50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326

max time kernel
877s
max time network
883s
platform
windows11-21h2_x64
resource
win11-20250217-en
resource tags

arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
submitted
06/03/2025, 00:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ubuntu2404-amd64-20240523-uk.ps1
Size

1B
MD5

f1290186a5d0b1ceab27f4e77c0c5d68
SHA1

aff024fe4ab0fece4091de044c58c9ae4233383a
SHA256

50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326
SHA512

aa66509891ad28030349ba9581e8c92528faab6a34349061a44b6f8fcd8d6877a67b05508983f12f8610302d1783401a07ec41c7e9ebd656de34ec60d84d9511

Score

4^/10

discovery execution

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
4656	powershell.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133856945318905947"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1408376509-1621642251-2666462513-1000\{DCFB5B13-FBD9-468D-8D4E-76871652315F}	chrome.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
4656	powershell.exe
4656	powershell.exe
3476	chrome.exe
3476	chrome.exe
2948	msedge.exe
2948	msedge.exe
2484	msedge.exe
2484	msedge.exe
2500	identity_helper.exe
2500	identity_helper.exe
1372	msedge.exe
1372	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe

Suspicious use of AdjustPrivilegeToken 35 IoCs

description	pid	Process
Token: SeDebugPrivilege	4656	powershell.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe
Token: SeShutdownPrivilege	3476	chrome.exe
Token: SeCreatePagefilePrivilege	3476	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
3476	chrome.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3476 wrote to memory of 1036	3476	chrome.exe	86
PID 3476 wrote to memory of 1036	3476	chrome.exe	86
PID 3476 wrote to memory of 3412	3476	chrome.exe	87
PID 3476 wrote to memory of 3412	3476	chrome.exe	87
PID 3476 wrote to memory of 3412	3476	chrome.exe	87
PID 3476 wrote to memory of 3412	3476	chrome.exe	87
PID 3476 wrote to memory of 3412	3476	chrome.exe	87
PID 3476 wrote to memory of 3412	3476	chrome.exe	87
PID 3476 wrote to memory of 3412	3476	chrome.exe	87
PID 3476 wrote to memory of 3412	3476	chrome.exe	87
PID 3476 wrote to memory of 3412	3476	chrome.exe	87
PID 3476 wrote to memory of 3412	3476	chrome.exe	87
PID 3476 wrote to memory of 3412	3476	chrome.exe	87
PID 3476 wrote to memory of 3412	3476	chrome.exe	87
PID 3476 wrote to memory of 3412	3476	chrome.exe	87
PID 3476 wrote to memory of 3412	3476	chrome.exe	87
PID 3476 wrote to memory of 3412	3476	chrome.exe	87
PID 3476 wrote to memory of 3412	3476	chrome.exe	87
PID 3476 wrote to memory of 3412	3476	chrome.exe	87
PID 3476 wrote to memory of 3412	3476	chrome.exe	87
PID 3476 wrote to memory of 3412	3476	chrome.exe	87
PID 3476 wrote to memory of 3412	3476	chrome.exe	87
PID 3476 wrote to memory of 3412	3476	chrome.exe	87
PID 3476 wrote to memory of 3412	3476	chrome.exe	87
PID 3476 wrote to memory of 3412	3476	chrome.exe	87
PID 3476 wrote to memory of 3412	3476	chrome.exe	87
PID 3476 wrote to memory of 3412	3476	chrome.exe	87
PID 3476 wrote to memory of 3412	3476	chrome.exe	87
PID 3476 wrote to memory of 3412	3476	chrome.exe	87
PID 3476 wrote to memory of 3412	3476	chrome.exe	87
PID 3476 wrote to memory of 3412	3476	chrome.exe	87
PID 3476 wrote to memory of 3412	3476	chrome.exe	87
PID 3476 wrote to memory of 4688	3476	chrome.exe	88
PID 3476 wrote to memory of 4688	3476	chrome.exe	88
PID 3476 wrote to memory of 1332	3476	chrome.exe	89
PID 3476 wrote to memory of 1332	3476	chrome.exe	89
PID 3476 wrote to memory of 1332	3476	chrome.exe	89
PID 3476 wrote to memory of 1332	3476	chrome.exe	89
PID 3476 wrote to memory of 1332	3476	chrome.exe	89
PID 3476 wrote to memory of 1332	3476	chrome.exe	89
PID 3476 wrote to memory of 1332	3476	chrome.exe	89
PID 3476 wrote to memory of 1332	3476	chrome.exe	89
PID 3476 wrote to memory of 1332	3476	chrome.exe	89
PID 3476 wrote to memory of 1332	3476	chrome.exe	89
PID 3476 wrote to memory of 1332	3476	chrome.exe	89
PID 3476 wrote to memory of 1332	3476	chrome.exe	89
PID 3476 wrote to memory of 1332	3476	chrome.exe	89
PID 3476 wrote to memory of 1332	3476	chrome.exe	89
PID 3476 wrote to memory of 1332	3476	chrome.exe	89
PID 3476 wrote to memory of 1332	3476	chrome.exe	89
PID 3476 wrote to memory of 1332	3476	chrome.exe	89
PID 3476 wrote to memory of 1332	3476	chrome.exe	89
PID 3476 wrote to memory of 1332	3476	chrome.exe	89
PID 3476 wrote to memory of 1332	3476	chrome.exe	89
PID 3476 wrote to memory of 1332	3476	chrome.exe	89
PID 3476 wrote to memory of 1332	3476	chrome.exe	89
PID 3476 wrote to memory of 1332	3476	chrome.exe	89
PID 3476 wrote to memory of 1332	3476	chrome.exe	89
PID 3476 wrote to memory of 1332	3476	chrome.exe	89
PID 3476 wrote to memory of 1332	3476	chrome.exe	89
PID 3476 wrote to memory of 1332	3476	chrome.exe	89
PID 3476 wrote to memory of 1332	3476	chrome.exe	89
PID 3476 wrote to memory of 1332	3476	chrome.exe	89
PID 3476 wrote to memory of 1332	3476	chrome.exe	89

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\ubuntu2404-amd64-20240523-uk.ps1
1⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee7dfcc40,0x7ffee7dfcc4c,0x7ffee7dfcc58
  2⤵
  PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1804,i,11323050152035372176,12774022915261990516,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1800 /prefetch:2
  2⤵
  PID:3412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1940,i,11323050152035372176,12774022915261990516,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2108 /prefetch:3
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2184,i,11323050152035372176,12774022915261990516,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2200 /prefetch:8
  2⤵
  PID:1332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3076,i,11323050152035372176,12774022915261990516,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,11323050152035372176,12774022915261990516,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4416,i,11323050152035372176,12774022915261990516,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4448 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4264,i,11323050152035372176,12774022915261990516,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4272 /prefetch:8
  2⤵
  PID:3892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4400,i,11323050152035372176,12774022915261990516,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4640 /prefetch:8
  2⤵
  PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3552,i,11323050152035372176,12774022915261990516,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3056 /prefetch:8
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4832,i,11323050152035372176,12774022915261990516,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4848 /prefetch:8
  2⤵
  PID:1104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4812,i,11323050152035372176,12774022915261990516,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4760 /prefetch:8
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4800,i,11323050152035372176,12774022915261990516,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4824 /prefetch:8
  2⤵
  PID:3372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4764,i,11323050152035372176,12774022915261990516,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4868 /prefetch:8
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3056,i,11323050152035372176,12774022915261990516,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5140 /prefetch:8
  2⤵
  PID:780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4928,i,11323050152035372176,12774022915261990516,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5128 /prefetch:2
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5180,i,11323050152035372176,12774022915261990516,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4224 /prefetch:8
  2⤵
  PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4860,i,11323050152035372176,12774022915261990516,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5320 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2584

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2364

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffee8633cb8,0x7ffee8633cc8,0x7ffee8633cd8
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,1143662146329545155,8024367723031307620,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,1143662146329545155,8024367723031307620,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,1143662146329545155,8024367723031307620,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1143662146329545155,8024367723031307620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1143662146329545155,8024367723031307620,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1143662146329545155,8024367723031307620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1143662146329545155,8024367723031307620,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,1143662146329545155,8024367723031307620,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,1143662146329545155,8024367723031307620,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1143662146329545155,8024367723031307620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1143662146329545155,8024367723031307620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1143662146329545155,8024367723031307620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1143662146329545155,8024367723031307620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:2736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1143662146329545155,8024367723031307620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,1143662146329545155,8024367723031307620,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1143662146329545155,8024367723031307620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1143662146329545155,8024367723031307620,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1143662146329545155,8024367723031307620,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1143662146329545155,8024367723031307620,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,1143662146329545155,8024367723031307620,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1020 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2188

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
c8dc607a079f4832363a21af99dc66c8

SHA1
5f5c5c98e6daaa6a67e3bb2a411dcf1a723f4dfb

SHA256
54a12d38db4c920730dec78a4f51e18312891cd1eb35a4f1afeeee0731163c64

SHA512
13aa73a7ebae69c1084d5b18b9444c78c8b24f5cb228e28042292d409dc310bc671e8d534faf086a9ea50c863fdd01c915faf4883d2f938ef2b5e126e8a11daf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
161ce5a885d0fdb2d9434fb60f9f20c3

SHA1
9c5bae83ec2c55027773f99ebc650f149c4fd2ca

SHA256
f274b4724aed547535186e61c81fe542acfc4beb72cc9e4fa4dc05c7f466d695

SHA512
7505d7da61adefa0d697a3e97c43fc4aac21a12dad91185cdd984e3a35a3d9e6d78bc1dc1a24de582bb9c0da7d909b1619c85551d6db231aa62a58ee11bddae2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
63de9cc2e3beff74827856d934013169

SHA1
f72281b39fbf461fe9914252e78f5460f07a8b43

SHA256
049de199d3d79a4d967014f1b0fc338b7f29e1d0f6587f4fa6c1c2287494da28

SHA512
dc02ba35826de35e6f29bdbb0c440a5f7c9c1db61b05caad6fb5df7207ee27725e016961b8af24f4f33dd8273eafd5535fd0b0b43ca9a6efc3fbdaf673ef81f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1aa852424bb9991f6d368499407bdbfd

SHA1
87416333a8a53bdbe12aa53c1372bcebb12baaa4

SHA256
23b798c363d209ee25a7b86e51c49cc116a5b1af762ae651709b6b7b1c309fbf

SHA512
3fb29e68f891f387da8ae86a3543977fa40cb22f2b8293c0e3d410c5f8a9672a818a492b46e56ad552e221eec2b72e0680d393dd2f0684ded0c38eeddde1d091

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0182cd20d22e3a5329b6742d14d79b09

SHA1
8e05bb7939a18f7cd1ab582053c434cc89a9e6e7

SHA256
d6da1e2f1f2213064f054577e8904ed6a9571e660a815e71937396fb08c25958

SHA512
9700a235e85189814ca87c9b87280039327f91136bb3b36ca76a6faa62a3f3a395339aca8ece595ee94418e5119cc7304f709d600e0cea495bcaf2c174041b5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
8670315475933770c517477ad8221b2a

SHA1
dade1b8cba6384ab94d39295627fd79f7aad4603

SHA256
6d318bf93835d0728f5206e21bbd61e4ff7086093f610cb631bf3be9d496586c

SHA512
715343c6cfba9ab33b1307de24214395865b8995d568c63e5daad1fa27d53150e62d01e7934ed677a0ec9c1c45c147f266c713f2d51a755d347db71ee6da0171

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
0345a097a2ae85cd3377d191ee28656e

SHA1
abfc4dd2c4e66b8c26d934acc44b64383b9bdbc8

SHA256
98d93cab11c0d34026abd0a9cb62102422e2d44c0477f80193ea44dffa89ad9c

SHA512
143a9b1eb628df202da1af412d181e791b9f08c7c381312b99b54eb640d2872637b93efd49665de688a0f990e7d768d569f92a9a484508009d6d69c13fd93f26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
244KB

MD5
d32326a541eabd67c0f358778fd03636

SHA1
a410aa03b64a4dbc895b835cef4ec23d19b59922

SHA256
ea0ca1f7e15765ffe19cd49861a2e4dbfb58305c2eee5b4762d1f41f0bb6286b

SHA512
b51262520924407fcde409007d7a0e5753174236597fd3f253d6599f714be3386d58f7d6949ca7d98c955acf8156b7ac9eeb99f3ed4be09d0ce57bc1daaac623

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
244KB

MD5
1c10e12394972c6d9f443bdfafa70f10

SHA1
49d562ecb9ccaa0fc937a30553354b80e19b70b1

SHA256
c840b6bdab50784f5ca2dfe8d026d6492dceaa379c8085eeaa66ba6f3f0fe6df

SHA512
56cf2e9e3dabbc66a8f45bd4579577bacba5ea52d27353b463092e831ba7f048fae793cb2273e27d2a4c09aef4f040c5e035ef5b40ecaa242c77310b8eced61d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a1ea058d6231b47f5bb8557adba13351

SHA1
111dbb6ffff6517e11719a20683fd7f4ef0579d2

SHA256
f5a91a0770c54a1601557b8babfcc7813972275da171c384cc8929d2910a851f

SHA512
e613f481c50b5a7022a763d13ac1b1ebb6a9d4d973de95108d95d23844d9d526d8c90f391493f043e86e22e9a5abd8a3a4cab5f2def248033d0eb9421091889b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
46ec2d399c9d10a0545cb514e47de14e

SHA1
98fc6f3f34f4082b8d81cc50dc571ec06eb454ca

SHA256
f50fff32b15e4b61c3cb18655c3daf46a83556aef1f3ff8d9ed074f298f247a5

SHA512
993b723da7b0ffcaa731a1f06057bf2ebdc2fd518ef8765b4f625b9fd0094cc6abdccfe998d0e6cb760a3e5d6c411b197a47e67c1de5a6ec4315d017a552a2be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8a4b3343-c4a8-49c9-9782-c411ac65cbc5.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0da848f61b9e7e9dadff90f8d22d72b1

SHA1
0930342115cae8f893501b3f50f7e642cefb83f9

SHA256
3a659a767c2aec3c4ca59966fa7d0962ab36db8a7548aa9f83f56b56bd8e4d5e

SHA512
35cd75d4f19970e59e57b1caf4456a2b2db6ff25f7276daa4fe835f06a26430a35cc3c482fcea8682df0976a4e4deffe9eb2e53aea56627404fa88ed6990ea6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
709B

MD5
252007c49c67058a9d0caa002a0cfdb5

SHA1
9b941c48a34ab88e0398b14f5baf9a11ae8cf7dc

SHA256
27112dbf73e14b952e9420f68adb7c7339ee21ee774e6ef92e2bd759713d5729

SHA512
53eabc5810770a73d368d79a89b15456d70ac87ecf3ec60ba57b5d25c7bb0cf78b5936a6c85dd7de2096e9c83a844e27489432c1f18404e879e026ec9184af09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
623B

MD5
b0e5d2aab6d8c69a54f0575d02dc9b5e

SHA1
2aa065081d9ebf72e2f2667f665928bc64c681c8

SHA256
07a5e6c613273be67ebaee8b20a6d4b0a48c38773209c0277c4f16b9315a00f5

SHA512
ace7dac18b4f5005f564c98d2e9214dd7754c84a1e2e4a1eaa340252d1bc09e95702abd420abea959afd81c9b40dc050bf945c7fc826168b22f54519aca9bb7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bb9d1ceef2982b03e71551324733099e

SHA1
0e20c7031097e978de4ce0c16014b24657ac2e86

SHA256
2c3f0beae13066bf20bc004934e0206b5daff2ac0d17b06cea16972eb2dd0216

SHA512
c3055fb107739f710970ee4388ef27c1d6ad76b47cb87c1089692f6d4e883f9ee2d801a64c2676f1387298032592e8e82b2f9583155125132d7f9fde46189416

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
070fd498908ee08478d907509d7e0286

SHA1
2a00314758488477c0cad920ee7725dc6ce17b7a

SHA256
f834c286b445f971a44359901db4ee748d5d06be2db2c647c3d00d5b706c07f4

SHA512
c13566271d4cc3a55f5f61d9b5b688212b6efef5b4072b9bc79865b01b707ce6f63253056ee71146690ba09bc4d817e7d75df0aee3f15d009093d1df601b7ad6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
07b8f01a4faf6044effa7e8f19e09777

SHA1
b4695b7cfa50825a0f4f9a96ee98930ca1399758

SHA256
aa7a1c10e13b5a3a7e3454cb8d36446310505b6f2328fee62e79710386cd33cf

SHA512
a19e9c643f32eee861dd2eb04df1f875f0a569d92caaa0f0d3cef6fa7262a75b06a4f81b7a3e0d79fa706b57c9849bdc4cf0ac42721f3dc0b19382d5f25f7b36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
34890388b62c15dcd8de4781db4ab570

SHA1
edabe2cd8cd0d82c0b89303edd726b8369443234

SHA256
e6ebc14d3474417163116f0812298c751715e4ba68f3247119c3fa1565cb8bb8

SHA512
ea97e90c0d434e58a8b932c651c77ad28fa19aa87eb8ae4d72abc752c239faf64662234cd598edd614b2aaeb3d4d0052dfe0683f2850d169a8cafc580959b87f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe597371.TMP

Filesize
1KB

MD5
06f8985f1935aeb533bf699c2057fe9a

SHA1
462d1dc18a7d4db2ad9e42cd183350cf138af615

SHA256
6405f9461dd2c0a7450f7b178be934a3234e33c4c66e46f6070703e7e0092923

SHA512
104a3f44e7a9725fd48e7bef75d4a78fbf0a3b6be94ee72efccc24d521698ba101a3b95d340e84bcf168412a6fb1879f6324268d1aef0c265a4e466c35024390

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0e30085951b66a33299f562a92763988

SHA1
ada4551fdff844b3b3a3f85b5d94a9d314b89e81

SHA256
704a1e25a1645009f351bd788ab177c0368c51b89a569293048607c166be96db

SHA512
74bb4d8c8ac9495087c707609e5365e7f3edda4d4e647a0f192be5848bf8bfd1aa3fd448b9207db33d15de71e4edf2dde9ef5a3151bccf3c8645bae0e657e339

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_rultkwil.3u5.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3476_1251903684\656861e9-74a9-45b5-ac92-0ad58d295e56.tmp

Filesize
150KB

MD5
eae462c55eba847a1a8b58e58976b253

SHA1
4d7c9d59d6ae64eb852bd60b48c161125c820673

SHA256
ebcda644bcfbd0c9300227bafde696e8923ddb004b4ee619d7873e8a12eae2ad

SHA512
494481a98ab6c83b16b4e8d287d85ba66499501545da45458acc395da89955971cf2a14e83c2da041c79c580714b92b9409aa14017a16d0b80a7ff3d91bad2a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3476_1251903684\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
memory/4656-16-0x00007FFED6560000-0x00007FFED7022000-memory.dmp

Filesize
10.8MB

Download
memory/4656-13-0x00007FFED6560000-0x00007FFED7022000-memory.dmp

Filesize
10.8MB

Download
memory/4656-0-0x00007FFED6563000-0x00007FFED6565000-memory.dmp

Filesize
8KB

Download
memory/4656-9-0x00000172F0100000-0x00000172F0122000-memory.dmp

Filesize
136KB

Download
memory/4656-10-0x00007FFED6560000-0x00007FFED7022000-memory.dmp

Filesize
10.8MB

Download
memory/4656-12-0x00007FFED6560000-0x00007FFED7022000-memory.dmp

Filesize
10.8MB

Download
memory/4656-11-0x00007FFED6560000-0x00007FFED7022000-memory.dmp

Filesize
10.8MB

Download