408be7213d9a912214548518eb8d3624c3d4d3ec72594e7cd06eb6a45b49b072

Analysis

max time kernel
1761s
max time network
1769s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
02-05-2024 14:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TogglTrack-windows64.exe
Size

81.2MB
MD5

328146ba760ecbbf8fedded2a5f8d18a
SHA1

baca775ed1e027650f3d3946d39c0c1e6f94cb80
SHA256

408be7213d9a912214548518eb8d3624c3d4d3ec72594e7cd06eb6a45b49b072
SHA512

43afd2f91af5593f5224e5632c059066aa4c7e7f295b0f98737e70655f8423cf383070be1f73d2d4e257384b48fe1094d5b0a1295403733b1d369914bce67bc4
SSDEEP

1572864:cFR8etH+EmCxrW/GT2cyZBJHmFrHwYOdpM2zdtkpBIH6eLiLV3EgdakIZJq:crVXPxrW/GT2hJHm5j8l48H6TLyhkIZw

Score

6^/10

discovery persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Windows\CurrentVersion\Run\TogglTrack = "\"C:\\Users\\Admin\\AppData\\Local\\TogglTrack\\TogglTrack.exe\" autostart"	TogglTrack.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\P:	TogglTrack.exe
File opened (read-only)	\??\R:	TogglTrack.exe
File opened (read-only)	\??\U:	TogglTrack.exe
File opened (read-only)	\??\X:	TogglTrack.exe
File opened (read-only)	\??\Y:	TogglTrack.exe
File opened (read-only)	\??\H:	TogglTrack.exe
File opened (read-only)	\??\M:	TogglTrack.exe
File opened (read-only)	\??\N:	TogglTrack.exe
File opened (read-only)	\??\W:	TogglTrack.exe
File opened (read-only)	\??\B:	TogglTrack.exe
File opened (read-only)	\??\E:	TogglTrack.exe
File opened (read-only)	\??\S:	TogglTrack.exe
File opened (read-only)	\??\Q:	TogglTrack.exe
File opened (read-only)	\??\T:	TogglTrack.exe
File opened (read-only)	\??\V:	TogglTrack.exe
File opened (read-only)	\??\A:	TogglTrack.exe
File opened (read-only)	\??\L:	TogglTrack.exe
File opened (read-only)	\??\O:	TogglTrack.exe
File opened (read-only)	\??\K:	TogglTrack.exe
File opened (read-only)	\??\Z:	TogglTrack.exe
File opened (read-only)	\??\G:	TogglTrack.exe
File opened (read-only)	\??\I:	TogglTrack.exe
File opened (read-only)	\??\J:	TogglTrack.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Executes dropped EXE 3 IoCs

pid	Process
4476	Update.exe
4952	TogglTrack.exe
1444	TogglTrack.exe

Loads dropped DLL 64 IoCs

pid	Process
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe
4952	TogglTrack.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Control Panel 2 IoCs

evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Control Panel\Colors	TogglTrack.exe
Key created	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Control Panel\Colors	TogglTrack.exe

Modifies registry class 12 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\toggltrack\shell\open\command	TogglTrack.exe
Key created	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\toggltrack-56cbdc3a-ac4a-49b1-a23c-40c8c98d2a79\shell\open	TogglTrack.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\toggltrack-56cbdc3a-ac4a-49b1-a23c-40c8c98d2a79\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\TogglTrack\\app-10.0.0\\TogglTrack.exe\" \"%1\""	TogglTrack.exe
Key created	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\toggltrack	TogglTrack.exe
Key created	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\toggltrack-56cbdc3a-ac4a-49b1-a23c-40c8c98d2a79\shell	TogglTrack.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\toggltrack\URL Protocol	TogglTrack.exe
Key created	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\toggltrack\shell	TogglTrack.exe
Key created	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\toggltrack\shell\open	TogglTrack.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\toggltrack\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\TogglTrack\\app-10.0.0\\TogglTrack.exe\" \"%1\""	TogglTrack.exe
Key created	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\toggltrack-56cbdc3a-ac4a-49b1-a23c-40c8c98d2a79	TogglTrack.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\toggltrack-56cbdc3a-ac4a-49b1-a23c-40c8c98d2a79\URL Protocol	TogglTrack.exe
Key created	\REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\toggltrack-56cbdc3a-ac4a-49b1-a23c-40c8c98d2a79\shell\open\command	TogglTrack.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4476	Update.exe
4476	Update.exe
956	msedge.exe
956	msedge.exe
2808	msedge.exe
2808	msedge.exe
2436	msedge.exe
2436	msedge.exe
4136	identity_helper.exe
4136	identity_helper.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	4476	Update.exe
Token: SeDebugPrivilege	1444	TogglTrack.exe
Token: SeShutdownPrivilege	1444	TogglTrack.exe
Token: SeCreatePagefilePrivilege	1444	TogglTrack.exe

Suspicious use of FindShellTrayWindow 31 IoCs

pid	Process
4476	Update.exe
1444	TogglTrack.exe
1444	TogglTrack.exe
1444	TogglTrack.exe
1444	TogglTrack.exe
1444	TogglTrack.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
1444	TogglTrack.exe
1444	TogglTrack.exe
1444	TogglTrack.exe
1444	TogglTrack.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2800 wrote to memory of 4476	2800	TogglTrack-windows64.exe	81
PID 2800 wrote to memory of 4476	2800	TogglTrack-windows64.exe	81
PID 4476 wrote to memory of 4952	4476	Update.exe	83
PID 4476 wrote to memory of 4952	4476	Update.exe	83
PID 4476 wrote to memory of 1444	4476	Update.exe	85
PID 4476 wrote to memory of 1444	4476	Update.exe	85
PID 1444 wrote to memory of 2808	1444	TogglTrack.exe	87
PID 1444 wrote to memory of 2808	1444	TogglTrack.exe	87
PID 2808 wrote to memory of 2816	2808	msedge.exe	88
PID 2808 wrote to memory of 2816	2808	msedge.exe	88
PID 2808 wrote to memory of 988	2808	msedge.exe	89
PID 2808 wrote to memory of 988	2808	msedge.exe	89
PID 2808 wrote to memory of 988	2808	msedge.exe	89
PID 2808 wrote to memory of 988	2808	msedge.exe	89
PID 2808 wrote to memory of 988	2808	msedge.exe	89
PID 2808 wrote to memory of 988	2808	msedge.exe	89
PID 2808 wrote to memory of 988	2808	msedge.exe	89
PID 2808 wrote to memory of 988	2808	msedge.exe	89
PID 2808 wrote to memory of 988	2808	msedge.exe	89
PID 2808 wrote to memory of 988	2808	msedge.exe	89
PID 2808 wrote to memory of 988	2808	msedge.exe	89
PID 2808 wrote to memory of 988	2808	msedge.exe	89
PID 2808 wrote to memory of 988	2808	msedge.exe	89
PID 2808 wrote to memory of 988	2808	msedge.exe	89
PID 2808 wrote to memory of 988	2808	msedge.exe	89
PID 2808 wrote to memory of 988	2808	msedge.exe	89
PID 2808 wrote to memory of 988	2808	msedge.exe	89
PID 2808 wrote to memory of 988	2808	msedge.exe	89
PID 2808 wrote to memory of 988	2808	msedge.exe	89
PID 2808 wrote to memory of 988	2808	msedge.exe	89
PID 2808 wrote to memory of 988	2808	msedge.exe	89
PID 2808 wrote to memory of 988	2808	msedge.exe	89
PID 2808 wrote to memory of 988	2808	msedge.exe	89
PID 2808 wrote to memory of 988	2808	msedge.exe	89
PID 2808 wrote to memory of 988	2808	msedge.exe	89
PID 2808 wrote to memory of 988	2808	msedge.exe	89
PID 2808 wrote to memory of 988	2808	msedge.exe	89
PID 2808 wrote to memory of 988	2808	msedge.exe	89
PID 2808 wrote to memory of 988	2808	msedge.exe	89
PID 2808 wrote to memory of 988	2808	msedge.exe	89
PID 2808 wrote to memory of 988	2808	msedge.exe	89
PID 2808 wrote to memory of 988	2808	msedge.exe	89
PID 2808 wrote to memory of 988	2808	msedge.exe	89
PID 2808 wrote to memory of 988	2808	msedge.exe	89
PID 2808 wrote to memory of 988	2808	msedge.exe	89
PID 2808 wrote to memory of 988	2808	msedge.exe	89
PID 2808 wrote to memory of 988	2808	msedge.exe	89
PID 2808 wrote to memory of 988	2808	msedge.exe	89
PID 2808 wrote to memory of 988	2808	msedge.exe	89
PID 2808 wrote to memory of 988	2808	msedge.exe	89
PID 2808 wrote to memory of 956	2808	msedge.exe	90
PID 2808 wrote to memory of 956	2808	msedge.exe	90
PID 2808 wrote to memory of 932	2808	msedge.exe	91
PID 2808 wrote to memory of 932	2808	msedge.exe	91
PID 2808 wrote to memory of 932	2808	msedge.exe	91
PID 2808 wrote to memory of 932	2808	msedge.exe	91
PID 2808 wrote to memory of 932	2808	msedge.exe	91
PID 2808 wrote to memory of 932	2808	msedge.exe	91
PID 2808 wrote to memory of 932	2808	msedge.exe	91
PID 2808 wrote to memory of 932	2808	msedge.exe	91
PID 2808 wrote to memory of 932	2808	msedge.exe	91
PID 2808 wrote to memory of 932	2808	msedge.exe	91
PID 2808 wrote to memory of 932	2808	msedge.exe	91
PID 2808 wrote to memory of 932	2808	msedge.exe	91

C:\Users\Admin\AppData\Local\Temp\TogglTrack-windows64.exe
"C:\Users\Admin\AppData\Local\Temp\TogglTrack-windows64.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2800
- C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
  "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4476
- - C:\Users\Admin\AppData\Local\TogglTrack\app-10.0.0\TogglTrack.exe
    "C:\Users\Admin\AppData\Local\TogglTrack\app-10.0.0\TogglTrack.exe" --squirrel-install 10.0.0
    3⤵
    - Adds Run key to start application
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies Control Panel
    PID:4952
- - C:\Users\Admin\AppData\Local\TogglTrack\app-10.0.0\TogglTrack.exe
    "C:\Users\Admin\AppData\Local\TogglTrack\app-10.0.0\TogglTrack.exe" --squirrel-firstrun
    3⤵
    - Enumerates connected drives
    - Executes dropped EXE
    - Modifies Control Panel
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:1444
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.toggl.com/track/login?response_type=code&client_id=9a8180c5-63d9-4604-bf69-7bfcae1481b8&native_client=windows_native_app%2f10.0.0&code_challenge=SoAcrNla5anL9EQY8RYAzrSLylj3TZCwJ8-alZ7LSZM&code_challenge_method=S256&state=Wk20TUzTrCT5KKf6v0Lls-vqJro5PjE5u7FTJM5vRTo&redirect_uri=https%3a%2f%2faccounts.toggl.com%2ftrack%2flogin%2fsuccess%3fredirect_uri%3dtoggltrack-56cbdc3a-ac4a-49b1-a23c-40c8c98d2a79%3a%2f%2foauth2redirect&hide_sso=true&hide_social=true&auto_redirect=false
      4⤵
      Enumerates system info in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:2808
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff42743cb8,0x7fff42743cc8,0x7fff42743cd8
        5⤵
        
        PID:2816
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1804,17741441507720473554,15393440068778493458,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1876 /prefetch:2
        5⤵
        
        PID:988
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1804,17741441507720473554,15393440068778493458,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:956
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1804,17741441507720473554,15393440068778493458,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
        5⤵
        
        PID:932
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,17741441507720473554,15393440068778493458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
        5⤵
        
        PID:3132
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,17741441507720473554,15393440068778493458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
        5⤵
        
        PID:2780
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1804,17741441507720473554,15393440068778493458,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4620 /prefetch:8
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2436
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,17741441507720473554,15393440068778493458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
        5⤵
        
        PID:948
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,17741441507720473554,15393440068778493458,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
        5⤵
        
        PID:2128
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,17741441507720473554,15393440068778493458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
        5⤵
        
        PID:1160
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,17741441507720473554,15393440068778493458,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
        5⤵
        
        PID:2120
    - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1804,17741441507720473554,15393440068778493458,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5936 /prefetch:8
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4136
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1804,17741441507720473554,15393440068778493458,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3836 /prefetch:2
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ffa07b9a59daf025c30d00d26391d66f

SHA1
382cb374cf0dda03fa67bd55288eeb588b9353da

SHA256
7052a8294dd24294974bb11e6f53b7bf36feeb62ce8b5be0c93fbee6bc034afb

SHA512
25a29d2a3ba4af0709455a9905a619c9d9375eb4042e959562af8faa087c91afafdb2476599280bbb70960af67d5bd477330f17f7345a7df729aaee997627b3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8e1dd984856ef51f4512d3bf2c7aef54

SHA1
81cb28f2153ec7ae0cbf79c04c1a445efedd125f

SHA256
34afac298a256d796d20598df006222ed6900a0dafe0f8507ed3b29bfd2027d7

SHA512
d1f8dfc7fdc5d0f185de88a420f2e5b364e77904cab99d2ace154407c4936c510f3c49e27eed4e74dd2fbd850ad129eb585a64127105661d5f8066448e9f201d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
9579cc2e0c3c37e84003c0a64681913b

SHA1
61d9ea5dd47fe889687bf563366b6bf59b3842ea

SHA256
fd86fa49a3ec27ed43c7939713b5ed17bb97f7978a991d9a6ea5f26e8c65ea26

SHA512
4c682d0f5f3ae65960006b70c70b3e434dba4a9638aa7b8acf12dc42e777fa1d92b241b24db26c8aee811ad11c879f598989e988f079f14164af59440b61d527

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0fc8f98eb1b3ed55b697996e4831100f

SHA1
35135f0b8cb9971d0138c91a140913d3a077b2a3

SHA256
5de94bc491ee5e47944246a5786a17e6c513afcde583b8a1ba677e75a702c4ff

SHA512
e213c1fd3b5abf541d2df8e5f6224447e4deb0db047529738d5025fa08b80da49afd8b7a5322eb0d0088b80d54237a93aa4da1d0cf27962cfa2991baf4fe620f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cba442e705b16fbc8d11dc23540834d3

SHA1
d4a9aa754747ce20e51dd08437255addd7e8d6a4

SHA256
553f322abbadf5cf997fe6569a294ef411b368f4569f9c86ee3afd67808d9769

SHA512
f980be98f060b78682dc43f364ea08ecebe06c3c6a084a1f2a15da6b7f9504067ac411db4eb8008f4342248f5a503138c7767286ebf20dcc93aadc3e5c588118

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8aaca91a2d5c6105387cff6adb00f7da

SHA1
b19312456d9de3db10509b1ce7bd3b2b870d0aa2

SHA256
4e23afeadab150980077f6fb7c8caaffdba20f1eafae230a85edbb2d7e2b38fa

SHA512
f70ef1c7fcec518f65ace73d37419d29b85b905934f677090fc2f1e0256b91f8c3ff77b080e9956288471508330d360bacb99d54c9fd239dec8166b35cd4ae3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
17d5d2202713e4c3ef9f9889a60e5b95

SHA1
18614c59772d54381b1ee975db5a7100ae7980cd

SHA256
1b51771a94aebf03c8f53c974eb5f84c46d14ce438a2117bea50684acae48ee7

SHA512
d509020f0296f81956bfbd3559cd35e80c56ed20cae93a8763b607948fdad9ef5433478e11ba4c78b82f7850b055929aa365e7529b17a4e863eb6e7cfa436a21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58f7a9.TMP

Filesize
1KB

MD5
8fc6a9ff0f868579b3139aee473c6d00

SHA1
fd89e36ff832dfbae501113c59e48cfb56558954

SHA256
c789b2e764852e29b659b71689f71ae81b6b6219e853929f5e534f8c2055be76

SHA512
280d60896be48b6f0d14c886d859e58c5142bcf0b92dbfe9c54a36ed00ae74f46b0962f3c955c2b2fadfc45a97e50186188d6efe1cb5f0e4f130cffd32e30d89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d914e97f2cbdabbd841f54271cbe5ad6

SHA1
5337a54dcb47e0b9435980c2464681053f2e102d

SHA256
c16457b185ed6b1f276749382313d9513807254db46d1d96f5e3d966fb85a370

SHA512
cc757ee216962099008adc9a1aa92631276fe8263c8b95f787378881f3321f91c3abcc3d844d61143f2209b3c421f8e985734b40b1746baa9b8d58ef0f4f055c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f827d23d299ac1aa9f8726843b0429d3

SHA1
df04f1a646043015e653300f0d3c8bcf07914f80

SHA256
afe04c9fef6c6c4cb068fb89b8aca4d400f353ecb094bc08f43aa3838d415686

SHA512
54080b3b0ea4364c1ae3965de2611e9698b616d4675173c8c705eb439453e4ff198579feebddac5b5b2fa263c3f461ac99b2a6d926ac3d8c1ac2f5de28e419f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

Filesize
81B

MD5
bd02c866fe6dd17d67483815c2f17242

SHA1
07a2522ad7de5d85437d4bce041ec457e8b5945f

SHA256
d39b3872ea61b5c293e1465218303530e21da00629944deafce68757a83f121c

SHA512
178fe03484109c01acd61cee4aa94bef33cb2e4e5c0721b16c72eb7ed4803489d17d8bd2264176fabb635744356e6609765fa0234aa546f052e37190facbff1f

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
1.8MB

MD5
2f416242e21d63cbf59d6a8885594eda

SHA1
a82863eb3d45f1a390ae011e7297d2482e4a62fb

SHA256
d7f611b2447cf4c2fa19278868f3247cbf108cf93d84e26f28975a612874fb97

SHA512
60b2124cee2d4da55751779edeb8e060edefd15d36149e850478a3bb4c49b90ec679ad66f4568bec53ca80727b07296b6a7c78f5cd2fa1dccb2914e76547e28c

Download Submit
C:\Users\Admin\AppData\Local\Toggl Track\41C4F3195DD81A82586B2E9A2F92FE25BC6C5D7E2D8FA094A7AF781EB2C90AB7\database.sqlite

Filesize
272KB

MD5
b4a657233cfd947bd25d0bf70f470d5e

SHA1
327f170a296fbeaef648d5fe4b0f1b4b3ceb1aca

SHA256
9d88a928139f801d8fdc26064d19cae6934d503b0019869f421d6a3e230be6d6

SHA512
5a46bd422ce394aba90cfd3afebf614974048401b1cdeaab1d02df5201b8d27c8fb716663d5de5ee487748b48b467c08aee4edb4612b9fdc64ca6f973f22e1a3

Download Submit
C:\Users\Admin\AppData\Local\TogglTrack\app-10.0.0\DirectWriteForwarder.dll

Filesize
526KB

MD5
b1bec08d463cefa54b29e82cb5330c4d

SHA1
de96a36d0368f316d6a15c4b9d0965cf6b4eeadf

SHA256
26a5d2ef39cf7eed433ab171760f9aa149585e48fc07b22818c597fd34a2fce0

SHA512
54e56ffb06947df45897cfa2e8a93ff1f57bc7d6924c0932fdf69ccd0077d95f1f31d9f78ebb6215180a44a1f8d1a0c9f4228879b9283a2f3a963b4e6a44804c

Download Submit
C:\Users\Admin\AppData\Local\TogglTrack\app-10.0.0\Microsoft.Win32.Primitives.dll

Filesize
15KB

MD5
95e00f4e8fc22c3447f7d26491a6a454

SHA1
ed6203db937764a8557993d118b079db275de3d1

SHA256
af8033ec095475df5ebb0f96f67032b5d07d8a2ac63422ee60472737d54ff7e0

SHA512
fe00b6a06f18ab4aa68b4b6e87f22b1d070a4ee5f5457b39ce86083e9ec0ff45d01b95a247ec9eadcc2000c1c6d010e3f06ac88afa079046d71a2d2309267cff

Download Submit
C:\Users\Admin\AppData\Local\TogglTrack\app-10.0.0\Microsoft.Win32.Registry.dll

Filesize
118KB

MD5
f11d9590ffcfbb03c15a48251c12c440

SHA1
2370d42efd83d09bbd3101bac7ca5e68bbca1e9f

SHA256
e6fd68fcab5fc3d267d574744fd22b254e17f067fc95fac8bf999dc8c3feb259

SHA512
cc87c437f87b71368d2b2ba6fc3a9191e9480d9106b9a660e85b77b136b0635e5365756d77683fc2d62ce3ee9a14a3399bc66815f67c7942f508f255d5b0aa9a

Download Submit
C:\Users\Admin\AppData\Local\TogglTrack\app-10.0.0\PresentationCore.dll

Filesize
8.1MB

MD5
11fd58b7d73fda8fd0e3abcb3ca004ab

SHA1
5baae4fc222cf90438ffb693d62754f3a97285b7

SHA256
7d1ad085bb3df420a5192fec57a66edb707d8d3e42a8acf712815311ec3b813a

SHA512
2b9744e9b7b16a40e8c92fb1c454e019732df2df788a1e19a82f2b388c70b576325ce641d093db3a338af867949f20bc8869d01ed971766efb3c1206b2bc548e

Download Submit
C:\Users\Admin\AppData\Local\TogglTrack\app-10.0.0\PresentationFramework.dll

Filesize
15.4MB

MD5
d7e3e27cd347b36b3360fc2ab3e2d2bc

SHA1
f72a62d9afbab147367ec8f3fceb20bff8f228bc

SHA256
32846575a2bb586c734d212936fc4c3ce25d10ab2ec55be1a890368c8d8af7a6

SHA512
e58bc0a67ef3db11c81a3f7ddf8afc2a96826bdb1ab29eb0cf9bff9978277c19462c731abf646bb3dd9bdf10ae0361673f0fbfe9ff133f669c9fca114fe308bc

Download Submit
C:\Users\Admin\AppData\Local\TogglTrack\app-10.0.0\PresentationNative_cor3.dll

Filesize
1.2MB

MD5
61d5bea0ec706ff402f9793b46d10f8d

SHA1
60e1b35590cc507994c602de8cc9edac9ebbf405

SHA256
06fbc002e01111fefdf2153961cb715d71eb6ff9c86630511b1722997b0847a1

SHA512
8d1d3e3e8a38361ec487118db585be6dc9d16854eca01d1490590903c603af69d7890761ca2904f35678dd9640624873f96cfbc14f318a81ea063d2a42b3065a

Download Submit
C:\Users\Admin\AppData\Local\TogglTrack\app-10.0.0\System.Collections.NonGeneric.dll

Filesize
102KB

MD5
93f90c3ab3e24e644ec713e13cc0eeb9

SHA1
0b2cf259feff9d00da401f42330c87135e264acb

SHA256
c4979a3bd198bfb8b95eb79cf71ab916eeb841a3cad6c2c98400d5a480920c99

SHA512
03d703e89d0701320e8896665034da450b9433fbcadbaa1d5436dbf448a926234f26bfb3b7cad3ce6d9d28b87a19e68e048cf96bf8cb88180d51badd4afeae29

Download Submit
C:\Users\Admin\AppData\Local\TogglTrack\app-10.0.0\System.Collections.Specialized.dll

Filesize
102KB

MD5
c7216fe977ca144acb4eac4ebeb93bb8

SHA1
44c6a5e8961e6eacaf21302a37cbb478807fefa8

SHA256
686868376da09d4562e99801dfd94061d97590d221e55b6569e5f6a648e48356

SHA512
cb05923724b6a8325dd08ff44ad96bc35e3c81b9ef8e59b86aa823e54a93787130376458a8268162e554aeeecdf3942db92f003097a878252d8e8812fa21648c

Download Submit
C:\Users\Admin\AppData\Local\TogglTrack\app-10.0.0\System.Collections.dll

Filesize
254KB

MD5
56192acfff5c9a8f1255d9fe4d492f63

SHA1
cc7348453e38e0b7f11e88b754a008949dc5c9e5

SHA256
1bed42b3740af9afc9e50bb839d9d6ecebd558d534dcf563829f22dfcfeb8e8b

SHA512
323da1ae304b86da7c1463a569d27cbaf1ee8f1b4beada6252f54a4dad2b1e0f4c03ab3e035f6ef82a786ddbc73d7764c7120ba4f86e194f95627ec565c29db0

Download Submit
C:\Users\Admin\AppData\Local\TogglTrack\app-10.0.0\System.ComponentModel.Primitives.dll

Filesize
78KB

MD5
b2ea2fb68b866ba9609ea3c05f126db8

SHA1
359dd838f665a8622ee2350627ddb2d5688fe1cb

SHA256
ce79e129840f693efc808958f3fa367f9d68c34dbfcdcb8884a7a4e43f6d5b99

SHA512
20df65b76ce18e6031c7b529aff14e19f5bb333ce63fd81897845c2b2e8d8f5c88c2578b6c229292772075562c6ccb4a1098e9ad5b211c29e67ec7bcace1a3c5

Download Submit
C:\Users\Admin\AppData\Local\TogglTrack\app-10.0.0\System.Configuration.ConfigurationManager.dll

Filesize
1.0MB

MD5
3146629bb84204de4aeabd575cd87fa3

SHA1
aeb65ddb63cf4ca02a2db87c409c11ef9c411ec3

SHA256
70ebed0366d9c4711b7856e6be2f9c20dc4d35c7547f72e8a493481b108fe975

SHA512
a0241357ae4b1d5806f4309ad865993261a17add66e368cdce619f05eb574f018ba387af4c2b0b7eb84e9a921d097ce26a79f5cfe434dfa9eaa11792f9975da1

Download Submit
C:\Users\Admin\AppData\Local\TogglTrack\app-10.0.0\System.Diagnostics.Debug.dll

Filesize
15KB

MD5
a3f55d2c1a99e772d9a3995533e0edba

SHA1
d75aec147ba78fa5b69a1ea3d19ce5a5a251b530

SHA256
3a95e6ba32e26677b1b3e32bb0c38eafb2ba1166de2edb3206f2453f843aa081

SHA512
854b1740d273c9c9761bc5a9c53f0f2472c1ff423d763d6502c96482db8e98df8baf8911d554fd403e79b1578a0cee9848a82743c84d1c81d08eea2144bc7179

Download Submit
C:\Users\Admin\AppData\Local\TogglTrack\app-10.0.0\System.IO.Packaging.dll

Filesize
282KB

MD5
09a65e688ac4ea8fb32acd61d04a2984

SHA1
24932e4147b9e705ec845b0375c6f0f1e2d38bda

SHA256
79a579c8e23e20df6fa4a0cae5f744ebcd6221256217c8311d2b1a6366b44efc

SHA512
9dd31e0c219d660c6e4979b861220a04872d83aed4b7b271b7c3f3517bd9b2983eb3007ca40a23c6a730bde63d9830ffc1611cb8aa43e1e219ec3e77c005b8c0

Download Submit
C:\Users\Admin\AppData\Local\TogglTrack\app-10.0.0\System.Memory.dll

Filesize
154KB

MD5
b016aaa64a920acd6cdd9012e109a624

SHA1
98ceb308b24c34eb5b773153dcd695a154f6fdac

SHA256
e7fa0c09dc862d33f59e00b4c56123c7ba31b6f84905c20700fe77324260ebad

SHA512
20be5a4caa97c0265ee3b25cdadbfa03347ee5e4662ea574b11fb9a92862b0119165b40d617d3958752d5f8f676d8c990b7906a48f489046b0f696af1b0bc30e

Download Submit
C:\Users\Admin\AppData\Local\TogglTrack\app-10.0.0\System.Private.CoreLib.dll

Filesize
12.6MB

MD5
3a27e6dce5692ac9512c15b36d3cc1f8

SHA1
2e58b512afd2c164e748e22ff29dce0b9243b1ea

SHA256
161838133ef24e1584e5aec32dd05920d1f95df8aa37dc4230184f7c59364502

SHA512
24ed1721cf803aa39f63aeca7b327a137b0255eb6dea20bb4e78773e62b59a804c4f9a207e6ea209ea4ec37fc593e4815d3f72970e62587782cadbd276d92f7f

Download Submit
C:\Users\Admin\AppData\Local\TogglTrack\app-10.0.0\System.Private.Uri.dll

Filesize
254KB

MD5
b88d540d4bb2fafcfdb7286aef32487b

SHA1
a34a314578e68976246256781d4ece3a7c22a3b2

SHA256
dcbc2c80034d9799ed8bfcf6f956967ca4f9bbb6ae4ff22c3fa1e66fc6a1f7c5

SHA512
f212239cf8365f574527f9cc72db7420e5a4efd33e9d50686e3e69c4d29e1e3b3bd14b4556520a668b7cbc4469d897274558201d97f4f4b5e6407c1c379c61a0

Download Submit
C:\Users\Admin\AppData\Local\TogglTrack\app-10.0.0\System.Private.Xml.dll

Filesize
7.6MB

MD5
3fae9b0e646f653d6114fcde4421dfb8

SHA1
ae09cf3007aa32ff9771e5a6bbeb8be129cd3ea6

SHA256
8f1124a7440f303dc6b76884ba75577370d8106115d94a34d572f97be79f572f

SHA512
69f770ccaf76a2652cdfb46fce4adab6fd3194b82de42b57b3f2114eb45bcbf6c6543fc2cfe354dff2d5835e8c90ed3ae0b3b4cad43d7ba2e51f13c021fc175e

Download Submit
C:\Users\Admin\AppData\Local\TogglTrack\app-10.0.0\System.Runtime.CompilerServices.VisualC.dll

Filesize
30KB

MD5
243b7e1c8e0ea76755016df5ea14bf60

SHA1
26c08d5df59be7065d6d4163c5eab894e53a3ca4

SHA256
55fe90d750d5741be40a7bb357fdeaf28f0c862fc97e98035db4c6dced2bed16

SHA512
24584185e447c6066e039ebfa3b33f15e7363be72c79d6f2dc86aca6a2e52474d4056f95852338b86a4fd276b5bb6c6ad49df860276ecda996c732f582dffb87

Download Submit
C:\Users\Admin\AppData\Local\TogglTrack\app-10.0.0\System.Runtime.Extensions.dll

Filesize
17KB

MD5
cadd9e61bba2203b02b2de1820c10fdf

SHA1
16227d2c164b5b1b9d911efe5809df8d8d90c40e

SHA256
b861f7304987fa345f8826ebe8c6a33c1c7e7dfa9491617f75b65a8cb01a4180

SHA512
1b3b22e2d8e3887dabf6b687facc7d028d986bd36b90eadf65af81161fce1ac2fc431587bed75f7775584fa19ba38f8b18e7bd19bc504451c22b17d1d2eda372

Download Submit
C:\Users\Admin\AppData\Local\TogglTrack\app-10.0.0\System.Runtime.InteropServices.dll

Filesize
94KB

MD5
c745dbb72d40d28a78f486cad5217241

SHA1
235e86b465786a0cc7d7ffd8dcfff203e16cc614

SHA256
98ebf631c1566765eef8b00cb61c1817b843b51415f54e9ab06c09d570456c86

SHA512
ffa0a36df3fc52ed4145a778b511d6ce2ed27f6fb4932e729d457045a27770bc0aa3c987ef24b339be90bcb7609270f839af6129ea9c311aef22351d04c14963

Download Submit
C:\Users\Admin\AppData\Local\TogglTrack\app-10.0.0\System.Runtime.dll

Filesize
42KB

MD5
aa3c3668e72cf81c8364a923e6ef5dd9

SHA1
67990e237f45e33ff976c6d3df3cf0565a36aa18

SHA256
b8493a46e602cf769bf864553d55bb425e4d4c54b9fa1f8588c7dc607d56de53

SHA512
e1ed39f8bdcdff20cc39af33caf53197b143e1d8c2d7d2b06dad2ea48f53cce6633886dba56c3343ccdfafdbe9e57d3fa620abb73bdf6938eaa118500ff1ed80

Download Submit
C:\Users\Admin\AppData\Local\TogglTrack\app-10.0.0\System.Threading.Thread.dll

Filesize
15KB

MD5
90ecf3fad632b326a25725e3811ff3b7

SHA1
25b39ec0054fc320fec2cd797575eb5d64cc8c95

SHA256
3e6349495ef016ee4110c71d7bc49ba36e2459584b8eba8f9d878d25ea4193f5

SHA512
9bf3b67c3d8c150ef54a3b9697d801b174f23fef922723a78ed8729c482c83320ded5d6e2f012fda79d5910ba6f8f137d649e2ee5359eaf9fc84f680229ad557

Download Submit
C:\Users\Admin\AppData\Local\TogglTrack\app-10.0.0\System.Threading.dll

Filesize
82KB

MD5
9427f4dd4561e1b46ec2d652d4667c1e

SHA1
dbf1ed67addc939cfb4abe39c72bd11c4f47f14e

SHA256
93983fa3c697c06eabcaada825700c245a1389f24bc0482397f584b41cda25ba

SHA512
511c85ab23ed380c2d8bac800a974e15e76c9059b5701a288d65abb1106b6ffd81a8af95937f502c596b954aa583d913b663e0d582865d7835220ee92eacabe6

Download Submit
C:\Users\Admin\AppData\Local\TogglTrack\app-10.0.0\System.Xaml.dll

Filesize
1.4MB

MD5
0782c5806be7c981aacbfcb41ff64dee

SHA1
32628357764b582dbf18bb4cabe950b03127e12d

SHA256
de4ef0937473984b253cb1934972587059b1fb850b2ecae05c126d8dba907ac5

SHA512
475b592ee23c52f3c727ca9529e3baa0910a370e8ac5103cac33ebfc93cf928010471a1db56dee6abe9b048f374a452fbaaf11eb3b04b7afc1b5405beb322659

Download Submit
C:\Users\Admin\AppData\Local\TogglTrack\app-10.0.0\System.Xml.ReaderWriter.dll

Filesize
21KB

MD5
0845e81793b8fe161b5e1bb06bee3822

SHA1
2584632d78896ad4c22b1323dc421b5cea8db13f

SHA256
46e0cea3590b11ae2de9c60d4de0df409cb92f95e30ec06a5938f78071d3aa20

SHA512
06948058e11a770cede36bd850e5ad441f398a1eca0cd875a3cf8a5488a7a57b3745c09345665a59fe7c464c5c3d8f0affad2836eb4c295a98dae673d23fa645

Download Submit
C:\Users\Admin\AppData\Local\TogglTrack\app-10.0.0\TogglTrack.deps.json

Filesize
177KB

MD5
c7a3cda199fe2acf10347a9e12e25715

SHA1
ba6c84df2185dde24209f4211042ce779c3ce352

SHA256
2f829be2a353f96e48d4d6f428f8420d8322ee96f25b51b93760bfba927030c6

SHA512
fb5935f269284c4feb686628ae08e5450f3a5557dd99334e426ef8b7806f6a147433aa2ffbd69fc2250b384c012946ed70022c57e8a18ac277f967cc0a7dfb00

Download Submit
C:\Users\Admin\AppData\Local\TogglTrack\app-10.0.0\TogglTrack.dll

Filesize
1.2MB

MD5
c169aadbf42ccb7cc0f52980cba452b0

SHA1
71fbe04a9503cdd81ad25f361630ce1c421e75aa

SHA256
6a787ff6f2d9828ee48247c808d9ab8643512450e00da15baa917c32edb16979

SHA512
470d2e688928dd55bd24a0738e66317b5c3b98b25b7a7f2a97ddae33f92152925e615961ef537dcc8658a4e88fbf16427fb733b601ee1624cf92f2b58ee87fc1

Download Submit
C:\Users\Admin\AppData\Local\TogglTrack\app-10.0.0\TogglTrack.exe

Filesize
226KB

MD5
7142d1279f50dc501a9807b24e7489ab

SHA1
527738be46151810fa2c4116ded476bab09236a6

SHA256
784e9214a3502dfa5c4250d86b7cbe0fc2f7a3f2a0378ea471436254559f79c2

SHA512
f0cb936c012f19ba4b675d60eaa5c1167d736c39b6b8e060e7614e1c60a92387925700b598bae656727f2caf10ceb5659288a167e2057b6a2ba9693f1acd32be

Download Submit
C:\Users\Admin\AppData\Local\TogglTrack\app-10.0.0\TogglTrack.runtimeconfig.json

Filesize
535B

MD5
8f3b50e73db1649c1451b4403e5ae7da

SHA1
39cdda20fb10b6a97e8bcec68bebd78798511ebd

SHA256
ad823a567c0aa15dd01992a6cd8aee420881ad7fa8595bf4eddc87f96a708112

SHA512
c10cd19ee3c32042759c14e82aa6463b73f1f58dd4249db9523cd7031a6fc4557c925f1a88d7775562b490ebcc3b0f8a7ad560edd3c61cec12724eb99926d165

Download Submit
C:\Users\Admin\AppData\Local\TogglTrack\app-10.0.0\WindowsBase.dll

Filesize
2.2MB

MD5
94226773a429c3dfabe014834406f09a

SHA1
44e03ac09a932fbad6656bc8ef83187808a03a1f

SHA256
599a09eeff5781f42337bb7402a603f68663cacf998f30267323c612f1da00c8

SHA512
2fed7141995fc6b8f3d57ce98266cf5c1f8c461aaf49b6a915b0ee5fe71551e1b005c752686fc4526acfb77fa20455350592cbb3ecb28528f821c004ce526fb4

Download Submit
C:\Users\Admin\AppData\Local\TogglTrack\app-10.0.0\clrjit.dll

Filesize
1.7MB

MD5
5925abfab75e6159a5910e02522d3926

SHA1
761bc2e67752a1c20de6b46611c22ea8aadb4aae

SHA256
af1131ad88b084e45a78c07a605d42065d3d67adf7c5a5ddaa172d8845b68676

SHA512
b87b3514ebb44ded6b5a68d07ccb959fde1bbc4ca844ca1c31ef4704e3cd577d436b736b9315cfe8e6a57f723ecde128057d8e4d6404d2cb361d589d042dccb9

Download Submit
C:\Users\Admin\AppData\Local\TogglTrack\app-10.0.0\coreclr.dll

Filesize
4.8MB

MD5
1ec0adeffa0aa04ff13d1b062e5d4c23

SHA1
a71a12e5324d6731339ec0b82a8649d1ac914a69

SHA256
4a3c899000ae49ad4cb2ba9d41749f9788c7ea973f6922a8731b6cd484b0e8f2

SHA512
bd031069a42ed1638244021b6e1a5ce3a9e4862cff2f609aea8bb5729d09e1fa0256a0d8a86c38a4f4b82a109221181dbc8030bc3cc68ce9915d035c049059ae

Download Submit
C:\Users\Admin\AppData\Local\TogglTrack\app-10.0.0\hostfxr.dll

Filesize
346KB

MD5
8a5cb8419863cb2ecdc0b4bf5d66b59f

SHA1
220f3e320e665cb3d224092ff6bd940a7ce8a62d

SHA256
78fa5b0c5fd41cf5ec64cc023478268fdd28cf895cd36d272e50231349893d1d

SHA512
96484b34e759bb2ff5de565a20099839666fa2a25e849e75342d2b6dd7e90b94b6dc022c8324a33d994c617c62a726ebffc81fe5033c38b1926544924dc4a1c8

Download Submit
C:\Users\Admin\AppData\Local\TogglTrack\app-10.0.0\hostpolicy.dll

Filesize
389KB

MD5
6a30721752d2def344197d1c0123ff30

SHA1
4abc80dd7f13cfab4f4d9e3f52ab8d8f71941605

SHA256
a32363f65a28a71b0a8bdd2ec411751e94d4427e05d13fc51cd769337f9a669a

SHA512
c9a7bdd30919d1f75ca0fee3e0cf17989eee2442c8a078c420e2431315fafc24f495101748b09c6fb1d780be09fa7ea1b5be0b7f036872909b19c625f7babdd5

Download Submit
memory/4476-520-0x0000000028100000-0x0000000028120000-memory.dmp

Filesize
128KB

Download
memory/4476-437-0x000000001FC30000-0x000000001FC3E000-memory.dmp

Filesize
56KB

Download
memory/4476-436-0x000000001FC60000-0x000000001FC98000-memory.dmp

Filesize
224KB

Download
memory/4476-9-0x0000000000590000-0x0000000000766000-memory.dmp

Filesize
1.8MB

Download
memory/4476-8-0x00007FFF30E23000-0x00007FFF30E25000-memory.dmp

Filesize
8KB

Download