hxxps://culturalintelligence[.]acemlnc[.]com/lt[.]php?x=41ZizHR2YPmJDKJ_zt~NgOae~aFRkATywucvkXc6JISh5XCv-d1KUxXcCOBfyAQs_xIgY[.]MBXeGa

Analysis

max time kernel
23s
max time network
20s
platform
windows10-ltsc_2021_x64
resource
win10ltsc2021-20250314-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250314-enlocale:en-usos:windows10-ltsc_2021-x64system
submitted
28/03/2025, 10:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://culturalintelligence.acemlnc.com/lt.php?x=41ZizHR2YPmJDKJ_zt~NgOae~aFRkATywucvkXc6JISh5XCv-d1KUxXcCOBfyAQs_xIgY.MBXeGa

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\_locales\iw\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\_locales\ru\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\_locales\id\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\_metadata\verified_contents.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\_locales\te\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\_locales\km\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\_locales\af\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\_locales\is\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\128.png	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\_locales\hr\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\_locales\zh_HK\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\_locales\be\messages.json	msedge.exe
File opened for modification	C:\Windows\SystemTemp	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\_locales\bg\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\_locales\et\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\_locales\gl\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\_locales\hy\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\_locales\es_419\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\_locales\lv\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\_locales\da\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\_locales\az\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\_locales\bn\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\_locales\sr\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\_locales\am\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\_locales\mn\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\_locales\it\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\_locales\vi\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\_locales\en_CA\messages.json	msedge.exe
File opened for modification	C:\Windows\SystemTemp	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\_locales\nl\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\_locales\zh_CN\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\_locales\si\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\msedge_url_fetcher_4584_1210019313\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_90_1_0.crx	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\_locales\ml\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\_locales\kk\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\_locales\hu\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\_locales\tr\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\_locales\en_US\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\service_worker_bin_prod.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\_locales\pt_PT\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\_locales\ja\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\_locales\pl\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\_locales\de\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\_locales\hi\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\_locales\pa\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\page_embed_script.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\offscreendocument.html	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\_locales\ka\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\_locales\cs\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\_locales\my\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\_locales\kn\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\_locales\sw\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\_locales\ur\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\_locales\ca\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\_locales\en\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\_locales\sl\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\_locales\zu\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\_locales\zh_TW\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\_locales\uk\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\_locales\eu\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\_locales\lt\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\_locales\fil\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4584_252629770\_locales\fa\messages.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133876332037023039"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1498259476-758239146-3116387113-1000\{31FDA975-3C8C-4F43-93AE-8B8871AE4E53}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1498259476-758239146-3116387113-1000\{FA5D27EE-57D4-426E-83EE-4A3EA2BCA144}	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4584 wrote to memory of 2248	4584	msedge.exe	83
PID 4584 wrote to memory of 2248	4584	msedge.exe	83
PID 4584 wrote to memory of 3888	4584	msedge.exe	84
PID 4584 wrote to memory of 3888	4584	msedge.exe	84
PID 4584 wrote to memory of 1452	4584	msedge.exe	85
PID 4584 wrote to memory of 1452	4584	msedge.exe	85
PID 4584 wrote to memory of 1452	4584	msedge.exe	85
PID 4584 wrote to memory of 1452	4584	msedge.exe	85
PID 4584 wrote to memory of 1452	4584	msedge.exe	85
PID 4584 wrote to memory of 1452	4584	msedge.exe	85
PID 4584 wrote to memory of 1452	4584	msedge.exe	85
PID 4584 wrote to memory of 1452	4584	msedge.exe	85
PID 4584 wrote to memory of 1452	4584	msedge.exe	85
PID 4584 wrote to memory of 1452	4584	msedge.exe	85
PID 4584 wrote to memory of 1452	4584	msedge.exe	85
PID 4584 wrote to memory of 1452	4584	msedge.exe	85
PID 4584 wrote to memory of 1452	4584	msedge.exe	85
PID 4584 wrote to memory of 1452	4584	msedge.exe	85
PID 4584 wrote to memory of 1452	4584	msedge.exe	85
PID 4584 wrote to memory of 1452	4584	msedge.exe	85
PID 4584 wrote to memory of 1452	4584	msedge.exe	85
PID 4584 wrote to memory of 1452	4584	msedge.exe	85
PID 4584 wrote to memory of 1452	4584	msedge.exe	85
PID 4584 wrote to memory of 1452	4584	msedge.exe	85
PID 4584 wrote to memory of 1452	4584	msedge.exe	85
PID 4584 wrote to memory of 1452	4584	msedge.exe	85
PID 4584 wrote to memory of 1452	4584	msedge.exe	85
PID 4584 wrote to memory of 1452	4584	msedge.exe	85
PID 4584 wrote to memory of 1452	4584	msedge.exe	85
PID 4584 wrote to memory of 1452	4584	msedge.exe	85
PID 4584 wrote to memory of 1452	4584	msedge.exe	85
PID 4584 wrote to memory of 1452	4584	msedge.exe	85
PID 4584 wrote to memory of 1452	4584	msedge.exe	85
PID 4584 wrote to memory of 1452	4584	msedge.exe	85
PID 4584 wrote to memory of 1452	4584	msedge.exe	85
PID 4584 wrote to memory of 1452	4584	msedge.exe	85
PID 4584 wrote to memory of 1452	4584	msedge.exe	85
PID 4584 wrote to memory of 1452	4584	msedge.exe	85
PID 4584 wrote to memory of 1452	4584	msedge.exe	85
PID 4584 wrote to memory of 1452	4584	msedge.exe	85
PID 4584 wrote to memory of 1452	4584	msedge.exe	85
PID 4584 wrote to memory of 1452	4584	msedge.exe	85
PID 4584 wrote to memory of 1452	4584	msedge.exe	85
PID 4584 wrote to memory of 1452	4584	msedge.exe	85
PID 4584 wrote to memory of 1452	4584	msedge.exe	85
PID 4584 wrote to memory of 1452	4584	msedge.exe	85
PID 4584 wrote to memory of 1452	4584	msedge.exe	85
PID 4584 wrote to memory of 1452	4584	msedge.exe	85
PID 4584 wrote to memory of 1452	4584	msedge.exe	85
PID 4584 wrote to memory of 1452	4584	msedge.exe	85
PID 4584 wrote to memory of 1452	4584	msedge.exe	85
PID 4584 wrote to memory of 1452	4584	msedge.exe	85
PID 4584 wrote to memory of 1452	4584	msedge.exe	85
PID 4584 wrote to memory of 1452	4584	msedge.exe	85
PID 4584 wrote to memory of 1452	4584	msedge.exe	85
PID 4584 wrote to memory of 1444	4584	msedge.exe	86
PID 4584 wrote to memory of 1444	4584	msedge.exe	86
PID 4584 wrote to memory of 1444	4584	msedge.exe	86
PID 4584 wrote to memory of 1444	4584	msedge.exe	86
PID 4584 wrote to memory of 1444	4584	msedge.exe	86
PID 4584 wrote to memory of 1444	4584	msedge.exe	86
PID 4584 wrote to memory of 1444	4584	msedge.exe	86
PID 4584 wrote to memory of 1444	4584	msedge.exe	86
PID 4584 wrote to memory of 1444	4584	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://culturalintelligence.acemlnc.com/lt.php?x=41ZizHR2YPmJDKJ_zt~NgOae~aFRkATywucvkXc6JISh5XCv-d1KUxXcCOBfyAQs_xIgY.MBXeGa
1⤵
- Drops file in Windows directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x264,0x268,0x26c,0x260,0x30c,0x7ff92629f208,0x7ff92629f214,0x7ff92629f220
  2⤵
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=2000,i,6606699435158053335,8434804202948644691,262144 --variations-seed-version --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2268,i,6606699435158053335,8434804202948644691,262144 --variations-seed-version --mojo-platform-channel-handle=2264 /prefetch:2
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2488,i,6606699435158053335,8434804202948644691,262144 --variations-seed-version --mojo-platform-channel-handle=2604 /prefetch:8
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3436,i,6606699435158053335,8434804202948644691,262144 --variations-seed-version --mojo-platform-channel-handle=3496 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3444,i,6606699435158053335,8434804202948644691,262144 --variations-seed-version --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=5060,i,6606699435158053335,8434804202948644691,262144 --variations-seed-version --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3408,i,6606699435158053335,8434804202948644691,262144 --variations-seed-version --mojo-platform-channel-handle=3700 /prefetch:8
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5196,i,6606699435158053335,8434804202948644691,262144 --variations-seed-version --mojo-platform-channel-handle=3720 /prefetch:8
  2⤵
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5492,i,6606699435158053335,8434804202948644691,262144 --variations-seed-version --mojo-platform-channel-handle=5524 /prefetch:8
  2⤵
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5796,i,6606699435158053335,8434804202948644691,262144 --variations-seed-version --mojo-platform-channel-handle=5708 /prefetch:8
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5796,i,6606699435158053335,8434804202948644691,262144 --variations-seed-version --mojo-platform-channel-handle=5708 /prefetch:8
  2⤵
  PID:712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6036,i,6606699435158053335,8434804202948644691,262144 --variations-seed-version --mojo-platform-channel-handle=6084 /prefetch:8
  2⤵
  PID:1348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5596,i,6606699435158053335,8434804202948644691,262144 --variations-seed-version --mojo-platform-channel-handle=6096 /prefetch:8
  2⤵
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
  2⤵
  - Drops file in Windows directory
  - Checks processor information in registry
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  PID:6124
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x264,0x268,0x26c,0x260,0x278,0x7ff92629f208,0x7ff92629f214,0x7ff92629f220
    3⤵
    PID:5452
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2244,i,1256336057814016809,15542675199824974180,262144 --variations-seed-version --mojo-platform-channel-handle=2240 /prefetch:2
    3⤵
    PID:4104
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1796,i,1256336057814016809,15542675199824974180,262144 --variations-seed-version --mojo-platform-channel-handle=2280 /prefetch:3
    3⤵
    PID:3772
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2600,i,1256336057814016809,15542675199824974180,262144 --variations-seed-version --mojo-platform-channel-handle=2620 /prefetch:8
    3⤵
    PID:2896
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4484,i,1256336057814016809,15542675199824974180,262144 --variations-seed-version --mojo-platform-channel-handle=4480 /prefetch:8
    3⤵
    PID:5864
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4360,i,1256336057814016809,15542675199824974180,262144 --variations-seed-version --mojo-platform-channel-handle=4512 /prefetch:8
    3⤵
    PID:3076
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4360,i,1256336057814016809,15542675199824974180,262144 --variations-seed-version --mojo-platform-channel-handle=4512 /prefetch:8
    3⤵
    PID:1248

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4224

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:5332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:716

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4604

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics-active.pma

Filesize
16KB

MD5
3406d3b708dcef0116bffd8eaa181ad4

SHA1
3df64b48bff2b9d4160d900e91a7670046a24340

SHA256
fde3b41a5711362d7f3df7d71563d5eb6cc679bae7f80f74afcdf81dbc09eafd

SHA512
d22d05c221bd19bc3b07e9a5ed722fbf8fbf75d695302fe8ec441d6d1e653bd63b3751a9608b344cc859feb79c5869aaeedd08bf846dc01a522b3a0dbb1637d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
6c3ba40e438b794a4630cfac27b4855f

SHA1
255cbd9d9013024a359b4ac1187fd0f39b89f46e

SHA256
44150c3a8ecd45408e7bb17ad9cd38d3191e8ffebfb8e09f9c41b8f59620a5b2

SHA512
344ad251942b3e6d2844145607029bfd2439cf5518fbc6e0e82fa6bec9f5ff391ecf38025dcddc8158591bd433b767126b2c7d520b7a97389f31aaff63f3188d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
f41bedbdd4d1fa72419428d5c51290ea

SHA1
300bac08bc18eab039fe2a14383d9bc047198682

SHA256
bc5513b046eea210605162bacc4ef2e8d053f528286fbe680c8a84dee21f2671

SHA512
4e189cb1aa87cb4dca13af3233a728aa810b81913f4545ea8a2d25808d93fe60a1e9ea52410cb72dbcc83dcec03a3fdb3967ece093d0c4e1f175be002b6bb2b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
ecd7bfb3e21c2c50c5618382b4ba23dd

SHA1
4e5e46eaa170cd4cc7b7b862d4e6027682cf868a

SHA256
a9aeada222c9443038c04eccc4fb622727c74b3486df6e5396c4b6c13f77c3d9

SHA512
d967a9190c6b7a89cec69ca1b85e1f9620848e1cf8dc880da71913f72446ca876b41c981efb1fc5f6158e2b64ca6099b8a1cf963208414e458ba4c5f6d2b1aa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\64f21734-323f-4b02-a747-f37a666b8b92.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
76c078eacdc1b96b8cd2950dc33ade7d

SHA1
1615a62f4a3f348a6cb45854a7ea0385af864bf7

SHA256
128f91b63b47fb85013f7c2660a5664f8f8012ebcc5e13dfaa0c2f9a03bc6ac6

SHA512
82fada45b586f441167321ecfdcf38f359c19c951ce777e3d0c6cf0f2e68d1f83d391d8a852b9b7e529966da27bf404fdb891bbd847d5fd6743c8e0ab302c0c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
83142d364db514d42f3248180f9c5341

SHA1
d1b0e8b6903ac144ff16ba986138bb03333b8fac

SHA256
c34349b7165db4b690e1941dc6347be99253d23bfccdd8059ff09c75a9c286d4

SHA512
229be7bd3b85ff13141a8393a85e7a64d934a56178c244aa646148bacc20f637aeaa935d6df86a5bec6621d8c414ea145d188f9838fa54d221ab56a51f74783f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
a1f9688092ff8dab78a34f32110382fe

SHA1
24a3e7ba51c290aaa2443695ff7b1d8f82d73072

SHA256
5ed9c1d3e466dbe9ba1557be04c071bfd17957e4fe0264ac88d6cedba0251db3

SHA512
e57f9c0fb5b4753d399d34111da881c714927cc1d48a94381a7d76735027e141e37afc7eb5862fc542805ab4f251b2ad2041ed3a94042996ed4ee10947200e37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

Filesize
8.0MB

MD5
1ca1e97a6903a4422490fd52a817c1ba

SHA1
38159e556f88f8a2b021da24fc6dabb7cb806d3f

SHA256
34f2293b07fbef6de5f753b6c78fcb3ff56ac60a9a53a30a2f133a7585de9e84

SHA512
2b2af640fb0298b3bda4b6cbc78c7e4afe3e45dc14f15d581b8964fdb694b13d6657d6c1345c71dcaf716067d973257f724ac78168335565bfc1b71615e182db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000077

Filesize
19KB

MD5
5e5ae2374ea57ea153558afd1c2c1372

SHA1
c1bef73c5b67c8866a607e3b8912ffa532d85ccc

SHA256
1ef458d087e95119808d5e5fecbc9604d7805ea4da98170e2c995e967da308f3

SHA512
46059e4a334e0a5295ebcef8401eb94b8fa0971b200f0f9e788ed61edae5018c917efd30b01631cbd6bdadc5240c9fcad2966ea0aa9c94b538bcc369e10bbbaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
c61de8333382aa62101b1fd8b637d090

SHA1
4d0fcd7e55bd6c1f3c38385ad154cbf4fb41c93b

SHA256
d1c81c3c29d49947d59f131f7d6c10eef62417d64f2b957e5c3230a02eee2799

SHA512
24d8e2b915acbe31a6a9c2c79ffa7e457ff39d495f2d771d5d7f6ae1befe0bcd95a96ec2e8c7f156cc543eeb29d00561fa877447c1c736be971ba9bcf17732b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnGraphiteCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

Filesize
343B

MD5
4075e07e6d26ec30e6a88208aeb489f5

SHA1
b6293aca5cc9c73e816034f9850c789a3366384e

SHA256
d5b0f340941163c2a0b065afbc5ca4109275a75dc905b81574c67b5cd843c8a0

SHA512
19e98cd419f0cd7ea80a1f4c249d621a986b098f10fe2a27c41e8f21972bc55d3fe4d47b854f12af9389aad8eb8a19460febc5d697c1f80907462148866cae97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

Filesize
32KB

MD5
7a6dc69e867336f1268af768ec8908e2

SHA1
50cedc8e7f0117087948ea3eabff7e31d6ee0c45

SHA256
44fc6e6ef91c0dec2f908c41a3d6d36483e8a34442362b82afde08a4193ba6d0

SHA512
b212e2b651431c4f177304dbaf85736b758d58d3d466559c98b3c4a6a71758cb17cc3fc05c420167677a731f7e49a1981ab6f28a3efb209a2d1b6b53ef416b38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

Filesize
399B

MD5
a15ac2782bb6b4407d11979316f678fd

SHA1
b64eaf0810e180d99b83bba8e366b2e3416c5881

SHA256
55f8fa21c3f0d42c973aedf538f1ade32563ae4a1e7107c939ab82b4a4d7859a

SHA512
370b43c7e434c6cc9328d266c1c9db327621e2c95ad13d953c4d63457a141fbf2be0b35072de96becc29048224d3646535a149229fc2ba367c7903d3e3e79bdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
66bf7802647d70fbf26d3f29ce04e505

SHA1
30d30b0de406eef3d999ac4438a867f2d4624ae4

SHA256
849d2ea9bfa77e30b34c86df30a2aa9a1c7f03701162efb4b9b2af1f175ebf5b

SHA512
e92fa421e5533fa3d908ef9073969f5137c24a6a53da2438989213e4d7fd2033784ef769ed788ac6b75ef4d7ac0ced2b85258c24997628c39507c646c271cc47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
192KB

MD5
71819c499002e9aea466a9f07b5fdcb3

SHA1
705a9c2771dfa2d4412872ec66f027004e9f6617

SHA256
3375467116fd9c371d54635539331ab6409a3d5826414c12f334a5d7e771469a

SHA512
25c5a3d76ff6c5ebd3b518044848b151d8527f5a316500c32be18e98d5cf8172e92ae54e67eba4818059e7658fac0251fa4dbec9473bbd86075d0ce1fa567a43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
f51afe7cbd8b8cdcaf954c3f68622ae6

SHA1
f7bbaae4e48dfedcae5d9b0432c954c329f94a00

SHA256
35933e7a415eb86b33f0b570d1661f9c8d82597e118a1faf03718986b69d48e7

SHA512
664839b4cf760e41baaada4053b518245f06f781f37a3013bad8c0403ba450d2eaf5d28b537277019895245add8c376689d19b83eb408f8e1791da8951fa9aac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

Filesize
20KB

MD5
0f53fa77368d12c8c4269af4b114317d

SHA1
e4b57abe5e36fb23a1d9bdf33c7c8c63e4b42e4e

SHA256
43572e16e267a00435042315c1fdec4ffe0167d9fed427d09693791ffc0124ec

SHA512
7a97a04d8c6ec8f3fdf3505eaff9b0a7f0053cbcc4e005360bd1b3cc53ec0029e74777f0fd30178cf0ff217236074d848501838d418fec9b529a16e92eb8d9ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
743dbb84ecdc25dbf847f5943e00d4a7

SHA1
0be51e68711e6ed09894cd0ef0ae196b52f191f3

SHA256
3a98732d88ae15e846906836464bebfd96216f586628ffa18905e6fa31425c48

SHA512
2e3c0e29ebe287f6a9d9dd4e748c7f082b279fcb8e2eaecc0352e279a6ec48a42283ee76d98b695044bcb20d34a127997c076ffb180a9b7057dbd9f3d254bfbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
188B

MD5
15beae6f0c1f3d1d5d734f8477f52fae

SHA1
0e46e133b548d1a89b9944db5a8ae557f6fbac2b

SHA256
cbfc0478a469eb951b1e373a22f93150b78acdc6b6701df9c646fccf8cbc18bb

SHA512
518344984597e843bedfdb43d7a279366e93b496a0ad98e4b6a01277a2c97cd34b1a58b5e4e468156b8ee50a750383081fe5c3ccdcaea33b6173b821a0dfaa11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
c4c3cabd8e6e90fc6ed7f787ec7a8b80

SHA1
1132b6449c762c310245d08288748b93761f991c

SHA256
4765f973aa45aaa8d915808c9debecd5b7a13bf157f97d177d60342d0cd3df1e

SHA512
2e980e73b37d97a0c827225620aa6b029963bb68d20863563390c9db82bda0e3a294f52b6a1403e90d9a977bab4e31d4b6dcca3609439ee1b763f83bd15e9d4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
a336b00d7eca6faf3f6a936d3534a60f

SHA1
a02b7052cb8d44fd26a6dd75cc953ea00d40d801

SHA256
bdf9af0bce309ccfc50906dc46416102d0339741743bf65fbe4cb5b1e7b3b032

SHA512
f68f73e74c1ae2ca60ac4b7f04deede7b4d854297536a4cf41f778bd3454b4939e86bb4e91cb0a3e20180c76cf7998aa1b078ae258938a1463a8d4cd75da2a50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
3895b0d4f22c472718b6f5f02caac00e

SHA1
17f27d32e296fc8966f64a02c18e85ce67b86060

SHA256
64c28276e1468d363abb3d3e701e36c8c3b5d84310339db05be7df2501e5b784

SHA512
031cf8b92abe7c580955bb5ea8794d4c77d67f143bd8388d55ca3e32ae46693e3b6f0ea246a438dc5730c0713d69a0b4cc7b87b44eefd0d5aa10b2bb193368a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
335B

MD5
f9fc47ab90422abfe711f3821e6b58fd

SHA1
4ec15794f6411c4dd2d09f0da57965f2a0b7be74

SHA256
c43bcd35a12d20e8124965c6272ffe2f4b8efa2c711732a082c93c050b2d5cf4

SHA512
3b44e90b1ff4ac57ce45ff025c4a641efb44c09eb6873b8a5719039cbbe9415b27025476b44785dfcc3543bdab28c3695101a72ee4a091b43a9da71803af0a8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
c7240b453c343eb0eee8312690915896

SHA1
44fa836b3b36507f524c0630610885f5f6ee765d

SHA256
3fe7b6ad5df531fb6adf2d042c53cf4487b41a1a844ea9a9a13cb871189c1bda

SHA512
2e8d94e386af326ca17b8703c6e25f18d4d195b26d96c3d5ae3365ddec66e90292fd08f93a266aea0b18bc46eb3f862f3db0fbf6d8357fc5e6ecdbe257e08c23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
a89e05546ff36e64c5ca7ab9af48165f

SHA1
e8fc080c45259d21edae9ea8a31e4200e5626ceb

SHA256
b2dc0cdc820c6b51de01f4bb013270dbcabddce3e04875ed111070f4fb0d7628

SHA512
911b432fc4696ed6b4bdbac5bff8a832dc747b014836212765c6d487d610e2a44641d35915bd67b11d2860c15a53909995d0bd138c958778cba2162b7444780a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
2c1a9d1923a49c633f9bdef2703d51af

SHA1
0e08391f68aaddaaf5bc173e8d4c512a5c8ba5da

SHA256
421fd8d03f064aadafe157919c1d40c35bc03afd6f201780346afa95a4f1a5a9

SHA512
076df5b06845ba0fd542db3c2d9e12418d78f02876926058431ae46c55404204076b04506506cf6608c1a3407a5b3e6302895288a4a814f8f8dbe712efa33c84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
6e5627a6cf35941d325c63ebf9a9c047

SHA1
6739bc3a131c9c497a07785470fd63b7b1a83315

SHA256
a8a120fa0eed7bfcd71a36f44b89bb4b4d7025ebf7570ae605ca41a43508b343

SHA512
10a6f4a8c69f8dcd35b6783acfb3a93863034ebc3d4e2ee9f6f6e49b5f2dbd516ce363525ba4cb77bd4afe9167c223c84a11114591d287afca43cd5b9c82db1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
24KB

MD5
aad185c2610e03bdde7b1e6dc40b6956

SHA1
5b0f637abace9ac9f09461500f421e8123040967

SHA256
bb7b35db5de0a61e97a6fad11fb218d41e88e09462d353fb044396b88a85da93

SHA512
a3dfa82df6517e92da82d256054a50e012ab1248d0d4fc8f81ab26c68b8cdf0716bbbb8129b3f922568021670ed738371a05caa8d6ecdcb3a351f5b4a4211993

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
70d0044a04694fa00b06ef1e91a4d18c

SHA1
d4c302ac98df45162d386a9b399510783f908d54

SHA256
679aa94d024c71512f9e730be2123e279bc0d920a8f6a06ebe4fd01b888d1d36

SHA512
1fe3b246e42086a2a505349b1bb6f2d53c1f562c9a123be9fd1e4bd8330fc2bf07a1aeac8ccd7d51986da4aa97976f271a0268e310a143d6718b4553b73bb26d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
228KB

MD5
c6957ee6cf417d69f240eb3fa259ae82

SHA1
0477960fe71c6327d84aba43aac459ebae8530e8

SHA256
7b4eeca9d4cfea02956cc8e78c17e13ba1756a058cdeb1c391d45a9ca26a860c

SHA512
eaa7bf8e9f28e8bf69009099a12d301d955bc8200f19c43b65927e975ee9ff960687ddd4299c076c3dc2b1f0e9b3f7c6df8b18eef7fe9bb6604810cbaafcbec6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\default_cloud_config.json

Filesize
12KB

MD5
18261eb12378081f939fb9415ca0c9e1

SHA1
20d4ff782e17fe45e71c3f9fc60a94655f72ec7c

SHA256
12bbeec9a0af9e3ed945b28b9b8ef89b2f897768d1ba3ffd6f3fbb42fa5bc556

SHA512
fef634b4ce77c2f36ce1bdd63e8ac28e76cd089f0bff33f4425c757ddf37fe9fab30dea7b5bb51c91eb27012cf78800e03643e13d51a25bf624ce58ab3488a80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\favorites_diagnostic.log

Filesize
3KB

MD5
64a770b1f2b9b71b620fb429e195d58c

SHA1
c89f9bfa369ba4ecd8a4b19ea6a164b23ec44e48

SHA256
4971a8f961e79b647fa4ceac8d54b1a392b1e07ac357b352ec6ef700f333f87f

SHA512
e68a156c69237b2dfaa460b2944c5e35f8394a4e3902ec31245e9246da078b416550fe85530b92efb09d7309e6f43df115d08ddce643e77bf8b700321b25ec3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
10KB

MD5
1655c888c68414074715704ea54cc704

SHA1
5c37ccb3eae350d81e072e4dfb09519b42e52045

SHA256
b706227589ea8c12423aab79bc95f377ff5a1b11a8be55e4687b6c9ce882b36c

SHA512
da13af48f7a9c6cdb3698422ed9eb4749bcfc48cfaa832956dbb4d8b096a11f2058402bbd16218068336b6b4e85d1a5419fdb0b7a51a2d4763f4c9e62270aa2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
c8733be27924fe8b48c42681acd66b24

SHA1
8a9a117aa42374c0f7ae45d0bdaadff7bee2c0e3

SHA256
2c179bd3ffda20893cb61ea89920f752390e2c9ac4ddc30de075646410f1e681

SHA512
ede573bddf99f3464336e7217efd5533203ba325a3932cbbca31ebaf30f8beedf1c8fb5f17799c2885801db662651498218df1d8b1d1b06bac70b01790683251

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
1KB

MD5
24ed71c850fb669707ce1c376d7bc1ce

SHA1
02b096dd8af87b37fa6df45382ff3ee9e5d2515c

SHA256
bd26ea0be8dab0b4924072d4c203f2adb76f22755f68c35c61e5e3653e7169e9

SHA512
7c772a6ff28a312923223e0f048746735b6079d1beef90a57304a7ff72209681b251b39e93180be7746bacfd7e01f8f47d618f3343c784cc3130d3c49faa34f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
b70ce879de606f8128d74f9059ed4e99

SHA1
01760df2bba39165f5e0d415b60b8197d3ec92d1

SHA256
c9f8f65f9a930437bc9df76ff9e2d3061dc6aca34d1c4d6a2ea88496dc9eb005

SHA512
949b81a34df4bae30924646efd43635577a4fbf3be2e098ae5c6eda7ab7b9d5fe3864ae13cb54453f8a1b164dbeef4a8115532704ca05d99e70d1abebb071966

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
126499e04224334f15017c5db75a2f9c

SHA1
85ee73a60f2701f597a5a2edb0b09a911b6e718c

SHA256
c5c9c60ac043a8040f52114393bf6da9da9be4b2a987b585982da54cc16953fa

SHA512
e6cb8305423247a2ab6f2871c64c1e0e827e081981f8791618d684d1b9b0d0aec6160cb6ffc83524bf256bb0a0dfb0d359d32ab6db47e9f13af43d656ed391fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
dce20d9daf11534dbff310d1205f6f4d

SHA1
c5e35ea2e59f9c7455227b0083188fee0d28c924

SHA256
c522303107de62a9b4ed297c01e5c20edcda9fbd323022a535fe473868b98b91

SHA512
906cf082bb572456829f7d08920e66eed12aee4d9077a6fa7398e73cf5ee39b79ace2b18cb3eb90f8eba74baf3098ce3114e6d5b0a4cd3e6361a7bf3541f35ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
769458fb6f4a8806ea176f6723c5e42e

SHA1
18b720136a43b4be25a8926a1c63fb1730ad4b27

SHA256
fe59e9d169b211eced7d1aaf7bf7622de7d4c54094233a06d72a9f2f28a16b21

SHA512
d2954b9f94c790919ecd0b3867d31d4ee33713214cd7c30e21c768f37c1cf49cf5f182af207e2b5daae076f6a600652f574569e8edbc68c279f86128411f7b92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
c1872c0ec8d9900e99e17d6609dae341

SHA1
dac0e53ad1d89cd5f6a6b9ba08b0444e221a46e6

SHA256
4d40bcc52b3c9970eadbe1e4326064eecc739716af0611dbe4f62ad6cbe4f341

SHA512
25a6199913a083880fa4a95dc15fcee2276af7907b57340c40eef2640b708189b8e7f94bf044bc4be20fbee693c26cf2f0686e1d8928942d76c8789ae77ee322

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
13B

MD5
3e45022839c8def44fd96e24f29a9f4b

SHA1
c798352b5a0860f8edfd5c1589cf6e5842c5c226

SHA256
01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd

SHA512
2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
7b300b55f209bffbe4dbae866d182909

SHA1
4dbd4b630568d272d8185710d4d9ba2eacc40959

SHA256
a15fc2f6c6e28735b417041d525d3fccd6a46332395c59fdcf9d89e2d9997416

SHA512
ed5d24f84e5a508f9b40871c9c7a00a4f1d30797377be3a15c7125d0938c9b7ce55da42e51a7ef8943217027352a4cb432b81a17083bc2989ae63fadd0e317fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
1da6bc5edc03fdea4b33e5dcb0042c87

SHA1
dd5aecd8b658b2027ed2692c044c900937be89eb

SHA256
20e30e8d3cc3ab6f44413f8b09c63d13da1c61761b94b8e20b0cf19025c78bf2

SHA512
34af2d9b438e28ccd046ac419c7a32a0137b8bfe31dd68e282496faac07752eed5bad47db47a06257a399de7ef5564378be0d6a823b828af6a865fbeb10f446c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
5f9aed22f54a1079263d589948694abc

SHA1
64fec9093f3218971f0179c437c386c28a1bc51f

SHA256
abc2495e22f0bf9d073aac9f9a51e7cded8bcc0c6a777b8edb40161966b8ce98

SHA512
0c923121c2e464cc4f68d51a3f701563e9922ed6c35827759efee42d5c792ccd61172ba54336a6c12e86497eed2e460e28e514152f99d5a6251a273a25f9fdc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
82b5c97a0be1473c09030c03cb894c1b

SHA1
1cdd5538379824dbbf1c8d2a3ed13b92c978e266

SHA256
742ae3f52deaa12976333655de58c3d1ffd7f694adfd2d77434135bfef69c818

SHA512
8f4512cf58783a9896e8416fe0cf2a417a185685143dc1a476ad95c6b7f41c82d65ca71c727c8d4a7753eae003da7a18cd337b06b3c6137d0b2d708e5a516c3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

Filesize
264KB

MD5
37af92a6dc9b1f6f7da92a0f7fd3da91

SHA1
b4109b064fbca82bb00cac1662087fcd4fdb647b

SHA256
e219c1b291e8bfd2560de59282a5325b66adb29278b5c1bb760f8e0f0de3b633

SHA512
e03d9a7ea418a69970cdb1bb3f4846d9d4fc07c51a9d9152718911a5d19c7961ff8815a0f66bef49ed1dfb5deec97fe2815a9e94c88c517b3b7af1f90d759384

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
a4eab6d3e0065990e919d6896920d6ff

SHA1
19714c2af2684790f1756e88a4b92d808e5c074b

SHA256
daff037546624860db947946a8664d49b93fc073cb07fff4f8599f32f86f6097

SHA512
735e2a7e71f8418802d8c50e500408a90619f59d9992087af9cfd46a0c7dc198e1fdc6a680a9117d02a49e6f21abef05fd5a7205a54497ad6dfdca9dbc8e7f69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\8b0d4544beb97a69dbb9583fca5575a9aba6e37d.tbres

Filesize
2KB

MD5
7edb6d8e3cfaaa903c9cdffdbf55c614

SHA1
efc63404bda3f4cc47edcf0f73adcdda7b3cb9fa

SHA256
db1016d024824690c2046cd13b1be1a79976205c702220605ff9ebba731e2e80

SHA512
f16802bb4f313274bae71b4e098bea7de9f3abe21dfd89600adf6ddcb6396304926fcf9c380edad1a7a73e7c887560acfd296be6f597fd5ef447ce2cd2a383a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cv_debug.log

Filesize
2KB

MD5
96ade3097ea8fb78189b8984ae9f81f8

SHA1
4435de428d9b84fb363c0cc2e1bd55d69ce3848f

SHA256
d147ef1cb64798d69d067f055f44099957748b5d0da5303e83a8e5e25473c5fe

SHA512
2effe55e241bae1880d41377324fa57aefa0fcbb3bff1007c33da0edbf7785fd0a8615c9f2b07f482fb4b36ec478a5f9e042a9ab20679c4ce1b177f8e0f71da4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads