037289c207c8e229d728f247c2d7eb1459fb4413fcd4fe662f74c711169a1e08

Analysis

max time kernel
44s
max time network
55s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
20/03/2025, 20:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

void/7dec88c2ec34b8483abc44e98ec843877cc5ae88e094c90d46bbabfafdf3749a.html
Size

10KB
MD5

ff5e80953341f1cb01a5d31fffcad2c3
SHA1

cf2b440681ce3c658ff734517a16cc13afa7ede5
SHA256

7dec88c2ec34b8483abc44e98ec843877cc5ae88e094c90d46bbabfafdf3749a
SHA512

bfe9629f07e9755b2df63d632f7eca214c29fc3d701c77ccf4b1eaa7f9ec518af01d141065af38bd242223344c518b57dbf8c9c43d669a191bfdeb22703a9509
SSDEEP

192:PN2x2BvekROFASf+mhf7h6RyfVah9OLgmiMMpIFaHU2y92N:AxeJROFASthDERKgIAUn2N

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133869750569018682"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-308834014-1004923324-1191300197-1000\{580D7E51-C8F1-481B-B067-7BF0DE1D243C}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3116	msedge.exe
3116	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3116 wrote to memory of 4136	3116	msedge.exe	85
PID 3116 wrote to memory of 4136	3116	msedge.exe	85
PID 3116 wrote to memory of 3264	3116	msedge.exe	86
PID 3116 wrote to memory of 3264	3116	msedge.exe	86
PID 3116 wrote to memory of 1472	3116	msedge.exe	88
PID 3116 wrote to memory of 1472	3116	msedge.exe	88
PID 3116 wrote to memory of 1472	3116	msedge.exe	88
PID 3116 wrote to memory of 1472	3116	msedge.exe	88
PID 3116 wrote to memory of 1472	3116	msedge.exe	88
PID 3116 wrote to memory of 1472	3116	msedge.exe	88
PID 3116 wrote to memory of 1472	3116	msedge.exe	88
PID 3116 wrote to memory of 1472	3116	msedge.exe	88
PID 3116 wrote to memory of 1472	3116	msedge.exe	88
PID 3116 wrote to memory of 1472	3116	msedge.exe	88
PID 3116 wrote to memory of 1472	3116	msedge.exe	88
PID 3116 wrote to memory of 1472	3116	msedge.exe	88
PID 3116 wrote to memory of 1472	3116	msedge.exe	88
PID 3116 wrote to memory of 1472	3116	msedge.exe	88
PID 3116 wrote to memory of 1472	3116	msedge.exe	88
PID 3116 wrote to memory of 1472	3116	msedge.exe	88
PID 3116 wrote to memory of 1472	3116	msedge.exe	88
PID 3116 wrote to memory of 1472	3116	msedge.exe	88
PID 3116 wrote to memory of 1472	3116	msedge.exe	88
PID 3116 wrote to memory of 1472	3116	msedge.exe	88
PID 3116 wrote to memory of 1472	3116	msedge.exe	88
PID 3116 wrote to memory of 1472	3116	msedge.exe	88
PID 3116 wrote to memory of 1472	3116	msedge.exe	88
PID 3116 wrote to memory of 1472	3116	msedge.exe	88
PID 3116 wrote to memory of 1472	3116	msedge.exe	88
PID 3116 wrote to memory of 1472	3116	msedge.exe	88
PID 3116 wrote to memory of 1472	3116	msedge.exe	88
PID 3116 wrote to memory of 1472	3116	msedge.exe	88
PID 3116 wrote to memory of 1472	3116	msedge.exe	88
PID 3116 wrote to memory of 1472	3116	msedge.exe	88
PID 3116 wrote to memory of 1472	3116	msedge.exe	88
PID 3116 wrote to memory of 1472	3116	msedge.exe	88
PID 3116 wrote to memory of 1472	3116	msedge.exe	88
PID 3116 wrote to memory of 1472	3116	msedge.exe	88
PID 3116 wrote to memory of 1472	3116	msedge.exe	88
PID 3116 wrote to memory of 1472	3116	msedge.exe	88
PID 3116 wrote to memory of 1472	3116	msedge.exe	88
PID 3116 wrote to memory of 1472	3116	msedge.exe	88
PID 3116 wrote to memory of 1472	3116	msedge.exe	88
PID 3116 wrote to memory of 1472	3116	msedge.exe	88
PID 3116 wrote to memory of 1472	3116	msedge.exe	88
PID 3116 wrote to memory of 1472	3116	msedge.exe	88
PID 3116 wrote to memory of 1472	3116	msedge.exe	88
PID 3116 wrote to memory of 1472	3116	msedge.exe	88
PID 3116 wrote to memory of 1472	3116	msedge.exe	88
PID 3116 wrote to memory of 1472	3116	msedge.exe	88
PID 3116 wrote to memory of 1472	3116	msedge.exe	88
PID 3116 wrote to memory of 1472	3116	msedge.exe	88
PID 3116 wrote to memory of 1472	3116	msedge.exe	88
PID 3116 wrote to memory of 1472	3116	msedge.exe	88
PID 3116 wrote to memory of 1472	3116	msedge.exe	88
PID 3116 wrote to memory of 1472	3116	msedge.exe	88
PID 3116 wrote to memory of 1472	3116	msedge.exe	88
PID 3116 wrote to memory of 1472	3116	msedge.exe	88
PID 3116 wrote to memory of 1472	3116	msedge.exe	88
PID 3116 wrote to memory of 3520	3116	msedge.exe	87
PID 3116 wrote to memory of 3520	3116	msedge.exe	87
PID 3116 wrote to memory of 3520	3116	msedge.exe	87
PID 3116 wrote to memory of 3520	3116	msedge.exe	87
PID 3116 wrote to memory of 3520	3116	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\void\7dec88c2ec34b8483abc44e98ec843877cc5ae88e094c90d46bbabfafdf3749a.html
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x2f4,0x7ffa0821f208,0x7ffa0821f214,0x7ffa0821f220
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1928,i,15248180416497332048,13219537112692670390,262144 --variations-seed-version --mojo-platform-channel-handle=2780 /prefetch:3
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2752,i,15248180416497332048,13219537112692670390,262144 --variations-seed-version --mojo-platform-channel-handle=2724 /prefetch:2
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2248,i,15248180416497332048,13219537112692670390,262144 --variations-seed-version --mojo-platform-channel-handle=3000 /prefetch:8
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3524,i,15248180416497332048,13219537112692670390,262144 --variations-seed-version --mojo-platform-channel-handle=3544 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3488,i,15248180416497332048,13219537112692670390,262144 --variations-seed-version --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5032,i,15248180416497332048,13219537112692670390,262144 --variations-seed-version --mojo-platform-channel-handle=5064 /prefetch:8
  2⤵
  PID:4188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5044,i,15248180416497332048,13219537112692670390,262144 --variations-seed-version --mojo-platform-channel-handle=5084 /prefetch:8
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5664,i,15248180416497332048,13219537112692670390,262144 --variations-seed-version --mojo-platform-channel-handle=5688 /prefetch:8
  2⤵
  PID:5788
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5664,i,15248180416497332048,13219537112692670390,262144 --variations-seed-version --mojo-platform-channel-handle=5688 /prefetch:8
  2⤵
  PID:5428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6004,i,15248180416497332048,13219537112692670390,262144 --variations-seed-version --mojo-platform-channel-handle=5984 /prefetch:8
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5972,i,15248180416497332048,13219537112692670390,262144 --variations-seed-version --mojo-platform-channel-handle=6020 /prefetch:8
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=564,i,15248180416497332048,13219537112692670390,262144 --variations-seed-version --mojo-platform-channel-handle=6032 /prefetch:8
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6148,i,15248180416497332048,13219537112692670390,262144 --variations-seed-version --mojo-platform-channel-handle=6092 /prefetch:8
  2⤵
  PID:2352

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:3756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
01cc3a42395638ce669dd0d7aba1f929

SHA1
89aa0871fa8e25b55823dd0db9a028ef46dfbdd8

SHA256
d0c6ee43e769188d8a32f782b44cb00052099222be21cbe8bf119469c6612dee

SHA512
d3b88e797333416a4bc6c7f7e224ba68362706747e191a1cd8846a080329473b8f1bfebee5e3fe21faa4d24c8a7683041705e995777714330316e9b563d38e41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
8400940377e085b7dea31c1d205f28bf

SHA1
197cba937e3735f586aa517910843f7365012002

SHA256
26793f31678b95a643e20ec05f9bdc3b21d9a235f6927198664d9f21ab264f19

SHA512
968b66b183904328f4ff91d9c597b2b822bb66265ea16c9eb19c0b0464c29aa8385778d72729deb2adc40564323c84d9ffa5650399f3d16bb755b320cdd2d2c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
f7a442e6cefa58b02bb3c8598548f836

SHA1
bd8aacf756e938932d5aea33907eb56310baa924

SHA256
9c61056cfa0dbf67e67dffd168fb69aef5d2b317dd8a1a0ab7e2d511e730b69e

SHA512
69b87626bb7e9f8daf4108dbc68497f9e3a13772a17aa6464b1f30057d4770c8e65c14e91ecc194cbdc8b975c88f9ad23474192c0246e009b27615e9dd1325dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
78747d4a9cb80a934af461cef4e828d9

SHA1
c2638ec787bf0ace15bd799b283b7df1d74730f2

SHA256
56f7f88bbb86ba237cdd7c3cca815e4a8068072f8075782a3b503778039c44c6

SHA512
c856bb29f2a818096259e979478311b8236ca60835d9a011ce53e26687635a52d690772a219c383e2987df9246010ef1d82ff060c731ef15225577b68f51ffcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
50KB

MD5
0247ae2d3739b19fd3f84f5880b79b10

SHA1
9bc26c8d0ca2811074b07ccb636b94f572717312

SHA256
7d4eed84b58125374464a00b9000dfc07bc973659a89f74ca8f8550fbb09ae4f

SHA512
6e74af3941c8313e1b4b3f81efd6167318f64ddbb00525de9c1b831697c9f81c1af03cc64fb73f7838c1b42b5e98b19fcb808b02625edc27d41dbbbd61c2c146

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
66b1753b1d4e15bddc5468f1c154d0f8

SHA1
9f43b5ca4b0c1e1dd8dc923d6a5d54e85f4c55ec

SHA256
a5f4e65d0e866be052f5ae0e081ab6782d80432a467468284b0a3308c71fed5e

SHA512
ecabf63bd640ee49a1cb6d3e3a0f58af097db99895fb201c051454bed34d909ba5317e231a2e0528e8b0f1821e9598f13010e24358d72ea803c9ddb7919a39f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
cd2bfc630526add8148aba541148330c

SHA1
e19f781ca27602e86be8d2537d174bda959777b6

SHA256
8e36439d1dc671859b3242ea95d4016ab9bb2717c14333480d90361f6b15b098

SHA512
2ecd88a60d2c07a14686b1121806370847d8b6717286f64a0c7c505489e502bc50c57405f6689b134112ff3f8a19360cc1fe7004ce88768f5b11449213dfe247

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads