603728423547522808,15388379387857152184,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
    3⤵
    PID:4128
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17603728423547522808,15388379387857152184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
    3⤵
    PID:3560
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17603728423547522808,15388379387857152184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:1
    3⤵
    PID:1656
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17603728423547522808,15388379387857152184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
    3⤵
    PID:1916
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17603728423547522808,15388379387857152184,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
    3⤵
    PID:5540
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17603728423547522808,15388379387857152184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2652 /prefetch:1
    3⤵
    PID:3904
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17603728423547522808,15388379387857152184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
    3⤵
    PID:4864
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17603728423547522808,15388379387857152184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
    3⤵
    PID:3716
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17603728423547522808,15388379387857152184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
    3⤵
    PID:2788
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17603728423547522808,15388379387857152184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3108 /prefetch:1
    3⤵
    PID:1548
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2060,17603728423547522808,15388379387857152184,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6272 /prefetch:8
    3⤵
    PID:4928
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2060,17603728423547522808,15388379387857152184,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=2756 /prefetch:8
    3⤵
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:1544
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17603728423547522808,15388379387857152184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:1
    3⤵
    PID:2636
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17603728423547522808,15388379387857152184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1
    3⤵
    PID:1936
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17603728423547522808,15388379387857152184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1
    3⤵
    PID:856
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17603728423547522808,15388379387857152184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2176 /prefetch:1
    3⤵
    PID:2748
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17603728423547522808,15388379387857152184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1
    3⤵
    PID:644
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17603728423547522808,15388379387857152184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7268 /prefetch:1
    3⤵
    PID:4612
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17603728423547522808,15388379387857152184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2224 /prefetch:1
    3⤵
    PID:5212
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17603728423547522808,15388379387857152184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7076 /prefetch:1
    3⤵
    PID:2008
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17603728423547522808,15388379387857152184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7532 /prefetch:1
    3⤵
    PID:5668
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17603728423547522808,15388379387857152184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7536 /prefetch:1
    3⤵
    PID:5416
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17603728423547522808,15388379387857152184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7788 /prefetch:1
    3⤵
    PID:5380
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17603728423547522808,15388379387857152184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8368 /prefetch:1
    3⤵
    PID:4492
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17603728423547522808,15388379387857152184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8420 /prefetch:1
    3⤵
    PID:4808
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17603728423547522808,15388379387857152184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8624 /prefetch:1
    3⤵
    PID:4224
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17603728423547522808,15388379387857152184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8836 /prefetch:1
    3⤵
    PID:6160
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17603728423547522808,15388379387857152184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8808 /prefetch:1
    3⤵
    PID:6232
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17603728423547522808,15388379387857152184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9176 /prefetch:1
    3⤵
    PID:6312
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17603728423547522808,15388379387857152184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9264 /prefetch:1
    3⤵
    PID:6320
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17603728423547522808,15388379387857152184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9480 /prefetch:1
    3⤵
    PID:6468
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17603728423547522808,15388379387857152184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8872 /prefetch:1
    3⤵
    PID:6632
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17603728423547522808,15388379387857152184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9752 /prefetch:1
    3⤵
    PID:6704
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17603728423547522808,15388379387857152184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9744 /prefetch:1
    3⤵
    PID:6776
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17603728423547522808,15388379387857152184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8216 /prefetch:1
    3⤵
    PID:6856
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17603728423547522808,15388379387857152184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10292 /prefetch:1
    3⤵
    PID:6932
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17603728423547522808,15388379387857152184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9932 /prefetch:1
    3⤵
    PID:7008
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17603728423547522808,15388379387857152184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10648 /prefetch:1
    3⤵
    PID:7080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5520

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\UnlockTool\Drivers\pwndfu\x86\libusb0.dll

Filesize
45KB

MD5
1a534450750eca1f3d951def8d9965bf

SHA1
7dd82b6d52a840c4979a7515fc7a9ca3725363c4

SHA256
5e84d13636fbce7869cddc8b20c7d83fa0063e98c319e8e5ab751edc9ee1da76

SHA512
3acdfff24a4d9ebb4e9647afccf95f33b4580980fb35a91eff65a01ce470b0bbc1a3a27c476653911f1fa431757ca64c945da89da54bffa599744f29123ef715

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e0811105475d528ab174dfdb69f935f3

SHA1
dd9689f0f70a07b4e6fb29607e42d2d5faf1f516

SHA256
c91388c87878a9e2c530c6096dbdd993b0a26fefe8ad797e0133547225032d6c

SHA512
8374a721ea3ff3a1ea70d8a074e5c193dbba27ba7e301f19cea89d648b2378c376e48310c33fe81078cd40b1863daec935e8ac22e8e3878dc3a5bb529d028852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
47b2c6613360b818825d076d14c051f7

SHA1
7df7304568313a06540f490bf3305cb89bc03e5c

SHA256
47a22bea2e7d0154c59bf5d8790ec68274eb05e9fa6cf0eab0d648121f1a02ac

SHA512
08d2366fc1ce87dbe96b9bf997e4c59c9206fcfea47c1f17b01e79aeb0580f25cac5c7349bb453a50775b2743053446653f4129f835f81f4a8547ca392557aac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
198KB

MD5
cda68ffa26095220a82ae0a7eaea5f57

SHA1
e892d887688790ddd8f0594607b539fc6baa9e40

SHA256
f9db7dd5930be2a5c8b4f545a361d51ed9c38e56bd3957650a3f8dbdf9c547fb

SHA512
84c8b0a4f78d8f3797dedf13e833280e6b968b7aeb2c5479211f1ff0b0ba8d3c12e8ab71a89ed128387818e05e335e8b9280a49f1dc775bd090a6114644aaf62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b9cf1b1f5f59dd10f966fe4e4a347693

SHA1
96fcd75a88f5223c13e4bb39303a414ec3793c1d

SHA256
a4fa6029a2113540f3c06ea549378d01f916215f3cb6fcbff302da973e1c3594

SHA512
931836386e374635faa073203cf8a606de58adea18a562e2187503c6d030491977981ea57073e205f46546692a8b378ad13d873e0ea48f4b12f2b4e791790982

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
ce5686cda612b2ee03230bcd4fcbcd81

SHA1
3301f7096e48c48ea489b0ee5090c84076e48956

SHA256
4d3be48dfbfde4d3cbd8677170abeb7d8b48ed46f1825da72ceff8fe0b71e1ec

SHA512
a03f9a0f2d75eb39d635d79a8d8d78f2e8216692d3ab566ff1a823e228b1caefdd6b9fb2b3c0bdf5b1e244f48902b40944416cb7904e3c82aed38ae38c9e9fcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
c91f54db0bc911ba265788d81cb35dc8

SHA1
8ad18405d9792b8e491dd87ea3bf3635d7a5e62b

SHA256
6bd857252056f6ec737a2310065712f711e0dc2479d7318d654f7b8d33dbf71f

SHA512
e0cb52938003712fba91aec8b181a349fcfc3c1166c4e5889716ad9d5b9cf70546e9106529b0e3cb171cde670174851444b2b356931731f797e037cf9943c186

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
745eff0818b676faa9e723f1e94f1025

SHA1
b20ad8e26ab5b2d61deb856c49075c7724549ffa

SHA256
031981a1c9e149340b7e6d9c62932a047f8d6f2969c46aac859856ad2987b6cb

SHA512
64b58e31bc87f454e0f3c15445aaf24fef0e0f20176ba125a03a3406fe3ee728d2753c8a0487b88ef82c2d45ae46bf0bcd8f0d9a84c94c70e828cba3139f752b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
eab1b417e8b04f5c3539e14d42b9e12d

SHA1
ec3d27d5b242e65695a6f34dc7df03d597379e9d

SHA256
2b8af3b72a5ebf3da4c753bb2dabf37706abeaf5c189c64ab7c35c25b089f4d4

SHA512
c6e8115db60e73effff8af1709c8b0180b4bd6f81cb67c387d1950c22183fc15842d96ce7c93693f2dcfbfc27464fead0288ea876ddabf09e17ad3e8c485ac26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
efd0a2ee2f94cd1f9224fffc54efc126

SHA1
fca4cc41a512ada494c2aaaaf56eb7abc912f7de

SHA256
fd6d4029f6b43586a296e4046606782a41146083ad721dffcfce005871be4d76

SHA512
755e65d77fdbbb557b71f82b1846db8b90bcdfc930be85d2ab2b125dd9a305d9dba576ef04f2cd3eb1e6f573def8e10afdd36b3ae3a25c4334164644b93bf5ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6b74c37af11fa3197edbf3244a2fea40

SHA1
6f528a540472921f92491817b602c94264b6cc18

SHA256
0fc475f60e1bfdff6de233b92147ef8accdad557dfad3765b769a872a0be6898

SHA512
8ddc21c140c1b8dedcd23c52699f114de94e8cc96b9f9ac7e8cadc8c123a4c4559d7fb62acd96f2c764f21857f3426b23c8a304942a0fcb0882a6a3cd4ca66d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
502fad41f4274a57941c0379a73993c3

SHA1
2b240c8956d1ba453ffe31a2353f77cc0857845a

SHA256
136d801d1c726edc4f52154cc95b3d17045ed1c7009bd67b249425e30b21a970

SHA512
cc0c8a6bdd561c08a8fdee8ae438dc6ddf9d8bc372beabdfdbd7bbaa1605ea44dbda02a265fa6695b5885f048b0b91ef3bc8443547a47326f1392e9d0ee0cf61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
960dfb56eee140b55c2a5a15e36e527c

SHA1
b92684fa561a3e368b37094204c24bd016b0f424

SHA256
02658601e5a9e81e0a3023f7d503929d87b7ae21b8d7bf1678e3eec26e0935dd

SHA512
973d4d1b800fa9c2a62ee8f34299105e55453e6836350ad134900f1be833f08ffb83b98466e830270620d0b663427d8c032a4ce7d6b3fc51458a097e071aa8b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
365753ef14a7e4692713fa9ecd07249d

SHA1
914b7127b2c91f6ab20434b92970d5b850a5e318

SHA256
bb1d501a5b629c18388c82aaf072d01d5525ec4281c8bab52c9d771a1a41518a

SHA512
d09745a003e6cad3aaadb959d28aef80be676cc1b646cfae314bff2f733fa36f11cb86e7b5e6a7843cf3bf95a46ee49176911abd674bc0773b5e022cc8b3083e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
63bfc65aa2d146c70446e3691ac88e7e

SHA1
d16d364b7da1ae617122913501c3224f450979b6

SHA256
d0ec3fc5b2877333e12109be63038b4148707ca80e24963b0fe769b59744a292

SHA512
8e6bc8300b451be78e138afda13b9df03c5a38feda186422f4d1065d6c4ba432d835fd9a718fbe0703e67ba85cc9132641d78ac9e2e8a6b2df4747ea496e1f7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
4910917fcbbe64216f24f273878007a6

SHA1
ea3780894e689278811052de4575e34c7f49ffb9

SHA256
9c0892e423b977615efe6b6487f337414b3540a4e2de54f194a79b6590b9bc15

SHA512
d61f34c66a057d713e36f2b6c1f6037a0f87c7dc1af0ee740d32ea83e0478ef77fbb2f84c8e186954a95bee63ac4651652fc1f29e6cd021e6ea6af91fc921623

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
8ee1fce29649f9085ee47986ad54ac13

SHA1
47300bcab662ee75b0955dfc94715ea6749497ed

SHA256
f789fe1fc689ebbf0d805174f3e5989706c2f785ac1eea300d334b3d7d3b5382

SHA512
4c52d9cf0d5a1f818b16d2ec67d186c1c95391c10f2f7379e63327801f98bb47c3b825e9a1814fe2cbb134ef95a7837133a84bd737a1bde7385d12b514b58490

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589a28.TMP

Filesize
371B

MD5
48ca07aaae4b1c16656c618178093445

SHA1
b91dfdea364a793d9a897bb44c37be1c2a595e78

SHA256
2d1406bbcbb5452e45b827338b79a121b0f6ebef10d5e8c8e01c4161de542c8d

SHA512
3e1afa1cd2c5010a0c76da2ace092712e31b2e3f0abbd8e8daccc772065dedf6e61466591ec9ce1069e3bfb272833d1c0fe13e5cae4a97a01c1a18f18ce3627c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
85cd58da96c3b047e264bc5ef06cf646

SHA1
aaf1b09381ab6abbb05f3237a73ea27faa8df37e

SHA256
6b7b4a14fafa0f2d34a9a25e7923f4f76481ae9dc6e11182fce2c51c57504e9b

SHA512
a9386ddeeb3f14bc0056092bc0d51d7f3787754a0e7afb434f6bbd9475795c6f606b99b30655c864f245528392e3816f249607deaeb5b34f8887eef44df57dd7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/3028-14-0x000000001C8F0000-0x000000001C8F1000-memory.dmp

Filesize
4KB

Download
memory/3028-19-0x000000001C940000-0x000000001C941000-memory.dmp

Filesize
4KB

Download
memory/3028-25-0x000000001C9A0000-0x000000001C9A1000-memory.dmp

Filesize
4KB

Download
memory/3028-26-0x000000001C9B0000-0x000000001C9B1000-memory.dmp

Filesize
4KB

Download
memory/3028-27-0x000000001C9C0000-0x000000001C9DB000-memory.dmp

Filesize
108KB

Download
memory/3028-31-0x000000001C9C0000-0x000000001C9DB000-memory.dmp

Filesize
108KB

Download
memory/3028-32-0x000000001C9E0000-0x000000001C9F2000-memory.dmp

Filesize
72KB

Download
memory/3028-36-0x000000001C9E0000-0x000000001C9F2000-memory.dmp

Filesize
72KB

Download
memory/3028-37-0x000000001CA00000-0x000000001CAF4000-memory.dmp

Filesize
976KB

Download
memory/3028-51-0x000000001CA00000-0x000000001CAF4000-memory.dmp

Filesize
976KB

Download
memory/3028-52-0x000000001CB00000-0x000000001CB3E000-memory.dmp

Filesize
248KB

Download
memory/3028-78-0x000000001D090000-0x000000001D091000-memory.dmp

Filesize
4KB

Download
memory/3028-23-0x000000001C980000-0x000000001C981000-memory.dmp

Filesize
4KB

Download
memory/3028-386-0x000000001D090000-0x000000001D091000-memory.dmp

Filesize
4KB

Download
memory/3028-22-0x000000001C970000-0x000000001C971000-memory.dmp

Filesize
4KB

Download
memory/3028-21-0x000000001C960000-0x000000001C961000-memory.dmp

Filesize
4KB

Download
memory/3028-20-0x000000001C950000-0x000000001C951000-memory.dmp

Filesize
4KB

Download
memory/3028-24-0x000000001C990000-0x000000001C991000-memory.dmp

Filesize
4KB

Download
memory/3028-18-0x000000001C930000-0x000000001C931000-memory.dmp

Filesize
4KB

Download
memory/3028-17-0x000000001C920000-0x000000001C921000-memory.dmp

Filesize
4KB

Download
memory/3028-16-0x000000001C910000-0x000000001C911000-memory.dmp

Filesize
4KB

Download
memory/3028-15-0x000000001C900000-0x000000001C901000-memory.dmp

Filesize
4KB

Download
memory/3028-0-0x000000001AF20000-0x000000001AF21000-memory.dmp

Filesize
4KB

Download
memory/3028-13-0x000000001C8E0000-0x000000001C8E1000-memory.dmp

Filesize
4KB

Download
memory/3028-12-0x000000001C8C0000-0x000000001C8C1000-memory.dmp

Filesize
4KB

Download
memory/3028-11-0x000000001C8B0000-0x000000001C8B1000-memory.dmp

Filesize
4KB

Download
memory/3028-10-0x000000001C8A0000-0x000000001C8A1000-memory.dmp

Filesize
4KB

Download
memory/3028-9-0x000000001C890000-0x000000001C891000-memory.dmp

Filesize
4KB

Download
memory/3028-8-0x000000001C880000-0x000000001C881000-memory.dmp

Filesize
4KB

Download
memory/3028-7-0x000000001C870000-0x000000001C871000-memory.dmp

Filesize
4KB

Download
memory/3028-6-0x000000001C860000-0x000000001C861000-memory.dmp

Filesize
4KB

Download
memory/3028-5-0x000000001C850000-0x000000001C851000-memory.dmp

Filesize
4KB

Download
memory/3028-4-0x000000001C840000-0x000000001C841000-memory.dmp

Filesize
4KB

Download
memory/3028-3-0x000000001B080000-0x000000001B081000-memory.dmp

Filesize
4KB

Download
memory/3028-2-0x000000001B070000-0x000000001B071000-memory.dmp

Filesize
4KB

Download
memory/3028-1-0x000000001B060000-0x000000001B061000-memory.dmp

Filesize
4KB

Download