hxxp://viruss[.]com

Resubmissions

25/03/2025, 13:38

250325-qxfctawze1 4

25/03/2025, 13:10

250325-qen71awxf1 10

Analysis

max time kernel
71s
max time network
71s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
25/03/2025, 13:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://viruss.com

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 5 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3120_769381803\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3120_769381803\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3120_769381803\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3120_769381803\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3120_769381803\manifest.fingerprint	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133873835034050575"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1062200478-553497403-3857448183-1000\{40E7FC99-F853-459C-98ED-543F5E73AFD7}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1062200478-553497403-3857448183-1000\{5441A6BA-63D7-4D51-BC52-1B48C519CB7D}	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3120 wrote to memory of 5608	3120	msedge.exe	87
PID 3120 wrote to memory of 5608	3120	msedge.exe	87
PID 3120 wrote to memory of 1600	3120	msedge.exe	88
PID 3120 wrote to memory of 1600	3120	msedge.exe	88
PID 3120 wrote to memory of 244	3120	msedge.exe	89
PID 3120 wrote to memory of 244	3120	msedge.exe	89
PID 3120 wrote to memory of 1600	3120	msedge.exe	88
PID 3120 wrote to memory of 1600	3120	msedge.exe	88
PID 3120 wrote to memory of 1600	3120	msedge.exe	88
PID 3120 wrote to memory of 1600	3120	msedge.exe	88
PID 3120 wrote to memory of 1600	3120	msedge.exe	88
PID 3120 wrote to memory of 1600	3120	msedge.exe	88
PID 3120 wrote to memory of 1600	3120	msedge.exe	88
PID 3120 wrote to memory of 1600	3120	msedge.exe	88
PID 3120 wrote to memory of 1600	3120	msedge.exe	88
PID 3120 wrote to memory of 1600	3120	msedge.exe	88
PID 3120 wrote to memory of 1600	3120	msedge.exe	88
PID 3120 wrote to memory of 1600	3120	msedge.exe	88
PID 3120 wrote to memory of 1600	3120	msedge.exe	88
PID 3120 wrote to memory of 1600	3120	msedge.exe	88
PID 3120 wrote to memory of 1600	3120	msedge.exe	88
PID 3120 wrote to memory of 1600	3120	msedge.exe	88
PID 3120 wrote to memory of 1600	3120	msedge.exe	88
PID 3120 wrote to memory of 1600	3120	msedge.exe	88
PID 3120 wrote to memory of 1600	3120	msedge.exe	88
PID 3120 wrote to memory of 1600	3120	msedge.exe	88
PID 3120 wrote to memory of 1600	3120	msedge.exe	88
PID 3120 wrote to memory of 1600	3120	msedge.exe	88
PID 3120 wrote to memory of 1600	3120	msedge.exe	88
PID 3120 wrote to memory of 1600	3120	msedge.exe	88
PID 3120 wrote to memory of 1600	3120	msedge.exe	88
PID 3120 wrote to memory of 1600	3120	msedge.exe	88
PID 3120 wrote to memory of 1600	3120	msedge.exe	88
PID 3120 wrote to memory of 1600	3120	msedge.exe	88
PID 3120 wrote to memory of 1600	3120	msedge.exe	88
PID 3120 wrote to memory of 1600	3120	msedge.exe	88
PID 3120 wrote to memory of 1600	3120	msedge.exe	88
PID 3120 wrote to memory of 1600	3120	msedge.exe	88
PID 3120 wrote to memory of 1600	3120	msedge.exe	88
PID 3120 wrote to memory of 1600	3120	msedge.exe	88
PID 3120 wrote to memory of 1600	3120	msedge.exe	88
PID 3120 wrote to memory of 1600	3120	msedge.exe	88
PID 3120 wrote to memory of 1600	3120	msedge.exe	88
PID 3120 wrote to memory of 1600	3120	msedge.exe	88
PID 3120 wrote to memory of 1600	3120	msedge.exe	88
PID 3120 wrote to memory of 1600	3120	msedge.exe	88
PID 3120 wrote to memory of 1600	3120	msedge.exe	88
PID 3120 wrote to memory of 1600	3120	msedge.exe	88
PID 3120 wrote to memory of 1600	3120	msedge.exe	88
PID 3120 wrote to memory of 1600	3120	msedge.exe	88
PID 3120 wrote to memory of 1600	3120	msedge.exe	88
PID 3120 wrote to memory of 1600	3120	msedge.exe	88
PID 3120 wrote to memory of 1600	3120	msedge.exe	88
PID 3120 wrote to memory of 1600	3120	msedge.exe	88
PID 3120 wrote to memory of 1600	3120	msedge.exe	88
PID 3120 wrote to memory of 2420	3120	msedge.exe	90
PID 3120 wrote to memory of 2420	3120	msedge.exe	90
PID 3120 wrote to memory of 2420	3120	msedge.exe	90
PID 3120 wrote to memory of 2420	3120	msedge.exe	90
PID 3120 wrote to memory of 2420	3120	msedge.exe	90
PID 3120 wrote to memory of 2420	3120	msedge.exe	90
PID 3120 wrote to memory of 2420	3120	msedge.exe	90
PID 3120 wrote to memory of 2420	3120	msedge.exe	90
PID 3120 wrote to memory of 2420	3120	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://viruss.com
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x2f4,0x7ffaf6daf208,0x7ffaf6daf214,0x7ffaf6daf220
  2⤵
  PID:5608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2220,i,4553886653200118523,18107455682653354098,262144 --variations-seed-version --mojo-platform-channel-handle=2212 /prefetch:2
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1868,i,4553886653200118523,18107455682653354098,262144 --variations-seed-version --mojo-platform-channel-handle=2352 /prefetch:3
  2⤵
  PID:244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2588,i,4553886653200118523,18107455682653354098,262144 --variations-seed-version --mojo-platform-channel-handle=2732 /prefetch:8
  2⤵
  PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3436,i,4553886653200118523,18107455682653354098,262144 --variations-seed-version --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3444,i,4553886653200118523,18107455682653354098,262144 --variations-seed-version --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4836,i,4553886653200118523,18107455682653354098,262144 --variations-seed-version --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3736,i,4553886653200118523,18107455682653354098,262144 --variations-seed-version --mojo-platform-channel-handle=3688 /prefetch:8
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3740,i,4553886653200118523,18107455682653354098,262144 --variations-seed-version --mojo-platform-channel-handle=5164 /prefetch:8
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5736,i,4553886653200118523,18107455682653354098,262144 --variations-seed-version --mojo-platform-channel-handle=5760 /prefetch:8
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5736,i,4553886653200118523,18107455682653354098,262144 --variations-seed-version --mojo-platform-channel-handle=5760 /prefetch:8
  2⤵
  PID:6112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5948,i,4553886653200118523,18107455682653354098,262144 --variations-seed-version --mojo-platform-channel-handle=5928 /prefetch:8
  2⤵
  PID:5652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=6256,i,4553886653200118523,18107455682653354098,262144 --variations-seed-version --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6360,i,4553886653200118523,18107455682653354098,262144 --variations-seed-version --mojo-platform-channel-handle=6356 /prefetch:8
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6368,i,4553886653200118523,18107455682653354098,262144 --variations-seed-version --mojo-platform-channel-handle=6388 /prefetch:8
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6236,i,4553886653200118523,18107455682653354098,262144 --variations-seed-version --mojo-platform-channel-handle=6220 /prefetch:8
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --always-read-main-dll --field-trial-handle=5232,i,4553886653200118523,18107455682653354098,262144 --variations-seed-version --mojo-platform-channel-handle=3692 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=6212,i,4553886653200118523,18107455682653354098,262144 --variations-seed-version --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=6412,i,4553886653200118523,18107455682653354098,262144 --variations-seed-version --mojo-platform-channel-handle=3540 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6564,i,4553886653200118523,18107455682653354098,262144 --variations-seed-version --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6696,i,4553886653200118523,18107455682653354098,262144 --variations-seed-version --mojo-platform-channel-handle=6684 /prefetch:8
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  PID:4748
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x260,0x7ffaf6daf208,0x7ffaf6daf214,0x7ffaf6daf220
    3⤵
    PID:2140
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1920,i,6682968150519795111,9709276429551530195,262144 --variations-seed-version --mojo-platform-channel-handle=2268 /prefetch:3
    3⤵
    PID:3508
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2240,i,6682968150519795111,9709276429551530195,262144 --variations-seed-version --mojo-platform-channel-handle=2236 /prefetch:2
    3⤵
    PID:2876
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2560,i,6682968150519795111,9709276429551530195,262144 --variations-seed-version --mojo-platform-channel-handle=2712 /prefetch:8
    3⤵
    PID:4404
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4048,i,6682968150519795111,9709276429551530195,262144 --variations-seed-version --mojo-platform-channel-handle=4072 /prefetch:8
    3⤵
    PID:936
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4048,i,6682968150519795111,9709276429551530195,262144 --variations-seed-version --mojo-platform-channel-handle=4072 /prefetch:8
    3⤵
    PID:5684
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4420,i,6682968150519795111,9709276429551530195,262144 --variations-seed-version --mojo-platform-channel-handle=4444 /prefetch:8
    3⤵
    PID:5756

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:1240

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping3120_769381803\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3120_769381803\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
690f9d619434781cadb75580a074a84d

SHA1
9c952a5597941ab800cae7262842ab6ac0b82ab1

SHA256
fc2e4954dbe6b72d5b09e1dc6360ea699437a2551355c2950da0b3d3a4779fc1

SHA512
d6b1da8e7febf926e8b6c316164efbbac22c7c3d9e4933a19fffba3d1667e1993cdeb5064aa53816c0c53f9d2c53e204772de987eb18adbb094a0fb84ae61fa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
3d22e8bce0595873e528301bd5163e15

SHA1
ce63362ccc46a22e6a8127348b99516cff221cf0

SHA256
033b88dfd9e570f133e6c4e906d032d071f2ee57526e18d863eb71806a5233f4

SHA512
f8d7e9ef353f289e8a0215061750fb04190e77ade759483230e8e5a6a9ed9f39cb6e4a13a20a13cb799fa3ac821d6dd213f6e10649151692607f7a1d2f6f6432

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
43735935810099cbd58d6275541216e1

SHA1
5cd507dc4ad644bf345cfe89db8444d27a9cafaa

SHA256
afdc4d613ce1cbeeac5cc518c9960249ce49a1c967d617cc39a04851593d42b3

SHA512
e32074718860fbadcd534bb830179479a6463d13bfdcc10053bc15e6857014046b2c88714ca423fdb845295b88bcea4c59f4be1707ab023efafcdb3cbc04a4f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
c0a9ad8732d7032d7ddf41f6258624ee

SHA1
350cdd07e32459302a89d5a4da232fdbef57be4a

SHA256
8dc08ffb9d3604153824c71482b0605fe2ad2c6d8ff23abe1c2bdd16d70703de

SHA512
e68ee2948d32f743b24986d616bb5fe20812d6726e20ad126261c672a74f3323357fc586dc91a42fc45dc3c1be7d30fc36bb64a2e2f19ee77f855fca3713bf08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
637f12e8c3c7fd6ee4af1adbbf17a9df

SHA1
90bcc5b66b6aa36b48f2425bc48b00a37a9bca56

SHA256
a72cdc4a42f897c50731f0495a0ffc071407d45cc8286df78266f9f623ad47be

SHA512
6d4f9693d9ecb469b86d96ec063f3ad2ab6826a6036f4306fa49a525c6c60ed81d192700ef788f31810dd3df5ef0e61c2d20249a3d00b0bf4844797bb8933386

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
a67f7d525f50cb4af27ec0f97287b4e1

SHA1
1acbb376c315cf377fc6df36a1a725e14a321721

SHA256
ff4ac7c509c9ab203f27243812ae2fad3479ec4bdfa820caadc24fd8a7a1b247

SHA512
b9ed5ffa0d8d2f581d3df5c8417183a01201a9e9e69b2239fede94f44a2aa5f6e2109abb634a9ab856b7c0d7fb394dbb7f72b2629563330402d71180995b39ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

Filesize
8.0MB

MD5
387329290d8c1f5af352a7223d563ffc

SHA1
e3971d579914ec1508327c3ce81969c97ed863b7

SHA256
d699402319e2b2ce367e4c327369b5e59d4e486f904d44d400cdfaa6a16f538a

SHA512
f184f97ed2de197aee5ab6bbf18a664f418e4476261940d9e90b8aada99b73548c508c37cf1995abe91803b536c2b3eb67bbd4ab8da986d64bddbc233ca092bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000060

Filesize
50KB

MD5
17db5fdc1b0f6b4122093ff0a2b68551

SHA1
c12693e388704eb3bcbcfa364156f635a14db55a

SHA256
a8c60e5daedb0223f9dc332486bbb275d891d59d9e400451264c0ec76b927f04

SHA512
e85adf79b2c54cbc8ae01b376212f3c433398d7956cc64368fbe0cc8696cae1aae10ccdf525b8b276c069e83b0f03ae66944d16cefb535437f72d233362f91b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000061

Filesize
38KB

MD5
0cf8ca28f25a4cbbcd20c1f9c3d1a6db

SHA1
b6a43d00b699b41a18d1c7f824f492df3bcb29ef

SHA256
4927f267b3c9115a8deda91f63014a864d355657910a78cfa5a7173616b7a1f2

SHA512
67b3dc88a81f35e8470791cb72191a52a043dfbd085e5a42e152637e1327c5d4af601ae5fdcaa2293007b0c1d9d2c2686aa00fc16f395f968563b030992bc5d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000062

Filesize
335KB

MD5
1d948e4e23d379fde2089af8e9daf2dd

SHA1
c67ec1eee30b1c36b68fdf7235598582e0f2c109

SHA256
2c8aef136350302378e56026aaf8daada33eff4fa56d8c2245b7ffc7307d84d9

SHA512
582d0b22db1f0b2e6d3561986aed3087d3db97b856ed09b41430ae809786b35673219534f12a01e19407fd9c302bdfbc4bb8c19190c235734434a9a92ce6f7f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000063

Filesize
19KB

MD5
5e5ae2374ea57ea153558afd1c2c1372

SHA1
c1bef73c5b67c8866a607e3b8912ffa532d85ccc

SHA256
1ef458d087e95119808d5e5fecbc9604d7805ea4da98170e2c995e967da308f3

SHA512
46059e4a334e0a5295ebcef8401eb94b8fa0971b200f0f9e788ed61edae5018c917efd30b01631cbd6bdadc5240c9fcad2966ea0aa9c94b538bcc369e10bbbaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000064

Filesize
80KB

MD5
91ca7a74580025a9da95e5db6c70d447

SHA1
e12984de1aa9af9027a8cac3927bbe2f2f13ec51

SHA256
10a6cf2c32d35581016611f66e5ae39c4144431c66ec7ad1d479f861aab12eb9

SHA512
a2a02613f64ced3435c33d5196e494d78fd447e800c163f2cf953b4e609a6cb64f4b02318b0add0131113c2f53e43f647e3d85c8f37b353583f649e2668bda6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000065

Filesize
32KB

MD5
d10b82493180c64769e9f96c45a4f3e8

SHA1
7b5a642e82d4eaf82e879487d635fbb1e1cb52a8

SHA256
384a9d41fd93cce51b6b5015a6a95200c99055e1a7c1661bc8f693e91d0430ae

SHA512
e1e0031ab4102776fdcf752949edc65f70d5c8cb16109f036097fb8c6a3e127b3c17ed1359dca3d3b565d7130647c9a0d32a5be6d9162ca4ace7fb14024dfd23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000066

Filesize
25KB

MD5
cbb33d96cddeb12400fad9b476c160f2

SHA1
e83a11a18e94006a906f377420f12522cd302858

SHA256
9e592861bb5e2142cf5cbc539e7b6ee43d35ffae885e330c4c42bdd6f625f260

SHA512
cb173521a1c6c00d87029d4cdddda0d01e87d96a2d2e5d381dc5bc3be765156d89a9287fc40f82c1b582e2c5afdea5c39ad01e1a3b81c1b7425f6aecfd331aae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000067

Filesize
105KB

MD5
ebfeb45004ddba9aac9e5478a0b0a11c

SHA1
cd38a55a4beea5e42ff1485098a94e37397a35ec

SHA256
30b9c92a2b257c09bf845be1a446f6f54a63af6c837905257bed9400d667fdd1

SHA512
215fd94730cb0bae70d2599ae253f433ea616556aa8bcbd223d898ef3a59b026e0babc7ffb62f1e03381b672ab80a9f6eb3f70466d7e85df9fa6527aef68347e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000068

Filesize
50KB

MD5
e955dea7a1694e447308d0690df8e19d

SHA1
c878a60cf522b98bda9343cdeab05ba5b62d307b

SHA256
422490721e93c469dcf7b41953c6dbb5a2c3f821967a5ff993961511cab3a33a

SHA512
64ad3b5960cdaf9ed2987b95634ece35907aadc4407aa5a25971f720e1737e18d94e53cccd68381c2a7666858a5acd84566b9ebd70957a011e4b268149c6f635

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000069

Filesize
18KB

MD5
51dded7fbbfed59d4f418747aa378bd9

SHA1
f98e74ebdd83632441b5a6c887263ee3a99b2cd2

SHA256
34066d0abfa848fa5e65d85ba793c3a2add2837f79b1814fc150c27718c9d55d

SHA512
c53aa0b113f5a771990a64126287a9ed6e042b65eb808445fd3bda7ee7cb4f0234f99452049be832cb1fa3f2d7ec8aab431516a2168acfdf67eb9abc39603498

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006a

Filesize
100KB

MD5
ff3f79fc43d0bcfd04d8cac73f56d8c7

SHA1
0854a53b94336710dc505a459c66dae72a73d6c7

SHA256
07d6825e414a3a09444251ae7def1c796ed2fcefe9e1c0838adab86270d346fa

SHA512
0b96340ff74f2bf274e1e25a5e1f8045595c8687266ede0007c9286e9c85b8b1ddd2b81a17dbdf3d73f0db5ab006fe09124c190058e1e640a3fe4c6b2f2f6cc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006b

Filesize
27KB

MD5
2a786f3da74ee20acc129e4d34d33df1

SHA1
ac0c885de79a9dfa3e973862b8ff657b520a0bbb

SHA256
8c1c3876f016d83fb7d82a8db203d46e1a81e57be8537f6aa21f09e0acec18af

SHA512
ec989bebbbc21541d79acbe21cae93e915695104f6e4c28f38a1747a393c096615795819c1e0c05772bf714441465a72a9d65ad7c9f4406b21c34b6d961e33ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006c

Filesize
29KB

MD5
c0218bd6e5bbffd431fb60c2c55b45e8

SHA1
6ae0f181f049129cbe0d32e37d57fb14bcbb492b

SHA256
051f96c422da087b83e814e9eb6c1925bb9311a64713a85bb7be1594a3cdeff3

SHA512
1a3e263d2a5a31c3003fa8728ef8116c207d2ba97e56692aa88868aed57073b52db8af85afd52edfa910437d6aa4304789c6e4841cb530fb4ffeaa96c35139e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006d

Filesize
41KB

MD5
0d805ec525a4e4655559b85ae3599544

SHA1
1ed5f2b93a17ec1c18555dc47a1d22ac1adb17bc

SHA256
bb41f372b00b20d61ffa76b819044f8a695e9272347bf0bb446be3539c3c62f3

SHA512
b90b2f5559a0363432e3c41fbc573a4afbc533c576711516608c2b6b980c8fb80115780254eb7e29e6192f3962977ca26c20653915c8ad46dd227461ed876040

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006e

Filesize
80KB

MD5
3e75e43f878c5af7ae2cd854c9f9b1a6

SHA1
a4ac798b143b9d43214ddaeae53e935e157f509f

SHA256
cc3a1383913cb2bb845065ef7acfed2f4b36206fce09d21a5f20cf7f8c4f38b2

SHA512
e4c5b1e6036f0eaa8d1a032f1a4cac5d2dce0ccf4a5be15728380b29e786d3b6db0f9dbc92f509fbd4c93d8be353f2b024605e5df1534aebb82bdc489342c313

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006f

Filesize
16KB

MD5
3df0282c05306b9aff8383bafc67b011

SHA1
f42b732b01d20be34cde1098bc98d499f14f8490

SHA256
58e2392bef0d4c94fb1cd9531fbd0c35a852f2b55815a4ba521efc5c1af53e1b

SHA512
6e5642ba946c4a3289be4a4a1fd538986fbfefd7cc1b405b03b1e23b1c4d09cd10c0b953d35a7c3605aa0b0d88f48a2d4346b2005bca641c4ea79141577e5618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000070

Filesize
26KB

MD5
2060b8ce7629c602522c6cac35c35226

SHA1
d41ca67938b602c6aa55c73b61a83465a40f8d0b

SHA256
6a1161c871a34f88b7e3d8ba75e8dc894006ec87637a51d955b91349d5ba3326

SHA512
adb61f0ee68de6836f8c0e6e8f3bb6c18a0ef52fd95bc5069b5cd27d84701f06c11f3dca2e585f213277dc27f04509f0e3474966784a8018c65e6af2763eb402

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000071

Filesize
44KB

MD5
177abf8e99dc241d8cb5607cf1fcceeb

SHA1
71c2cab8ddeac2c2769a6c6fd172261ebab6b903

SHA256
f8f96f7bf5d5f384295bc3acdc564ea996e87d12c949d77861109a6df1953ea4

SHA512
d921af5e772db090f1aafb5be73f30b9731080fbd4b799a61f20482697666c7ffd235f7e7cf08cc5c2d28c904a3c14f85e47587d9b1dd8a1e3da21e06216c667

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000072

Filesize
43KB

MD5
031e376fe08139cb4764fdd7a8d20123

SHA1
b45cf403a0b0f81ac0de7347946f109e99b214dc

SHA256
fa3666bb3239e5692c3588bc01953997141b633828b12b13293d5ad8e794f29f

SHA512
048d4819eeb905ec876f8a7f8073462010f7bd1184a0c78ca1bd5511f1ce4c6b06e6d9d5da787d4e608d2704fbb5b896dac22f636edb7cf1c88d037568d6dd3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000074

Filesize
41KB

MD5
01c2560dc9464c3491a888a558a51600

SHA1
d9a30cc6a9ab3d5bbebcb39874a7dc4f5bc13cff

SHA256
083ad91421a4eae476a971ac9b1e0d5d61d98284f4c8851c8a5c51edfdbdc33f

SHA512
1c42295556a5b9acea2cba0b08cf34e830ecb2c9fbfa925a1f8c9198c44710abd1cce29da12e6e2cfcbd10f88889f60606c20f9335aa235a5331a07c74a5fede

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000075

Filesize
215KB

MD5
e8518e1e0da2abd8a5d7f28760858c87

SHA1
d29d89b8a11ed64e67cbf726e2207f58bc87eead

SHA256
8b2c561b597399246b97f4f8d602f0354a979cbe4eea435d9dc65539f49cea64

SHA512
1c15b65bd6b998254cc6f3cbef179c266663f7b1c842229f79ff31ba30043837c398d85296fb20d3a576d9331fee9483ca0cbd06270da2d6db009bc454aee0c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000076

Filesize
87KB

MD5
1150e88d715a67d66278f931064d76ed

SHA1
700a7f7a9d51855bb355e28502d8598ee6f0af12

SHA256
4551db73eb5014e2b4af161a588b074789b066b18fe64316a93486cfd961b5be

SHA512
a9073e08dfdf2719f4c63de4ab7006771f0abc23830af71d7ea78c91355341bb73b57808e365fe26ceecfdf9c817f9cbf1e6d611765fe69db280efb5e74d2bf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
98875548317438640c2196ab9fa466b4

SHA1
8e1b27dad816fc4731ea7a00335f677d560f6db0

SHA256
e6de90fa2e1bf188671ac41ca6c67810ed07bc0086c0704cc953d1f4059cc11e

SHA512
4e1b44a7f08100a91d83574b05711698ce5a8e78107044ef29060143116254657757b3cc7b60dece088e19d1e2d21889856ec47ad38b7953ed20090ce4808f51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
cab43fd695a3848927faddb83923fbc5

SHA1
9522b34f05f13bb9d7567af7f61a8ddf96835d98

SHA256
7e66fbb207a44bf7a327cef7cb42562805ed5c4f275536ce573f95f557579d6a

SHA512
e3ed44dcba7a899a9a893cb80bc3283252b9ee574cff0c1f074650248660b617140d6815ce88d68430b0b0080438c86714cca5f8593f7f19a864927eb1018912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe581ff7.TMP

Filesize
3KB

MD5
2194930fc49eae5eaf920913f2f3d742

SHA1
2c4b9c44e15d5556e951a1d3f8fdc06333ad259c

SHA256
7e1ddd32b57cded790c9adc2486014a47bb9b33acaefd3ebd89f6522249484eb

SHA512
93b0cdcc9fd0de65fc6fb2d3641f7b95577142960ac912c5f741a21c2020a1edbb4e8cb62466c2dfed4f2b8633e0b66330429ba2773e91250d9434178ac8461c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
24KB

MD5
0d6d2bd7be780b1365f8cfe198e59da1

SHA1
68db6c815ca95eb3174eb49280491ec02b4bc27f

SHA256
d9c403eb97a9fd7b03802a605b4ca9b9cd461eecb9545d50c625980e13ff8de1

SHA512
bcecb48cdd7dd5ae577d31b82b05ccebd5c0c74e7dd4b94e585c5dc970cfee9c647b936d12aecd1e6d960e1a71298d58da8b6e9ed5e76fca903423690ea93474

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
192KB

MD5
98ca09e19b816154891eb942b616fbf7

SHA1
b1317ae2b956bb0714aa52adff50a8baead507c3

SHA256
4ad29e8a3f3afc0a131a1b9010a3a4fb0b30312f648aa1e0893397af390341d9

SHA512
6ea70fe65994fdedcb04d056c2e0bd935ba1150794cf355e1d6474a7045ae738c6033111bbe89d281fcd67acfd37da70bfd119d94a67192cfb861e9ff579708d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

Filesize
28KB

MD5
9842d8b28d144344fe5d1bd7db05d568

SHA1
0b0463c513820fd4cc7a098818ab6aa033f87f26

SHA256
5a66095758a2384269e4908b440fbbe7c88418b5c90e035a785980c4fe1c494a

SHA512
6dfa14fde63b27ce3dda98aabcef5516eb6ecd14a61122fa63fc58529344d7a921f33e271032ff08146a9994cac8b0fe58981675b546f099beda9a78b51774b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
b4aed1279d1a6042bcf1cb08701d6e83

SHA1
6fc343232b2a63c429431c0a5a5b4073a8e27ec4

SHA256
7447f4aab6d5296379429d936c185ee1ac36ffa8363307421cbee5b84010e2bb

SHA512
1468a46407aa83ae318fc35026f4b5612305548ebdb3e0e72f106ccb43b928302ed9b31a61dfc77428d137c8e9cab9d08016050569a3435c3e7f66716aa0b531

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\b4bd84cf-0e8b-44c9-9f14-27ae97b62e0c.tmp

Filesize
1KB

MD5
492f8f09eba002834bed3e35a6b90e2d

SHA1
713c3a4bb55f061f10c788d664f3b47f02453ccc

SHA256
ad5d4532b5d98e76902cad8761785f36f55627cf97f1820774608e6a2f340d02

SHA512
818c0b90e76fbc6894aa649c7b7c2f30652227d4f5892e0e88fbb03b4667197f99bc32dd166de2124f395caf2609cfc41e9c90cf3dd6caf827c9119dde4e8b27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
5425e1aa294ab90045ac40fcf130dc78

SHA1
fba65297bd909e362613416f34f0319e980f6def

SHA256
cd638d334b0a43b27ad14b1025ee02eaab8e79b47c215a927c3a3c9b46edd359

SHA512
b9baf1933fd827fbed4db04d698c1edc326bd50a5242583f883727e9a0237a6736b0ffe4d980fa450f8b7ea93477111614f23c4eca1269b0718e50aa82ae48bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
b24e78358a9710d76e12d6be7aa526b8

SHA1
e1d3486a196ae9f6c8ce83441da1bfe875254aaa

SHA256
33ebc7fbb7a6a9f42450ad7805a655c47c6fbe99ef5b42d11241dc37439c58f0

SHA512
0a84f90efb5004dba36f5fbfcc1d55decc7097b8ee54151e5fde4d168dbc22d54eebce81a1f59f20d329942dee459f43e2f96511464be941717b26ca2252c0ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
e174bd610c9667b0438220850f7c8be9

SHA1
839e52da3d9f75e76677845b6ecde707fb277470

SHA256
02f75971e028d8e7d8910e9206c0a0d75e3e6d4c8d0640815594338714677e2c

SHA512
837d218061dfc49db209bdb83c180ec5b7eeb76edbe25845ba59f635f59f69a2a316fbce9a564eb551d7dfc41812d981dc7689598745e451e62c268e5e7dc577

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
338B

MD5
de84380856422d321a4130b5bf64612d

SHA1
2ff38691a55016d1737572fcc49f67952b896862

SHA256
e933ddc515a3ed7f434a49b1fda75a783d544eefbc04cded55dcc8a70f9865b3

SHA512
30b61f9a705592dbc36aaf0f897e52b38b3692d83cd4d7db306e16dedcc2ffb92dba73a28fff9cd77f88700f356fd6d49d686246c723532502ca24b4d33546d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
172B

MD5
fbb671ef5bbb502780ffa1834a47389e

SHA1
57e3020fbea5fe9a97de1d33f1cc42fb5cbac72a

SHA256
6fecbfab76231d5a69fb210b1fe620b78ecf0f882ece2b2b80618e078c12f779

SHA512
6410439320222a69ee30614629b9b9035a81e9071e6cbaf22e28df2f1f0370b02358231d97b9895270def1d3de7d45949fd172cbe2864a228c20d8b03efb3adb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
7719b8196dafde51881ca105bed1abc7

SHA1
2e2ce878539b8a3ff606b0d9372170af7d0b3619

SHA256
8a5a758d05548483d7786d4ce7fcb81dbccf143f8b8ecc779a817102cb8a0520

SHA512
60c54cb732d5aa0ee2d85a74fa55e3366429e227bd3fab1724ae6fccad0ae6dbe74fda84da9377f7aac6664fda19987128596fcb377c7cba4ce9a19e55f9dd72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
4f3369bf4242e53caa3997f161de1502

SHA1
922363eeb096514af25259c32c6e75f3bc94dc5c

SHA256
a0402a8204ec9738527004a96e7f94d3af45c29bd2eee2a2cc2f4f72af4c4657

SHA512
9053e6b56762cb33165f71c283151ed739ba34df945500e6af2e89918c8ad457303fe9929e6a14b305285d55a11481bd141d214ebb76b0fab7d5e7c4b691c979

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
d25de499e9d6a49a68381a4c1d0541c0

SHA1
b803c0627efd5c97ad0cc3afb0f27e303922bac5

SHA256
9b4cb57e557e6a9203f735663d7f66a56412c39ee43ef322f139e1dab7dc9af6

SHA512
21c75d5647bf77ecd281fb40b90f939db44d56ada2d96c0036bcdb1499d809c6bccff5629c39febc3bf4b0242b947ee1f47af32122aebd4e3f9980818cfb670f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
d972333f8ba6e40434f992f32f239d64

SHA1
858e30baa3ca121d7f71f28b9165d0bde974ec3b

SHA256
32d32d69bed2d76a40e3bcb15cbf4508fd55c80542116f2d5583ac2b3e8a86e9

SHA512
7375ee58a01f0ffbb3a5a1fa267bb8dc314761f457107f62b8c2f5fa237c6dca24eaed684c96d9b7240b5fefccbcb0f230bc42579ce41cda83b22527d8b5e258

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
904B

MD5
42fdeaa089151659ce915f1a11368fb1

SHA1
2a91946849411b9a68d2d0f347e20563bd542077

SHA256
28aea98c9359216e83f8c9491067e59a4af7a9e9b642d5059098776f58c2e61d

SHA512
0b32fc45bde529e96372c1040f61897ce3428d25185a2fcdbf0a3482a3cb7cc48378bf933e4673c1bf29c79eda701b7ace26c075244c81fafb21c431b749fd44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
40d9d42f67dcec5f83b8a5f285db1ba0

SHA1
c5ad67c55bc50cb5996a32dfe8cf28545e035dc4

SHA256
d2b6be0eae973a586edacdee039f4de433ad1d3fb7544c2ac5518edd5672a10a

SHA512
a98ba7b37ef26ed25d13ddb91230a1fef931d1f94643e5f61320d31dbfc6ec6beed8e5710c9cb6185333a28c38712b5dc018ef3478cbc9c2bc94a701e0b57c82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
469B

MD5
d9e817794033eaeec4641f61ba687fd5

SHA1
7f160f3a3c303f7539f4cdb2e5e90690f357683a

SHA256
9b476a6564fd75c8dc6023af05ee2ef4c15e5b95eba750d1a1002b2ec976792e

SHA512
34d3ed31c9df909e87a80b2734b0e7682297ca19e33232ba9ce13aecfb2a53776bc83075c235caf169bade1d6a548fc811be0f825ab9203df7c830b15c0e8e2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
6784dc9721ee51afad4524e4e66aeb17

SHA1
d0cfa79e75f424fafe7f6d58e6c16ff2eb90bfe6

SHA256
346874b1b5c53a666cd244fdf2222427bd28f142ecafea983772e5a6e103df0b

SHA512
b9b8e6e7b380aca6283acbe74ba867bbf91948d986e30fe1e23610ba66af791674c6efbf96e3d035b511d3c40e1eceb040d434f4c6b8b1311d922d3ee019cddf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
13B

MD5
3e45022839c8def44fd96e24f29a9f4b

SHA1
c798352b5a0860f8edfd5c1589cf6e5842c5c226

SHA256
01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd

SHA512
2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
fc2d816a37becdad467e8a94b89e7db6

SHA1
387bf917ff38184b6ce3d313f41f910ecb7a171c

SHA256
6ec6fd27011f55f5d92893176e72cde6d8d0192e3f55284d9a3217fbb5af5d16

SHA512
4e8f3e34faa5d5ba73f1b7dd5bac0fc2dfb27bd498a343a40376bdd9263cc7324b38a979b2ca84880d829ae9c7668b76d5671eb4fb98311eca559909878743cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
b11c2e859fd751a5aefe1bace09292aa

SHA1
f5e3015803b129a476e746eb1f00bfa1ef8aec43

SHA256
2bfa602c7abc00ae4ee24a2e96e178fbdf9973d801a47049da817646308f4559

SHA512
c02fe08862cf6ffc177d9cd7bf4d266465d019d087c4b00d6b2fb1ea1f7b1db81e4f7d61ddaa69901e86e06e6048f7f16343c4717074ef78e9cda3ffed934c03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
9606ffff805eaff04f2300ee28b1821c

SHA1
e7d9f77ad8bae49a6e73350772e0737d00bd7406

SHA256
cb66432eec4e5f476e78aedd116ecbaec30f173b9ab4554ff14da8f285a77b03

SHA512
9ba4c5fef4ea9ab665d247b02615f4c7eef3ee14565678773d2680026184559771c4d615c31b0024f168997c08b6fc908df9217aa5e30627fb3557b5656a9627

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
88eef088b43551923b352f5ac6f09e06

SHA1
d37077a6d9994c7515b2bb08b5084126576c9570

SHA256
39d0dfdc8a928a60e6bd9ee1d62f5226eed2da47375f766b3d76fae2356711c4

SHA512
752ed36535f6b9d50a505258ef45acf46154ecc405737db853e6b48307618a5ae32e5396c47ef7743e81759a652f971c1830f539f90d11d7c8d4edb113a7be25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
0e952d0c07e700d2135661d850d32ba7

SHA1
7b1007a3ee4ff247e9db1ae9f0db8ceee86548cb

SHA256
533a59bb4bafbf10bb2387aea8975ecf1121d82e624dcf66c89cebe7e8fc5cd8

SHA512
8d6b560894c3bb41bb337432b1901855e63fe5095b180309af3105234451f69c6af685984ece4fe24820adcc2bb14596ab5f75f602df30c039dd927aa8fcfb5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe58394b.TMP

Filesize
392B

MD5
6ccaa5deb2d9f98d840a7089f30069e7

SHA1
270df822cf56bb950089420a99bc79800a10fc27

SHA256
342faa420d69cdb81edf75349c53e8c000087af5ce6f9ef3f8f7e4f36b894f37

SHA512
0078f3dcdeb006d7e4b6b1410b0c0cca9fe292cfde9a7a43882bdb0a4b8c303587b16d761460e0d07ef1376c23cb6820f337b02e01854eb0609de01bb4c521ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

Filesize
264KB

MD5
2bb16b166b1f576b2018fc544a6a3a3f

SHA1
2d4c31364a3a91a6c70f67bd01a2ac0c03ab3dc0

SHA256
abaac9f1caa8d56c1be809d35cf27a73ac342fcc0bac2622276d135518a3571b

SHA512
59c8e0369d1c616e41d658241435fe1138108c54da93b23d3a31b9399bfacc32b10bcccbb03a7d56189365b307910b10e8a98569794ee9c7f4b164960865c1e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
0389504cd23aa1d0259bcfcaf4c77756

SHA1
7e85c66e0c5caf6628c007098d7d1111e2637559

SHA256
42fc952d4a9e0cb9cc73f03d340821e6be71b45850ec6ef9b28a82fcfc0603c3

SHA512
2d253590e4892077736b2db8b9ebd97791782de824a7591722ef1d8e932dc4e05aeeb0516dbf7b27b2140523da00299879ae8c9fe820e89f6cdc9d576af2b967

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads