af23ff1818fe3c7fe2a9539e34ab1fa98c254e37fb90d349d6ed87795cefd62e

Resubmissions

01-07-2024 08:58

240701-kw98xaselg 6

01-07-2024 08:49

01-07-2024 08:34

01-07-2024 08:31

01-07-2024 08:26

01-07-2024 08:15

Analysis

max time kernel
229s
max time network
232s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
01-07-2024 08:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

491KB
MD5

06352c227e31e52c4a33996144be71da
SHA1

2e2879e290b3a411a80ec6661c9e277a8f21b2e7
SHA256

af23ff1818fe3c7fe2a9539e34ab1fa98c254e37fb90d349d6ed87795cefd62e
SHA512

40e5d682b3186f1a69c248e6199648b378ad825f8ae5db319979af7af123374dab1706032f7ad196afed8e74741abdaded1ec9d9ea5b85dc71995f4478009b5f
SSDEEP

6144:VD/AY/AYrAYyAYdAYSAYKAYsAYzAYpAYgbg:VDAiAUARA0A5ANA9AOAWAbbg

Score

8^/10

discovery exploit

Malware Config

Signatures

Downloads MZ/PE file
Possible privilege escalation attempt 3 IoCs
exploit

Processes:

takeown.exeicacls.exetakeown.exe

pid process

2580 takeown.exe
1884 icacls.exe
1120 takeown.exe
Executes dropped EXE 1 IoCs

Processes:

PCToaster.exe

pid process

1220 PCToaster.exe
Modifies file permissions 1 TTPs 3 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

icacls.exetakeown.exetakeown.exe

pid process

1884 icacls.exe
1120 takeown.exe
2580 takeown.exe

pid	process
2580	takeown.exe
1884	icacls.exe
1120	takeown.exe

pid	process
1220	PCToaster.exe

pid	process
1884	icacls.exe
1120	takeown.exe
2580	takeown.exe

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

mountvol.exetakeown.exemountvol.exemountvol.exemountvol.exemountvol.exemountvol.exemountvol.exemountvol.exemountvol.exemountvol.exemountvol.exetakeown.exemountvol.exemountvol.exemountvol.exemountvol.exemountvol.exemountvol.exemountvol.exemountvol.exemountvol.exemountvol.exemountvol.exe

description	ioc	process
File opened (read-only)	\??\M:	mountvol.exe
File opened (read-only)	\??\V:	takeown.exe
File opened (read-only)	\??\A:	mountvol.exe
File opened (read-only)	\??\B:	mountvol.exe
File opened (read-only)	\??\E:	mountvol.exe
File opened (read-only)	\??\G:	mountvol.exe
File opened (read-only)	\??\J:	mountvol.exe
File opened (read-only)	\??\K:	mountvol.exe
File opened (read-only)	\??\N:	mountvol.exe
File opened (read-only)	\??\U:	mountvol.exe
File opened (read-only)	\??\X:	mountvol.exe
File opened (read-only)	\??\Z:	mountvol.exe
File opened (read-only)	\??\V:	takeown.exe
File opened (read-only)	\??\L:	mountvol.exe
File opened (read-only)	\??\P:	mountvol.exe
File opened (read-only)	\??\Q:	mountvol.exe
File opened (read-only)	\??\R:	mountvol.exe
File opened (read-only)	\??\Y:	mountvol.exe
File opened (read-only)	\??\O:	mountvol.exe
File opened (read-only)	\??\T:	mountvol.exe
File opened (read-only)	\??\W:	mountvol.exe
File opened (read-only)	\??\H:	mountvol.exe
File opened (read-only)	\??\I:	mountvol.exe
File opened (read-only)	\??\S:	mountvol.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service
T1102

Processes:

flow ioc

5 raw.githubusercontent.com
16 raw.githubusercontent.com
60 raw.githubusercontent.com

flow	ioc
5	raw.githubusercontent.com
16	raw.githubusercontent.com
60	raw.githubusercontent.com

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

vds.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	vds.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	vds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	vds.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	vds.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Kills process with taskkill 1 IoCs
evasion

Processes:

taskkill.exe

pid process

5300 taskkill.exe

pid	process
5300	taskkill.exe

Modifies registry class 3 IoCs

Processes:

msedge.exeMiniSearchHost.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3001105534-2705918504-2956618779-1000\{D249D8B5-0CC4-4E14-9229-630536273AEE}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3001105534-2705918504-2956618779-1000\{7E6AE885-4729-49D1-98FC-5D40DA7A99F4}	msedge.exe

NTFS ADS 2 IoCs

Processes:

msedge.exemsedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 352272.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\PCToaster.exe:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 27 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
2196	msedge.exe
2196	msedge.exe
1204	msedge.exe
1204	msedge.exe
232	identity_helper.exe
232	identity_helper.exe
856	msedge.exe
856	msedge.exe
3488	msedge.exe
3488	msedge.exe
2308	msedge.exe
2308	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
1420	msedge.exe
1420	msedge.exe
4352	msedge.exe
4352	msedge.exe
3144	msedge.exe
3144	msedge.exe
4692	identity_helper.exe
4692	identity_helper.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

Processes:

msedge.exemsedge.exe

pid	process
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

takeown.exetaskkill.exe

description pid process

Token: SeTakeOwnershipPrivilege 1120 takeown.exe
Token: SeDebugPrivilege 5300 taskkill.exe

description	pid	process
Token: SeTakeOwnershipPrivilege	1120	takeown.exe
Token: SeDebugPrivilege	5300	taskkill.exe

Suspicious use of FindShellTrayWindow 62 IoCs

Processes:

msedge.exemsedge.exe

pid	process
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exemsedge.exe

pid	process
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe

Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

javaw.exeMiniSearchHost.exePickerHost.exe

pid process

2652 javaw.exe
2652 javaw.exe
2652 javaw.exe
2652 javaw.exe
4412 MiniSearchHost.exe
5420 PickerHost.exe

pid	process
2652	javaw.exe
2652	javaw.exe
2652	javaw.exe
2652	javaw.exe
4412	MiniSearchHost.exe
5420	PickerHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1204 wrote to memory of 2436	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 2436	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 4420	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 4420	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 4420	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 4420	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 4420	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 4420	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 4420	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 4420	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 4420	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 4420	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 4420	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 4420	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 4420	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 4420	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 4420	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 4420	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 4420	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 4420	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 4420	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 4420	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 4420	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 4420	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 4420	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 4420	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 4420	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 4420	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 4420	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 4420	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 4420	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 4420	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 4420	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 4420	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 4420	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 4420	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 4420	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 4420	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 4420	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 4420	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 4420	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 4420	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 2196	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 2196	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 3896	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 3896	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 3896	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 3896	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 3896	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 3896	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 3896	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 3896	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 3896	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 3896	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 3896	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 3896	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 3896	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 3896	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 3896	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 3896	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 3896	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 3896	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 3896	1204	msedge.exe	msedge.exe
PID 1204 wrote to memory of 3896	1204	msedge.exe	msedge.exe

Views/modifies file attributes 1 TTPs 1 IoCs
evasion

Hidden Files and Directories
T1564.001

Processes:

attrib.exe

pid process

2724 attrib.exe

pid	process
2724	attrib.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff91bac3cb8,0x7ff91bac3cc8,0x7ff91bac3cd8
2⤵
PID:2436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,12796419107892715740,1309134671300717204,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2
2⤵
PID:4420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,12796419107892715740,1309134671300717204,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,12796419107892715740,1309134671300717204,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
2⤵
PID:3896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,12796419107892715740,1309134671300717204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
2⤵
PID:888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,12796419107892715740,1309134671300717204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
2⤵
PID:4464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,12796419107892715740,1309134671300717204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
2⤵
PID:3272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,12796419107892715740,1309134671300717204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
2⤵
PID:1504

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1892,12796419107892715740,1309134671300717204,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1892,12796419107892715740,1309134671300717204,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5172 /prefetch:8
2⤵
PID:572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1892,12796419107892715740,1309134671300717204,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5260 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,12796419107892715740,1309134671300717204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
2⤵
PID:5008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,12796419107892715740,1309134671300717204,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3572 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,12796419107892715740,1309134671300717204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
2⤵
PID:4972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,12796419107892715740,1309134671300717204,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
2⤵
PID:3168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,12796419107892715740,1309134671300717204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
2⤵
PID:4856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,12796419107892715740,1309134671300717204,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
2⤵
PID:4796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,12796419107892715740,1309134671300717204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
2⤵
PID:2480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,12796419107892715740,1309134671300717204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1708 /prefetch:1
2⤵
PID:2988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,12796419107892715740,1309134671300717204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
2⤵
PID:4176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1892,12796419107892715740,1309134671300717204,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6468 /prefetch:8
2⤵
PID:1696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,12796419107892715740,1309134671300717204,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
2⤵
PID:2332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,12796419107892715740,1309134671300717204,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6660 /prefetch:8
2⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:2308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,12796419107892715740,1309134671300717204,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6632 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2148

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4396

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3704

C:\Users\Admin\Downloads\PCToaster.exe
"C:\Users\Admin\Downloads\PCToaster.exe"
1⤵
- Executes dropped EXE
PID:1220

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\PCToaster.exe"
2⤵
- Suspicious use of SetWindowsHookEx
PID:2652

C:\Windows\system32\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
3⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:1884

C:\Windows\SYSTEM32\attrib.exe
attrib +h C:\Users\Admin\Downloads\scr.txt
3⤵
- Views/modifies file attributes
PID:2724

C:\Windows\SYSTEM32\diskpart.exe
diskpart /s C:\Users\Admin\Downloads\scr.txt
3⤵
PID:5084

C:\Windows\SYSTEM32\takeown.exe
takeown /f V:\Boot /r
3⤵
- Possible privilege escalation attempt
- Modifies file permissions
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
PID:1120

C:\Windows\SYSTEM32\takeown.exe
takeown /f V:\Recovery /r
3⤵
- Possible privilege escalation attempt
- Modifies file permissions
- Enumerates connected drives
PID:2580

C:\Windows\SYSTEM32\taskkill.exe
taskkill /im lsass.exe /f
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:5300

C:\Windows\SYSTEM32\mountvol.exe
mountvol A: /d
3⤵
- Enumerates connected drives
PID:5544

C:\Windows\SYSTEM32\mountvol.exe
mountvol B: /d
3⤵
- Enumerates connected drives
PID:5596

C:\Windows\SYSTEM32\mountvol.exe
mountvol D: /d
3⤵
PID:5648

C:\Windows\SYSTEM32\mountvol.exe
mountvol E: /d
3⤵
- Enumerates connected drives
PID:5708

C:\Windows\SYSTEM32\mountvol.exe
mountvol F: /d
3⤵
PID:5788

C:\Windows\SYSTEM32\mountvol.exe
mountvol G: /d
3⤵
- Enumerates connected drives
PID:5872

C:\Windows\SYSTEM32\mountvol.exe
mountvol H: /d
3⤵
- Enumerates connected drives
PID:5924

C:\Windows\SYSTEM32\mountvol.exe
mountvol I: /d
3⤵
- Enumerates connected drives
PID:5976

C:\Windows\SYSTEM32\mountvol.exe
mountvol J: /d
3⤵
- Enumerates connected drives
PID:6028

C:\Windows\SYSTEM32\mountvol.exe
mountvol K: /d
3⤵
- Enumerates connected drives
PID:6080

C:\Windows\SYSTEM32\mountvol.exe
mountvol L: /d
3⤵
- Enumerates connected drives
PID:6128

C:\Windows\SYSTEM32\mountvol.exe
mountvol M: /d
3⤵
- Enumerates connected drives
PID:4792

C:\Windows\SYSTEM32\mountvol.exe
mountvol N: /d
3⤵
- Enumerates connected drives
PID:5148

C:\Windows\SYSTEM32\mountvol.exe
mountvol O: /d
3⤵
- Enumerates connected drives
PID:5176

C:\Windows\SYSTEM32\mountvol.exe
mountvol P: /d
3⤵
- Enumerates connected drives
PID:928

C:\Windows\SYSTEM32\mountvol.exe
mountvol Q: /d
3⤵
- Enumerates connected drives
PID:2072

C:\Windows\SYSTEM32\mountvol.exe
mountvol R: /d
3⤵
- Enumerates connected drives
PID:5284

C:\Windows\SYSTEM32\mountvol.exe
mountvol S: /d
3⤵
- Enumerates connected drives
PID:5356

C:\Windows\SYSTEM32\mountvol.exe
mountvol T: /d
3⤵
- Enumerates connected drives
PID:1188

C:\Windows\SYSTEM32\mountvol.exe
mountvol U: /d
3⤵
- Enumerates connected drives
PID:1548

C:\Windows\SYSTEM32\mountvol.exe
mountvol V: /d
3⤵
PID:3724

C:\Windows\SYSTEM32\mountvol.exe
mountvol W: /d
3⤵
- Enumerates connected drives
PID:5412

C:\Windows\SYSTEM32\mountvol.exe
mountvol X: /d
3⤵
- Enumerates connected drives
PID:5452

C:\Windows\SYSTEM32\mountvol.exe
mountvol Y: /d
3⤵
- Enumerates connected drives
PID:5560

C:\Windows\SYSTEM32\mountvol.exe
mountvol Z: /d
3⤵
- Enumerates connected drives
PID:5608

C:\Windows\SYSTEM32\mountvol.exe
mountvol C: /d
3⤵
PID:5652

C:\Windows\System32\vdsldr.exe
C:\Windows\System32\vdsldr.exe -Embedding
1⤵
PID:3708

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
- Checks SCSI registry key(s)
PID:2812

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff91bac3cb8,0x7ff91bac3cc8,0x7ff91bac3cd8
2⤵
PID:1400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,5559754265567939402,11374780973510461508,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1836 /prefetch:2
2⤵
PID:3488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,5559754265567939402,11374780973510461508,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,5559754265567939402,11374780973510461508,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2536 /prefetch:8
2⤵
PID:2504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5559754265567939402,11374780973510461508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
2⤵
PID:1868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5559754265567939402,11374780973510461508,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
2⤵
PID:3140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5559754265567939402,11374780973510461508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
2⤵
PID:1824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5559754265567939402,11374780973510461508,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
2⤵
PID:1388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5559754265567939402,11374780973510461508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
2⤵
PID:972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5559754265567939402,11374780973510461508,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
2⤵
PID:928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,5559754265567939402,11374780973510461508,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5559754265567939402,11374780973510461508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3648 /prefetch:1
2⤵
PID:3456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5559754265567939402,11374780973510461508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1
2⤵
PID:4824

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,5559754265567939402,11374780973510461508,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5559754265567939402,11374780973510461508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
2⤵
PID:1832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1904,5559754265567939402,11374780973510461508,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5416 /prefetch:8
2⤵
PID:972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1904,5559754265567939402,11374780973510461508,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5404 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5559754265567939402,11374780973510461508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
2⤵
PID:1520

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3852

C:\Windows\System32\PickerHost.exe
C:\Windows\System32\PickerHost.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:5420

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
Filesize
46B

MD5
2250ebe8f06ef9632e0023f5d7711054

SHA1
83f1a1184222771f34c3bcfa5f6dcd06956bc448

SHA256
15385f370c39884f6355c6434f6eed110924848fb4635d25bd69797df3635cee

SHA512
e5a8757a846a816b39d4825bdd18ba3ddeb1e1d3ef54ea521763d81f3e21ac4d548e19766f1c1a517e4b9586edb1b243a7c96341b36c5c49b96de3e1442eaf53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\4e9c5fd2-813f-45e8-99b6-e3b6ea8a83cd.tmp
Filesize
11KB

MD5
1d798367f7afa0738613011ebd649123

SHA1
f9b17b11c6201e63f86bc82521d1d1d51407219f

SHA256
d9645bc2ea11282443c94325c5e1b4cab66c2caf44c68e4f734e4ffabcce2389

SHA512
54f4c6b31d1e8724db02b181c1f8276a634df1363b5ba2e6fa69c5f0b7b1cb0ff5a7854d5c9b693cf91f3f4b57c1ea7cc505233cc358e90ec5214138cb0cd4eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
42b2b83e1d73975d8db933ec2087d07e

SHA1
763c2c01f8cb3179509b0999fdaafa3e09289d80

SHA256
96d9f0963bac767484f007f182117f9bc20bdd6f7c3ebfe3cc617e074986d524

SHA512
d92c6bef84aba219483805f6ae6c36885786b54d6a84f33537472d8d08aaaef4bc22e6929ef6ccb8c1b529e3f6cc2bc85090d7e087a54054beb23e605b2390c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
76651c76006ae3f84e1d8db542a392cb

SHA1
eeee732e6884db7f8112e100e3d96219bc7ce968

SHA256
9da83ed6fc0cb7845114297083149b11a58731d35a6df6ad4af761a42d87dc7d

SHA512
bfa3db13bc2e2d7217896f1187577b70c73ec939fdaf8a1b6cc70acdd3bb7725d1d30aec142c7ed332c5f249e673d1cec15bbdad7235adc928085a652d4965ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
390187670cb1e0eb022f4f7735263e82

SHA1
ea1401ccf6bf54e688a0dc9e6946eae7353b26f1

SHA256
3e6c56356d6509a3fd4b2403555be55e251f4a962379b29735c1203e57230947

SHA512
602f64d74096d4fb7a23b23374603246d42b17cc854835e3b2f4d464997b73f289a3b40eb690e3ee707829d4ff886865e982f72155d96be6bc00166f44878062

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
8294f1821fd3419c0a42b389d19ecfc6

SHA1
cd4982751377c2904a1d3c58e801fa013ea27533

SHA256
92a96c9309023c8b9e1396ff41f7d9d3ff8a3687972e76b9ebd70b04e3bf223a

SHA512
372d369f7ad1b0e07200d3aa6b2cfce5beafa7a97f63932d4c9b3b01a0e8b7eb39881867f87ded55a9973abea973b2d2c9b6fc4892f81cec644702b9edb1566d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
Filesize
44KB

MD5
4bb32ffb0f7f8d6a42ef2cebed18448e

SHA1
2fcca02917697114a9eaec028b4cc9e31000129d

SHA256
815992be608203fb46c197deb3a845e3ccf287a87e31e5972a2048d9b0f12356

SHA512
d8c98d24478c1626c8fa810c187e743ab3fcba6d4b3a982ee638ffe0b08f53fe8f401679906ff449f4866bb89640cbaa8ec2eb3f608cad66caf711c15b131f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
Filesize
520KB

MD5
6a3fb48e044b0f405b1d6072d0744ac4

SHA1
ea4830fb91f8f7601c26c3cb99ae8abecc8641fe

SHA256
f86506c325d90c4b3524180d7dd041f1cb0643a7f12905cc2c7c6f9082924308

SHA512
e6e1fb635e1a51722f147da718b6c4800b8ed36877f9dd53321e33b808cb6378de873c67202a5194b63b498c78a44528d1eb9890acc78849f07e9ed32b3ed0a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
Filesize
67KB

MD5
9e3f75f0eac6a6d237054f7b98301754

SHA1
80a6cb454163c3c11449e3988ad04d6ad6d2b432

SHA256
33a84dec02c65acb6918a1ae82afa05664ee27ad2f07760e8b008636510fd5bf

SHA512
5cea53f27a4fdbd32355235c90ce3d9b39f550a1b070574cbc4ea892e9901ab0acace0f8eeb5814515ca6ff2970bc3cc0559a0c87075ac4bb3251bc8eaee6236

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
Filesize
41KB

MD5
b15016a51bd29539b8dcbb0ce3c70a1b

SHA1
4eab6d31dea4a783aae6cabe29babe070bd6f6f0

SHA256
e72c68736ce86ec9e3785a89f0d547b4993d5a2522a33104eeb7954eff7f488a

SHA512
1c74e4d2895651b9ab86158396bcce27a04acfb5655a32a28c37ee0ebd66cd044c3c895db7e14acc41a93db55463310425c188a7c503f0308ce894cf93df219f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
Filesize
1.2MB

MD5
620dd00003f691e6bda9ff44e1fc313f

SHA1
aaf106bb2767308c1056dee17ab2e92b9374fb00

SHA256
eea7813cba41e7062794087d5d4c820d7b30b699af3ec37cb545665940725586

SHA512
3e245851bfa901632ea796ddd5c64b86eda217ec5cd0587406f5c28328b5cb98c5d8089d868e409e40560c279332ba85dd8ce1159ae98e8588e35ed61da2f006

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
cc775ae281d037689d5a997ec71c6fe9

SHA1
db18dcad8a09068db5c8f6edfdd6ddfd304d1eed

SHA256
d82c808b266a6b4e569e6f1d42491a99e238188b2cd044d1543b69273a15e60e

SHA512
239abefda54a9fe7fa380b70f7db595d73f29351c5f03471a030fe23438135c21a8c2fe27d8f2d727d193e2f8ea9471553af7dcde1b55b328e2eaca092d5d8fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
Filesize
28KB

MD5
2b852752ca9c789a24c528f6cc314b3e

SHA1
d26757c1a76b05de2f725c0e678dde87bf74cd58

SHA256
d86b168c89beef85bd7f13c6a29b0e9e011019d708622242f3d4591f7e67ff76

SHA512
28d38041308cc5778dc40a9e36b396885ef9eaa87c2b3025c463d6bd81852e4d81dda7f0e3703e733d9339926579d506b54b49cf961ff40a70bc88b614e37023

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
Filesize
28KB

MD5
e4eaf855876d30143690b7e179b06e76

SHA1
7cba0c5cce292ed87190d867ed91cf8e75268672

SHA256
efca37131f0db42cde6fc47ae9873986f7d564ef397c575bad0e930e3519245a

SHA512
a023e4a27501525068464dbd32b13e733bfff9809ceb5603c6844ac6e5e960ebc4bdae437dfcbad3d3e300b760435c9d9c5469350406255ef91450027b02ab79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
137bae3d43587fe2f7b1f8f3a2b678b7

SHA1
4387f8f603014552338b1d6a513836ec99ee5e79

SHA256
69611e630488e5fe3d388fea0a7cbc79f89dcc3bf4bbd351a1fed2e81a2f8bbb

SHA512
5b9dca3940e02f7be5be83fb954849d87f6054aca01b2fbd96f90450033f5c9a53ddbd08d07185d3918132804afa3da8054e366f44dee7e55cb5f686e791fac3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
Filesize
116KB

MD5
6ed4ccfeaf91bb73b9d5dba47b6d9552

SHA1
61efd128a355d4357fec7cd7fb3c1f81a1979c5e

SHA256
81db84f7752877f890629e3c71248e00a2068bb37a858d6cf2cba7a2a2643a69

SHA512
60793c01c99a3c7a956ac47a456379fbe25feecbaed2f97884e510f7aedf61a885fda35290007749d6f1fe84bdc468f37f7091e52dcd43328c8ebcafd8c72ec8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
Filesize
5KB

MD5
ebfd6377b85dafcf02de6f87b3364b04

SHA1
ec2c9203711603ed861c959b3f16a5cbcbfc0188

SHA256
6225926ae048cc8f1cfce3683acc96b2c37c0f667f10f7845bc3474fb5f83630

SHA512
847b5cf8e332b455053e1d9c2a631fdfb5503d1ed99eecdcb803011b9efbeafae748bcb827f920c71410d0edd6bcf7fee9d7f8d784a6fc08c8edc6ad4762be62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
Filesize
14KB

MD5
3f7a1d6b8d323f0bb08ef6d0758d5c22

SHA1
7b1ed71e5f20c0296b20e05d59cb14b8ec26990d

SHA256
42cb8d07ca056d0b117923fc6e672f5cc460e56fcf382315918273f36ffe381c

SHA512
930da5c10f0ebdcaa0980edf028a6c271654ea8dbb7fedfef976ce9003f045a3182ffcbb80fab26e8568eb5c14bc5a38b51bbd82fe966f0934d6c92332a6bd34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
Filesize
334B

MD5
0c2c9d5cd113e27948f492c44117b053

SHA1
b0d2e4893b6dd944ff7ea50c7fe6ed91eb1c6dfa

SHA256
77af039f912ac2ff2ed3f0cd9604dde3a2d05c6e62730730b9f4afeb11adfb11

SHA512
212b5edcb61c9f8e6b7589ef1630ff74b8c4bf620678be588d9484bb6297854115f126a265227ed81808858fb9b6d23b6f47446e74ee357ed5b774a65c4919fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
70810b37b4623a054aa286bcb5745551

SHA1
036f2b1cb46d67919334b9adc1ee898ed746b698

SHA256
46e43d38189b4c8ed5b6e4886dbdec3cacd8f192b685d9351a7a65ea73a11a1f

SHA512
66ce4881e6c3e49a4534179ce8c39e51371c88ec9b149ccb2d8e9f484e19bacbe470cccf453143bec12afb20a6c2aee804b49d2a56736cda746f7b8a20187fcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
df3680961a4c324c5eae5e8e0cd2693c

SHA1
841cabe7a1adffa567091b09d2bb553e0c059819

SHA256
4db9f6a8ad960d0de63846eb3bae45c39aaf7099a6e4842738d41da224a3009f

SHA512
110401547ce805f28e9feb3ded383d9ddbc64f03ea682acee564e76d86f34cff11c5bee0e58c8d37038d0f05b9920fc8ece08552ff06b092f1fc3a0f58458553

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
f35a0c4025790299c1857cd73f2b8b6f

SHA1
2d2fd22986a694f83630529815d099af744a58be

SHA256
02bc5d9ec3ebf2b227a2c631a736140d78db705cd9698612957569fc5070ddae

SHA512
12721cdbaa38d3daf46f89a6138dc58dbc68cca899ba0b1136109b6c007cb0f30094aca7158476ef32a6d77f0536d74a0102b4b39b93c263615d7c675056d789

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
5aae8daff5c9db851e454309865f6c76

SHA1
20d7215de1778289c2606e6ca012fbeaec1c8cff

SHA256
07cb619e87c0e02d3cb402cddb3dc7b3a8dcdff4b9b2f12cd34d11ef121a9e9f

SHA512
dc0024263c7431311f2383276bc218f44762b3ffe1b06c887428566fb41ac867377eae876852be6debf1f3c872d3f2a90db860ab7860695278733999cbcd2e7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
920b2606a8ac360dc04cd0cb11166429

SHA1
f79e4456f1378d395f7ee11c5d82249b74deb404

SHA256
0651fa38db1552de6b18000caaee4086a29813496ebc8298cf377db7777af378

SHA512
260dda6aa0bbae77fd20a725e548b9c43ceb9c60d941eca3934775e5c0d8b73b53d2b21d0caf07b57afe85c8ff5206c01e50d3598338f0110e7971c76724765a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
d3e5977c4900e27639ea7c4f3adf4c02

SHA1
5fa5438699654fbd05b544203564227dde18b80e

SHA256
679963b5b0877e10e4642fcd6046af2072b5fa152fa01ad26662f471f90e5f77

SHA512
a7a9ebe7d83acb467562e964afd539974c0a15fbfc8806bf1548826b705518a5018ed33394a7ec8837baefa2e6f1bf455294cdfec5daf05d8276e49c9f0089a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
12a33472a2e0d655d45a49bca205a49a

SHA1
24250821163f7bc50e4f67aa2a9913de42f9dd2d

SHA256
825430e1b3f4eb28cf2f44aee9b3f86691fd119e5e37a8e9cafe5de8c4b8aee4

SHA512
c17324a9c84843aeeeef36e48a08471e66796f59bb64600f59503a60163bea1f621c08ae420b7aa9d900a072c308925418bc09db1ad6b6a051c8c65397ea4770

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
2003f3b6b0f0ae1a0bc5a4b96de43ce2

SHA1
012e4712b782e47ad490ed07d0fe8d5ec983794a

SHA256
d639d8eb00cc80f47904edbe487ef05f0b3a9e323423b52c40b656ba6373fd23

SHA512
48631aba61f33e1c0cbc5ac17c3955509e0377863c6ec08fc733b35f30363cdbac1854b98f908e6cd26137dcca8c2f08d578cf36ff2ab2d339fbcf7a73d4523b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
e4594e3d18583d80158663a60223b152

SHA1
da6b21685ea5d11357ed37a9b3c5c5009f373659

SHA256
d8c129e034068a58351ef44594856c92437c09aced893d6a55ce10dbf6ebd427

SHA512
87aae57ce7fa9263e8dabe6ba5d362daa91550bb0a110bc2e5513eeb944d2188435a938f3cf34d62f462c0a3e734c19451e5cbe2575c43e77b9e429277baf704

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
090667b8fdb1986046498e8b532f8c8e

SHA1
ec2303eb2ed83320c271c8a46b50ff367a3f8263

SHA256
48d80e257185eadf594199b51401f1d4deb73bc5269ee2b19a3ebf0b065ee1bd

SHA512
1b71d3faf83ae27799a0dd0e7bf21f9f10df783608a47e7df8c863598b841a8bdebd40950d28a0485657b199e7d3d8144151e4c9f0726c332f662f61f32a66be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
44fefc417744ff8c76b82ddf7657c3b5

SHA1
2d74e44f6acef237ee346743647557db3292585f

SHA256
4d4c72155458c2f0f676b53722acc43620aa9e2e24342dc09d58e1ea97fba976

SHA512
75009ac79d0ff82b5026c7ae7a3cc994eed0fded04e5c1053fa723afdfd8c6cead35613cead107639a96f2d3d48b03c905900d59572ac5cf2db64b8d9e5046f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
746a2f4b3d0d101cbd5eaf16954d1238

SHA1
8cae5aacc204af2ab3e68ac35982a5aabb9f6676

SHA256
76fed4c718a32f0081552d5b5712e8873d90d8a6cd07ee321e819a6aec978e06

SHA512
93a782c1717a1a41c1bf9579219f5f7ccc850e535a2625b4ee626a07f29710ad7505f3a7615406221ab08658d1c0ea5a7b7cfcb4fa65db158080949f74069417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000005.ldb
Filesize
350KB

MD5
bffc3a6bfca40ca14cc26cde24c65ee4

SHA1
e2362c50db9f0272b69b289c08b7138b980ab28b

SHA256
db5d13f5372b72acf3b3f5de3917ef1cfce7347896133b02ea7621de64e7fb58

SHA512
fa80a26da1dde4115ba0395f8a6428a3820e421483910af6840b85c9fd58898588f7dd54fc21e2666a1278c2a20b60a9cc488abb0bad245a149e2a86b375103d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000006.log
Filesize
1KB

MD5
6a6ffb05414c14bd41fd906f3d65445c

SHA1
420a912d3568627271c7741ac11e729d9005de67

SHA256
014e4958c524d6f1459987a3ecd7c634c81b82f4e029f9b4eebe2e97e3686443

SHA512
0b5b824e54be65eb319c48364684a99237a3501b4cfa0b2ee03ceec5c762b5e2f35e718a3837a68f011b704622c61e848f99002a0084863b5cfde1ef18c6e2b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000007.ldb
Filesize
706KB

MD5
cc05710a27223418482bc9dd3da194e8

SHA1
93b5c5a4249ef6386f2e2ad45911861a3e5cdec9

SHA256
ca652d3b64dc6158157faf14a7eee983d19d3395bcf7313443145fec2e174020

SHA512
ac2a9e0c07c943ed3be60467ad5d1e2051848c612206251f13efa1033626fa2fd65305b241679be6aa323a09e414823cc299b5472ace482c04b7c486c8e99c21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
Filesize
650B

MD5
ba5619dc5721a07bfba0fdc28989a61b

SHA1
ce7a3071997477acb3b9d7148d9c72595c058aed

SHA256
105cfae56a900a284adeaf18bd4f80a23e16abf11bd972ad8ee8b200f96b186f

SHA512
28eea35e942c5436608191973a35a819a15e312493a71c2da6cd685d8bb3adce916f34047aae751c360a80be8c8a2d02545ba96b477dcb16d3931550b3ee9ca6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001
Filesize
168B

MD5
b83992fbe3f6b013e4f17c9f894d3482

SHA1
3899bff3cd26a8beecd403fc65dd5d2609ba5058

SHA256
f9ede6370e0e2f441e1f21636a4062430b8a3e0ad62210cfb720ece1bdcdbfc3

SHA512
a0b2ac6ca634456819bf26e27812c7f8fd84812e1c732e1256072b95f95e293be18513d240588165f610e00d2d9d5b89bc0c00144738589b0431eea4c08f0d40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13364296022312684
Filesize
28KB

MD5
3658fc8e4786dbe5623780dc6718da19

SHA1
4c722127baa2f51b31523123507460f272ecdd1d

SHA256
326deb63109c27addfb07ad1b5e1ad405c5c66863c7c6d58b43f8e505bc6bda8

SHA512
842c09f16c997aef56b2c272dc0d2df7b66e20a8f530d3f43ef9639a7966f7ba745d41081152e99e9e3f2f9f5e39891560775208e49fda0b35717d0b1735f6a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
Filesize
184B

MD5
34baed7e0c470df3f8361acc972a4506

SHA1
5ac71e6d68109f6985e99b2aba4350672ea7d81b

SHA256
75a99c0db62139f89a974620d53a4c4920685e741c5f1adb258784faaaf7e919

SHA512
b0d31b8acb79b57d8c9569a7623b4c7000de2a986550166ebe0a0dd54691ae4097f39066f104c606e9531b2aaecb73547df520f21690aad59f783ba1de444257

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
Filesize
347B

MD5
4f427ff60e68be2f6b1a177c56ce68a6

SHA1
739fcd78ab727134dae1fef461da6ded19729705

SHA256
683a03de1a88ad0f5573d6414f9b996578a336109c079a29e3eb0dcaaea8b10f

SHA512
b4f25f740e3f3f64b2b9dbae705451c7a436ad06d0f7dd8cf8da590efc88d97c396c4e65d213b8945759fe0e8890e607cff035d886b717213f8d234ed8824e27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
Filesize
323B

MD5
3b45c348c37cbdc6a53b68d0cdb534c3

SHA1
dca0976fd634d0586b215f43eaae595fe9777392

SHA256
2174710704cd7d570d3ff9542552361792dbe7d79622195f88317e995bb3ccb7

SHA512
346acec71c450a1588abda163d2772035cf5b018bb69bc25e82035dc5f1d3bf9921e83fa1f4cc14aa543496724b01cd8c393f7bfc7897544c31cb1b011465455

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
534B

MD5
fb7a80fadb4a13f615a249c522d2b53c

SHA1
0dff7ea909cb267c02883a0d206184c526eeba4e

SHA256
b0d14eb2475da4245c17ad22b4d9faeba02e7f694fa7cb0efc29af547b0949e7

SHA512
0121cf74adecc5801024755e8f2b9dcc7727bca0dbc49291036b7e79be70330c500e2ce085632cc8f3b36a80135a3431f9e70efbc9a0369c3ded54fe3d625ddd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
52ebde906f6ae78ba27c1e447c12fcad

SHA1
61c218f1518ac38723d33f8994354b8e5c102bd6

SHA256
e2a409fd8df3532daf93eb5cf144642d1d2bed270df7de9cd9407a64f410a522

SHA512
467ebbff23ff2aadefaba9fb5261810df193e3e2a305461d25776550d41a0706ef9273ba660c58fa2cddd81c94e0f116ae3204cb7070b722d708578d0751c950

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
205e457347f51361d90e1d86b74c54fb

SHA1
8813c79a22c2b2a2728ddeb22875186b44fe96ce

SHA256
55c93b790d7dc8977076306982f93efddb75b67bd91f321e980a8e9904e57421

SHA512
d495c30e04124e2991479481670abaddba6548973cf7106e7f3db77a6a0477defd30c77db7c08cb24310ceba330bbebf532a4b50679790c1f311319bd172746d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
a89ee857f8b459abe73a338125314a28

SHA1
a50e6f95b150159e86d1ef9dcbf9e9f97e10a12a

SHA256
e18e31606e885ce1d8175d7753cd04ee83e882da25f24e831724e05c54de9e31

SHA512
44aa9579cdf4683b640c63a485e6406943a669d0562c11ae3621279a880459e8231cded7223471fb766ae14dd6f02d76c1b2a5561d4a7a5770593f79b4fc0d69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e000.TMP
Filesize
534B

MD5
d6dfd0cabbcc65ad1232677b69a26a32

SHA1
44a7a4612db508a075083645e6b040db95d69f88

SHA256
b187df665f98aa0de5389431e7da817ce924ad52f6f4ed10e001326c75fe55e7

SHA512
ead6ea32746e9c6d7836288d873c699b3635c18ca6d1fd288c1710c2afd1d4a6cd774a90897b3d374b49e163160e8c22ac33a206529251bd3a1c25da232e9427

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
Filesize
128KB

MD5
aba2b1a63950056c5fb7eb4714d0cd47

SHA1
7501cd9f69eb2020499272e41eb5d16c8950a2f9

SHA256
d4a4840c170faf4e7332b719fdd33a4619758524e1332870c77e134592ca0f36

SHA512
8b3f4f47dc4446d67f00ed3e0017cd740ebef9e7976e39b2b6b2b1644187c3ee5bf8ab497fb32067eeea1980c309f9279fe8fb555171595e317c2f2e8b67ef90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
Filesize
112KB

MD5
a7f63cdef07d35e4365c0343e116ee25

SHA1
a193e33cdefe13187ccfafd9e176459d413b6625

SHA256
60b01ee8e793bbf8232e55945ebb2602ec60943ca65804d5f9ecb295417ed756

SHA512
50e5144501d4e688ca9d7a55aed7413908c9588bbd61d661d1e418359efb50ef00fd02409aa96d16b420d882ddd79d6538a751877b5026c992464371372bfb04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
Filesize
72KB

MD5
67420c5bcd1937459939fd046d99ce65

SHA1
b6cdaf1c8ad0a72e7d4b1ca364b6bd6a43dfaaeb

SHA256
7200548b56a99b1814f1603ddb61dac474f56d4fecf7dbdf26af43fba40f3492

SHA512
be5e4ace8aa982e021b9706c358940ba504efc195eac7395fcc08df6f38fb0d439d7e1752acd6b0a581c27bccda5ef4510c1a4ea13addd584e4d1cfc84392ea7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
Filesize
5KB

MD5
f1c15eba384fe6de0faa768a640b0686

SHA1
7fa525af27e6bc30d708b29711aa3005bf50089e

SHA256
ce28908c75330148ab58bd13c8851a1eade408b17647bec56d97ac0e7ed21de4

SHA512
af453883084d265f8d2b2b4f4167c0b0ceeb51cba9920f7f6a3f289b9f8066a496b7064c7ead24fb0cf25f65cd3c72d85201d10cfab87280b866e58298a7ee55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
Filesize
319B

MD5
8830530d0fdab90be1c0ee0b08c3b077

SHA1
c8cfa7c47cb95142400469a1449ea87d118f7eda

SHA256
e69bc358d2252df396ec8f0abdaa4ab620fff8fcd8e0d07c254e6a5cc50526e7

SHA512
ea69d087ab7188bcf68441f4a9af4e894b650c671b6c34a16d7b6934701e0ab30c87b3962df336c84bc7c33bb7de951e5f437d0c9bc7d3a836a3ac5887c70ce3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
Filesize
318B

MD5
cbc17bb48b28c8d0752a359e46e926d6

SHA1
c9b5abde39d0eb13d64225faf38e43c6dcf7f542

SHA256
5cb50a22d12ce65995c55f6a490ae995ac850cbf8caac58540f01ce8db40c19b

SHA512
f1cb51a1ca1ab0d19633ef07879e5f58dc1394168c3003bcdbedbc5968a9bd45e53cfc48a35951dbc9b15e62c40f64e5cde8add60784e70d17d5d5acc059e89b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
Filesize
337B

MD5
8c2bdfd1a179ae6cea4bc1126f7fd52b

SHA1
b12c1473d722e812fc0bc1879f4b58e0c6ea9858

SHA256
49299fae0a721868a614af63919aeacb88d71f8d4c6e86585b5954ae3b19ed81

SHA512
62b3cc6695bc10139e1f3bed5aaa0232cd1efae6accb922e944d96aa138b6c5bbf45b8c12081337bcedebde12bd5774fc7e3a4a35a932e7b0878a4807f6e3d98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
0def71273062ca3c4e88471b6b088e60

SHA1
f6edee8f1fe9019d4122d54df68cb86171f43513

SHA256
ca0867d2d104865372c99f54ff3e24b83d39033d77b84f64caaf41cea1a84ad6

SHA512
ffb5ae3be46be17d8fc69f3851415492dff2c77219f263d20d6138df721bbcea1fcf2cd09828d7d21e84fcda1843e648761e9200c03b25fc01feef48dd2ddef1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
28a7e6dfe2c19e869035365ec2fb696d

SHA1
f83c88e2bb1c7b92dae8fe72c51231e6dd7aa941

SHA256
3f003af02f3ec120fac23932b112334948cdab85aebd8cbfba71cb647fe0a988

SHA512
614d398f8fef5be1c4864c4ea77dced3018a7c3921aa5170db4f13aa30b60c9738ebbdcc43b9ec81540a3ad45386875f382f0c51343a8c8f6107484a67dbe3c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
6489197850e1af1ea71df960cf0ac835

SHA1
4e0805d7d6d7c5e70f5c42fad35c15592458eec3

SHA256
306cd5b7b144aabb0b1bab95908143187d128c28d42eb66a8c20956e500be544

SHA512
3600a2b2f4b7379746f0da23017ad512c08081b7bb82bae2e22954013a2efa501c6a1afaa44ec8046ca3f8125e2fd74bfb6e884b80b27e270c45fd8a260381a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
b714b76e8f598268cb1d186894e58cb1

SHA1
dbb0c2b39e49417f952de01b4705e000ea2f6695

SHA256
c5dd84112e611768d2f4e49c7a9eb44901ab0b7b0495a64161f4ae87d2b71cb8

SHA512
6de1702fbd32f1a10736e0891dffa46dccdf9d707c6088ddf020f66ed26272a64ba53db5e9624ab2a5809d333b979726cfe6092402ad6599254c52b55cd9d113

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
a208b2ee5104ca9a78f57c4c2dd3df27

SHA1
bcd3fbbc8a4d2fd31a7de26aeb6937965860ca79

SHA256
19f3df11c71fdeb86148c740098a61f0f56fb98d3de667d733899d78770a358d

SHA512
fd24599cc1dde2bec25a51b9bbce26195cff4e29edd21ab946b818574d6e636aba32776351ff476c5f417ebe1ba6924149bf475ae9877c7a8fdb3e7299c7541b

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize
11KB

MD5
cd56e155edf53e5728c46b6c9eb9c413

SHA1
14b1b0f090803c9ee39797aed4af13dc7849566d

SHA256
70a6cf268c013fb4d907bedc12af3e5f802f179f0cc8353c7b8227dde840d31a

SHA512
a4ada455d44a89fd2baa505aa9266b70913967b839522ef5da8d7afd31af6662c3ad96ac3e3531d82a72be7d019c9d88f1ce391c5b5fa0e4422a634c51491165

Download Submit
C:\Users\Admin\Downloads\PCToaster.exe:Zone.Identifier
Filesize
117B

MD5
0f23c3da88b834822b28bcbd25292c30

SHA1
650eb2c2d4d2013ffcc44b1dc4bbbc174cff8dab

SHA256
fea1d474837c6537c0e9299d22d601e86b7a14f00ece1857df43f06d1f5b2d31

SHA512
59674b07782ab81547c4ed0d7a353966a5b8578f95d215125a3d97f99bcc932cf05893a27390d11e522b41aa5984cbed51c51471e40a3bee7a17824c4e5212e8

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 352272.crdownload
Filesize
411KB

MD5
04251a49a240dbf60975ac262fc6aeb7

SHA1
e211ca63af2ab85ffab1e5fbbdf28a4ef8f77de0

SHA256
85a58aa96dccd94316a34608ba996656a22c8158d5156b6e454d9d69e6ff38c3

SHA512
3422a231e1dadb68d3567a99d46791392ecf5883fd3bbc2cae19a595364dac46e4b2712db70b61b488937d906413d39411554034ffd3058389700a93c17568d2

Download Submit
C:\Users\Admin\Downloads\scr.txt
Filesize
45B

MD5
ad1869d6f0b2b809394605d3e73eeb74

SHA1
4bdedd14bfea9f891b98c4cc82c5f82a58df67f6

SHA256
7e9cde40095f2a877375cb30fecd4f64cf328e3ab11baed5242f73cbb94bd394

SHA512
8fe0f269daf94feaa246a644dbeeda52916855f1d2bfd2c6c876c7c9c80b0ceb7e42caf0b64a70bda9a64d4529b885aaa38998a515d6abbe88ad367e72324136

Download Submit
\??\pipe\LOCAL\crashpad_1204_SBQHKKCBLPUCRLIV
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1220-901-0x0000000000400000-0x000000000046E000-memory.dmp

Filesize
440KB

Download
memory/2652-1077-0x000001DB85920000-0x000001DB85921000-memory.dmp

Filesize
4KB

Download
memory/2652-941-0x000001DB85920000-0x000001DB85921000-memory.dmp

Filesize
4KB

Download
memory/2652-933-0x000001DB85920000-0x000001DB85921000-memory.dmp

Filesize
4KB

Download
memory/2652-929-0x000001DB85920000-0x000001DB85921000-memory.dmp

Filesize
4KB

Download
memory/2652-1177-0x000001DB85920000-0x000001DB85921000-memory.dmp

Filesize
4KB

Download
memory/2652-1199-0x000001DB85920000-0x000001DB85921000-memory.dmp

Filesize
4KB

Download
memory/2652-924-0x000001DB85920000-0x000001DB85921000-memory.dmp

Filesize
4KB

Download
memory/2652-1274-0x000001DB85920000-0x000001DB85921000-memory.dmp

Filesize
4KB

Download