dc737ad881e596caf770af3cd0d4065e245757950cb5dee43d221e8fbb6b2ad0

Analysis

max time kernel
148s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2025, 10:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dc737ad881e596caf770af3cd0d4065e245757950cb5dee43d221e8fbb6b2ad0.exe
Size

5.9MB
MD5

4eda75adfdaf4afd6307178919a74524
SHA1

4573925b2e3d7ba9a7ba3b054fe537393040cca8
SHA256

dc737ad881e596caf770af3cd0d4065e245757950cb5dee43d221e8fbb6b2ad0
SHA512

391f35f9af8ee68e4aec609bbb489549da4a7d8ecd0956079ae99c8c06ef17a2ad0b976be1abcf4a33fee4a332ac0086fa152f5d472d0ea7d09ccb570c1c8737
SSDEEP

98304:6tef1q5cDfiOGV3gMZeqoN+n98vdb+jgJJRTvvliUxaJUq2sovOFOYi58G:6te86eVQMcqoPvdbs0vViUxuUqgvOFOP

Score

9^/10

defense_evasion discovery themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

defense_evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	dc737ad881e596caf770af3cd0d4065e245757950cb5dee43d221e8fbb6b2ad0.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	dc737ad881e596caf770af3cd0d4065e245757950cb5dee43d221e8fbb6b2ad0.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	dc737ad881e596caf770af3cd0d4065e245757950cb5dee43d221e8fbb6b2ad0.exe

Themida packer 2 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral2/memory/2964-0-0x00007FF746570000-0x00007FF7474CE000-memory.dmp	themida
behavioral2/memory/2964-11-0x00007FF746570000-0x00007FF7474CE000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 1 IoCs

defense_evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	dc737ad881e596caf770af3cd0d4065e245757950cb5dee43d221e8fbb6b2ad0.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
2964	dc737ad881e596caf770af3cd0d4065e245757950cb5dee43d221e8fbb6b2ad0.exe

Drops file in Program Files directory 12 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2168_220522961\nav_config.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2168_220522961\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2168_1614403025\office_endpoints_list.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2168_1222269526\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2168_1614403025\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2168_1614403025\smart_switch_list.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2168_1614403025\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2168_1671440229\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2168_1671440229\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2168_1222269526\protocols.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2168_1222269526\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2168_220522961\manifest.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133876306165674917"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-869607583-2483572573-2297019986-1000\{464FC1A3-85A5-49D8-9C9B-B16935447A79}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5892	msedge.exe
5892	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2168	msedge.exe
2168	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2964 wrote to memory of 2168	2964	dc737ad881e596caf770af3cd0d4065e245757950cb5dee43d221e8fbb6b2ad0.exe	94
PID 2964 wrote to memory of 2168	2964	dc737ad881e596caf770af3cd0d4065e245757950cb5dee43d221e8fbb6b2ad0.exe	94
PID 2168 wrote to memory of 3928	2168	msedge.exe	95
PID 2168 wrote to memory of 3928	2168	msedge.exe	95
PID 2168 wrote to memory of 1444	2168	msedge.exe	96
PID 2168 wrote to memory of 1444	2168	msedge.exe	96
PID 2168 wrote to memory of 1316	2168	msedge.exe	97
PID 2168 wrote to memory of 1316	2168	msedge.exe	97
PID 2168 wrote to memory of 1316	2168	msedge.exe	97
PID 2168 wrote to memory of 1316	2168	msedge.exe	97
PID 2168 wrote to memory of 1316	2168	msedge.exe	97
PID 2168 wrote to memory of 1316	2168	msedge.exe	97
PID 2168 wrote to memory of 1316	2168	msedge.exe	97
PID 2168 wrote to memory of 1316	2168	msedge.exe	97
PID 2168 wrote to memory of 1316	2168	msedge.exe	97
PID 2168 wrote to memory of 1316	2168	msedge.exe	97
PID 2168 wrote to memory of 1316	2168	msedge.exe	97
PID 2168 wrote to memory of 1316	2168	msedge.exe	97
PID 2168 wrote to memory of 1316	2168	msedge.exe	97
PID 2168 wrote to memory of 1316	2168	msedge.exe	97
PID 2168 wrote to memory of 1316	2168	msedge.exe	97
PID 2168 wrote to memory of 1316	2168	msedge.exe	97
PID 2168 wrote to memory of 1316	2168	msedge.exe	97
PID 2168 wrote to memory of 1316	2168	msedge.exe	97
PID 2168 wrote to memory of 1316	2168	msedge.exe	97
PID 2168 wrote to memory of 1316	2168	msedge.exe	97
PID 2168 wrote to memory of 1316	2168	msedge.exe	97
PID 2168 wrote to memory of 1316	2168	msedge.exe	97
PID 2168 wrote to memory of 1316	2168	msedge.exe	97
PID 2168 wrote to memory of 1316	2168	msedge.exe	97
PID 2168 wrote to memory of 1316	2168	msedge.exe	97
PID 2168 wrote to memory of 1316	2168	msedge.exe	97
PID 2168 wrote to memory of 1316	2168	msedge.exe	97
PID 2168 wrote to memory of 1316	2168	msedge.exe	97
PID 2168 wrote to memory of 1316	2168	msedge.exe	97
PID 2168 wrote to memory of 1316	2168	msedge.exe	97
PID 2168 wrote to memory of 1316	2168	msedge.exe	97
PID 2168 wrote to memory of 1316	2168	msedge.exe	97
PID 2168 wrote to memory of 1316	2168	msedge.exe	97
PID 2168 wrote to memory of 1316	2168	msedge.exe	97
PID 2168 wrote to memory of 1316	2168	msedge.exe	97
PID 2168 wrote to memory of 1316	2168	msedge.exe	97
PID 2168 wrote to memory of 1316	2168	msedge.exe	97
PID 2168 wrote to memory of 1316	2168	msedge.exe	97
PID 2168 wrote to memory of 1316	2168	msedge.exe	97
PID 2168 wrote to memory of 1316	2168	msedge.exe	97
PID 2168 wrote to memory of 1316	2168	msedge.exe	97
PID 2168 wrote to memory of 1316	2168	msedge.exe	97
PID 2168 wrote to memory of 1316	2168	msedge.exe	97
PID 2168 wrote to memory of 1316	2168	msedge.exe	97
PID 2168 wrote to memory of 1316	2168	msedge.exe	97
PID 2168 wrote to memory of 1316	2168	msedge.exe	97
PID 2168 wrote to memory of 1316	2168	msedge.exe	97
PID 2168 wrote to memory of 1316	2168	msedge.exe	97
PID 2168 wrote to memory of 1316	2168	msedge.exe	97
PID 2168 wrote to memory of 1316	2168	msedge.exe	97
PID 2168 wrote to memory of 1316	2168	msedge.exe	97
PID 2168 wrote to memory of 3300	2168	msedge.exe	98
PID 2168 wrote to memory of 3300	2168	msedge.exe	98
PID 2168 wrote to memory of 3300	2168	msedge.exe	98
PID 2168 wrote to memory of 3300	2168	msedge.exe	98
PID 2168 wrote to memory of 3300	2168	msedge.exe	98
PID 2168 wrote to memory of 3300	2168	msedge.exe	98
PID 2168 wrote to memory of 3300	2168	msedge.exe	98

C:\Users\Admin\AppData\Local\Temp\dc737ad881e596caf770af3cd0d4065e245757950cb5dee43d221e8fbb6b2ad0.exe
"C:\Users\Admin\AppData\Local\Temp\dc737ad881e596caf770af3cd0d4065e245757950cb5dee43d221e8fbb6b2ad0.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pc.weixin.qq.com/
  2⤵
  - Drops file in Program Files directory
  - Checks processor information in registry
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2168
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2ec,0x7ff914eff208,0x7ff914eff214,0x7ff914eff220
    3⤵
    PID:3928
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1856,i,1173589734878599865,2186424190107575763,262144 --variations-seed-version --mojo-platform-channel-handle=2268 /prefetch:3
    3⤵
    PID:1444
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2216,i,1173589734878599865,2186424190107575763,262144 --variations-seed-version --mojo-platform-channel-handle=2212 /prefetch:2
    3⤵
    PID:1316
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2360,i,1173589734878599865,2186424190107575763,262144 --variations-seed-version --mojo-platform-channel-handle=2380 /prefetch:8
    3⤵
    PID:3300
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3552,i,1173589734878599865,2186424190107575763,262144 --variations-seed-version --mojo-platform-channel-handle=3576 /prefetch:1
    3⤵
    PID:2672
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3548,i,1173589734878599865,2186424190107575763,262144 --variations-seed-version --mojo-platform-channel-handle=3572 /prefetch:1
    3⤵
    PID:2552
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4176,i,1173589734878599865,2186424190107575763,262144 --variations-seed-version --mojo-platform-channel-handle=4204 /prefetch:1
    3⤵
    PID:3260
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4180,i,1173589734878599865,2186424190107575763,262144 --variations-seed-version --mojo-platform-channel-handle=4208 /prefetch:2
    3⤵
    PID:4840
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3836,i,1173589734878599865,2186424190107575763,262144 --variations-seed-version --mojo-platform-channel-handle=4320 /prefetch:8
    3⤵
    PID:1976
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3776,i,1173589734878599865,2186424190107575763,262144 --variations-seed-version --mojo-platform-channel-handle=5244 /prefetch:8
    3⤵
    PID:5060
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --always-read-main-dll --field-trial-handle=5264,i,1173589734878599865,2186424190107575763,262144 --variations-seed-version --mojo-platform-channel-handle=5328 /prefetch:1
    3⤵
    PID:1476
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3744,i,1173589734878599865,2186424190107575763,262144 --variations-seed-version --mojo-platform-channel-handle=3748 /prefetch:8
    3⤵
    PID:1000
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3732,i,1173589734878599865,2186424190107575763,262144 --variations-seed-version --mojo-platform-channel-handle=3644 /prefetch:8
    3⤵
    PID:1224
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5832,i,1173589734878599865,2186424190107575763,262144 --variations-seed-version --mojo-platform-channel-handle=5864 /prefetch:8
    3⤵
    PID:4140
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5832,i,1173589734878599865,2186424190107575763,262144 --variations-seed-version --mojo-platform-channel-handle=5864 /prefetch:8
    3⤵
    PID:1232
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5996,i,1173589734878599865,2186424190107575763,262144 --variations-seed-version --mojo-platform-channel-handle=6020 /prefetch:8
    3⤵
    PID:3192
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6212,i,1173589734878599865,2186424190107575763,262144 --variations-seed-version --mojo-platform-channel-handle=6228 /prefetch:8
    3⤵
    PID:2296
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6036,i,1173589734878599865,2186424190107575763,262144 --variations-seed-version --mojo-platform-channel-handle=6252 /prefetch:8
    3⤵
    PID:756
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6224,i,1173589734878599865,2186424190107575763,262144 --variations-seed-version --mojo-platform-channel-handle=3596 /prefetch:8
    3⤵
    PID:4452
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6228,i,1173589734878599865,2186424190107575763,262144 --variations-seed-version --mojo-platform-channel-handle=6140 /prefetch:8
    3⤵
    PID:3332
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6496,i,1173589734878599865,2186424190107575763,262144 --variations-seed-version --mojo-platform-channel-handle=6644 /prefetch:8
    3⤵
    PID:404
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6480,i,1173589734878599865,2186424190107575763,262144 --variations-seed-version --mojo-platform-channel-handle=6256 /prefetch:8
    3⤵
    PID:4404
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6624,i,1173589734878599865,2186424190107575763,262144 --variations-seed-version --mojo-platform-channel-handle=6252 /prefetch:8
    3⤵
    PID:1304
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5924,i,1173589734878599865,2186424190107575763,262144 --variations-seed-version --mojo-platform-channel-handle=6280 /prefetch:8
    3⤵
    PID:5532
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4124,i,1173589734878599865,2186424190107575763,262144 --variations-seed-version --mojo-platform-channel-handle=4780 /prefetch:8
    3⤵
    PID:5540
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3532,i,1173589734878599865,2186424190107575763,262144 --variations-seed-version --mojo-platform-channel-handle=6580 /prefetch:8
    3⤵
    PID:5548
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5236,i,1173589734878599865,2186424190107575763,262144 --variations-seed-version --mojo-platform-channel-handle=5496 /prefetch:8
    3⤵
    PID:5824
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5824,i,1173589734878599865,2186424190107575763,262144 --variations-seed-version --mojo-platform-channel-handle=6660 /prefetch:8
    3⤵
    PID:5308
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5660,i,1173589734878599865,2186424190107575763,262144 --variations-seed-version --mojo-platform-channel-handle=3092 /prefetch:8
    3⤵
    PID:5156
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3540,i,1173589734878599865,2186424190107575763,262144 --variations-seed-version --mojo-platform-channel-handle=5652 /prefetch:8
    3⤵
    PID:4620
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=892,i,1173589734878599865,2186424190107575763,262144 --variations-seed-version --mojo-platform-channel-handle=6600 /prefetch:8
    3⤵
    PID:5572
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=6784,i,1173589734878599865,2186424190107575763,262144 --variations-seed-version --mojo-platform-channel-handle=6912 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5892

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:1048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping2168_1222269526\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2168_1614403025\manifest.json

Filesize
160B

MD5
a24a1941bbb8d90784f5ef76712002f5

SHA1
5c2b6323c7ed8913b5d0d65a4d21062c96df24eb

SHA256
2a7fe18a087d8e8be847d9569420b6e8907917ff6ca0fa42be15d4e3653c8747

SHA512
fd7dfec3d46b2af0bddb5aaeae79467507e0c29bab814007a39ea61231e76123659f18a453ed3feb25f16652a0c63c33545e2a0d419fafea89f563fca6a07ce2

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2168_1671440229\manifest.json

Filesize
43B

MD5
af3a9104ca46f35bb5f6123d89c25966

SHA1
1ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8

SHA256
81bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea

SHA512
6a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
049e5a246ed025dee243db0ba8e2984c

SHA1
15ec2d2b28dcfc17c1cfb5d0c13482d0706f942d

SHA256
33071ca42c472861a2fabd0f82f8b03ef0daaa6796b24b83f3df02587e4c3d12

SHA512
bc5f6fa6a8cae20ab40eae4552650d75f38ebb158c95288a79d9f332623bb507946513c39d19c00a5aee323df01f0f1a51c54594ef1c293289baf45f4ae2145b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
4facd0ff10154cde70c99baa7df81001

SHA1
65267ea75bcb63edd2905e288d7b96b543708205

SHA256
a13534df0cd0a79a3a1b91085a6d575b47d5a9aad7fc6d712fd2616c0e95a23b

SHA512
ad8d2b965851c0ddc23e92ae151b3b0b2bcda850c446f4278bdb0754d6b42ead8fc034b394749578a27b33ad7e4ab0633f974dfd4773fbe4d93ae477f00b73f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\85e12b0a-6fe3-4324-90f5-e959b031a580.tmp

Filesize
14KB

MD5
07b7dd2083d5469c41f864d13423b06b

SHA1
971fe07c3e11b0b2271236a56bbb09c84ff763e9

SHA256
51425b4ea6bc56a70b84c1b3da1829398d8e460af6db9d63d3f1933152764cb6

SHA512
a61faddab81e06030c1b9947ff8bef50a1e2428c53b6d0f3f22af32d09a251e24c052bcdd61af8ae1cbd05b1c400179571b30d0353164dad0d0fd6c1881064c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
a8d18c4ef4d1eb34fe8a2a1e00c6bee6

SHA1
135c8bc9d8f80ab2530d269b0a8dc186c6b65b26

SHA256
d79469cccfd1216e961b9cfc55624821e882e3a2a7688125105090ed84a78be3

SHA512
d6c345ddff43cde507b21792714651069f060415f56a0e53ede04a39a48c1782982520ca0ad1b0b6d8edf8cb1166cadb111b61ece7b664c90e02522bfa232212

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe58413a.TMP

Filesize
3KB

MD5
e3a7d0349f4b765c50a4815ff1a1c87c

SHA1
a22448c5a80072d814647a93d5bbee8f44b7fa8d

SHA256
eeb43e5a8858c758c1a3fea247e88e7aefd0be82074ceb2dbfc44399745e2fce

SHA512
32b906cbc8fa27f407a195e4feebc7d0bccd149617a01c5a77b71461c297f6d04029c17be9af3a350f2f80b81f0964991d3d4046b5f364de16bbfa0899d5030b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
69KB

MD5
164a788f50529fc93a6077e50675c617

SHA1
c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48

SHA256
b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17

SHA512
ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\content.js

Filesize
9KB

MD5
3d20584f7f6c8eac79e17cca4207fb79

SHA1
3c16dcc27ae52431c8cdd92fbaab0341524d3092

SHA256
0d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643

SHA512
315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
8c7bb55cdc5e67bab16f4d5997285cc7

SHA1
2534bc0d929a57d0e0f619c49b196a83614539fc

SHA256
add08a481a7b640dc78f30be0a04a3c5097372c7aa3f99b70e6e8e21d882b623

SHA512
0ef966c2e3b7a878f64d2cfc18a36de321acb74cfafa780d8fc103233e8edccd7ba1a4137aa974d10c53cc77398b38010cd209a3109f77c088738592e13c6b18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
21ec6224dbf29b9d6ea0663babb51b72

SHA1
8ea2d7b10cbae49da83b82f0a9712f14169b50ec

SHA256
cacb04758af1228fcf52e200cf538daa1cdd3b0fc7da52f2f205e507148de528

SHA512
9ea57a71fc2da655b2ceb4c4bb0a7e4a299656624762a540d211878de40229bad02250c76927a74f6ebe3cbd8efbd1cc5c8fbd6b5109efd132bbe57403b97e25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
626c87348a75fffd76cb120e95d1398c

SHA1
60214982e4fefe1be8b1862d6a4a927a08a8eb8d

SHA256
387e723f2c1801e328a505d1cf04d9bb37b3a97262644dfda17fec1a066c75f6

SHA512
2a2b55a0bb7a55db2e89729bf3bb98cfc422872df4bf86c9a05ad72c7a519049dc9a5051cf8402a9f35be79032f219655096cd6254e8c18639695318f4ef060e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
4KB

MD5
b0803c4561240685ac13487ea16273c2

SHA1
febfa6b15b8b018fd4520fb9d716750c22dfe223

SHA256
4585be7f5c8246817c4a10422fca105b11a93c6939b633db4afbe4f8d6bb12f0

SHA512
2b9bb525f4be9fd14cc9a734eac7817dc4ec8d0357e53705c1137b46e0f7956b377d9af06cbcb204e07df66574ef7bc71b5f38ed32dd85e575908ffa4488fa77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
880B

MD5
5aea63235bbffddd55e6f8555ba86c0a

SHA1
370911a6149a1511118aaf123184edf5666f6b42

SHA256
c901c1e10f43c6869c115cf2bd56206444469fcb13a776e58b7e95d25c7098ba

SHA512
e6374e341feec54559d56279742f4287be3d10064ec7271cc4414a5e5d710c966816718f5ac8e291283c5ae9db1f15b38dcf99229f94b48b6041aaf154b9a520

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
544e2da845224669614511f954dd5d53

SHA1
219a5e8deca32da8a8e0c0b24e03c45010ca761d

SHA256
d71efad591806a015aa68c508a1fddd8e60e2ffd261e0a90025c0fd169166458

SHA512
6f7d793f9ed865f52e2340eba8bd228bedef8b20c8f01b7e3d4278545f9bc3c058d697ee3e11e22b54f8e6ed9ed6b82d908f6fbbe2dbaa21510a95d90c29c3d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog~RFe58d116.TMP

Filesize
469B

MD5
7854aced6b3ba5c6d489700738592dd7

SHA1
30f222dda55066c70606dc107c44532649061bf5

SHA256
9b1b3cc2a96d61f86cb3c1b81ba62f1987fc5b9dc66a05d8f54e33e7833998eb

SHA512
fde9313ee1a177f4da7715d2dfd3ef0743a5ba607caf8768b6f81fa3d6416045023d9f953d4401a78e29e9ddaeaabb563e99345e2125768691e26cb204571ef1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
22KB

MD5
56a63f182b2938fbe3e59fbf9681dc08

SHA1
b76578ca24fb20b8bd5dafad4296e5a46735a5e1

SHA256
36edc2510fb072092e4c6b95efe4521857d9dcb7f0b45afdf5e8ef02e5d19593

SHA512
b17246b7c61e26fce1f211311b578d6b3d22c03a042137bb2bb5b23018ce5290a8fbf7a34b2f66fa30b2027296b8a570478f66a144385c320d63c1cef64434f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig~RFe58d210.TMP

Filesize
3KB

MD5
c7569efb2fa9fe93c0ea2f0896f54036

SHA1
e231c700b778b624f6065b035e5803fdd8b4db4b

SHA256
2422f055fd21adce7a027c3eaab1bbc474345a26cb1b9762b3d7572ebde67d3f

SHA512
c394da9a75cca87f6e20cb2abbc2e087d3e374b613bbc960f255ebfc8f01d4349fc8a487ec56ff8141f47566cf021dc33196e42b6295ce5399ff78e5ce4b066f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Data Protection Lists\2.0.0.0\office_endpoints_list.json

Filesize
3KB

MD5
94406cdd51b55c0f006cfea05745effb

SHA1
a15dc50ca0fd54d6f54fbc6e0788f6dcfc876cc9

SHA256
8480f3d58faa017896ba8239f3395e3551325d7a6466497a9a69bf182647b25e

SHA512
d4e621f57454fea7049cffc9cc3adfb0d8016360912e6a580f6fe16677e7dd7aa2ee0671cb3c5092a9435708a817f497c3b2cc7aba237d32dbdaae82f10591c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
6KB

MD5
9e7d820506ea77f0c520af5b0e10a2eb

SHA1
c16f083db091035c6caa335e843af36c37fe0388

SHA256
a34a1bb255958365348f82a9896277f880260839da76e77cc2892b1bbc4a48a1

SHA512
09391c285b300c167a7ee7b62b52c49cbe1402e8209e2f4e25fd82b5b351b0d6c3331da8dfe3fc25503fb6cc411bf86d04c9f6e535bc581291035e8519c6ce09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
30KB

MD5
066717404334d411894f006edf308250

SHA1
f1de55b09ef840ee22ce89cd578fc60c4d111bcc

SHA256
53c480ee23a0047f2dad1fd75abb9ab430f283d01f829cc9724bb06a5859598d

SHA512
7617530ac2724c6650796c2a392de49f6a8f3664fb7f00e3004812aa882dfef3f0ab5e656bbef613c87a4b8f02eb8c8d1accf5cd79e7fef192d2fb9329492b22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
7KB

MD5
cde14ba9504e692b2c9f2966898de193

SHA1
6724026cb65e91a90f4a935975150abeff516eb5

SHA256
21032053ab81187b408c83514c4990a19af2c3a2edb3fc4d3b81206ca8d94fd6

SHA512
1f9fdbc76aca3ba21ede99c85ae84a0c2f47a01270c61582f7b66512820f2eba2e8b4c9df9b406e821c590e70b812b249b0914ce84188e06b4e5984d847d76ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
39KB

MD5
574b41e17873ab963e9b997dd1fd8b77

SHA1
e69b187a137aaf73c2af1e246e64654f3a0d399a

SHA256
56b344fbe4634096a97dcda04b3270ff8c920dd3df50b80f5a09ec248972b22e

SHA512
b327fe23475ab59b5dbcb3ff6edc7022a9acc4f90cc815f99ad2543a8e81cd1dd50dd2c26519d051d0f15004d362aaec850b8a63bc6c66fe43965a1d148f2bc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
041cd283eb4b90bbb42c651d92915850

SHA1
c52b8fb2a71463bdf032e2a4a729c49b5b7305d9

SHA256
dce0c2cdb8b1a9d3bd594e67e425fc933c4e41cc77846edc7a38ff53211e250d

SHA512
d64171a87ee08facf3d705a398bebc06480c93d4e613038471c47e5cbc2815540d500ad33601dfdfcc66720377f26614bf56654ff62a657626703ce48c307405

Download Submit
C:\Users\Admin\AppData\Local\Temp\da888c3d-da87-4571-bd84-1a77a94a6b5e.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\ecb0f61c-7873-4a2a-85ad-e897ce3678a7.tmp

Filesize
10KB

MD5
78e47dda17341bed7be45dccfd89ac87

SHA1
1afde30e46997452d11e4a2adbbf35cce7a1404f

SHA256
67d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550

SHA512
9574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2168_429776479\a2001278-d4a1-47ac-8d0b-125772e86f56.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
memory/2964-11-0x00007FF746570000-0x00007FF7474CE000-memory.dmp

Filesize
15.4MB

Download
memory/2964-1-0x00007FF933AF0000-0x00007FF933AF2000-memory.dmp

Filesize
8KB

Download
memory/2964-0-0x00007FF746570000-0x00007FF7474CE000-memory.dmp

Filesize
15.4MB

Download