c7bd3056f1c01d0d36cd4ee675677f9dd20be0684fe8520f18df7d303c494e94

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2025, 10:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Server.exe
Size

93KB
MD5

be8230b1a5ba47dacb5b4d4f990f0da2
SHA1

1c44f6422cdf7117c69ab172625eee8d8a561159
SHA256

c7bd3056f1c01d0d36cd4ee675677f9dd20be0684fe8520f18df7d303c494e94
SHA512

26176c2277701fc6b2dd568cb7e9448a83ebfb4f4394469e24ed44511870b3d57e1cd6b6bbe8a305f2bebb7c701330a5be2e37b1f35c19055f43f640c879e402
SSDEEP

1536:NUwC+xhUa9urgOBPmNvMcjEwzGi1dDGDIgS:NUmUa9urgOkdCi1dYx

Score

8^/10

defense_evasion discovery persistence privilege_escalation

Malware Config

Signatures

Modifies Windows Firewall 2 TTPs 1 IoCs

defense_evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
5056	netsh.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3975168204-1612096350-4002976354-1000\Control Panel\International\Geo\Nation	Server.exe

Executes dropped EXE 1 IoCs

pid	Process
2312	tmp936C.tmp.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
22	2.tcp.eu.ngrok.io

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\_locales\ka\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\_locales\te\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\_locales\af\messages.json	msedge.exe
File created	C:\Program Files\msedge_url_fetcher_2452_50907208\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_90_1_0.crx	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\_locales\mr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\_locales\sv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\_locales\en\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\_locales\ru\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\128.png	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\_locales\lv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\_locales\cs\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\_locales\kk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\_locales\iw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\_locales\en_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\service_worker_bin_prod.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\_locales\de\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\_locales\ar\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\_locales\es\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\_locales\pl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\_locales\pt_PT\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\_locales\el\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\_locales\lo\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\_locales\ur\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\_locales\fa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\_locales\sk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\offscreendocument.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\_locales\pa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\_locales\sl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\_locales\hu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\_locales\ca\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\_locales\az\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\_locales\ml\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\_locales\zh_HK\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\_locales\eu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\_locales\cy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\offscreendocument_main.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\_locales\ro\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\_locales\ko\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\_locales\fr_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\_locales\zh_TW\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\_locales\hr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\_locales\no\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\_locales\mn\messages.json	msedge.exe
File created	C:\Program Files\msedge_url_fetcher_2088_1827348264\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_90_1_0.crx	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\_locales\th\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\_locales\am\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\_locales\fil\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\_locales\en_GB\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\_locales\hy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\_locales\gu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\_locales\fr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\_locales\ta\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\_locales\kn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\_locales\ne\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\_locales\gl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\_locales\lt\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\_locales\si\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\_locales\it\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\_locales\is\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\_locales\es_419\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2088_115371076\_locales\sr\messages.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Server.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tmp936C.tmp.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133877192741503984"	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3975168204-1612096350-4002976354-1000\{3391F73C-C133-4F77-A85D-B5D59A0920E4}	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2120	Server.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe

Suspicious use of AdjustPrivilegeToken 37 IoCs

description	pid	Process
Token: SeDebugPrivilege	2120	Server.exe
Token: 33	2120	Server.exe
Token: SeIncBasePriorityPrivilege	2120	Server.exe
Token: 33	2120	Server.exe
Token: SeIncBasePriorityPrivilege	2120	Server.exe
Token: 33	2120	Server.exe
Token: SeIncBasePriorityPrivilege	2120	Server.exe
Token: 33	2120	Server.exe
Token: SeIncBasePriorityPrivilege	2120	Server.exe
Token: 33	2120	Server.exe
Token: SeIncBasePriorityPrivilege	2120	Server.exe
Token: 33	2120	Server.exe
Token: SeIncBasePriorityPrivilege	2120	Server.exe
Token: 33	2120	Server.exe
Token: SeIncBasePriorityPrivilege	2120	Server.exe
Token: 33	2120	Server.exe
Token: SeIncBasePriorityPrivilege	2120	Server.exe
Token: 33	2120	Server.exe
Token: SeIncBasePriorityPrivilege	2120	Server.exe
Token: 33	2120	Server.exe
Token: SeIncBasePriorityPrivilege	2120	Server.exe
Token: 33	2120	Server.exe
Token: SeIncBasePriorityPrivilege	2120	Server.exe
Token: 33	2120	Server.exe
Token: SeIncBasePriorityPrivilege	2120	Server.exe
Token: 33	2120	Server.exe
Token: SeIncBasePriorityPrivilege	2120	Server.exe
Token: 33	2120	Server.exe
Token: SeIncBasePriorityPrivilege	2120	Server.exe
Token: 33	2120	Server.exe
Token: SeIncBasePriorityPrivilege	2120	Server.exe
Token: 33	2120	Server.exe
Token: SeIncBasePriorityPrivilege	2120	Server.exe
Token: 33	2120	Server.exe
Token: SeIncBasePriorityPrivilege	2120	Server.exe
Token: 33	2120	Server.exe
Token: SeIncBasePriorityPrivilege	2120	Server.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
2120	Server.exe
2120	Server.exe
2120	Server.exe
2452	msedge.exe
2452	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2120 wrote to memory of 5056	2120	Server.exe	90
PID 2120 wrote to memory of 5056	2120	Server.exe	90
PID 2120 wrote to memory of 5056	2120	Server.exe	90
PID 2120 wrote to memory of 2452	2120	Server.exe	109
PID 2120 wrote to memory of 2452	2120	Server.exe	109
PID 2452 wrote to memory of 4508	2452	msedge.exe	110
PID 2452 wrote to memory of 4508	2452	msedge.exe	110
PID 2452 wrote to memory of 4328	2452	msedge.exe	111
PID 2452 wrote to memory of 4328	2452	msedge.exe	111
PID 2452 wrote to memory of 4364	2452	msedge.exe	112
PID 2452 wrote to memory of 4364	2452	msedge.exe	112
PID 2452 wrote to memory of 4364	2452	msedge.exe	112
PID 2452 wrote to memory of 4364	2452	msedge.exe	112
PID 2452 wrote to memory of 4364	2452	msedge.exe	112
PID 2452 wrote to memory of 4364	2452	msedge.exe	112
PID 2452 wrote to memory of 4364	2452	msedge.exe	112
PID 2452 wrote to memory of 4364	2452	msedge.exe	112
PID 2452 wrote to memory of 4364	2452	msedge.exe	112
PID 2452 wrote to memory of 4364	2452	msedge.exe	112
PID 2452 wrote to memory of 4364	2452	msedge.exe	112
PID 2452 wrote to memory of 4364	2452	msedge.exe	112
PID 2452 wrote to memory of 4364	2452	msedge.exe	112
PID 2452 wrote to memory of 4364	2452	msedge.exe	112
PID 2452 wrote to memory of 4364	2452	msedge.exe	112
PID 2452 wrote to memory of 4364	2452	msedge.exe	112
PID 2452 wrote to memory of 4364	2452	msedge.exe	112
PID 2452 wrote to memory of 4364	2452	msedge.exe	112
PID 2452 wrote to memory of 4364	2452	msedge.exe	112
PID 2452 wrote to memory of 4364	2452	msedge.exe	112
PID 2452 wrote to memory of 4364	2452	msedge.exe	112
PID 2452 wrote to memory of 4364	2452	msedge.exe	112
PID 2452 wrote to memory of 4364	2452	msedge.exe	112
PID 2452 wrote to memory of 4364	2452	msedge.exe	112
PID 2452 wrote to memory of 4364	2452	msedge.exe	112
PID 2452 wrote to memory of 4364	2452	msedge.exe	112
PID 2452 wrote to memory of 4364	2452	msedge.exe	112
PID 2452 wrote to memory of 4364	2452	msedge.exe	112
PID 2452 wrote to memory of 4364	2452	msedge.exe	112
PID 2452 wrote to memory of 4364	2452	msedge.exe	112
PID 2452 wrote to memory of 4364	2452	msedge.exe	112
PID 2452 wrote to memory of 4364	2452	msedge.exe	112
PID 2452 wrote to memory of 4364	2452	msedge.exe	112
PID 2452 wrote to memory of 4364	2452	msedge.exe	112
PID 2452 wrote to memory of 4364	2452	msedge.exe	112
PID 2452 wrote to memory of 4364	2452	msedge.exe	112
PID 2452 wrote to memory of 4364	2452	msedge.exe	112
PID 2452 wrote to memory of 4364	2452	msedge.exe	112
PID 2452 wrote to memory of 4364	2452	msedge.exe	112
PID 2452 wrote to memory of 4364	2452	msedge.exe	112
PID 2452 wrote to memory of 4364	2452	msedge.exe	112
PID 2452 wrote to memory of 4364	2452	msedge.exe	112
PID 2452 wrote to memory of 4364	2452	msedge.exe	112
PID 2452 wrote to memory of 4364	2452	msedge.exe	112
PID 2452 wrote to memory of 4364	2452	msedge.exe	112
PID 2452 wrote to memory of 4364	2452	msedge.exe	112
PID 2452 wrote to memory of 4364	2452	msedge.exe	112
PID 2452 wrote to memory of 4364	2452	msedge.exe	112
PID 2452 wrote to memory of 4364	2452	msedge.exe	112
PID 2452 wrote to memory of 4364	2452	msedge.exe	112
PID 2452 wrote to memory of 4364	2452	msedge.exe	112
PID 2452 wrote to memory of 4460	2452	msedge.exe	113
PID 2452 wrote to memory of 4460	2452	msedge.exe	113
PID 2452 wrote to memory of 4460	2452	msedge.exe	113
PID 2452 wrote to memory of 4460	2452	msedge.exe	113

C:\Users\Admin\AppData\Local\Temp\Server.exe
"C:\Users\Admin\AppData\Local\Temp\Server.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2120
- C:\Windows\SysWOW64\netsh.exe
  netsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\Server.exe" "Server.exe" ENABLE
  2⤵
  - Modifies Windows Firewall
  - Event Triggered Execution: Netsh Helper DLL
  - System Location Discovery: System Language Discovery
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.facebook.com/
  2⤵
  - Drops file in Program Files directory
  - Checks processor information in registry
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2452
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2cc,0x2d0,0x2d4,0x2c8,0x2a0,0x7ffbeed5f208,0x7ffbeed5f214,0x7ffbeed5f220
    3⤵
    PID:4508
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1920,i,5174824054019382616,12924398016886450790,262144 --variations-seed-version --mojo-platform-channel-handle=2312 /prefetch:3
    3⤵
    PID:4328
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2248,i,5174824054019382616,12924398016886450790,262144 --variations-seed-version --mojo-platform-channel-handle=2236 /prefetch:2
    3⤵
    PID:4364
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2468,i,5174824054019382616,12924398016886450790,262144 --variations-seed-version --mojo-platform-channel-handle=2476 /prefetch:8
    3⤵
    PID:4460
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3488,i,5174824054019382616,12924398016886450790,262144 --variations-seed-version --mojo-platform-channel-handle=3520 /prefetch:1
    3⤵
    PID:5932
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3508,i,5174824054019382616,12924398016886450790,262144 --variations-seed-version --mojo-platform-channel-handle=3528 /prefetch:1
    3⤵
    PID:1696
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4868,i,5174824054019382616,12924398016886450790,262144 --variations-seed-version --mojo-platform-channel-handle=4896 /prefetch:1
    3⤵
    PID:4532
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3800,i,5174824054019382616,12924398016886450790,262144 --variations-seed-version --mojo-platform-channel-handle=3536 /prefetch:8
    3⤵
    PID:3516
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3788,i,5174824054019382616,12924398016886450790,262144 --variations-seed-version --mojo-platform-channel-handle=3784 /prefetch:8
    3⤵
    PID:3684
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5336,i,5174824054019382616,12924398016886450790,262144 --variations-seed-version --mojo-platform-channel-handle=5368 /prefetch:8
    3⤵
    PID:5704
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
    3⤵
    - Drops file in Program Files directory
    - Checks processor information in registry
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Modifies registry class
    PID:2088
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x210,0x240,0x244,0x20c,0x264,0x7ffbeed5f208,0x7ffbeed5f214,0x7ffbeed5f220
      4⤵
      PID:5088
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1928,i,15768395457565639213,4459366215556001707,262144 --variations-seed-version --mojo-platform-channel-handle=2724 /prefetch:3
      4⤵
      PID:440
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2272,i,15768395457565639213,4459366215556001707,262144 --variations-seed-version --mojo-platform-channel-handle=2264 /prefetch:2
      4⤵
      PID:2880
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2344,i,15768395457565639213,4459366215556001707,262144 --variations-seed-version --mojo-platform-channel-handle=2728 /prefetch:8
      4⤵
      PID:4588
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4184,i,15768395457565639213,4459366215556001707,262144 --variations-seed-version --mojo-platform-channel-handle=4064 /prefetch:8
      4⤵
      PID:3728
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4296,i,15768395457565639213,4459366215556001707,262144 --variations-seed-version --mojo-platform-channel-handle=4340 /prefetch:8
      4⤵
      PID:4592
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4296,i,15768395457565639213,4459366215556001707,262144 --variations-seed-version --mojo-platform-channel-handle=4340 /prefetch:8
      4⤵
      PID:452
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4680,i,15768395457565639213,4459366215556001707,262144 --variations-seed-version --mojo-platform-channel-handle=4688 /prefetch:8
      4⤵
      PID:5940
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4652,i,15768395457565639213,4459366215556001707,262144 --variations-seed-version --mojo-platform-channel-handle=4696 /prefetch:8
      4⤵
      PID:4932
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4520,i,15768395457565639213,4459366215556001707,262144 --variations-seed-version --mojo-platform-channel-handle=4060 /prefetch:8
      4⤵
      PID:4028
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4672,i,15768395457565639213,4459366215556001707,262144 --variations-seed-version --mojo-platform-channel-handle=4756 /prefetch:8
      4⤵
      PID:5196
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4764,i,15768395457565639213,4459366215556001707,262144 --variations-seed-version --mojo-platform-channel-handle=4856 /prefetch:8
      4⤵
      PID:3648
- C:\Users\Admin\AppData\Local\Temp\tmp936C.tmp.exe
  "C:\Users\Admin\AppData\Local\Temp\tmp936C.tmp.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2312

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:5052

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:5448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:1008

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:1172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
46a96d3b86faed31fba1c494f540cf5d

SHA1
59d0136dee9c6e85b9eb0e68773b854209e89ef9

SHA256
ebd084951fafc6f6914265f996946c8c188f712923872360607d0ec36ad1e53a

SHA512
336009b492d775b3c4fa4a2155959b9e092adae21fcbfc04d5540be1cb496a237bb543a9b1cebe5678f687b0eed6106a3ed3bc26229c2740455f7683e51da445

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
65044109d1beb8ed8d59560642cbc519

SHA1
0084485b0aa26069232fab51ee603682e8edfd17

SHA256
a1e0b448218678b30356cbbe4092ea091435e7450822a9748361b6e8b198962d

SHA512
96dcc68fe92f98c4329a8335cfffdb0849a52562431045ccc42076bda0abf3842491303fb669246bfd04e64113688d3f90000a09571dd76ff84b52e34e45f9b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
d62354d11a57c774b6b12bd423ba721d

SHA1
3199098cd475bc0980d3c40d18996c90b01e1f4a

SHA256
6aab45b11a9db50c3dd0f3569a73c8ebec789579a808a76810c9f0e1e2745d8c

SHA512
6e4f507cbfa1a6b69086e4b6e4723718bd77d9c15b7b5d9675ce0f54ae6fc6a33a9776337f139595eb219979c70e621b4c618fb01da6561c2692877ef6188ddf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
ae2bae42c09e1906a3861b4db3537f41

SHA1
1d497f6752ab071466e932fc45dc4048ae814a15

SHA256
f0d2e500262ab8e64c953d738672e5bd7915c703bebdc6282b12714e21253558

SHA512
03755759c4ddf1554789b4c860228a607565ec5a5cf156a584eca90ab8f3ff33e656ad8627df0566c3c1065de056b7459fed28c869885519e6364b2a52cdbb05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
cd5f910d118122fde5a60fdecf4132d5

SHA1
fd9deb14f85cd87a75a7d354c30c65fd74b35f8b

SHA256
d84cfde268432a5f9cda1022ffe160ff78867eae4bec5acfb128050074093b3d

SHA512
f58eb3f9794905571e42b31f09e1af5d5ecfa9285c385c889f81bb623f48609afe91468f6b913e03b64cb3f9366789f45f8a2331e7088258bc143bdb029aa104

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

Filesize
8.0MB

MD5
21f8f6311ca8e61c45a357313d6e3af3

SHA1
5f0c751174465b4c4392eaf7a5a5b00582602269

SHA256
9cb0537e24ba8922ff51de7d0c4dee558853eaa4a62a15dfbb124cfffae9db61

SHA512
8dd1efa7372416ba553fbd85ce6f76f8758115e966cffdfa25384abfd0b0d3503b3b4624d1c0d75d730eedd9dc2dc18d9e6331d353b704137ec47142a2223211

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000072

Filesize
91KB

MD5
8e2d07e90758c916bdc8eb5090368f0a

SHA1
e675c3736f3aa482e86ed66e6b090ab0757882e2

SHA256
f8f959c739c755842edabddb771229be169ff7f8d236ee2097e1d4ffcada8272

SHA512
d4b55a153990071ac7668ec57b1820b9e52154dd0bc2c203ad25d4c00b6ab711147e5146e2c865778aecc0f3796427342b9f921952ba9c00c87c8ee9922e1dd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000073

Filesize
16KB

MD5
86102161437c95528226cdd64de8e4a3

SHA1
adef64167fc0ad78ae1b99f4532f78397de64087

SHA256
cf2aafbb2708fa8486c24eda7e4e362874088e19baea3768f7e5312b2bed8b5c

SHA512
df37324f76b834e8d64c97c32a93a4d97ce0653137c9d1697baa6aade2ce311743594fa16561cbda4d53b75f0370fca01281090ec89070cc478e66234fa77327

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000074

Filesize
16KB

MD5
cfbd80e7e66d79e34564d857e278aa00

SHA1
b031c56e0d575967b12106e32a43f7992077b16d

SHA256
06956e86d37705b5fe1f310179aa71df9bf2480a0bc6407037e5ce68705daef3

SHA512
f1a2460d76a07ba5428e983d4abafe423c1214b2f55d7316621e5abaca05e351e13c6b0060019467da2533c55198364f0f30a66c28da04f4b5e9a30e060e859c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000075

Filesize
56KB

MD5
75dff31adfb24814add3bf99094ddee6

SHA1
bd322f64466336e5b1d120c183b77749465228c2

SHA256
111ec22594500a96693bdb3b553bbd28a83a1108569ceb03bdf74a6878df64dd

SHA512
01181fdc757319c7e620b260495744838f83fe46565f67bf586c8f0738cea0dccf4cc5ffdf7e6d7538d1a3ba3860d9dcc76c2d4430a44c1d71cd5967ed793522

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000076

Filesize
25KB

MD5
05fe7c0557018f355dd4b749b0340565

SHA1
b482d0e2febf32bba3ed39a7df6117fdd7bfa1c1

SHA256
ef3828478f5960cdcbf78bf4f3ff2224cadbfe7e7e3a88fc6b7cec764b60d6f9

SHA512
1f1398f675a3085a246ae4a027cd0a6d4fbd8284a2497da44977b513ed48d7f9bb1d07da1517d99516afbb645c9abe541eec39bdec4e41b0c51be2c0823ab798

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000077

Filesize
75KB

MD5
b01ab7eea09b8732f0b5d9ec8426ec96

SHA1
b841a8f8eb696e91b36cef32c2acb60410cfdbbd

SHA256
d2ea7dabd6d320b2c05f299abd3d818a4e9b4846f59d124aa939789976f62d41

SHA512
db317e6e238a5fa494a6d85e4e8e319316aeefce046133deac1bef4fe62f77b61607ba95ba25e947a1fb3d2fdc9b841f61dc0949779871ffecbadc5112a1b468

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000078

Filesize
44KB

MD5
4f46ebace4b726baec252193cb5fc411

SHA1
97078382f2a915d3425212231478f516d8f572f2

SHA256
466609341cd8d16ab8e11a69424cac62e7492fa64e5fcf6b9fe7f94216494b8a

SHA512
1fa31eb42470d56eebc2d9aabbe3aa02783fe629d18eac488eac0a9f37c37598a4d1628c853f3838a076427c388ce6fa00811bc7777a402aac83bdf978a200c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000079

Filesize
85KB

MD5
8245d15cd1b174ea55c80aa20d9a64cc

SHA1
4dd93527ee2e79be7a35b4c731a54b3f6074b93c

SHA256
5f0222abceb499e143468c66dabad98d26bc9b9be5067e7e73287650926565c9

SHA512
8f4ac9bec69c79698fd0422ccdf9e4cb9e5d395b6f57de32cb2276f943434afabb88f5dbfa6800869363e6f9434d02772752df9c8d19acbf61b1d4139e2f562f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007a

Filesize
23KB

MD5
53b71936935a7a4e5a10d1bf72d3c22c

SHA1
5d34029df16605264799b37a08cce60fbcce8dae

SHA256
6668b23a9166e317ad25304345b6551b97a41f3821ec7a4e7bdddfa730db1a2d

SHA512
d1a50b659b886bc64290e75dcbd5ba4736059e0b6bfabf6396fd210eab85b7f44f312381c23cd2aaca6da8fb232b0cca14d385ec99f7923f6812c601447fb2bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007b

Filesize
16KB

MD5
92d908080255beae8016d4c36f536863

SHA1
c0c93857f0d0332a509c1f6852fa67c5996e7edf

SHA256
01598222769be78f8b27f2591a21ba00783111a00c97c312d668727931e3924c

SHA512
f22093770c957a580426819fdfbbfb253c6a6ad2549ee20bbc3bfc21d25895b1059954aeca13cdba7f96db785b3e51e18fec166f526480e96b36ff964b6b3a14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007c

Filesize
39KB

MD5
62ccf8699785124cc2f57b393fb485e9

SHA1
f26021640aeb2e1e1f8b4a7af56b6131d6a8964d

SHA256
5bd0997719409de8f17a51f0069883fd70b0056bb468fdee7f479b023320cbf9

SHA512
07eb4adcb2f64c4eab1edb86e1e245fc28edd5fa061666a0fd6d03c7bb34d09b13ec1ee5fffd8a0e5cbb62421b1cef93742d562a3e89204290ae5b68415d2b67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007d

Filesize
25KB

MD5
371d253b9ffe5f7ffbbd56f2993f0c28

SHA1
66cd69ede81acc0bb1747027608c0a82bd4b26b1

SHA256
f0fd6b6642f7c9d8c9a2e89bafcffb64bfe04b81c70b91c0f447bc7f0a85bded

SHA512
924862d7c5d43d4081176628cd476425f549b4022aeac7c88995b49cd33d2d4cc28bc8ccbeed36d47b6d82f61d42a5d8ac47d517afd5f3f55b1df8b4c2255237

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007e

Filesize
42KB

MD5
06dd721ddbf8853649c731442726ed0a

SHA1
24caddc3a98184424d1a1689b70b2314a0848aa1

SHA256
198b5c07e09433186842723158b77e92ce1f8189e3cfae2f2bcc150e890fed95

SHA512
5e69e390a9f48bcc292bec064234d76f8f6ec408cce005a29a4f03ae29d3a247f9d0393a3dd01fe36eeb62217b21615a206de53a885ecb022a96ddd5dad28ac8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007f

Filesize
39KB

MD5
fd39df6fcaf8a124b315f42a74c6a67e

SHA1
a1d0f685c1f2d5ffbd74ae01b076800a9421e60a

SHA256
3c12d8017a922d1f31b2d9f8729d4fa316eaa756caa7a19fa5b25a2c5f01d1a2

SHA512
4c8dd43a996ec053a2ffdf03cf528893a4bbc5a70b3ff3145321911ad00985717610ad9701a1ef907c7dbd4f4bb4ee50865332d6cf7c0fee7275073ee5835ccb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000080

Filesize
33KB

MD5
06e2029cbcee24f1c1e4ebef3641b978

SHA1
c53fce756960c2fdea338ffe9bed3af812ac9074

SHA256
29c9e7245887e5a3477ab0aa3743a3d70a3680c8c39a2ac4cb497afccf734bc1

SHA512
aeb80edc3a5ef8b461752a5cbb5646666469e02bc9c759531c677d3282f853992818b997a888a7bee95716f2031bf709ceaebb028f8429b98fa812982a1f791e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000081

Filesize
51KB

MD5
b7bdcecab77120adf137e68751f4a68b

SHA1
da644fd77ce7f84b16919a152cdb1abb4ffd8272

SHA256
2945bb4d28d67867ee8da757a8ac51f75e8cc92fb234751212d2670a5f862faf

SHA512
1d6db365f4cad17aa848a8230efbc0bba4160333b9102b7405fb6e578d1da11de0f14ea2e4e3f3f1545720c9b4ae77da214f2a78899e67ac6d09f5975a3ff4f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000082

Filesize
138KB

MD5
a41f1c5039efe7ac26db07bfa3f189cb

SHA1
2d1ce52a2d7e4091fc914bb0a16efadf5c7911b0

SHA256
84c5a28e0decfec7a4acf666b4e1e3d3f196a6940d14845700448a9fe09fe683

SHA512
a066ae7c12b2104ca9fe31b2891a1e0da31398adedf365d787fb7d6e34943342dde83aa79335e404738ec55589b0c9c5f7a8f7fcb3dc4032eab3a6968062a42c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000083

Filesize
21KB

MD5
3669e98b2ae9734d101d572190d0c90d

SHA1
5e36898bebc6b11d8e985173fd8b401dc1820852

SHA256
7061caa61b21e5e5c1419ae0dc8299142ba89c8169a2bd968b6de34a564f888a

SHA512
0c5f0190b0df4939c2555ec7053a24f5dae388a0936140d68ed720a70542b40aaf65c882f43eb1878704bea3bd18934de4b1aac57a92f89bbb4c67a51b983ae3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000084

Filesize
27KB

MD5
47c0bed4c254416451ebacd9955c4ed0

SHA1
d57e495a782a6e67060f86de232709cece3d7d72

SHA256
3f20389189a77e6f6d6f968b9f40a94f060da720fa2cfe43c0fe6215f349d71e

SHA512
936f593e7eea10d5cb19f6cf620080f37aa7fb518a201c18ace27f7274eb029662417c1ca0fe89fba2120cb2cddcda9c1c9353e8f0c0ff561694ec4b60cbc28b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000085

Filesize
20KB

MD5
c1164ab65ff7e42adb16975e59216b06

SHA1
ac7204effb50d0b350b1e362778460515f113ecc

SHA256
d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb

SHA512
1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000086

Filesize
16KB

MD5
9978db669e49523b7adb3af80d561b1b

SHA1
7eb15d01e2afd057188741fad9ea1719bccc01ea

SHA256
4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c

SHA512
04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000087

Filesize
34KB

MD5
b63bcace3731e74f6c45002db72b2683

SHA1
99898168473775a18170adad4d313082da090976

SHA256
ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085

SHA512
d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000088

Filesize
73KB

MD5
3308d5f29deb5562853176eed9f009af

SHA1
64d08c8893c65ba0f5c6597af9a0f5c83457e986

SHA256
16d1c676234f236b27784c57a8cd1cdd8cd27bda056737a82c29af9dcf879e0e

SHA512
1342a9312cbe9e7926125443503647967ba2a01bf1960e9f6b69f105bec9b4d0a51138d6589ef1823c4846142b1a3c41bde07416c9474e85bab768f427996186

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
7de61681cb26f1550d1b4d1e8de11289

SHA1
21f4358b33abd5c910d681dc09714bdf8e1b64ba

SHA256
88d8edefb8b79a838dd938426b9f19e9285e92fcdee94f7dc30b0ae5fe36c270

SHA512
f3f1a2dcfd0ceffe7b2e3eee90fd00d3bbf070dcccf0a1b55fec761c957c01a8fccb7624793b3351f1c416554cd740e332c4567a82aca2620cf5502178995226

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe58fdd3.TMP

Filesize
3KB

MD5
55f1cd6991a02baa47864c48fbee3d75

SHA1
fb395bbc24cc4af439d829a8936ffee33eea20dd

SHA256
ca2d0038382d1da4814d09297d2d78a9e9b4a1df4a83350d26261661891e14ca

SHA512
262deb951e1a5fab2253ddaac2b0cd381b21a6ddc7a2592f7d90308dcb379bca6883289c7cccc78c79fb9d1f552f629bbc86e785cac8d6b781ac0192cc03d2fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
0ef144a58516a348a9a875efd381e384

SHA1
73cf8965d5e5a4d9088835ee1c5fb44407819491

SHA256
94800cb5e476692b2390c3a6f6a776878a847cb1e40712de3bea417fa9b67534

SHA512
76a662cd5d8df9088523b1d5180d13bf953c5e1139ac25a27ca27dc6518d8f736c9807ebcc6310f3f3b0fe658e2c5286c18e3027be6e812f5ce7485e2cb4718a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
e78921a111aca7cf048078087405e37f

SHA1
744ac39ffc0f9982f3a2af6bec80e14c616241b8

SHA256
c22d172e4201ae91c3f8edc8522e40a4e986b1e6fdcaab7913e1ad75d3a3fee3

SHA512
3fda2306cc1f7b9cf16c81a7fbaf11e2709a0f941f70f50b024fbd4f01e39fef4543d30eb5ddbad09d7e7d4c76e32b6429207cf10bb5ec69dafba8d34eb8dc6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
192KB

MD5
01a7f6d97cd89c78ecfc7446f4ad1fa0

SHA1
d8cc6a6ad0d7a887feb98d223a5a49217214492f

SHA256
1b30ffc0cfbbdc36f67466245140a6686c46df15fb1555e7319ac7e1452a5bb2

SHA512
b8c88844188b41d0b90dae001d26e13e4a5079867a18134cd503ea48f6bf20fad950088f698934426e18a7021591e2f49bd4763e1a071a495637581e40fd5038

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\96de1d47-dab7-4a12-8901-27f272bb1632.tmp

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
e0e2754cdc397b3aaf6a6dd385e9bb0b

SHA1
730c9455e493e63dcead7481b4d89af8d9775cb6

SHA256
e0b6b2e8bbb92794d5a08f729154c31a487357b50717239114ddb942371328c3

SHA512
2342446eefc8f143c3f00d5dbc0f283121c3e91263ba94863724366c695883c7200b155683f6b264aa786390181eb78ee0b85adcfa175462d79ed65165339f89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
5b72dfee91257c8f652893891035491e

SHA1
738e3e8fbe12de4c99762a72e94457036099fba4

SHA256
0f1cbc594ae32721c6c14acb3cb2380de39b6d6600ebf42e4223f00124b44fa4

SHA512
3184dd39eac348f927c5f27b6723b1ba2b808c2f635e848e68871c2558cddcb81623a17cbfe84bc53d5ad6c1e7777aa26bf7077638f9a7a869ecb6c1740b6711

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
747019769559afcb86770a25fa531689

SHA1
39433deb3812152f737d2f9da21c151d35bdb891

SHA256
1b5d4aceefa68f497abbf615b197947339e7e62e383248a22d6f53d49c3f2cec

SHA512
71ae8e5303d4fbaf42cc6279afd68c42f14a3459a30ee8ea6fb8638257224fcf56f0eaeda3c7c9fb39e426dbf4d100806b777a2a90224e93aacf27a68da1d936

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
f0a81354a0691b681814ee61b067860d

SHA1
81f7fb79db8ff812d1387dee8ed5fdfe22033b93

SHA256
071547eadb1a596ec2067e248a0317151d216959008b9015be492d556399f7de

SHA512
d5b2687abba445afee29c11e5e668b61ea4a3be5d75d1c8c42a058c29e5a70fc4803951ce4ef0c5d79e348cc4ebd6d0427a304b49973025d55d3986beb754c5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
868605465be706d1c4888240bb6069e9

SHA1
36ce4d221935b7a47aaadb72f93290d119dd2356

SHA256
e3789029ffac0cd3b609ade158c282796c540787d418b6e111b32beb6a8fc41d

SHA512
b9354b448cbc0254b4ffdc7987b4abcc33732ed3db347fff331bc291384f986e075f23f8cdeb0250fd032405c54c82931ef483047739b98522ce86460fa68c98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
338B

MD5
eff99e0f6bb727a6ac57e30485f02129

SHA1
4a98847d604d4fdc73e191f02f761366176e7247

SHA256
1315517b278938a46618d01c7cc7b6e33491051cd58809229f3d2c3bb1943ca9

SHA512
89dafaa6c9cb2ea95ee3815f9346a4eb2e0f0ea254174951dd78faa70c9fa3129bcd5fa2efcbeac7bc3d4824f6e2bb4c582ba7c039853be9e031e0fbf20201b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
e0a69617f663a793638e564b7e546aca

SHA1
88352913687df43f2ded4bc2141c9572f2aa98dc

SHA256
a7d230b504daeed6ce0067682f939d8e61f35fc807330f17395690636dfb5b54

SHA512
712b2e053722cb8996a12a8b964040d35a8b9042e2cf3a6b9809db015e1474353ac675b56a440d86d02485745082e2f356b1f85cc5b069ff4b03f49b1f498b93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
25a598bc41221f646b4da86bec0d1bdf

SHA1
d9c8194bb77e06c3c68596183102ddcb354921c5

SHA256
12d534ce2856108454be8be63c77b660a2ae7dea21a30afad9aa43b742989535

SHA512
133967417721aebf24df446bcc20d06fff65b86de2b5efdad1d5d090a8b7ac2b8a12d9c86b1de2b551e0f72101014b54903dec31d3009b9934b6b155a08142b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
6f30ed02311e6f787b28de5486b74fa5

SHA1
026da2cd0d0d166216f22effdd23bae3f39422c4

SHA256
6b002756c12c0e0c592385277dca189a51634f4e3bded5dd3c8f6df25fe8756a

SHA512
f2612e6204bbb9ee474a361bd1d9e3acbf7348f9dc89c697deb3ec525fea2c925010b5b6c3a1a68d70558c7ce8fb751eb8e3af52e98c04b7f81f02c53ae15b26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
04f99ea8ffacfbdbab961fed0b6336b9

SHA1
df7c033e5f818bb0ea9bafb433177b89b69b5a60

SHA256
b9a76d22399cf179ef4eabca212ebd876283ab596f28f54006ed5f5e36de5372

SHA512
6610364a9482f98d49a0da02c7d5555f24443cf170132bd5a4111496611aec5f896c846f4f7519e6e61a82a8c53921b0da691a828e57b0f4367c629db509f1da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
0be915a6044f9eb38d2cf8181e497062

SHA1
80b58eaf791d4e325142fbc415f0736e6ada54cf

SHA256
38e683d4dad9c26d909bf62702a4dcf11fb82f88ccd858c5a495aac210f0d095

SHA512
73a1c07a920df9dd0c4b19a0277855955d2e9d21b80e49d0243754a4c6b3b50c8db4e24f1374b55d785f06b7a566502c2d0ea11b9d87ea128418d704962b223d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\default_cloud_config.json

Filesize
12KB

MD5
18261eb12378081f939fb9415ca0c9e1

SHA1
20d4ff782e17fe45e71c3f9fc60a94655f72ec7c

SHA256
12bbeec9a0af9e3ed945b28b9b8ef89b2f897768d1ba3ffd6f3fbb42fa5bc556

SHA512
fef634b4ce77c2f36ce1bdd63e8ac28e76cd089f0bff33f4425c757ddf37fe9fab30dea7b5bb51c91eb27012cf78800e03643e13d51a25bf624ce58ab3488a80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
04aa659292b768b39a40e8d47e460ab4

SHA1
dfd775cedfaf78ea3ba725ab429ef12abc9dd2e8

SHA256
0cf32a8f431c240e8c5fd0269680d9ff1c24964d6c4a9020a01843e3cbf08754

SHA512
14e49edba58ad0b8c1e79cca9d64c521795c8323e16c88ed122593774daeb33d33a7ec444d98033e42becb7c311119a7e5c023fdaf6cb91c491bb61d5ab4ac06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
1KB

MD5
bdef23460fb8ddf0cac33621fc9fa8ec

SHA1
313cf4ef10ae13d0826d3bc5c58d45889e5b816a

SHA256
7414f80a862867e6eda5df88729bcae726d7af96953f7edbdba562df1c173214

SHA512
01ce1d871c19ab34ce10a48a153409b21e982b64e81f0df6e7e8c6a93ea912ebb8c1d679afc1b30cdf64310024256e8374fa6f92db5ee0bc4e2ba0cf06fec695

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
8a0711397b52c84ec33fb95f9a9b3e5c

SHA1
c75a66fff75a23535d1547084c74b80d6c55ed72

SHA256
a78e8400fcba1f8325b805f314ee911ab661a4199855c957839a6e9fdfb4af77

SHA512
9d3450994d29f64a17e9c85265d76aa5a3d983e9bc5af700df415b40e8147c1bef41e498ad6604496c43db66e8edfc9c16c08afa378162e73c18d23d5a06122f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
d5adeed939b382c7139fa96ab4d3ed9e

SHA1
15eb0e98d91cd6f8525183f58140845c9421c249

SHA256
cb3f871321b8a908ad9952afea1b8527bb2c6b2f399364624929472f5c3005d6

SHA512
ae3f510773829868d45768342f6c9bc6b891c9efdb511eac522ecf6b70bf7cbe367838d890d2af1c9c517ccf30d5153f213da73fe5166ad6d9e1c66e540ebabd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
3bad70824a716310ba239c8f0e66ac17

SHA1
7122ed6dc39be32451cdec1bcd738d87deec1d21

SHA256
de5b89c1d09f3f026e8b12f5d9d508093aeeb1a234baa8d29ea792554c622253

SHA512
bf6a14fdf28f02d9bac541a3a9088968d99418b6b34a8b4e06c81e48cc2cc554dcd830aa1a9c4ead6fab3ed5b8db61b4f44ce2c5679a3c2029e2229cb2a65606

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
13B

MD5
3e45022839c8def44fd96e24f29a9f4b

SHA1
c798352b5a0860f8edfd5c1589cf6e5842c5c226

SHA256
01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd

SHA512
2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
46KB

MD5
e96349b23c8bf4d1235ce7b0f095bcf3

SHA1
4e6de3b5a45ed5591954ece546a57f3261a64e2a

SHA256
83ede508a89fac3a8e2c0a49b523615da9f8ec5b1b3f7e175e99986e2a7c61bc

SHA512
5621bdfa3491b45486b2686846e31b84816945da268b8e0b01a81e142fd77f8f490b910352ac0aab7569ef94fdd802bc5e474c24c78bbe7b94724e18e814ab23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
52a4f4a73014a8c9feae097da71071d2

SHA1
42d8e5648d9e3851472ae01d49299b8a50090720

SHA256
eff1d2e61f4ca68bfd2c10911c4cd2882a4b91ec6cf4ccbe40defa26907cdb95

SHA512
eb8ef0354e7277e3cd5055042f5d2d4a38eb37734e355f6b89835342c8fffe10341187c86f591050a2f3ed4f5c33636378da5558ed7eae8035239533fff23a68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
46KB

MD5
047a99d9511161e3c6fe36317ecd249c

SHA1
d53df1401271a12219f328bad5cd72c4d915c7ce

SHA256
55e5e50fe57a3c3fb90f743c5590be976445ce871e9914b28ee0be952183a166

SHA512
e16e66bb300a85c2d2ea5a2c3e283d00533d2d335cce023e152c47c8c1532dfde64675380824119579886ff6acf2f352bd9175dccb790d349886aa70d17d097c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

Filesize
264KB

MD5
6c9f8197b8fea2328ff0896e95f200a4

SHA1
2fa8b754b326bb4787b5cb7b98b3b67a067e260d

SHA256
e3e4dbd1354f9bb12b30c348bce19a09e2a76ced4058641d9c3954069c6bca18

SHA512
9bc9e490074ef483a01ccd8cfa63afe68eda1a6a3894dc20b089e75647f6c1be26f2f6fef2165f340058a9a8f2757d664c0ac3e33ee9ff5b729c1403c9132c05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

Filesize
86B

MD5
f732dbed9289177d15e236d0f8f2ddd3

SHA1
53f822af51b014bc3d4b575865d9c3ef0e4debde

SHA256
2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93

SHA512
b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
70b31558c3d6d75ad851e895abdea2a1

SHA1
e928a2f5267a6f636a045ff618329ef778a9443f

SHA256
6412605053ede63bca78d0e7f40be986d5793a23092739f3f0acf098ad86296b

SHA512
bcfea4503159c8efa1785e7dfebe4e7065dc778511e95e9ade857bfa724b0d3c9f47efa3fdadafdba7ec04f40b251e5e077aba03d466c5152c5e3e04ad41ff60

Download Submit
C:\Users\Admin\AppData\Local\Temp\75e807b1-004e-4394-afcb-e44edc4a1ed4.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp936C.tmp.exe

Filesize
28KB

MD5
6c2210ba180f0e1b9d831c3c6c14c8b4

SHA1
00bebdf704f4cabf254583c6ad87c6e72872b61a

SHA256
501c36ac282029ccf7950a4957d4c10ea72fe18f0ad8d6daeabfe628fa4070a7

SHA512
26a63ad05199cf45acd7519fbc63945097b4c4a89bb2cdfa4f87ba004e1ce106220b0b99419e656de26d164265b3868a9ce541c71b05d4e4db1a9a1343130e9b

Download Submit
memory/2120-0-0x0000000074882000-0x0000000074883000-memory.dmp

Filesize
4KB

Download
memory/2120-6-0x0000000074880000-0x0000000074E31000-memory.dmp

Filesize
5.7MB

Download
memory/2120-1-0x0000000074880000-0x0000000074E31000-memory.dmp

Filesize
5.7MB

Download
memory/2120-8-0x0000000074880000-0x0000000074E31000-memory.dmp

Filesize
5.7MB

Download
memory/2120-5-0x0000000074880000-0x0000000074E31000-memory.dmp

Filesize
5.7MB

Download
memory/2120-7-0x0000000074880000-0x0000000074E31000-memory.dmp

Filesize
5.7MB

Download
memory/2120-4-0x0000000074882000-0x0000000074883000-memory.dmp

Filesize
4KB

Download
memory/2120-2-0x0000000074880000-0x0000000074E31000-memory.dmp

Filesize
5.7MB

Download
memory/2312-815-0x0000000000570000-0x000000000057E000-memory.dmp

Filesize
56KB

Download
memory/2312-816-0x0000000004EF0000-0x0000000004F8C000-memory.dmp

Filesize
624KB

Download
memory/2312-817-0x0000000005540000-0x0000000005AE4000-memory.dmp

Filesize
5.6MB

Download
memory/2312-818-0x0000000005030000-0x00000000050C2000-memory.dmp

Filesize
584KB

Download
memory/2312-819-0x0000000005000000-0x000000000500A000-memory.dmp

Filesize
40KB

Download
memory/2312-820-0x0000000005130000-0x0000000005186000-memory.dmp

Filesize
344KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads