hxxps://steamgift[.]cfd/105439105

Analysis

max time kernel
11s
max time network
13s
platform
windows10-2004_x64
resource
win10v2004-20250313-en
resource tags

arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system
submitted
30/03/2025, 19:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steamgift.cfd/105439105

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\bn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\fr_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\bg\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\am\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\mn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\en_GB\messages.json	msedge.exe
File created	C:\Program Files\msedge_url_fetcher_5992_862455441\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_90_1_0.crx	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\kk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\kn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\vi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\ur\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\es\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\gu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\az\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\zu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\id\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\mr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\da\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\zh_CN\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\it\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\service_worker_bin_prod.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\pl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\te\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\be\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\offscreendocument_main.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\ml\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\el\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\fil\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\ne\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\ru\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\sk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\km\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\my\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\lt\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\si\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\offscreendocument.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\hr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\th\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\zh_HK\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\ta\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\sv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\pa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\sl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\no\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\hu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\hi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\eu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\pt_PT\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\ja\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\ka\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\ar\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\fr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\es_419\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\zh_TW\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\uk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\cs\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\en_US\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\hy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\en_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\is\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\af\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\et\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\gl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5992_2050868069\_locales\lo\messages.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133878380937627876"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1279544337-3716153908-718418795-1000\{B4F650B8-F1A5-4414-8B1F-E774A2B06E9F}	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
5992	msedge.exe
5992	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5992 wrote to memory of 3968	5992	msedge.exe	87
PID 5992 wrote to memory of 3968	5992	msedge.exe	87
PID 5992 wrote to memory of 5648	5992	msedge.exe	88
PID 5992 wrote to memory of 5648	5992	msedge.exe	88
PID 5992 wrote to memory of 4980	5992	msedge.exe	89
PID 5992 wrote to memory of 4980	5992	msedge.exe	89
PID 5992 wrote to memory of 4980	5992	msedge.exe	89
PID 5992 wrote to memory of 4980	5992	msedge.exe	89
PID 5992 wrote to memory of 4980	5992	msedge.exe	89
PID 5992 wrote to memory of 4980	5992	msedge.exe	89
PID 5992 wrote to memory of 4980	5992	msedge.exe	89
PID 5992 wrote to memory of 4980	5992	msedge.exe	89
PID 5992 wrote to memory of 4980	5992	msedge.exe	89
PID 5992 wrote to memory of 4980	5992	msedge.exe	89
PID 5992 wrote to memory of 4980	5992	msedge.exe	89
PID 5992 wrote to memory of 4980	5992	msedge.exe	89
PID 5992 wrote to memory of 4980	5992	msedge.exe	89
PID 5992 wrote to memory of 4980	5992	msedge.exe	89
PID 5992 wrote to memory of 4980	5992	msedge.exe	89
PID 5992 wrote to memory of 4980	5992	msedge.exe	89
PID 5992 wrote to memory of 4980	5992	msedge.exe	89
PID 5992 wrote to memory of 4980	5992	msedge.exe	89
PID 5992 wrote to memory of 4980	5992	msedge.exe	89
PID 5992 wrote to memory of 4980	5992	msedge.exe	89
PID 5992 wrote to memory of 4980	5992	msedge.exe	89
PID 5992 wrote to memory of 4980	5992	msedge.exe	89
PID 5992 wrote to memory of 4980	5992	msedge.exe	89
PID 5992 wrote to memory of 4980	5992	msedge.exe	89
PID 5992 wrote to memory of 4980	5992	msedge.exe	89
PID 5992 wrote to memory of 4980	5992	msedge.exe	89
PID 5992 wrote to memory of 4980	5992	msedge.exe	89
PID 5992 wrote to memory of 4980	5992	msedge.exe	89
PID 5992 wrote to memory of 4980	5992	msedge.exe	89
PID 5992 wrote to memory of 4980	5992	msedge.exe	89
PID 5992 wrote to memory of 4980	5992	msedge.exe	89
PID 5992 wrote to memory of 4980	5992	msedge.exe	89
PID 5992 wrote to memory of 4980	5992	msedge.exe	89
PID 5992 wrote to memory of 4980	5992	msedge.exe	89
PID 5992 wrote to memory of 4980	5992	msedge.exe	89
PID 5992 wrote to memory of 4980	5992	msedge.exe	89
PID 5992 wrote to memory of 4980	5992	msedge.exe	89
PID 5992 wrote to memory of 4980	5992	msedge.exe	89
PID 5992 wrote to memory of 4980	5992	msedge.exe	89
PID 5992 wrote to memory of 4980	5992	msedge.exe	89
PID 5992 wrote to memory of 4980	5992	msedge.exe	89
PID 5992 wrote to memory of 4980	5992	msedge.exe	89
PID 5992 wrote to memory of 4980	5992	msedge.exe	89
PID 5992 wrote to memory of 4980	5992	msedge.exe	89
PID 5992 wrote to memory of 4980	5992	msedge.exe	89
PID 5992 wrote to memory of 4980	5992	msedge.exe	89
PID 5992 wrote to memory of 4980	5992	msedge.exe	89
PID 5992 wrote to memory of 4980	5992	msedge.exe	89
PID 5992 wrote to memory of 4980	5992	msedge.exe	89
PID 5992 wrote to memory of 4980	5992	msedge.exe	89
PID 5992 wrote to memory of 4980	5992	msedge.exe	89
PID 5992 wrote to memory of 1964	5992	msedge.exe	90
PID 5992 wrote to memory of 1964	5992	msedge.exe	90
PID 5992 wrote to memory of 1964	5992	msedge.exe	90
PID 5992 wrote to memory of 1964	5992	msedge.exe	90
PID 5992 wrote to memory of 1964	5992	msedge.exe	90
PID 5992 wrote to memory of 1964	5992	msedge.exe	90
PID 5992 wrote to memory of 1964	5992	msedge.exe	90
PID 5992 wrote to memory of 1964	5992	msedge.exe	90
PID 5992 wrote to memory of 1964	5992	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://steamgift.cfd/105439105
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x268,0x7ffc1e4bf208,0x7ffc1e4bf214,0x7ffc1e4bf220
  2⤵
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1844,i,2172458321461551747,7417868080579033885,262144 --variations-seed-version --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  PID:5648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2256,i,2172458321461551747,7417868080579033885,262144 --variations-seed-version --mojo-platform-channel-handle=2252 /prefetch:2
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2468,i,2172458321461551747,7417868080579033885,262144 --variations-seed-version --mojo-platform-channel-handle=2932 /prefetch:8
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3512,i,2172458321461551747,7417868080579033885,262144 --variations-seed-version --mojo-platform-channel-handle=3564 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3524,i,2172458321461551747,7417868080579033885,262144 --variations-seed-version --mojo-platform-channel-handle=3600 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4960,i,2172458321461551747,7417868080579033885,262144 --variations-seed-version --mojo-platform-channel-handle=5084 /prefetch:8
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4812,i,2172458321461551747,7417868080579033885,262144 --variations-seed-version --mojo-platform-channel-handle=4856 /prefetch:8
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5420,i,2172458321461551747,7417868080579033885,262144 --variations-seed-version --mojo-platform-channel-handle=5500 /prefetch:8
  2⤵
  PID:5180
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5828,i,2172458321461551747,7417868080579033885,262144 --variations-seed-version --mojo-platform-channel-handle=5852 /prefetch:8
  2⤵
  PID:5892
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5828,i,2172458321461551747,7417868080579033885,262144 --variations-seed-version --mojo-platform-channel-handle=5852 /prefetch:8
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6056,i,2172458321461551747,7417868080579033885,262144 --variations-seed-version --mojo-platform-channel-handle=6068 /prefetch:8
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6200,i,2172458321461551747,7417868080579033885,262144 --variations-seed-version --mojo-platform-channel-handle=6216 /prefetch:8
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
  2⤵
  - Enumerates system info in registry
  PID:5888
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x2f4,0x7ffc1e4bf208,0x7ffc1e4bf214,0x7ffc1e4bf220
    3⤵
    PID:5480
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1832,i,16650470856543620172,4481690772050079945,262144 --variations-seed-version --mojo-platform-channel-handle=2236 /prefetch:3
    3⤵
    PID:3164
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2208,i,16650470856543620172,4481690772050079945,262144 --variations-seed-version --mojo-platform-channel-handle=2204 /prefetch:2
    3⤵
    PID:6056
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2440,i,16650470856543620172,4481690772050079945,262144 --variations-seed-version --mojo-platform-channel-handle=2916 /prefetch:8
    3⤵
    PID:2092

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4528

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:5408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
998db8a9f40f71e2f3d9e19aac4db4a9

SHA1
dade0e68faef54a59d68ae8cb3b8314b6947b6d7

SHA256
1b28744565eb600485d9800703f2fb635ecf4187036c12d47f86bbd1e078e06b

SHA512
0e66fd26a11507f78fb1b173fd50555dbd95b0d330e095cdd93206757c6af2780ece914a11a23cd4c840636a59470f44c6db35fa392303fb583806264e652016

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
2d24b17f6564212515675a8496491b7b

SHA1
dd5b8915ed893d27eac0a33d596cc030f94bae9d

SHA256
a03bbab2dc2f5cea0e3f3f843cec6c12015616d6412b67b5e623172203c1b79d

SHA512
a98233f435e40ec70ad9491d88fb824f4b11181787b3dc597de52ff83bd143a58793ecdfc87950012df44b01634414efaec8c0dda9ef0a896efbef87a71cab81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3b2c4102-56b6-4174-8773-c9846fe5a6fd.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
d4e827d6a29241188fcbe93c8771f275

SHA1
128a6e75f3e412a709e8321aec6a33c5b6b91c06

SHA256
fb720a7b91072cf4105e3e4ace62de8f6f5baaaf9bc771f0bc9952aa74604083

SHA512
980d89a4f7af33045196274cbfd93974b20aafd4a98bafa3ccc322b35a7e919300f87d511af8fe909a44b6e313df0ff568024b7e2ba6d78eaa345a305b1ccb2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
03e47ad38a9accd5e2bae39de2a0d3ac

SHA1
ff733cb55ea93166080419633eba08f90be3a221

SHA256
205a14f2d291a6b183a34ba3bb6ba671af46f18781693f53c23a2f7dcdb803b2

SHA512
d46f3e940fead0b17d5bd2e4fcdd1a37549e62d210d2e76f3c1dcb3b63e78708b4dd27f1fc832fb17238692afed978342e197b3b15cfc66884cb22bbb9fd9d75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

Filesize
448KB

MD5
5c35d8605ed8fec5fc51b3399a5dedd3

SHA1
2de70a605b8e46e38d37d3f5716f4fd0387036ab

SHA256
e4e7c1a2e4965c2c3a3c0ab4365cd359e0afd825ebf07a5ff6c8c6560d216fcc

SHA512
7a0ad161860ae32418af10b65d5cb18ad45925320d6879f33d519737928695f98dc32c88254e3051daa60939eccedee7b3c32cf2978474063d83e034c369676d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

Filesize
1.6MB

MD5
f1de39bcc4f362d1bec758332186d07f

SHA1
fdb9fe528ae96f8737bc6c89c354bdbef4e1722a

SHA256
f2a016b4d5e8e1d3682f1dc254a6e145725de61bcb38b854652d22f9e8e25abe

SHA512
64322933902fe748855418381aec65f4c2dc7a1b2722b67cac82dafadbad4e11af04cee67d32e1c1c00af07669eb6500435e719aa89e0451727c06c667dbefc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000078

Filesize
19KB

MD5
5e5ae2374ea57ea153558afd1c2c1372

SHA1
c1bef73c5b67c8866a607e3b8912ffa532d85ccc

SHA256
1ef458d087e95119808d5e5fecbc9604d7805ea4da98170e2c995e967da308f3

SHA512
46059e4a334e0a5295ebcef8401eb94b8fa0971b200f0f9e788ed61edae5018c917efd30b01631cbd6bdadc5240c9fcad2966ea0aa9c94b538bcc369e10bbbaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
482d7b43612cfa1aee9cf7f14a47e39b

SHA1
d851e237249fbc64e2fad873c07b9c8762398853

SHA256
84886e64b76825e6d9d2be6dd1de0ac3bbc137ecbd760c32e9de517a99aa8f65

SHA512
69e34e1c3aa0a3c7fbaa33992a0db923b72eab36589b3bd9540627863e89340fe896af367c2a226f5a942a112407ee82562a37d8e481e2e7edc42da2383230c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnGraphiteCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

Filesize
399B

MD5
a15ac2782bb6b4407d11979316f678fd

SHA1
b64eaf0810e180d99b83bba8e366b2e3416c5881

SHA256
55f8fa21c3f0d42c973aedf538f1ade32563ae4a1e7107c939ab82b4a4d7859a

SHA512
370b43c7e434c6cc9328d266c1c9db327621e2c95ad13d953c4d63457a141fbf2be0b35072de96becc29048224d3646535a149229fc2ba367c7903d3e3e79bdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
192KB

MD5
88254c04c449450bdcc99dfa006d8dae

SHA1
e794f707601dbb68d28e5fab5b5293aea8cf2873

SHA256
46da7c39519a008ab946b1a7d39573306f9066bcf6653c0d81b012f4863a8674

SHA512
736a12bc76e2b273b6a584a4cfd1595499cdf80e95d23b73d9cc8eb9ee6ffe8c02aaf67a8ea04dc9720b804c2c5707e003fa1db0ed5024df3b1658ada6e01b63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
6d3e81a5d1e0f73702c24bd19c8f0daf

SHA1
ae0a997b840b2c12ef22866d7ebde882c1ccac24

SHA256
0bb862f0e8ffd958245c6f5abf13888f34c70b0f038020c01d916b6bb9801027

SHA512
26d453414f68a87a175b9cb61b218afa266459ce65123128ad079c869d7671a868918e2d68eadf32cb6e1a555fdf88956c98d6030c7fe9dd7440dc612d5063f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
71415c73e721dbcdd351bd45a9abaeed

SHA1
91f8a117c91735184b2f31d285626f0793cf87c0

SHA256
1da2094845c3caa9b1ddd14289b37236583c027364fbccfc67502b223e4f0347

SHA512
558bea3ac43c57f5f5e0fff334980e8b8c1a832b6c21676b4dc27b98ea5fa9581051264c9c616ece85638e6d90dad04f99bb8010653161a18b0038699cbfc061

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
9a2b40175db2d7a5c68195a9c5b32373

SHA1
8eb266cdf4334be6603b341b682f0ebb2e94c430

SHA256
de1cbea04ec1ebc4c58dfebefed8e7d6e707401deb1c25ff2e7fb6b2c1215fcb

SHA512
6b32ea3ef68a6357efa630b2e82132d72ae3c80cc4242f1eb745d4c37adb824841a1dd0ba75fb8d4ab4c38bc3c74a4dd3cc0faf167ee48b8bb466290419f708b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
188B

MD5
f1a096ce0b401bf5d5d5ade613fc2a1e

SHA1
6622517718c15ae7b7b4c0954a18904ceadf8b24

SHA256
36ac8a3dd6d1aa213d12beb39fee6be1b83ee662677f82265298755ce7045a1c

SHA512
d768cafa998c1d02adea1ad35405a7e9888d99578b9f27005c6562de38b6b7aab75fc4bbf4d114ffef169c462f89ac9b178b2d080d2e0780dc4cef7b8d1ab88d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
b2040327050f6fce6106a506e9a19720

SHA1
b9e8540793ee2ddfbb7a5b2e7518daab824c19e6

SHA256
8f35a926bd7b201e8ca614c2dd9a5882ef3f68935899b8781a6991c073c479b4

SHA512
d8eaa650aa11f221afcb3a10ec3baa429ac7ee12a116223c704a52cee5e4ffd1665b000fd2886f66e35fcbbfd1ba4f023dbb4e5fd2f76f4e5940037f4eae043e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
ca09b6741d86489ec298a5bc1a21026e

SHA1
c96d73ee8274a1f7de8dffe3b21629199a47b89c

SHA256
0beeb9f64cf26ffe29ac6096c71f823078b7e10cfaece360c6931260660f79fc

SHA512
4a39e369630935f55aaadc21cb9ea20d95e82bf296e45cc85492d0b0cc3d659e2691cd3ed5065282a4923e18e312b3526ff4b48d031e1510e00eb258de465629

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
d624dfae4c8a4417ddb95fa7df956c10

SHA1
834feb32a4d26212ce3ea6ff755de46e9cf8e138

SHA256
c2ea924e6eb82c0a70c1ecc753d5c9dabfaa20f8b3d8f1695d633cb9b98554aa

SHA512
8c6f6cb53c583a4aee116a840519c598094133e483fefccef68fd42590e22c4c1f3c9cbdd16a531f3ff873b75a9440c2604ca80de479f9cc17464d9e29eca058

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
335B

MD5
84978ba184219556bff0d65b9a699fed

SHA1
b8233dccdaaa6519e20a09249f42e176b07748c5

SHA256
96c61e4a2ba12cba80a228bef6261ec5ba952127bebeae8d884aa92f61fda1bb

SHA512
a23d57d7ae3e361f1d9258b3b7fd8cd453b962f45a30fe201a6d33d342229afa360f09f8e534dac731720a0d097bfe7c4912bab9e8dfa277c81aaff87e185449

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
f4f14092ca904e1ebf4876599bc7699a

SHA1
b531afb8fce2d66c5d7e7f739678b439762a5f3a

SHA256
ef0176b30ca451016805df97139a34b6537601c8be2aaae59aeeee641cc6a902

SHA512
a3f612383ac64ab9fedc439bfb1169d3261de0b5283c0749293fba2c9025722f263d28848b69681bd738698e790bae09049a9f1c90766a766e2ccae9fefe7916

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
e3220d242d380740efbb7d13b3bd160b

SHA1
b1084f8115a471f8275c755579f5a5b1de136bff

SHA256
06e301b48b917ac6b102a671a46b2621d4e457be257228bc1e9dda686130f406

SHA512
86bbab5413348d61780242333bb9c3c19b4e95688ebeeb620398e5d011430e77a0f8cd0e02eca533688a13275daf0e5da678170ada0534d508365a59feef01ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
a23fd88902aa1577360017da36841ed2

SHA1
3f803a990ba44967259cad244ad3bd41bb8bea0d

SHA256
686d8080eb62c5004d48fa190ab11970f61f9bbbb3c0f6da4a4c29da4f5cdc06

SHA512
bc43e4ef3178f05bfdbf93bc65342d95b371de309081f2c9cfdbd6812ded2434156a5aee8b0b07878472250fbcaccb42f1973226b6d7ca3de1238df1e6389f78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
45fcaf4bb9c8a734a9f7abaa770a6327

SHA1
b68c657b4d0b7b9fad7adca7472eae81c8d2fd69

SHA256
115b2ee785c2b287c689e2cd54e95ae3a64662eba4c80361d6c2f59487d3a00f

SHA512
a4c44d158fd488845ca3d4663da950c8e641da5051dc08095cbade68558a87c0322b417fb7a50faf11ae1824130d460649354554be23ca1b6b60c189df96f7c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
298e559b88b379d231aa7a5ac49049cb

SHA1
cdda12c950d88188eed46bcbb7d41c56920b2554

SHA256
63069060ed828a85f589cf7b42b00541bb909cae58345b216f30a0e9eeb65437

SHA512
0bdab9da72bc06451e6c5666ca480798f9e6988e52a039a20c7463409b3a74570917273b7e317f203d7a604890445ffe6ad85db770d848f58f4c1cd9b8c7d757

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\default_cloud_config.json

Filesize
12KB

MD5
18261eb12378081f939fb9415ca0c9e1

SHA1
20d4ff782e17fe45e71c3f9fc60a94655f72ec7c

SHA256
12bbeec9a0af9e3ed945b28b9b8ef89b2f897768d1ba3ffd6f3fbb42fa5bc556

SHA512
fef634b4ce77c2f36ce1bdd63e8ac28e76cd089f0bff33f4425c757ddf37fe9fab30dea7b5bb51c91eb27012cf78800e03643e13d51a25bf624ce58ab3488a80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
10KB

MD5
25e24ab2c1e04fc74afe49d9292e7963

SHA1
30bf4a9a40a9be46893cd7d3453978901835cd1f

SHA256
2ff0a2d66fb18def5ad926bf4cd5428ed351832aa18ce7e324ccdc378c2b1007

SHA512
2ac9287ac27a06743aa51089fd624587223b84214539ff22e8fff0abd6e2080c7aca3ad592198cefc91763b03aba7575b07f9e85b2d7fca9f49cef564dab0345

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
ab705b1c5b7c68742ba78eb7a945071e

SHA1
48145a5c497df1f52e58db237c30c31dcd11f3ef

SHA256
442fdf5a1929581a0efe9f1ec842030e7686f1a25d30a44444b0d5e82fe73632

SHA512
98d95c3d04185fae29ef3a5c61fd7ec9095d1b93f7ad311b741c1ef81d3d358fe88f1cce6cd6bc95e78eaddc358e1085861ae73c1da96ed18cfb70edf8ca42ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
1KB

MD5
98f9f80caadccb540dd0671a4e1fd3ba

SHA1
504a0bf81b1d3f13019830ae3914631d709ceb21

SHA256
b0ae375b736f449f030a06847f2461fc1dd9309af9798f315d26a7018de944c8

SHA512
ffd32e550f7c9f921f27f65c36fda18532132b5685851dc17ee4d2f692a81eccbe34396b6a480a710721ed0dd65f59a8464235152e27f6f2f0111e6c2b5c9af0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_3

Filesize
18KB

MD5
43781220acaea720a4e5cb145d9bf28d

SHA1
26846d13d31a13ae6046b0ccf7ceb90b988234c3

SHA256
fdb5083f467af63fe3462e9d5762584d25eb27741c1fc1eb5118754a7e82f8a2

SHA512
637085f9d41cbca25f1242522a5a7915ce04d5bb2ce5f39aeea5441a1c83a559f67e1627c6ad6a3e5324af5724edc52a09dc2db4cce92d9ad473c161bb267f51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1

Filesize
14KB

MD5
458942f5f4dede98a8c18f80920b3a99

SHA1
a9790a5f8e7ede3b2e97e9e7be80865a5bf4a318

SHA256
dd477b6a01d0bb29392c23a8c9d28046d0fe078e0c63a584cb9604e59c6145f3

SHA512
1d50022a5ff660c5a59b18e46a39cab93c91ec27736a7d17407e82c29470266bbd33a0a405908cc51ec56163dc7ee6ae1f38076a85ba0acc35f481746d82590b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
13B

MD5
3e45022839c8def44fd96e24f29a9f4b

SHA1
c798352b5a0860f8edfd5c1589cf6e5842c5c226

SHA256
01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd

SHA512
2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
db4392228546cc43c5da8358b83432c2

SHA1
0a5071eb27abe5fd9a8c765d47f6c531155f3ef2

SHA256
f63db68865d8f1f5662589d630e0cdcc23971b29233b756f157d18f1f4fde8cf

SHA512
107dc70f5a498de77c1084bd1af1432ff5e782c91864b4e14dd29c5a1cb2486be6d740ad5226ac0f59b491d11df795d0b5dbd930b21ea23f3fb0419fce40e120

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
ec39bfe2c98af53f4cb6ea1ab9421775

SHA1
318820bfdc35be7f348ca019a71288964db98f15

SHA256
b1c1478a4eb46b42d0d66406d9510eb79d7352e2b413e2eed77c370222d354b6

SHA512
13cf10d25895835971069b0e0b69f3d37960450ac98ec2a831a084d43ea0b563b1be8e4ca26e2d65b8c017ea2a27a3a4663d52b1941d30767ccd3c8b57246d68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
744f95dc7910ecfaa317516c353e50c6

SHA1
8c7a5d9d3575c7e069e443f278a1ec7096945ddc

SHA256
627915bfcee8fc33bf2d6269176de6183c1ce87a06987a9f926b4509d2b0ed88

SHA512
9e959e4ea7e6c01637b8a3c173a509ddbbfd47b3bcb8cb5b8c8f24d156e844332759e4cd1bf8a1a39b6e1b9b5617d59f14bae3c6151ce2052e0f908a80d19939

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
2fbbc2d64d580b71968b574a2a0650ef

SHA1
fcdfcce4f1cd2efa91d0e3522674bc67ae0acd0f

SHA256
43a2e9e11f115f2a0e90903d425c9279b0d39c445068289d570230bf5e08c563

SHA512
f3dcff540d1cda512e20f67defbc449268e31687b48249148835defe3c3dd175769d48227480547b08b27642a96586f58ab106036fd761d75ca88a13e53a20f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

Filesize
264KB

MD5
aaf0a588bbde6a2964d97a707ffebb41

SHA1
5eabecef37aab9be6edd7fc51633562871e59406

SHA256
a09028b7fe306dda608c95a021b62b44971bace3275c0362ef531a7115d6ebbf

SHA512
17cc70ca60c2bfec14940641b02f1590757f16f516dce62680fc8206793bb531514bdc93af0a7f2c80636ac54b2c2f6ab48ca93fe01ea213d389d50613fc7968

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
73abd160f102039786d48de449595396

SHA1
d574972d08895b0deaa9bbd4af236ad2f092c7db

SHA256
a54b2937b77a42e681cb0e31a389ea5f50b69fc9eefec70b30a0f25c5d6d20dd

SHA512
a8835a43684fbc768a9a2c94cd86f93ef70838518771a4ec2cc8fdbcd5a2ff8ebcec195cb04cb405fe674d05ea64fc877f28218108c222dd2f1f5c2b72ffedb9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads