037289c207c8e229d728f247c2d7eb1459fb4413fcd4fe662f74c711169a1e08

Analysis

max time kernel
40s
max time network
43s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
20/03/2025, 20:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

void/7dec88c2ec34b8483abc44e98ec843877cc5ae88e094c90d46bbabfafdf3749a.html
Size

10KB
MD5

ff5e80953341f1cb01a5d31fffcad2c3
SHA1

cf2b440681ce3c658ff734517a16cc13afa7ede5
SHA256

7dec88c2ec34b8483abc44e98ec843877cc5ae88e094c90d46bbabfafdf3749a
SHA512

bfe9629f07e9755b2df63d632f7eca214c29fc3d701c77ccf4b1eaa7f9ec518af01d141065af38bd242223344c518b57dbf8c9c43d669a191bfdeb22703a9509
SSDEEP

192:PN2x2BvekROFASf+mhf7h6RyfVah9OLgmiMMpIFaHU2y92N:AxeJROFASthDERKgIAUn2N

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133869750007131451"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3975168204-1612096350-4002976354-1000\{F405595C-A11E-4F41-BEFF-EFBD555167D1}	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4168	msedge.exe
4168	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4168 wrote to memory of 1436	4168	msedge.exe	86
PID 4168 wrote to memory of 1436	4168	msedge.exe	86
PID 4168 wrote to memory of 3156	4168	msedge.exe	87
PID 4168 wrote to memory of 3156	4168	msedge.exe	87
PID 4168 wrote to memory of 100	4168	msedge.exe	88
PID 4168 wrote to memory of 100	4168	msedge.exe	88
PID 4168 wrote to memory of 100	4168	msedge.exe	88
PID 4168 wrote to memory of 100	4168	msedge.exe	88
PID 4168 wrote to memory of 100	4168	msedge.exe	88
PID 4168 wrote to memory of 100	4168	msedge.exe	88
PID 4168 wrote to memory of 100	4168	msedge.exe	88
PID 4168 wrote to memory of 100	4168	msedge.exe	88
PID 4168 wrote to memory of 100	4168	msedge.exe	88
PID 4168 wrote to memory of 100	4168	msedge.exe	88
PID 4168 wrote to memory of 100	4168	msedge.exe	88
PID 4168 wrote to memory of 100	4168	msedge.exe	88
PID 4168 wrote to memory of 100	4168	msedge.exe	88
PID 4168 wrote to memory of 100	4168	msedge.exe	88
PID 4168 wrote to memory of 100	4168	msedge.exe	88
PID 4168 wrote to memory of 100	4168	msedge.exe	88
PID 4168 wrote to memory of 100	4168	msedge.exe	88
PID 4168 wrote to memory of 100	4168	msedge.exe	88
PID 4168 wrote to memory of 100	4168	msedge.exe	88
PID 4168 wrote to memory of 100	4168	msedge.exe	88
PID 4168 wrote to memory of 100	4168	msedge.exe	88
PID 4168 wrote to memory of 100	4168	msedge.exe	88
PID 4168 wrote to memory of 100	4168	msedge.exe	88
PID 4168 wrote to memory of 100	4168	msedge.exe	88
PID 4168 wrote to memory of 100	4168	msedge.exe	88
PID 4168 wrote to memory of 100	4168	msedge.exe	88
PID 4168 wrote to memory of 100	4168	msedge.exe	88
PID 4168 wrote to memory of 100	4168	msedge.exe	88
PID 4168 wrote to memory of 100	4168	msedge.exe	88
PID 4168 wrote to memory of 100	4168	msedge.exe	88
PID 4168 wrote to memory of 100	4168	msedge.exe	88
PID 4168 wrote to memory of 100	4168	msedge.exe	88
PID 4168 wrote to memory of 100	4168	msedge.exe	88
PID 4168 wrote to memory of 100	4168	msedge.exe	88
PID 4168 wrote to memory of 100	4168	msedge.exe	88
PID 4168 wrote to memory of 100	4168	msedge.exe	88
PID 4168 wrote to memory of 100	4168	msedge.exe	88
PID 4168 wrote to memory of 100	4168	msedge.exe	88
PID 4168 wrote to memory of 100	4168	msedge.exe	88
PID 4168 wrote to memory of 100	4168	msedge.exe	88
PID 4168 wrote to memory of 100	4168	msedge.exe	88
PID 4168 wrote to memory of 100	4168	msedge.exe	88
PID 4168 wrote to memory of 100	4168	msedge.exe	88
PID 4168 wrote to memory of 100	4168	msedge.exe	88
PID 4168 wrote to memory of 100	4168	msedge.exe	88
PID 4168 wrote to memory of 100	4168	msedge.exe	88
PID 4168 wrote to memory of 100	4168	msedge.exe	88
PID 4168 wrote to memory of 100	4168	msedge.exe	88
PID 4168 wrote to memory of 100	4168	msedge.exe	88
PID 4168 wrote to memory of 100	4168	msedge.exe	88
PID 4168 wrote to memory of 100	4168	msedge.exe	88
PID 4168 wrote to memory of 5776	4168	msedge.exe	89
PID 4168 wrote to memory of 5776	4168	msedge.exe	89
PID 4168 wrote to memory of 5776	4168	msedge.exe	89
PID 4168 wrote to memory of 5776	4168	msedge.exe	89
PID 4168 wrote to memory of 5776	4168	msedge.exe	89
PID 4168 wrote to memory of 5776	4168	msedge.exe	89
PID 4168 wrote to memory of 5776	4168	msedge.exe	89
PID 4168 wrote to memory of 5776	4168	msedge.exe	89
PID 4168 wrote to memory of 5776	4168	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\void\7dec88c2ec34b8483abc44e98ec843877cc5ae88e094c90d46bbabfafdf3749a.html
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x264,0x7ffed7dff208,0x7ffed7dff214,0x7ffed7dff220
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1876,i,16385914076640953539,214144743209750883,262144 --variations-seed-version --mojo-platform-channel-handle=2316 /prefetch:3
  2⤵
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1740,i,16385914076640953539,214144743209750883,262144 --variations-seed-version --mojo-platform-channel-handle=2280 /prefetch:2
  2⤵
  PID:100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2608,i,16385914076640953539,214144743209750883,262144 --variations-seed-version --mojo-platform-channel-handle=2600 /prefetch:8
  2⤵
  PID:5776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3516,i,16385914076640953539,214144743209750883,262144 --variations-seed-version --mojo-platform-channel-handle=3560 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3544,i,16385914076640953539,214144743209750883,262144 --variations-seed-version --mojo-platform-channel-handle=3576 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4856,i,16385914076640953539,214144743209750883,262144 --variations-seed-version --mojo-platform-channel-handle=4796 /prefetch:8
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4824,i,16385914076640953539,214144743209750883,262144 --variations-seed-version --mojo-platform-channel-handle=4836 /prefetch:8
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5704,i,16385914076640953539,214144743209750883,262144 --variations-seed-version --mojo-platform-channel-handle=5732 /prefetch:8
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5704,i,16385914076640953539,214144743209750883,262144 --variations-seed-version --mojo-platform-channel-handle=5732 /prefetch:8
  2⤵
  PID:880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6012,i,16385914076640953539,214144743209750883,262144 --variations-seed-version --mojo-platform-channel-handle=6004 /prefetch:8
  2⤵
  PID:6120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5776,i,16385914076640953539,214144743209750883,262144 --variations-seed-version --mojo-platform-channel-handle=6064 /prefetch:8
  2⤵
  PID:5832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5784,i,16385914076640953539,214144743209750883,262144 --variations-seed-version --mojo-platform-channel-handle=6112 /prefetch:8
  2⤵
  PID:5332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5792,i,16385914076640953539,214144743209750883,262144 --variations-seed-version --mojo-platform-channel-handle=6060 /prefetch:8
  2⤵
  PID:2480

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
65044109d1beb8ed8d59560642cbc519

SHA1
0084485b0aa26069232fab51ee603682e8edfd17

SHA256
a1e0b448218678b30356cbbe4092ea091435e7450822a9748361b6e8b198962d

SHA512
96dcc68fe92f98c4329a8335cfffdb0849a52562431045ccc42076bda0abf3842491303fb669246bfd04e64113688d3f90000a09571dd76ff84b52e34e45f9b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
56aa25f2f22768b816ceaa441a4d3b42

SHA1
f2d05c2dfa7cf0a23503b95ac23c7eca2fd39178

SHA256
8487fa6aab9959f03707f70e9ecfaaf298dbe506ec8c70dc12064d986870fe94

SHA512
b65395bda557a024527d684406023850a490118c667a30762e35d87c0bd10049ce2c85ec528b28c25ac7170ef59d11373012453f297fee2ca7bd9d2e13ec2488

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
ee743daf17b978bc5f7d27f7e38fb5aa

SHA1
4526da069d57fe723ad2fd9b2531abcd4690ed7a

SHA256
3bc40f1ad06f3206fa9af5d2b07f797ceecaef562500cec5c6f53cc012b4ce68

SHA512
3a6c544ef36687e7cfa228fd6eff110e7e28c325c92b201b4d0667784b960edfab6657ea9af67ae1b41338fb00f4851f5ef78dd7ea348517f109a14a458ae8ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
edd109d3c13c8766839ae71e6701a11c

SHA1
0ee5665832ef38def713263f9c1fe0d7c3c5cec7

SHA256
34b1281c8691a22b1d175c5f2e88a36b935eb44f8b11702e84a970932e7136fa

SHA512
cbcddd60802de5f5682c5e91192b57258182bd24c74922e4b88e2f29372afca40033afc3166c5158c32bdfbb0729554417abd1c62a9555a00ac1b42041ce1059

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
8b71354a9f21744dcb286ab9337f26b7

SHA1
2570868de803aa03e3e8ecbed0ddfa49213e66c0

SHA256
31298b729f6d178e094fca7686054c4127e3e9a4e00970a78e9e65d855972943

SHA512
7d2b8e785f87d0da0cde7fe2ca26a5f0e7fd6865db04654701044bf97b30f47203414631bcb459866dab1f57ba6f299f6bc2470f0117ae0f1e3e3163f75fe0f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\b65b5bc3-b3d9-482a-b570-312e38375ea4.tmp

Filesize
50KB

MD5
14cffde9e2af29e1112e6dccd18e90bf

SHA1
233d452f434f6b5ea5adc15053a68bc13edf3c38

SHA256
5fb481e24cb8c133c142423ff5a29cb50e4ed600b67ff88ce37af93699b85f21

SHA512
1563065c07303203f501479feb6843a6ee5f6263497cc1ba700ebc5d20db829c9a393f3c92624b63adac0b63a2eb24819add020843bdba403aa60ac4138d07ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
3b6d0476ebabc2bd1e6bfae81bfab5e4

SHA1
0c69eafdde5018e35aad80ce01ff096b9ecb8a28

SHA256
33f04131edbffd71a95d6876105dfd5aa3ec4235b3b2037e2e7d0214577b2b8e

SHA512
72eb53434c7eb7d5ae47d0dfc6f7f5deea6cddad06b50e46a020048e986f23f069ae354111fc57ad5fcef225e38ea8cce9a4262cc97062a67402a1872cdceb31

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads