gootloader | 3ff7002133b24cf5d0fc2ab6164bc3285e6aea09b35ab6a382af72d56abca6e0

Analysis

max time kernel
257s
max time network
258s
platform
windows11-21h2_x64
resource
win11-20250217-en
resource tags

arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
submitted
07/03/2025, 13:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

guarantor for rental agreement ontario 63415.js
Size

841KB
MD5

3dd58dbf8ad6e951b32428ea6c392162
SHA1

1b07118f9cbb86f42ea34020df4665d28683f934
SHA256

07f4d8779c73139723c8880cbd966154bdba4d8b45bf00578778f7500fc37333
SHA512

53ee7c2243aa09841371dd2c6d09ffd05e0567c44821008b389253b10cf1501622aab1b040f1bf39066d08b8597a12cc9430931dbdb7a88acfeebaf6c8618d02
SSDEEP

24576:ovCgo+ogQc5WfNnZmD/nq79qiJle69PGwWpyQTa+FNE3NEr:ovCgo+ogQc5WfNnZmD/nc9qiaGWpyQT3

Score

10^/10

gootloader discovery execution loader

Malware Config

Signatures

GootLoader
JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.
loader gootloader
Gootloader family
gootloader

Blocklisted process makes network request 8 IoCs

flow	pid	Process
45	1044	powershell.exe
46	1044	powershell.exe
47	1044	powershell.exe
100	1044	powershell.exe
104	1044	powershell.exe
106	1044	powershell.exe
109	1044	powershell.exe
113	1044	powershell.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133858272635536062"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "4"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	powershell.exe
Key created	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	powershell.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202020202	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "48"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\0	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "4294967295"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "6"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 03000000020000000100000000000000ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\SniffedFolderType = "Generic"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3517169085-2802914951-552339849-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	msedge.exe

Suspicious behavior: EnumeratesProcesses 41 IoCs

pid	Process
2068	msedge.exe
2068	msedge.exe
3780	msedge.exe
3780	msedge.exe
2080	identity_helper.exe
2080	identity_helper.exe
3336	msedge.exe
3336	msedge.exe
1692	msedge.exe
1692	msedge.exe
1044	powershell.exe
1044	powershell.exe
1044	powershell.exe
1044	powershell.exe
1044	powershell.exe
1044	powershell.exe
1044	powershell.exe
1044	powershell.exe
1044	powershell.exe
2240	chrome.exe
2240	chrome.exe
1044	powershell.exe
1044	powershell.exe
1044	powershell.exe
1044	powershell.exe
1044	powershell.exe
1044	powershell.exe
2240	chrome.exe
2240	chrome.exe
1044	powershell.exe
1044	powershell.exe
1044	powershell.exe
1044	powershell.exe
716	msedge.exe
716	msedge.exe
4704	msedge.exe
4704	msedge.exe
4612	msedge.exe
4612	msedge.exe
1692	identity_helper.exe
1692	identity_helper.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1692	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs

pid	Process
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1044	powershell.exe
Token: SeIncreaseQuotaPrivilege	1044	powershell.exe
Token: SeSecurityPrivilege	1044	powershell.exe
Token: SeTakeOwnershipPrivilege	1044	powershell.exe
Token: SeLoadDriverPrivilege	1044	powershell.exe
Token: SeSystemProfilePrivilege	1044	powershell.exe
Token: SeSystemtimePrivilege	1044	powershell.exe
Token: SeProfSingleProcessPrivilege	1044	powershell.exe
Token: SeIncBasePriorityPrivilege	1044	powershell.exe
Token: SeCreatePagefilePrivilege	1044	powershell.exe
Token: SeBackupPrivilege	1044	powershell.exe
Token: SeRestorePrivilege	1044	powershell.exe
Token: SeShutdownPrivilege	1044	powershell.exe
Token: SeDebugPrivilege	1044	powershell.exe
Token: SeSystemEnvironmentPrivilege	1044	powershell.exe
Token: SeRemoteShutdownPrivilege	1044	powershell.exe
Token: SeUndockPrivilege	1044	powershell.exe
Token: SeManageVolumePrivilege	1044	powershell.exe
Token: 33	1044	powershell.exe
Token: 34	1044	powershell.exe
Token: 35	1044	powershell.exe
Token: 36	1044	powershell.exe
Token: SeIncreaseQuotaPrivilege	1044	powershell.exe
Token: SeSecurityPrivilege	1044	powershell.exe
Token: SeTakeOwnershipPrivilege	1044	powershell.exe
Token: SeLoadDriverPrivilege	1044	powershell.exe
Token: SeSystemProfilePrivilege	1044	powershell.exe
Token: SeSystemtimePrivilege	1044	powershell.exe
Token: SeProfSingleProcessPrivilege	1044	powershell.exe
Token: SeIncBasePriorityPrivilege	1044	powershell.exe
Token: SeCreatePagefilePrivilege	1044	powershell.exe
Token: SeBackupPrivilege	1044	powershell.exe
Token: SeRestorePrivilege	1044	powershell.exe
Token: SeShutdownPrivilege	1044	powershell.exe
Token: SeDebugPrivilege	1044	powershell.exe
Token: SeSystemEnvironmentPrivilege	1044	powershell.exe
Token: SeRemoteShutdownPrivilege	1044	powershell.exe
Token: SeUndockPrivilege	1044	powershell.exe
Token: SeManageVolumePrivilege	1044	powershell.exe
Token: 33	1044	powershell.exe
Token: 34	1044	powershell.exe
Token: 35	1044	powershell.exe
Token: 36	1044	powershell.exe
Token: SeIncreaseQuotaPrivilege	1044	powershell.exe
Token: SeSecurityPrivilege	1044	powershell.exe
Token: SeTakeOwnershipPrivilege	1044	powershell.exe
Token: SeLoadDriverPrivilege	1044	powershell.exe
Token: SeSystemProfilePrivilege	1044	powershell.exe
Token: SeSystemtimePrivilege	1044	powershell.exe
Token: SeProfSingleProcessPrivilege	1044	powershell.exe
Token: SeIncBasePriorityPrivilege	1044	powershell.exe
Token: SeCreatePagefilePrivilege	1044	powershell.exe
Token: SeBackupPrivilege	1044	powershell.exe
Token: SeRestorePrivilege	1044	powershell.exe
Token: SeShutdownPrivilege	1044	powershell.exe
Token: SeDebugPrivilege	1044	powershell.exe
Token: SeSystemEnvironmentPrivilege	1044	powershell.exe
Token: SeRemoteShutdownPrivilege	1044	powershell.exe
Token: SeUndockPrivilege	1044	powershell.exe
Token: SeManageVolumePrivilege	1044	powershell.exe
Token: 33	1044	powershell.exe
Token: 34	1044	powershell.exe
Token: 35	1044	powershell.exe
Token: 36	1044	powershell.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
4704	msedge.exe
4704	msedge.exe

Suspicious use of SendNotifyMessage 46 IoCs

pid	Process
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
2240	chrome.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1692	msedge.exe
1692	msedge.exe
1692	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2068 wrote to memory of 3548	2068	msedge.exe	88
PID 2068 wrote to memory of 3548	2068	msedge.exe	88
PID 2068 wrote to memory of 4748	2068	msedge.exe	89
PID 2068 wrote to memory of 4748	2068	msedge.exe	89
PID 2068 wrote to memory of 4748	2068	msedge.exe	89
PID 2068 wrote to memory of 4748	2068	msedge.exe	89
PID 2068 wrote to memory of 4748	2068	msedge.exe	89
PID 2068 wrote to memory of 4748	2068	msedge.exe	89
PID 2068 wrote to memory of 4748	2068	msedge.exe	89
PID 2068 wrote to memory of 4748	2068	msedge.exe	89
PID 2068 wrote to memory of 4748	2068	msedge.exe	89
PID 2068 wrote to memory of 4748	2068	msedge.exe	89
PID 2068 wrote to memory of 4748	2068	msedge.exe	89
PID 2068 wrote to memory of 4748	2068	msedge.exe	89
PID 2068 wrote to memory of 4748	2068	msedge.exe	89
PID 2068 wrote to memory of 4748	2068	msedge.exe	89
PID 2068 wrote to memory of 4748	2068	msedge.exe	89
PID 2068 wrote to memory of 4748	2068	msedge.exe	89
PID 2068 wrote to memory of 4748	2068	msedge.exe	89
PID 2068 wrote to memory of 4748	2068	msedge.exe	89
PID 2068 wrote to memory of 4748	2068	msedge.exe	89
PID 2068 wrote to memory of 4748	2068	msedge.exe	89
PID 2068 wrote to memory of 4748	2068	msedge.exe	89
PID 2068 wrote to memory of 4748	2068	msedge.exe	89
PID 2068 wrote to memory of 4748	2068	msedge.exe	89
PID 2068 wrote to memory of 4748	2068	msedge.exe	89
PID 2068 wrote to memory of 4748	2068	msedge.exe	89
PID 2068 wrote to memory of 4748	2068	msedge.exe	89
PID 2068 wrote to memory of 4748	2068	msedge.exe	89
PID 2068 wrote to memory of 4748	2068	msedge.exe	89
PID 2068 wrote to memory of 4748	2068	msedge.exe	89
PID 2068 wrote to memory of 4748	2068	msedge.exe	89
PID 2068 wrote to memory of 4748	2068	msedge.exe	89
PID 2068 wrote to memory of 4748	2068	msedge.exe	89
PID 2068 wrote to memory of 4748	2068	msedge.exe	89
PID 2068 wrote to memory of 4748	2068	msedge.exe	89
PID 2068 wrote to memory of 4748	2068	msedge.exe	89
PID 2068 wrote to memory of 4748	2068	msedge.exe	89
PID 2068 wrote to memory of 4748	2068	msedge.exe	89
PID 2068 wrote to memory of 4748	2068	msedge.exe	89
PID 2068 wrote to memory of 4748	2068	msedge.exe	89
PID 2068 wrote to memory of 4748	2068	msedge.exe	89
PID 2068 wrote to memory of 3780	2068	msedge.exe	90
PID 2068 wrote to memory of 3780	2068	msedge.exe	90
PID 2068 wrote to memory of 5032	2068	msedge.exe	91
PID 2068 wrote to memory of 5032	2068	msedge.exe	91
PID 2068 wrote to memory of 5032	2068	msedge.exe	91
PID 2068 wrote to memory of 5032	2068	msedge.exe	91
PID 2068 wrote to memory of 5032	2068	msedge.exe	91
PID 2068 wrote to memory of 5032	2068	msedge.exe	91
PID 2068 wrote to memory of 5032	2068	msedge.exe	91
PID 2068 wrote to memory of 5032	2068	msedge.exe	91
PID 2068 wrote to memory of 5032	2068	msedge.exe	91
PID 2068 wrote to memory of 5032	2068	msedge.exe	91
PID 2068 wrote to memory of 5032	2068	msedge.exe	91
PID 2068 wrote to memory of 5032	2068	msedge.exe	91
PID 2068 wrote to memory of 5032	2068	msedge.exe	91
PID 2068 wrote to memory of 5032	2068	msedge.exe	91
PID 2068 wrote to memory of 5032	2068	msedge.exe	91
PID 2068 wrote to memory of 5032	2068	msedge.exe	91
PID 2068 wrote to memory of 5032	2068	msedge.exe	91
PID 2068 wrote to memory of 5032	2068	msedge.exe	91
PID 2068 wrote to memory of 5032	2068	msedge.exe	91
PID 2068 wrote to memory of 5032	2068	msedge.exe	91

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\guarantor for rental agreement ontario 63415.js"
1⤵
PID:2040

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd257d3cb8,0x7ffd257d3cc8,0x7ffd257d3cd8
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,4323853171549033976,11428351007020478335,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,4323853171549033976,11428351007020478335,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,4323853171549033976,11428351007020478335,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2528 /prefetch:8
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,4323853171549033976,11428351007020478335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,4323853171549033976,11428351007020478335,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,4323853171549033976,11428351007020478335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,4323853171549033976,11428351007020478335,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,4323853171549033976,11428351007020478335,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,4323853171549033976,11428351007020478335,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,4323853171549033976,11428351007020478335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,4323853171549033976,11428351007020478335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,4323853171549033976,11428351007020478335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1928,4323853171549033976,11428351007020478335,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1928,4323853171549033976,11428351007020478335,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4528 /prefetch:8
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,4323853171549033976,11428351007020478335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,4323853171549033976,11428351007020478335,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,4323853171549033976,11428351007020478335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,4323853171549033976,11428351007020478335,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,4323853171549033976,11428351007020478335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:3796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,4323853171549033976,11428351007020478335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1928,4323853171549033976,11428351007020478335,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,4323853171549033976,11428351007020478335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1
  2⤵
  PID:1312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,4323853171549033976,11428351007020478335,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,4323853171549033976,11428351007020478335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:1
  2⤵
  PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,4323853171549033976,11428351007020478335,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1240 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,4323853171549033976,11428351007020478335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:2164

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4656

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5056

C:\Windows\system32\wscript.EXE
C:\Windows\system32\wscript.EXE LIVERT~1.JS
1⤵
PID:2168
- C:\Windows\System32\cscript.exe
  "C:\Windows\System32\cscript.exe" "LIVERT~1.JS"
  2⤵
  PID:3276
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell
    3⤵
    - Blocklisted process makes network request
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd3fc1cc40,0x7ffd3fc1cc4c,0x7ffd3fc1cc58
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1872,i,2453811929388610103,902631285532371300,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1864 /prefetch:2
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1432,i,2453811929388610103,902631285532371300,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2140 /prefetch:3
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,2453811929388610103,902631285532371300,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2000 /prefetch:8
  2⤵
  PID:1400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,2453811929388610103,902631285532371300,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,2453811929388610103,902631285532371300,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4424,i,2453811929388610103,902631285532371300,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:3120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4620,i,2453811929388610103,902631285532371300,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4648 /prefetch:8
  2⤵
  PID:1128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4628,i,2453811929388610103,902631285532371300,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4764 /prefetch:8
  2⤵
  PID:648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4740,i,2453811929388610103,902631285532371300,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4720 /prefetch:8
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4868,i,2453811929388610103,902631285532371300,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4360,i,2453811929388610103,902631285532371300,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3272,i,2453811929388610103,902631285532371300,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3364 /prefetch:8
  2⤵
  PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=212,i,2453811929388610103,902631285532371300,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3328 /prefetch:8
  2⤵
  PID:2464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3384,i,2453811929388610103,902631285532371300,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3204 /prefetch:8
  2⤵
  PID:968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3416,i,2453811929388610103,902631285532371300,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3568 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5124,i,2453811929388610103,902631285532371300,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5340,i,2453811929388610103,902631285532371300,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5188 /prefetch:8
  2⤵
  PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5336,i,2453811929388610103,902631285532371300,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5468 /prefetch:8
  2⤵
  PID:3904

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4060

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd257d3cb8,0x7ffd257d3cc8,0x7ffd257d3cd8
  2⤵
  PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,5903307115544879580,2216714129575582555,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,5903307115544879580,2216714129575582555,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,5903307115544879580,2216714129575582555,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
  2⤵
  PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,5903307115544879580,2216714129575582555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,5903307115544879580,2216714129575582555,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,5903307115544879580,2216714129575582555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3012 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,5903307115544879580,2216714129575582555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:1
  2⤵
  PID:32
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,5903307115544879580,2216714129575582555,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4328 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,5903307115544879580,2216714129575582555,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 /prefetch:8
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,5903307115544879580,2216714129575582555,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1692

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
11143b0d4a4a08d28b1f30115a7d6a7c

SHA1
7467d55823300e4e1c858f6564503fb6a8ef936d

SHA256
fb75e9557aae5df5ffd0144472cfcdfda1b460640719bbf93541f247cdc31282

SHA512
f6e9a5cee01394178b539acb31955775872db8889bef8e2e426fb88f6169191390c74b0bb4913082eb0c3f4806df6adeeaa007bb9fcaa4666a8f13bc0856cadc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
e34dc0e1e02f69bae5e0c7ce09d1e0ef

SHA1
d8e1a19ca66b7bb78a00c4395ce6e6d784fd4650

SHA256
38a1961703190a111f4f559515e908fe04f406886eeb41d71fabbbd038387d94

SHA512
2edae9899084932d4f1d1ed3fb6e0887c754cbeec94058f34019d420694cf146bcd5feeacc1334a592a26d92a73af8d697e44120c7a312fc8652677c9379cbc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
32cca0f1b801f1459680ebe0bcef4313

SHA1
7b2258ed39ba08479d927e5674fe5e9a6053ef4a

SHA256
a8ea328bcb9f5685c29800de7732fab7f2e94050402c434ae38c7b2da046fbf7

SHA512
2ef13959339ec1cb2956ece81136995c0c5916d4be347eb66811115ca76c4c8ddd0640a3a0722841bc571af494bf0859f2725099d6f88e870bc56f6b49ee1980

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
daa0118d1f4c933d5e00fc8eed3c84d5

SHA1
4ffdc71701377df0800acb7c819457923e53e0da

SHA256
be26a5391d4e711542d511dc94a2fca3fc1756e21a3740ac816c07a318454d6a

SHA512
1a1935a9ec8b4a5924645865147b48e8a1b7602e57d274ae42357f2565e0213e181310ae6dff3bb8006d07b85d92893a20004d5257f92c3ff658305ff3ea97d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fef0245f4857c3049be6470dc094a8ba

SHA1
13c3813d40c4c61b380a1d1d3d74f1e23b6091dc

SHA256
81c5e639e2f2008eff0ccc45db0eaca19b444f9a4323b66942a4f1c2fd260ca0

SHA512
652646b644c3e09eb7e9755c105666fb6b5f6e6b99916fc822bfc8361ca080668857b4530d1e3bd6ab300d55dc2d5ecc3e60b6bb7fd60d8dc03ef534a002a0cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1023B

MD5
f6105c61ec2473ed7dd174a69973e30b

SHA1
562551fe4db91e260466420cd9edb934c7cee0f7

SHA256
31dc70bc9faec0fa1599faae1584542b66d53547c78fbf0b83b9eef53fdfe9d3

SHA512
7814516b9ffa7c39aab0fd59c5c113ac23790924a033b24a7231c3469579e63d7e1548d1efa567b40c9bc35dce07a94a5bec18ab1efad8bbfc317e0409a49a8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b90dffe49b0bce75cf543925375464ff

SHA1
d186abedc48a1b5c5899fc1950e43f82c878fbd5

SHA256
d0db981605696a9507266dc2ffed732ccb7c4ddb6fa5ba664e281440778be0ce

SHA512
06c61f0701aee6d9bb68fdeadf2e01a9cae76e5097f17230d45bd154532d0ba34bcb2a80dd2cb9d72713bb2a79335c4af03d3c382639cf3653811b743ce3f295

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e89165303bfe88197ee439cf36e44af4

SHA1
5ea64dca799d35545946355c7055b1ed843d788d

SHA256
c9f13a6cf77b82d44df11bd48579bebf22f6a8f5b77bae3047d3ab4c99216b51

SHA512
d160c4ac14dcf25016f96d3088ae082d0c2c18bad9ebee8d115dd4d3446a6c3c7068308c3d82ff2f205c860e743c7dfd02c9343bd5a9bc5339aa0d4ffd971fe3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9a3ecd393ff37fcc5d87893b08c6b0ca

SHA1
781efd5b7cfc37cc3f679da17b0f8f72d518bff7

SHA256
889352c8d909eaa2928bfaf280f36eca05bb4cb1a5f28f45d25f7df82ab314b7

SHA512
6a1c45176ad962201146049c91e2d8cdba08aba26900fe027207f3eec8613e4f806d65f019af11695d5b6570c460341b8c0c578be8882cd36d8178848729bd10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2ef17381fc31052da5b0f4f242702783

SHA1
83712f8007e04b22a7b0c7fb6de713b6db2bf054

SHA256
3976462af2b26803d560e5f1591a1082beffeb792c119b4487a6f7244ac3ad46

SHA512
86548a3b64ccc275ac6adb138fcd2c5b7eacb8a2cbd2b81b50d96f639d785ba62e572797c7cea0289498ef38ddc5791118ad1fc25314df80509a1f7e0227be22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
28b7e44c97d7cd6b54f0330dde6506ab

SHA1
d0566f09c6bc697f4bca531899806b84b492fb61

SHA256
17d3fd9fce444a89f7f978c85fa92cfafda18b4f59b531dfc926fc35059aa2ed

SHA512
09600bea4ae633f6373b44c765fef87eecde5d508256230652b4e56cbdd0a0103546daf6815f9a0e705674797ab962d4bdaad4ada7e62d0b0d799b425030b406

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
23467696fda22e681e96e721a0c043c3

SHA1
67520c42d8373659d31cc711b0740f0434cb8d80

SHA256
63cf55019c989279b93c2a3dc111fb86d34656be93dff45804b9f7782897f007

SHA512
761d72f01d623a0f79862da43a15acc7be3d146d77a750586c448047c892173bd91c24544c6f118b5d96200383fdb583cb9367fc029effb078ce998af87f917f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
064db79c4d3edf48edc6d26a61988044

SHA1
065878dcda9a93b02d9cac276921c8696ba8379f

SHA256
efd3fb16ad4a65993283c571af8b3332635e2c9d9b1737a00eb747f80429b1b4

SHA512
5527e6d39047a578e85de3ffe185ddc8aa9749a98846b57f1fd19a5961d1f2c649c25b9680e3166527aa537cf519978aff1d8165cc7e0f606af87637adf57b94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b094dc864ec90cf2b689f95ded6669c0

SHA1
9eaf119e36aa6d94148c52e594f84bb32d46cbc6

SHA256
5ed6fa59a7a0fc2dc5615db803cee66358b51f18b140f0f68a2eb13e93e6480c

SHA512
3e2703994b9f31abd6885732a45b382fb2843438f22485c9b8baf9901290371e5847831e4fed686169e183ee37a3689def5beaa3b33088656fb1aae8095eda09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
95c2a219e5006c43c59f2db6ce70bf65

SHA1
cfe81845f8331c29e2f8e737205fd9ec7e97668f

SHA256
dc444349b82b8e703be6624c9548f4bb2089c1e08f589a2240eaa76097f4bd42

SHA512
e00c37b2133c1b9921ac36cc7aa934981b17ac244cc087a7961e771f8cec0beb2772e173180d5adba0e094ba420591bc1a2ca50e95913cd65c207f54110ca6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a9a9b.TMP

Filesize
48B

MD5
d590bc2367e4ac9f9a9c341dd6aa7cd3

SHA1
0277f3bda535392aa4a6fefe4bc6ae4158673ec5

SHA256
dc92f8d2724771527de132156f49addc6ea3257465f8785a7cbd61a2f5aac9c4

SHA512
6e9c045c192a2d8c596a57e7b8dee53c620a8f295544db36dadc0d5ebe96d7dadf44b97dc78a1ed434e360d84e26c73b4b97fa4b9066e7b564abaae0c9b6cbd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
247KB

MD5
b2a6927845e594d18508d1fe53fa0bba

SHA1
92c22a96096e86a5345d88f7e1d8e1a83cc6120b

SHA256
db3f3e9380448bde6376443f9b2e0f8b889d3a8cbb78c511ef86b5257dfbbf3f

SHA512
dbebcd43df3b8d5a196d30742b14e896459f29323c5bed415203293a2cd7d8995fb690342864d7fa7d83e58fedffae94d07525302805750cd7e278deabdd8f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
247KB

MD5
8ba2050fb3edffc6850547aa828f9742

SHA1
ce0527299fb5ff21c8c74cbf5e742c3547cbd216

SHA256
d62eae66337ee2c3a929cd818f54b3c140ff6eae38a14b0dc57481ae123e1c8c

SHA512
dd0eb2a3e367269eaf21c5dba1557f7b8a6fb20171e13abc4716f504a3a11f242b0e2fc9042b37ff030d4baa65e2b66c62593ad0ef9013c3b0b21150a13eaa67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
247KB

MD5
ab73c41a159a17a831d0d5fd57a9ee3a

SHA1
8399243fd5d58d4b010e6fffc7d78ca7a56ecc4b

SHA256
1717dde48a72ce131ca6d315697460cf001022784196ae18f80802a19c55bd95

SHA512
af5c8b6ed4cca2480305fa26854639024726ac712fdde6af286dbe0ac49c8482b727d120f934e0956f2b7b3512a9f2592db31d1b7849dc5cdc3df9ff17dab743

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
124KB

MD5
b445b26d15c0b57b1aa596b6d4983aef

SHA1
5e0d8c3bdc1c3843c979f46313e7449880028504

SHA256
91444cef0a6320337c24d69257b560c72faded7368193af4ae7af3ef905e3c2d

SHA512
d1f4ccbefcc9088068096c8bceb86031d90052f100480b2097a9b42c873301e2e6f6a233406fb7648d857a4f428a9a68e9550351c52c83da23fda11cafd7a130

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
275KB

MD5
b6dadad633b38b35d0eaf34dae0cb91d

SHA1
4473295d656cfe9a5b0fb0902fe699b86725f1ac

SHA256
c55854b43919deafcfd3f582363e235f1d505d3f307b79f43326ddc8c2efeffd

SHA512
6af58efad4bea82316d6525e664bf174fef585a57574e21cb8fa46dacd665d778f228f0a72c208f8fbbd5b86a88415c95904ef646d02073b833860a216bcd982

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
247KB

MD5
30655bdab1a6082dc4b5a6f287cc03cd

SHA1
7e019b29f4fef89c65bd44d2157affd4a1925223

SHA256
2616d206739c900ddf9fdbed2bcd3394199127e320e7dcfe0004d1bef535c0e9

SHA512
67256c64135da10e63887adf5141c2b0ee59461fb62d2ea50fd59c953b133e6c7235e500118c387d4fa9c81b2f718c8dff9278afcfcb30bd71f8c360ea7ba5d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\60f91e36-7b5b-42b4-b936-ae6f831839f6.tmp

Filesize
11KB

MD5
f6cd8552c97f448877d95f0d18889e0b

SHA1
3c4248a1ee87754ec5d126ac6e06cfc52a57a8fa

SHA256
60b90ef5c8f29b34e0908e5fbe708d6662a06a91f0c3c73609d014a15fa6f0f2

SHA512
4892053c45435ce748b3508aae901696c865feb995056c4697442b092d149bb667dabdfe20e6aa1e2a80d627da8d6b12cec5d14fdaa3a2da515b7c9e94d18212

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8787c7a05c06005b69f058d601e78fd4

SHA1
c5f581384268bafd7244638ac230226d7c4e700b

SHA256
4a5fc8cea426c5e77246feaf1f191ae531f537b0cdce30d6b22c9d8ea3af5b23

SHA512
72af26f43cfbf87a7a5fa42f125272bea05ba9c6c49efd64cf971fcf706670aec93b03b913438b085d5e3887ef999e29e0a5b215bd729ec6d820f4e90ba1efdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0517a9ec1a0298a87dac0ad50c998d79

SHA1
c01cab2a1ffb6180134315d827709b46d07018ea

SHA256
084f62f24d15ce30e231b1690497a004070932b3618e06d6b26079a489f689a5

SHA512
d9be6c0e55a74137b1e6dc882b0e665cb6c18fe80ff585cccff0bd4fc32923b155b62000492613c861b3f0cbfa8996dac7ca12d66fcf06d1b1d0e57294dee84d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
236fd72d944b494ed36178d8c80baa40

SHA1
affaef8eea7ac675dfccc68528f9cc828906d209

SHA256
c84f8f8ff1471655a154db4ba294d245cdcee376bd482f7b433b42f28d4f0184

SHA512
6db4bcd8f81de26f8d5a350019f45be7fe00c3531efbc2cf8e96c696b4e75acc81514fbe10c02410895fa318ec1d2c0bfec429da97451d32d9b0a8c340b2894b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f3268da7e4d4aa6e4f3377e9f22755c7

SHA1
b5a829c4be546904a03c0bf38f7934ff389f0234

SHA256
b1fdbd6dd532e629370ddab2ff8e02fa1d86c44c12f0bcc72a0d47d2de324a5e

SHA512
39ef4dabac6686f9402cedcd92f5ee94eb5e518087338748e62b8d834a4462f9d9ad364cc81dd4f95da9d98230044fbdfba15172901f2a2109b1bf6b3fe3fa63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
93KB

MD5
6bb49971fd2f696768b49e449d077baf

SHA1
c7fb981eb81ab982f976860310fe36b187c2375a

SHA256
c05392477c9a3f140fb6bb5c16d5ab8d54f4cc0913982ffa9735a20ba28abe8b

SHA512
16c55052b340fdabff0d220834e3a915e5a04e28698a121bce25326843dc88f7a1a91fc64abdff5acae1b33946f1acb0c4f5e670a4ea050f83c273126ca9e474

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
116KB

MD5
9d3cb25b2c964886db0e31f98504e21f

SHA1
06dd1b98bc017c8717567c8a8ad678a64d1282b9

SHA256
b47d77a16b051c019f0aad776c45d60a08e57fec26161a63f7e39bd89c4a1a6e

SHA512
aad32e369686e304511406d290f11da4f77bb6b4c5c96acf5a07ab63bee398eaf520b603fde9d82745542d1deefcc9123c1adabae83932d1663acc6dd4608aa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
130KB

MD5
85628618abdca526f5a8d534e3e8bfc5

SHA1
e83741f6518338ff758f3bdca8e0769b2fb42920

SHA256
4e6f07c4c9ff5d85eb4ad729b6348f167d5e486a166d9df01b7a1206de7edab6

SHA512
b83d722c4940812815eb0e7b8e4838266ae47d0910c1bff749693f1282ae114ace2e8a648e6ea325e679037cceb8e5c0dae1335af09d7c4e260b98ec60840ae6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
1.6MB

MD5
2e5c06483f553c895229c1f9ee6b1d94

SHA1
116fa0bf4cf4affdd41cf6adf7551b53b0a4ea63

SHA256
9f8db09ac2adb99904868ae3977753fe8fa96f56eaa21e5ca74d8188b0a59146

SHA512
144af5bf3d456235d671d5c307527a27bcde30b15dd27871403250bc7ba8fab7dceb34872966f904d173adec4b62ff0776089120374103d2bc25357f4b456215

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
25KB

MD5
b3eb59cea19193e59671cc3b060ff748

SHA1
1c75471e52d4b12acaf014da93c811f131aa291f

SHA256
5bb25513ec62690ece27c0b581eeb0e3ec80d810ddf451964a7ec407fd3f4a1a

SHA512
8fa3cdfb284ebfa922a0eba048749e4467a3a85522666da6c11d0fa663329f1bb7061846f0276b6850a8143bc51bb399ed42c57de017819f970f8cbedf180eb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
75KB

MD5
3738558adbdf5ffe227a13c14b150c8f

SHA1
6640a72edb5da5cd72166a13c78a1c38ed71349b

SHA256
f610003332e0dd88cb933906d217dd000d7d36e1eeae8359a74789efaba8034a

SHA512
735acd9cd5db2de7ed81a382f2652f9ba398d1801f34c969b6c8dcf517ad9e8f13eab2f3175fcc95f96eba8d1797138d39cde0c02d453af7228cf836941c012b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
131KB

MD5
78be3c618207abd1340ed9f7e4ef74f9

SHA1
057a0377e34e9ee56c5255f88faaa13a9958ba76

SHA256
790f8fc7db756be7ee697c8b5f9fe0b8c451120ebc7fc9b0d72a99cf6470ec5f

SHA512
642279065812ce6055cd10a7edb18083fe5d14dd08198ecc348fe0e25691aca0d911804682324709e6ac198377afe466704d0079157cfc5bf9a0bccee684d32e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
20KB

MD5
1435f3cfd01bf0f3c24b8983e6780db0

SHA1
439ab7ffa6f9d5b654710691d8736eedf2b6e892

SHA256
8cd3f9f312e86bade2e77eb25c28eba805707909441d49e29288944677ce6d47

SHA512
dded0517b2c8f6c6ea045ba87f3ae870df63843291c3e2219e7bdeb4e33baf360b5fdb6065f0566fd1c79253105574ee4ca8cb13a11f7e6a51bf20eacf03155b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
125KB

MD5
53436aca8627a49f4deaaa44dc9e3c05

SHA1
0bc0c675480d94ec7e8609dda6227f88c5d08d2c

SHA256
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1

SHA512
6655e0426eb0c78a7cb4d4216a3af7a6edd50aba8c92316608b1f79b8fc15f895cba9314beb7a35400228786e2a78a33e8c03322da04e0da94c2f109241547e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
41KB

MD5
0aea3df744bd8aec677dd4777a6c570b

SHA1
41dc951a8a2bd2fcfb3dc81c196c8828ada7c4e1

SHA256
bb15265a5766a6351a8673cfa79d8622332f9a5ba175e1c09ae99a49d6deadd0

SHA512
d6d8a1f873e4e328332854545d0ef268fc7c92666f7412549f76340cdf0dec3634cc809da6eb4a8c0902cc5720d1a778c344cf199d4f250daf61184f0a405785

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
215KB

MD5
786c4894e2393c2a6df8fe0fd6aeee3f

SHA1
2242cd681f699ef3d642ed9ed1f202dbf6b0c1b0

SHA256
258ce3bda497a9ddf8e00e70ab2b08608c3f3211aecc90348179eea95be084a4

SHA512
73751c1624a8a7e8141c387159a700f637e4fed6f5974d7402fc4faf4dd72c0779eae74049746098ad2c05765fa97329c51e9cc5f422c02abaaa92035aa991db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
36KB

MD5
aff4f0b8c354c0ed8a5819d36965d67e

SHA1
a7d602a7df9f49631a34170ae7dec0b606346732

SHA256
cfe0f43e1621ba07a91b6167bc6688f936537d93d9d1f0ba13b0f261c66af972

SHA512
7512f6c6e12175f38edbb9341af5d313d0976bbefb9ee9670b202ce9fa21b1b8a590ef19908b6f5441cedd1c67530e1dcea666559a91dfc7146feec7363a048e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
27KB

MD5
6b5c5bc3ac6e12eaa80c654e675f72df

SHA1
9e7124ce24650bc44dc734b5dc4356a245763845

SHA256
d1d3f1ebec67cc7dc38ae8a3d46a48f76f39755bf7d78eb1d5f20e0608c40b81

SHA512
66bd618ca40261040b17d36e6ad6611d8180984fd7120ccda0dfe26d18b786dbf018a93576ebafe00d3ce86d1476589c7af314d1d608b843e502cb481a561348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5bff9fa3f2b1718b_0

Filesize
422KB

MD5
f4911c1a23e282ac58b5cc44075b54f6

SHA1
726fa45f7dfa234b6e65a7fa120116cb7c2ae393

SHA256
410c582c6ff9cfbfa2d9f3222e77bf8a1aa9d2e969c440019afd3a85df2a02b8

SHA512
ef96f4a5cce1f2f4943586ebc1f91d8e4945bc314603137614be3f0646bbc7847dba58e9c2a3ccd9d74ae911913ab35af6f9767457aad15c4cdda4b521681b51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\84c04e6b6c21c12a_0

Filesize
293B

MD5
7075eb97363d0b85de65f1c6073a9e6c

SHA1
2cbeac4a172d1784a939e34256243937db40f970

SHA256
3c3703ee579dcb99c88c0e45a5026d7fbae00cda22abe008692909b26357dcfb

SHA512
c46dd23e1a436863e97df3cd019b3c11ece2ab6021660beedfe28328aa65b695ccb50391f6288808725bd8c74b3d1eb1b0fcf03ba007c32b68a7205c9f0f5354

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
ccf0ed66813f9e7c778093e8842c157a

SHA1
a47c918c3a860c9a592308b58b90dbcbfa7a88ad

SHA256
bb011619fdcfdf7fe5a054c54095a0605dbf8b55166e4dc2174effa93fabd29d

SHA512
3eb0a235ef5b09d771ac7b5abe81220d0447e5e50832621cb1bb0cb1d7e96d0ae53fd24fa97a82d123db4ac25e732dcb405f9329c42e090f9a04118700a34f51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
de710c5a080cb4d759b1c1d88db00a4a

SHA1
e4ee0ae0f187164aee9202f6ae69076d7cc57d05

SHA256
117d097e7d303d774ca0c36b0730e3cf7d26b323ed69407b1551efabb5ad3946

SHA512
db70583778246bcf1e983157907e0833f757c9d878b8ce23a469eb83b490b7597185d753e2a0faa2b4a1b319b0a0be5e33563efe4c6670336e3c335dddda97cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
31107234f5122b5895354d40794b258d

SHA1
34c20c02ecdf6462fe28dedeb8008a3d03220d85

SHA256
42cb7aa492d30201efb4953677e1dd3ed269d953f4378686d83dba7e4b115403

SHA512
f04c2b028e4f0e04ebfa2fccbd0211dae2108e56e5dce8515335e8bb3b60e9873e74ef3cbea9b8e65f6395fe22b7d4c39099786c7328686771b1a3871ab12edb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
1f1d6fa8fb43d512f7b2f65b41f3369c

SHA1
b6843f2934bb1b9271fd19997837b8be71e6b5c2

SHA256
e31072e5be15d1fe500837dd26f19c93be18f814809f46782cfb308056c98902

SHA512
3e05eca29463f66d8ac6ff25dd99c2f0cbef5984c6e3d8043a1a3e0dde8892b90c0ad1f71540d497a1b7de04c1b0e6e083f6202366960cbada35bea8fc7b1828

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
1KB

MD5
496a750b3ef065276ce62f092519af68

SHA1
b4f5ea7bf2059d7ee38c3ba5f31673aedff16269

SHA256
77d992feb0ff6c432c8bafe1dfbf31e7ac848fa30597e10c8b819659f53d58db

SHA512
604863750a886ea7d81586c2a1db1362188644e33a0c3201d1fd6912880286de53659611c6ecd911c6af836178a3c551180bc7dd11d7a5fe5d75438f0b62aab2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
361B

MD5
c6a01b55f018875fd62da6b7fe0b5de8

SHA1
58ade9c85a3468b170a29be308ae58b51e595bc8

SHA256
1da7b61ebfd7a8e1571f7b1b4f49cee246b579d7b0479fc379ca04e1113433dc

SHA512
b0c2297174bba3bea1760efb21156cbfe0c52e8fc744045fa1f3b76ddd963cec7dcbdbfc6a98b58eceaf6b2d8848a79b69cd95fac16f918cc4b28ae0538e30b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
f93a4154457739a14b5fe6516db6ab90

SHA1
f5b2b766975ddf9b9e9fdcb3a5691e01ecce4178

SHA256
de0d809aec50456a18ba21fb882d33b55e0b9d2293ff23ec0997d597ccfff944

SHA512
8df70a4b5a158706c4e930ca26d9f9da3fda656d7e286387c7073bd14da5b266727337218ecda9792021fb226104132cab494d440c6c573a5104dc41f1ed5985

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
54a5014c7efa95938723a4682331f183

SHA1
637bd764befee5f000647864636a3b1a0a75871b

SHA256
32ea7772954e51c49b5f6ce76d60558968c07c5247889313e8611df240745c66

SHA512
2eb02c01a285694f36a76f612d76c3f3bdd87f3bb4cd6431b1d995f49b6e4a92d0378690fa920d591a0c607a5b66a4d1ed17ef0cddc8270e608abf1525b89f97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
be4a63dc090547d4dd9d957f3cc45fb0

SHA1
6a5f91651f65111e482761fd9e2c4a82dbfdf769

SHA256
ac2cf6f55b38ccfe81a6af334e7c2a795ae2ebc332555a16b364b734579c056a

SHA512
1b748767a8c1263d306362e0d2e3f6a08ccf168227ce7198ec50a3e854a080d54b33f3c2dfba87f7aa26d2bd995078f3ec2f635b3bef332f4569c76c32c2b013

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
870e227631b09e124114c473d5b56384

SHA1
f5a3364d577b295f4e02b72e64c8e5e0f9e9f00a

SHA256
f32db126522713a963d8437ec2587737714d4fcb225e6b463e05a2e18e4265cf

SHA512
6027a9fcb46733c82ae7fd4dd4f03ab99047194e9392737e92400792634e1ae5091ae40acff81d5f3cbd316307b6fddc7c06a619f4901e4322a2e22b57210125

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3bf60ae777d5354c211d433ad99f3ce1

SHA1
c6c1f6331d0911849b58c9138a0a997f9dae65d1

SHA256
591f035e2c85eb19eb5aff5ad90a475ecae5e5201d2434a9124faac8ce7bb697

SHA512
b67644a7e1ccc5f192a9881f09515ac3901390574c6e11d7a08058a7d521a83c4e928c7093a640f5e6beca798230b63e2b34663f6205a7eb6e6198298d013a2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5c32f2d1e187482bec93ec536fbdeb20

SHA1
7d91dee2f219c5a7ff37d9776a56a1d78a553807

SHA256
4f5a11dfa29cbd85365c4eafa521eea3685424f11f827dfc58e386455318e555

SHA512
93648724b9747457d0587c4a1fc4d3a719a2865f74f16dc0ba21c2049b2f066e9c715af4e5e325613efeb0a3f3d2473feb40550e2a2bedfe7a061236f1c144ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5c133c346dec8932dba88126032548f0

SHA1
4f08b448cc8ce393c8c5e17d3d6302656bb6bc11

SHA256
f84eab2048d48a8b6e41b18dfff3e845933e05e76f6737469c18a2fd8231fc58

SHA512
7a109df09ab2507abcf89447e3ec120a0b6a5ca96fc3148036edda2101024d5c952034526f117f39c29e15906c0857813a955e82853c4c1c479d49d946b5ba86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c67cf0fa14b54a7aa28af08ee8cec1e0

SHA1
df11eac6169509f3df46f4652649342a550895dd

SHA256
33d02ba4177021250bfbfeabf90defcd5ab7a71bc6c118cb6b97001da2ef517a

SHA512
50b4cf60c7b1810ab831891e044cf0af963c074d99641f8b32da8c65b3c29b078a678b2d6d3d3e3f8ddd51081a19cd2cdc676e6f129a53de3adfa516efd44de6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9740c3b886bd9ffa720d6f122e4390c4

SHA1
d3fe9f96ff42057845de570cf02b0cde7125f4fd

SHA256
abffa85eeeec5ab475da099089a822f9142a45f8d5f98c0e76ac3b8100f30868

SHA512
786493b332e7919ff13e822d75646df5587c4f75f2113d3c73e6fe2044e9535a2472f0ba920556c96042dbd3cd6c9a447b1e63e9a7a6e8d9ea74684830b78293

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
769274a3985aba2c97e693b6e96bb8f9

SHA1
86cf6e3a5f2a5e8e5c80612d7580ab1fcdb6d843

SHA256
a7f50a650e75b5db1f929267510f3ad9367374b02f95972ca1eaeab5ba7ee0cf

SHA512
eb0c31c95a9d4c2f16dd5e288520ee6ae4f697890eab18e237aab21dde94f19f6423855104e13017831efc7b1bfe66f54c3033bd2f59fd4234a43ed302933784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Filesize
125KB

MD5
70df48ad9a5ef66c81d83a36ec3a4244

SHA1
4d66dba65e7f753f63daf15573423c834ae1f556

SHA256
11a77ee310817c4066841d55866c503d580d557880c877987ab90fb711e9a0c0

SHA512
19fbeddad52b38491cbe4598d1c020edde3eab5a131cd6f341d7c1857bd0a66ef79938203b18098952a2201535ffcb77f686d918655541137e532842a2e47e97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
3b4a2f518651da5866398257cb4bce68

SHA1
f7ce8fc7988d01e5f965ce47488485d4bc394319

SHA256
3a30110a2c3480f10de2be99802f2274441b52c73d25f98e7f16024cbe2db9b6

SHA512
569a2357d5b618e509f90c22fe1a4935f5c2c2d60e0d1a584e7cc0e7566accba91d6404309c44b90daf867415ba19e83b7d1d42ef18a2663d701ab878a7cdce5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58c8f8.TMP

Filesize
48B

MD5
e51c8b53f80202f5da6ce28cb814e6e5

SHA1
24d97e6577f6e008c1b3b4889c3df09912150f17

SHA256
c7cac45f87e6f04110f0b4e8451cbe91a62ef3d4108e8493e13b1f5c581b985e

SHA512
a389e09d08f196ae043e3d468f0f2460a8b28de92610c5b21e5bb1e0f7b0fa47dd17724b862318829707936d132ee259ddab86b1d0431779933528ec8abbd0f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13385827141390108

Filesize
23KB

MD5
27e931a105e3533417f11b9f65a07454

SHA1
ea0b5a91a5e13b7c7289ea363fa9d23d2d146b56

SHA256
1cbfe64e98764ea41074ca5a3aa498ad525d532c12f17d707c7f46922acc4cab

SHA512
155f28311c119324cd509d7c1b816f0c7ef8aaff1c68ae7eeb9b1f054b6dcffbef5eff8bde95632df02dd9feaef12cd145d62b0869630dc60764d5a7cbd4b3a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
09656e1fc81d918aab6002b5e1c3a50d

SHA1
a4f407adf01b552adc3c44e5f7f86f7b6c38032f

SHA256
f69e872108a7fcdc12489dd6e44307967261063838d835b1bdc955aad362b201

SHA512
5982df21848b5fe82995004e0d088b8ea1217650a1a2f3f9872197f49f26ca491a460f1086f6f638780a8e29f8988c19f72778d62fe897c8cb90b9fdc6574dab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
7b31af7cb3e3d18a9c25b7bee410feaf

SHA1
48de271e56e8b1ee36ac3f43d860a766193870dc

SHA256
1238795e7cf5ce3b515a255d7bbfbb05c8371c8e02f6ea75d89a7d1496789379

SHA512
626220d9fc0db1fb3b66d19b1c8329b8c61b975aa1ebc2c3841c111694eee66299d2273658e0facae4bd9ede27a18e554cd6b2cd7c3c3c47f15e57b1f175054a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
f4feb950a9e0632b343d61422489bb75

SHA1
da80cc71c7307f40ed41d33957d090f14a66e54f

SHA256
1753b4235292d2dc6740366e5516804e3c9c34a04a50921c3d7804679de97f8b

SHA512
32081a4489ae1e291d0bb6bbf8b2b056b5163eda91368d52f4ca8078c53e2e3d42934d58ad3c7c8c01baeb099cf8bd119ff1d43ebb625af174fbbb462a689ebc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites

Filesize
20KB

MD5
ba1a1921d902b0354df7491b8c504472

SHA1
ecf20dbc5c22c214e1bd9033d5a6e9c8fc0197fc

SHA256
c5afec99874f80cf596a7bd6016cd0f5ab53a645a1662c6634a6f10bd5f074eb

SHA512
dd00bb93b820ac30443f988bfa947f5e2c4b813bb7a2411de4e0ef2ac4414b01f908a61b5e77130acb1d5303e646dbfe25507afd8f5d6f558401d49915b3b7ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
1e8ed39d42f503f1e014fee3ea40e8d1

SHA1
a3f18272b2c8fa42692e74317f90fff22d62069b

SHA256
29c8007db9139cce316ba74e089f45c5b3bd2f652f553224ed45c0d9052ceb71

SHA512
4968ebdb2e536e00a5e534305d8695265849e0dcc75554e9cfdbccdfa21fe5a960aede071d625daeed33565972cc259ad1916839d935636f519c937f2f2b38a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
cf863a4683188d40b79dc23633bcd7dd

SHA1
5b1bea2e1351112d4448ce1fd9a4278057595a31

SHA256
52773c67393672311a0dd2a99b9c95db36a478b4733aabd447cb2840f514f1e2

SHA512
6079d6d213f79e0ca1d3c229ec6870b4b856df89abb12b3d713fc39a27785eeac296b3f3fe13f3738a48e04bea6ae07e18bc9927c6b76d03e1de18945509b47a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58da8c.TMP

Filesize
705B

MD5
7baea22d286098843fad921d9a34fdfe

SHA1
9b63b754b839e928c7898a37026b5bb7621434ec

SHA256
e1000d527fffd034e5efaa465154082e19b0b2e960d3bdb4406fe61e30a762f5

SHA512
1059a2a62b3a061b74544879574a9637a14184ac3e9295422236884b09fd72e31a0e77a5f6bab39bf7151fa156f0e926b245277228a160737100005a6580b49e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
080d04e1997904bd2d61fd44ba49bda6

SHA1
f4ab3f0b36a9b2591d4d97eac57e459753c54355

SHA256
3f01925b07fd95fbcd55106f71ffc5554937546da5dc4f25d2b88b3ada712f33

SHA512
1b2fdefbdc63db17e2440f006234e3e6fb6821b2d90a03902df89f26498587bc46f3cc65a18cac416f53a56f428af45ce6d043421789bf4664c41fb336e2ed6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
112KB

MD5
dda8670e6fd64cce62222e1414629e92

SHA1
29c27c6dc528810ec062bd9c63ba25bfdcac9ee2

SHA256
a5bfd391a63ef85311917deb61db5f31c855dba4f52fc2868976f036313cf497

SHA512
b9037f8d99bd9078da20ba67c6b2f13889667150a9a61240a8b0dc519121c253d65602c05a2a14f7527157eea7005fba99158a1c0256ba0c36e1fcbac1d90643

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\bef0935b-7934-4169-8036-f9ec764cfa9c.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1137c84c1c2af805d5b2dc767cc46392

SHA1
3caffdec32f1e13bb29ed32a5f79e6851367551a

SHA256
07f23271f63a38e5d659d7f9c81c90b767e6d24b3b1f7ce64f0d5c3783c62df2

SHA512
b008cbb9b2c8537dc66acb5d90eef846e5cdb69d6edfaa01b4d84a71ba6eafc0e7a37c3f31181cb076777c6a3361ef647630025ea5183586be246af53075fca3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a3c76c0877911e0f023fb13d7788551d

SHA1
630e34c170bb2f17288e31314fc931aef1391cc5

SHA256
5cac57ad9bc32ad167998a9dff820fab2138eaa8ada39bb363c5910289151bfe

SHA512
ae1414cd96bd212318e3e79d096736ff321a813d44e2dbf452fcbac5f896ac78d62a65fc99d677660e7f373e40fd4d91d4b83f4a5a77332828438d8f84fdfe5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
0a71bcad983a93fb2a1c1e4858240ad9

SHA1
a98c6ede9b6d63cda7b0b6e0b2158b8a23327695

SHA256
31c8ca71eaa33e35693f9b2551eacad866210ff6e3c7bd352f06de05296efaff

SHA512
cedb74d66646e2960c92c0447f956c74b12bc803d335726f9bdf08e04d07ec02b0f8f1cbe8ef06989755617e821812826f19791227c8ce62b7f47251c754a22d

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ymnylaiw.x1e.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\LIVERT~1.JS

Filesize
39.9MB

MD5
be00e37c595506cc2ab7c6e56e3cb17e

SHA1
e2ec00d95e514caf0e8196b9819b27b34246f4b4

SHA256
2beb5f6dd4acb25a52a4d1d487606d0a7b469d45908ae4f7d8a3b1df1468dc40

SHA512
b82b7861eaf4f8666d8dd139a2fae5684474636b67032bed5b73476f289220b9006f7081c76647aa489a7886ff3ca0b6c2e14f541c868033eff73d8f175008a2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
12KB

MD5
9c37e5c1e59ac1790ec56fec001275a2

SHA1
69034c4015d25c35eba4eebae55537757eda71e5

SHA256
172750abb746c1b455a4f3386b93e28c2a6918098311d635924b823ed9340f2d

SHA512
e779ae5581ed19310bfc2d0dba5d63d95f57c209706f240e5f849483521886dd86311635a0997f36441606393220fb1aeb3f1652a56bf0e1e10fc71a337915be

Download Submit
memory/1044-415-0x00000219487D0000-0x00000219487F2000-memory.dmp

Filesize
136KB

Download
memory/1044-426-0x00000219612F0000-0x0000021961336000-memory.dmp

Filesize
280KB

Download
memory/1044-432-0x0000021961660000-0x000002196168A000-memory.dmp

Filesize
168KB

Download
memory/1044-433-0x0000021961660000-0x0000021961684000-memory.dmp

Filesize
144KB

Download