648ca4f9c2964bea3e91685a32e0381c803d648cc358b39ae4071fd3be77fed6

Resubmissions

11/09/2024, 17:15

240911-vs3d1aselj 3

11/09/2024, 17:12

240911-vq4t2sshle 3

11/09/2024, 17:09

240911-vphv7ascpp 7

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11/09/2024, 17:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

toaleta.jar
Size

2.2MB
MD5

8e48fc3bda0bc899ba7c38b5bd2ac165
SHA1

bff45691858d8278b55b46af99ab0b5890564e53
SHA256

648ca4f9c2964bea3e91685a32e0381c803d648cc358b39ae4071fd3be77fed6
SHA512

a807a35eee990b75d85417bdddc3aabbe1275319ccd982c08b7bd929eb175992b96d7728a4615885b1368c9693550968a899b2d308fc8a0c9c3b1420ad7bc5d0
SSDEEP

49152:J1dxsLIha5XhNN9gD3b+V9JqG+XFpJ7JUZRlwxBRR+IMNT58:JZJhhb+Xqd1DJmR6xHlMU

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133705486596988705"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-523280732-2327480845-3730041215-1000\{620724BD-E397-45F6-B09C-264ECEED6D61}	msedge.exe

Opens file in notepad (likely ransom note) 2 IoCs

ransomware

pid	Process
2852	notepad.exe
4432	notepad.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
472	java.exe
472	java.exe
472	java.exe
472	java.exe
472	java.exe
472	java.exe
472	java.exe
472	java.exe
472	java.exe
472	java.exe
472	java.exe
472	java.exe
472	java.exe
472	java.exe
472	java.exe
472	java.exe
472	java.exe
472	java.exe
472	java.exe
472	java.exe
472	java.exe
472	java.exe
472	java.exe
472	java.exe
472	java.exe
472	java.exe
472	java.exe
472	java.exe
472	java.exe
472	java.exe
472	java.exe
472	java.exe
472	java.exe
472	java.exe
472	java.exe
472	java.exe
472	java.exe
472	java.exe
472	java.exe
472	java.exe
472	java.exe
472	java.exe
472	java.exe
472	java.exe
472	java.exe
472	java.exe
472	java.exe
472	java.exe
472	java.exe
472	java.exe
472	java.exe
472	java.exe
3260	powershell.exe
3260	powershell.exe
3260	powershell.exe
472	java.exe
472	java.exe
472	java.exe
472	java.exe
472	java.exe
472	java.exe
472	java.exe
472	java.exe
472	java.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe
Token: SeDebugPrivilege	472	java.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
472	java.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
472	java.exe
472	java.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4024 wrote to memory of 1672	4024	chrome.exe	106
PID 4024 wrote to memory of 1672	4024	chrome.exe	106
PID 4024 wrote to memory of 2636	4024	chrome.exe	107
PID 4024 wrote to memory of 2636	4024	chrome.exe	107
PID 4024 wrote to memory of 2636	4024	chrome.exe	107
PID 4024 wrote to memory of 2636	4024	chrome.exe	107
PID 4024 wrote to memory of 2636	4024	chrome.exe	107
PID 4024 wrote to memory of 2636	4024	chrome.exe	107
PID 4024 wrote to memory of 2636	4024	chrome.exe	107
PID 4024 wrote to memory of 2636	4024	chrome.exe	107
PID 4024 wrote to memory of 2636	4024	chrome.exe	107
PID 4024 wrote to memory of 2636	4024	chrome.exe	107
PID 4024 wrote to memory of 2636	4024	chrome.exe	107
PID 4024 wrote to memory of 2636	4024	chrome.exe	107
PID 4024 wrote to memory of 2636	4024	chrome.exe	107
PID 4024 wrote to memory of 2636	4024	chrome.exe	107
PID 4024 wrote to memory of 2636	4024	chrome.exe	107
PID 4024 wrote to memory of 2636	4024	chrome.exe	107
PID 4024 wrote to memory of 2636	4024	chrome.exe	107
PID 4024 wrote to memory of 2636	4024	chrome.exe	107
PID 4024 wrote to memory of 2636	4024	chrome.exe	107
PID 4024 wrote to memory of 2636	4024	chrome.exe	107
PID 4024 wrote to memory of 2636	4024	chrome.exe	107
PID 4024 wrote to memory of 2636	4024	chrome.exe	107
PID 4024 wrote to memory of 2636	4024	chrome.exe	107
PID 4024 wrote to memory of 2636	4024	chrome.exe	107
PID 4024 wrote to memory of 2636	4024	chrome.exe	107
PID 4024 wrote to memory of 2636	4024	chrome.exe	107
PID 4024 wrote to memory of 2636	4024	chrome.exe	107
PID 4024 wrote to memory of 2636	4024	chrome.exe	107
PID 4024 wrote to memory of 2636	4024	chrome.exe	107
PID 4024 wrote to memory of 2636	4024	chrome.exe	107
PID 4024 wrote to memory of 2200	4024	chrome.exe	108
PID 4024 wrote to memory of 2200	4024	chrome.exe	108
PID 4024 wrote to memory of 3976	4024	chrome.exe	109
PID 4024 wrote to memory of 3976	4024	chrome.exe	109
PID 4024 wrote to memory of 3976	4024	chrome.exe	109
PID 4024 wrote to memory of 3976	4024	chrome.exe	109
PID 4024 wrote to memory of 3976	4024	chrome.exe	109
PID 4024 wrote to memory of 3976	4024	chrome.exe	109
PID 4024 wrote to memory of 3976	4024	chrome.exe	109
PID 4024 wrote to memory of 3976	4024	chrome.exe	109
PID 4024 wrote to memory of 3976	4024	chrome.exe	109
PID 4024 wrote to memory of 3976	4024	chrome.exe	109
PID 4024 wrote to memory of 3976	4024	chrome.exe	109
PID 4024 wrote to memory of 3976	4024	chrome.exe	109
PID 4024 wrote to memory of 3976	4024	chrome.exe	109
PID 4024 wrote to memory of 3976	4024	chrome.exe	109
PID 4024 wrote to memory of 3976	4024	chrome.exe	109
PID 4024 wrote to memory of 3976	4024	chrome.exe	109
PID 4024 wrote to memory of 3976	4024	chrome.exe	109
PID 4024 wrote to memory of 3976	4024	chrome.exe	109
PID 4024 wrote to memory of 3976	4024	chrome.exe	109
PID 4024 wrote to memory of 3976	4024	chrome.exe	109
PID 4024 wrote to memory of 3976	4024	chrome.exe	109
PID 4024 wrote to memory of 3976	4024	chrome.exe	109
PID 4024 wrote to memory of 3976	4024	chrome.exe	109
PID 4024 wrote to memory of 3976	4024	chrome.exe	109
PID 4024 wrote to memory of 3976	4024	chrome.exe	109
PID 4024 wrote to memory of 3976	4024	chrome.exe	109
PID 4024 wrote to memory of 3976	4024	chrome.exe	109
PID 4024 wrote to memory of 3976	4024	chrome.exe	109
PID 4024 wrote to memory of 3976	4024	chrome.exe	109
PID 4024 wrote to memory of 3976	4024	chrome.exe	109

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\toaleta.jar
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:472

C:\Windows\System32\notepad.exe
"C:\Windows\System32\notepad.exe" "C:\Users\Admin\Desktop\UnpublishDebug.ps1"
1⤵
- Opens file in notepad (likely ransom note)
PID:2852

C:\Windows\System32\notepad.exe
"C:\Windows\System32\notepad.exe" "C:\Users\Admin\Desktop\BlockRegister.ps1"
1⤵
- Opens file in notepad (likely ransom note)
PID:4432

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:3260

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb9206cc40,0x7ffb9206cc4c,0x7ffb9206cc58
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1900,i,13099050570537544345,11562635424863194080,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:2636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2196,i,13099050570537544345,11562635424863194080,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2308,i,13099050570537544345,11562635424863194080,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2432 /prefetch:8
  2⤵
  PID:3976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3152,i,13099050570537544345,11562635424863194080,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:3688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3204,i,13099050570537544345,11562635424863194080,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4544,i,13099050570537544345,11562635424863194080,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4528 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4884,i,13099050570537544345,11562635424863194080,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4892 /prefetch:8
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4904,i,13099050570537544345,11562635424863194080,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5100 /prefetch:8
  2⤵
  PID:408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4476,i,13099050570537544345,11562635424863194080,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:3052

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5060

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb940446f8,0x7ffb94044708,0x7ffb94044718
  2⤵
  PID:792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,14736097465780072792,7732746333242533157,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:2
  2⤵
  PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,14736097465780072792,7732746333242533157,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,14736097465780072792,7732746333242533157,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,14736097465780072792,7732746333242533157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,14736097465780072792,7732746333242533157,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,14736097465780072792,7732746333242533157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,14736097465780072792,7732746333242533157,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,14736097465780072792,7732746333242533157,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:8
  2⤵
  PID:5232
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,14736097465780072792,7732746333242533157,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:8
  2⤵
  PID:5328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,14736097465780072792,7732746333242533157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,14736097465780072792,7732746333242533157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4284 /prefetch:1
  2⤵
  PID:5728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,14736097465780072792,7732746333242533157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:5916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,14736097465780072792,7732746333242533157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:6068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,14736097465780072792,7732746333242533157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:6076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,14736097465780072792,7732746333242533157,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:6084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,14736097465780072792,7732746333242533157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,14736097465780072792,7732746333242533157,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,14736097465780072792,7732746333242533157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,14736097465780072792,7732746333242533157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2024,14736097465780072792,7732746333242533157,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3440 /prefetch:8
  2⤵
  PID:5672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2024,14736097465780072792,7732746333242533157,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5008 /prefetch:8
  2⤵
  - Modifies registry class
  PID:5676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,14736097465780072792,7732746333242533157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,14736097465780072792,7732746333242533157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:5172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,14736097465780072792,7732746333242533157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:5896

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\4f2938f7-38f3-4eef-a775-ad36ee0a709d.tmp

Filesize
649B

MD5
66c43efe56fb584155519dffdb995510

SHA1
46707c6d55b89cc115fc8d4367d2317fe2e590d9

SHA256
7a715bec169eb3aba8b0088978db178bc59e54db097e5c9738749056d5313472

SHA512
39c39aefe380b4879b0f4d4b1d5d5b43485db3429a691ec826540435ae13b90e121a42dc20ce95d139892dae67514d3cd5cbd6d6e9d831e7b1cf75c356e96fc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
a34c9881097e01e5a4b8d8e40fc96fad

SHA1
c80695c28620bec3554fd666596bf412593fad98

SHA256
9e4f823a4c3677fa5455fc78c0ba4d746eec05f7cfa332a347845748efc1fad2

SHA512
32ac22d6dfb6b57cfebbf1db88eb9b096b66cb1d73be43c3ee84d23974a6123f0010f08fe2c56f3da4ee325d911014a6c9753fd7c91341dc39346e8d3c3164c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
6bbc972133bc5dd52311535ce0a7d2a9

SHA1
948e6850eed3a43e85515478d9a7fc54857cc4db

SHA256
68d5d99545d106967428514e5004feba8b53079df26063904c6dbd9ec8aec3de

SHA512
ee3e1d07953f34c664e814fcdd9082ed3f6a4a8ec6c0fe354515b209d25b9255a8185b85f153e402ac1c5a7ef4de98e8bcbb7f1e11156cc9bb795e0c04adcb9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b37ad12275c776f83da1709a8386bb80

SHA1
8c3f1065b6b31babccf8901dda12bb0331d9052b

SHA256
9ace62d093a323f18bf487d8c72fe969968655a17c649cb02d4607b3a45d197d

SHA512
6d6e0d44a330c6dd8b4ec8cfdcec5c0a3c2e6759f3d57f3a404d1b5a1f8ebc88b020e087cb3e9f85e697fc700c127764d5c1cdcaef451f98f8d789e217e4461f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
0387f5f4c11ac0f9ec9f0fdd480c3fb9

SHA1
777967c8c656ec986e742fa30b2a144c61438822

SHA256
352ba9d8ce1e405398d0ea3ca0a2e9dba5916c3c524ba1706a4f20d4c33b2a96

SHA512
968c2fc52b004fcbb50f5573512a0d9cfc640594be54826b300bba269d46c3cf991185a850adc5cac7d951f724c0079af8209f783e844914c3c4fffd31e78f53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dd02d34a0a37c8f7b7761dd910e91b91

SHA1
0373a87b5e9e4d42d656c8cb828e43b2204d8154

SHA256
46416269d87c12604355ba70fa70bc753438fc84d5efbdd0b3082ff58d8b840b

SHA512
2ff5f4fcf2ea952e0fa13b96449ae72e12341722a6e4253abceb6620ec2177330a5cd89e865f5d4727e68db11087287603ccb2427f198c90d5629f43da54e65d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8b2e4d7ac77aa9ecb7a14fdd36ae5863

SHA1
42ebe9476d3b6a88b659c2755cf54bdbb9d5ddf2

SHA256
1070d3af8c59b2c3efb3b5b128e42196b998e3e7d50120e397cefec28a8e9e95

SHA512
9d279b40994cd6c2a1bef85212b12bc3e2938aacd59a5064c1b8813cbfa50013830a72ba72b0be891e1c1118e65f93d3f4d81781c068aca4b7a5a82dd808eb73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
751598e6bf2d7eefa14a7405e35acecb

SHA1
8d842f6401e8dc601120496f9b08b7ee66baf2be

SHA256
813bcfcb4767d4052484013d1570e6980f3049b7e0d0372d7f0bf0902b5d3841

SHA512
cdd5eabf990820a78c842cb54b009f60c6ae6390bf9910f8df503c58eb553b2f853e564dab788ec93608c42039cf6de24e21d1901e0bb3d0edd8faa40ce88572

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
206KB

MD5
2aa59495bd814a672fe2884ce7643fc2

SHA1
ac00d02cd380d8b115acff78bde37e3239a50a2e

SHA256
fa6453910634513db096cb3c8fc3540c7a3d54365a10d36e76b5356f5e1a77f2

SHA512
1c24df97af67286bf83cc6b2ec948d45ab5642b201bc280e262e3184a39c5c9e978149c77aee15562624d59ea779542ec5f572ac634b12cee76a72ea5df098b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
206KB

MD5
c07c066321678b84d886bc7b425f680d

SHA1
c32b55cc9b27e8d5dc3ceb5f7429329f09096fa8

SHA256
81a7c83cab25183c2b61db7d448013a49dcc33100e0049c08329db3c6c9e0fc8

SHA512
20118cc91ce69b1b9060a89f21859bfcb21737f65c61e3f31be1373fe07c0e2f95e71e6d244e8e99b6b89590c7d7218f2c81ec6a7493423bd5b9cdbe6b0480c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\18d574d0-55ee-4dab-b4e2-aa76de5e5dd6.tmp

Filesize
5KB

MD5
a40adff6642a22ec07893c0cb4319a08

SHA1
9215df5d470358c382c35c2820334a0b857e61c4

SHA256
c0d0f99b8289c39cd7deabfff9ef4691c308217e897bcfafb52b8e5719e2691e

SHA512
5c501496c811f172d06625eeee7b6e4bf112f8f8b48929ce841770801d81e74939b2ee84436310d1ce93b1b9f95dfcf8418fd8be21ee04723dea1eced22dac53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
61ff03acb707493e818a93047e3161d3

SHA1
32512552f854669387a6689679c8833f03e1ac6e

SHA256
d06ede1ca558ff073dec16a85b39186d4e3a662203c53280d9989ae71ea67285

SHA512
a3f6ff79f909be92c96c8fed8eade3cab32e17403fd5f127f76811ebad78837d52a8a35e458e1e9d3f563444576cda784c72d0d713bb073c69aa1900a605511f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
303ad8a575b2ac7f1e4bd6d8d925e431

SHA1
051fea3fd5a32e57e260d7934b7f29c3a447ffba

SHA256
24bec37f83971e7bca6004de39ecbda4750225f090a172d075957c96826fdd15

SHA512
d17620a4cb9be8acf1d236f7e0d6966ba3ec1f8e1464a83d663d67c27eb558a70328df932b483ba96af37ace2c52ea8f676f0eaf321bc5ddff77ad468320334f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f3c4650518c34f3bd214be95e7cee21c

SHA1
a8527f9d61d615dfb7c497f154f40e2d78471416

SHA256
228fdf5428bb620aad3821c77d0f1bf68859a5a5f8a7d25a9bcfdb383396a1fd

SHA512
9ee210cfdf715231f1bf8b83890329ba2648a3a7275e8fcceb7cbd89e4420d92f55d92e709b31dd64c62c084f7203b0e938252477b43de29c2e7b29334abdb2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f58c23db4237cd227ecb9a917ede9a73

SHA1
0486ccc1c3fd24b8305d08169a07b70b5170bb08

SHA256
4d524754361f805c5edd9b3b562d01a5654ac1782face9120cb37eb97be78586

SHA512
291d697a7f38c12ffa61804539f8f554ea396cd68a47828fd33045b45d263ecd01bccf63cf4099fbe6d35b254239fff6fa3e8b0721b5b52648cc15e24dcebdaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5989f6.TMP

Filesize
1KB

MD5
133b8fe612dcf710cd7399a1453bb07e

SHA1
07c2a42c51d250c090bf26ddc3d2b894a42e4376

SHA256
9f97f571d76b095004de59eb5406a58dc3dc708c164e0fc5d79e5bb21eaa4576

SHA512
a8254c5632113594109d75089b4184c3391c431c55c2b14cd11f0cc3459875f3eb86a4ca1b2a24f6f2607bfefa4ef9d1a963f879edb26c9b30954f7109fcdc39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
63f49d009746ef0b968a4eb0d5a17a1c

SHA1
e7f489a2193365b609b1bab66cd26dca50f06361

SHA256
16872436ebe2f2a83ade7126f988c2f3df1e60574eb5b306d6eff6a02034209f

SHA512
7c6dd4d588f046ad15253aaa3596e27766ea0cf606e78336f2186749edac97946279cc5b31728d4a8d89178f1f084d52202d8d5eb023030247ea01de4581b7bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_qcdewpaa.olo.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/472-113-0x000001FC27270000-0x000001FC27271000-memory.dmp

Filesize
4KB

Download
memory/472-131-0x000001FC27270000-0x000001FC27271000-memory.dmp

Filesize
4KB

Download
memory/472-59-0x000001FC27580000-0x000001FC27590000-memory.dmp

Filesize
64KB

Download
memory/472-63-0x000001FC27590000-0x000001FC275A0000-memory.dmp

Filesize
64KB

Download
memory/472-64-0x000001FC27650000-0x000001FC27660000-memory.dmp

Filesize
64KB

Download
memory/472-66-0x000001FC275A0000-0x000001FC275B0000-memory.dmp

Filesize
64KB

Download
memory/472-67-0x000001FC27660000-0x000001FC27670000-memory.dmp

Filesize
64KB

Download
memory/472-72-0x000001FC27670000-0x000001FC27680000-memory.dmp

Filesize
64KB

Download
memory/472-71-0x000001FC275B0000-0x000001FC275C0000-memory.dmp

Filesize
64KB

Download
memory/472-75-0x000001FC275C0000-0x000001FC275D0000-memory.dmp

Filesize
64KB

Download
memory/472-76-0x000001FC27680000-0x000001FC27690000-memory.dmp

Filesize
64KB

Download
memory/472-74-0x000001FC27270000-0x000001FC27271000-memory.dmp

Filesize
4KB

Download
memory/472-88-0x000001FC276A0000-0x000001FC276B0000-memory.dmp

Filesize
64KB

Download
memory/472-87-0x000001FC27690000-0x000001FC276A0000-memory.dmp

Filesize
64KB

Download
memory/472-86-0x000001FC275F0000-0x000001FC27600000-memory.dmp

Filesize
64KB

Download
memory/472-85-0x000001FC275E0000-0x000001FC275F0000-memory.dmp

Filesize
64KB

Download
memory/472-84-0x000001FC275D0000-0x000001FC275E0000-memory.dmp

Filesize
64KB

Download
memory/472-95-0x000001FC27610000-0x000001FC27620000-memory.dmp

Filesize
64KB

Download
memory/472-94-0x000001FC276C0000-0x000001FC276D0000-memory.dmp

Filesize
64KB

Download
memory/472-93-0x000001FC276B0000-0x000001FC276C0000-memory.dmp

Filesize
64KB

Download
memory/472-92-0x000001FC27600000-0x000001FC27610000-memory.dmp

Filesize
64KB

Download
memory/472-98-0x000001FC27640000-0x000001FC27650000-memory.dmp

Filesize
64KB

Download
memory/472-101-0x000001FC276E0000-0x000001FC276F0000-memory.dmp

Filesize
64KB

Download
memory/472-99-0x000001FC276D0000-0x000001FC276E0000-memory.dmp

Filesize
64KB

Download
memory/472-97-0x000001FC27630000-0x000001FC27640000-memory.dmp

Filesize
64KB

Download
memory/472-96-0x000001FC27620000-0x000001FC27630000-memory.dmp

Filesize
64KB

Download
memory/472-103-0x000001FC36930000-0x000001FC36931000-memory.dmp

Filesize
4KB

Download
memory/472-110-0x000001FC27650000-0x000001FC27660000-memory.dmp

Filesize
64KB

Download
memory/472-111-0x000001FC276F0000-0x000001FC27700000-memory.dmp

Filesize
64KB

Download
memory/472-55-0x000001FC27570000-0x000001FC27580000-memory.dmp

Filesize
64KB

Download
memory/472-114-0x000001FC27660000-0x000001FC27670000-memory.dmp

Filesize
64KB

Download
memory/472-117-0x000001FC27700000-0x000001FC27710000-memory.dmp

Filesize
64KB

Download
memory/472-116-0x000001FC27670000-0x000001FC27680000-memory.dmp

Filesize
64KB

Download
memory/472-118-0x000001FC27270000-0x000001FC27271000-memory.dmp

Filesize
4KB

Download
memory/472-121-0x000001FC27710000-0x000001FC27720000-memory.dmp

Filesize
64KB

Download
memory/472-120-0x000001FC27680000-0x000001FC27690000-memory.dmp

Filesize
64KB

Download
memory/472-124-0x000001FC27690000-0x000001FC276A0000-memory.dmp

Filesize
64KB

Download
memory/472-125-0x000001FC276A0000-0x000001FC276B0000-memory.dmp

Filesize
64KB

Download
memory/472-126-0x000001FC27720000-0x000001FC27730000-memory.dmp

Filesize
64KB

Download
memory/472-129-0x000001FC27730000-0x000001FC27740000-memory.dmp

Filesize
64KB

Download
memory/472-130-0x000001FC276C0000-0x000001FC276D0000-memory.dmp

Filesize
64KB

Download
memory/472-61-0x000001FC27270000-0x000001FC27271000-memory.dmp

Filesize
4KB

Download
memory/472-134-0x000001FC276D0000-0x000001FC276E0000-memory.dmp

Filesize
64KB

Download
memory/472-135-0x000001FC27740000-0x000001FC27750000-memory.dmp

Filesize
64KB

Download
memory/472-137-0x000001FC27750000-0x000001FC27760000-memory.dmp

Filesize
64KB

Download
memory/472-136-0x000001FC276E0000-0x000001FC276F0000-memory.dmp

Filesize
64KB

Download
memory/472-138-0x000001FC27270000-0x000001FC27271000-memory.dmp

Filesize
4KB

Download
memory/472-139-0x000001FC276F0000-0x000001FC27700000-memory.dmp

Filesize
64KB

Download
memory/472-142-0x000001FC27700000-0x000001FC27710000-memory.dmp

Filesize
64KB

Download
memory/472-143-0x000001FC27710000-0x000001FC27720000-memory.dmp

Filesize
64KB

Download
memory/472-144-0x000001FC27720000-0x000001FC27730000-memory.dmp

Filesize
64KB

Download
memory/472-145-0x000001FC27760000-0x000001FC27770000-memory.dmp

Filesize
64KB

Download
memory/472-147-0x000001FC27730000-0x000001FC27740000-memory.dmp

Filesize
64KB

Download
memory/472-149-0x000001FC27740000-0x000001FC27750000-memory.dmp

Filesize
64KB

Download
memory/472-152-0x000001FC27750000-0x000001FC27760000-memory.dmp

Filesize
64KB

Download
memory/472-153-0x000001FC27770000-0x000001FC27780000-memory.dmp

Filesize
64KB

Download
memory/472-155-0x000001FC27760000-0x000001FC27770000-memory.dmp

Filesize
64KB

Download
memory/472-157-0x000001FC27770000-0x000001FC27780000-memory.dmp

Filesize
64KB

Download
memory/472-159-0x000001FC27780000-0x000001FC27790000-memory.dmp

Filesize
64KB

Download
memory/472-56-0x000001FC27620000-0x000001FC27630000-memory.dmp

Filesize
64KB

Download
memory/472-57-0x000001FC27630000-0x000001FC27640000-memory.dmp

Filesize
64KB

Download
memory/472-58-0x000001FC27640000-0x000001FC27650000-memory.dmp

Filesize
64KB

Download
memory/472-40-0x000001FC275D0000-0x000001FC275E0000-memory.dmp

Filesize
64KB

Download
memory/472-42-0x000001FC275E0000-0x000001FC275F0000-memory.dmp

Filesize
64KB

Download
memory/472-50-0x000001FC27560000-0x000001FC27570000-memory.dmp

Filesize
64KB

Download
memory/472-51-0x000001FC27610000-0x000001FC27620000-memory.dmp

Filesize
64KB

Download
memory/472-43-0x000001FC275F0000-0x000001FC27600000-memory.dmp

Filesize
64KB

Download
memory/472-46-0x000001FC27600000-0x000001FC27610000-memory.dmp

Filesize
64KB

Download
memory/472-45-0x000001FC272F0000-0x000001FC27560000-memory.dmp

Filesize
2.4MB

Download
memory/472-36-0x000001FC275C0000-0x000001FC275D0000-memory.dmp

Filesize
64KB

Download
memory/472-35-0x000001FC275B0000-0x000001FC275C0000-memory.dmp

Filesize
64KB

Download
memory/472-32-0x000001FC275A0000-0x000001FC275B0000-memory.dmp

Filesize
64KB

Download
memory/472-30-0x000001FC27590000-0x000001FC275A0000-memory.dmp

Filesize
64KB

Download
memory/472-28-0x000001FC27580000-0x000001FC27590000-memory.dmp

Filesize
64KB

Download
memory/472-25-0x000001FC27570000-0x000001FC27580000-memory.dmp

Filesize
64KB

Download
memory/472-24-0x000001FC27560000-0x000001FC27570000-memory.dmp

Filesize
64KB

Download
memory/472-21-0x000001FC27270000-0x000001FC27271000-memory.dmp

Filesize
4KB

Download
memory/472-20-0x000001FC27270000-0x000001FC27271000-memory.dmp

Filesize
4KB

Download
memory/472-2-0x000001FC272F0000-0x000001FC27560000-memory.dmp

Filesize
2.4MB

Download
memory/472-162-0x000001FC27780000-0x000001FC27790000-memory.dmp

Filesize
64KB

Download
memory/472-795-0x000001FC27270000-0x000001FC27271000-memory.dmp

Filesize
4KB

Download
memory/3260-175-0x0000024A29830000-0x0000024A29852000-memory.dmp

Filesize
136KB

Download
memory/3260-179-0x0000024A29C00000-0x0000024A29C44000-memory.dmp

Filesize
272KB

Download
memory/3260-180-0x0000024A29CD0000-0x0000024A29D46000-memory.dmp

Filesize
472KB

Download