abc9a11f5cadec640bce7e81fabe0713a8c5aa95a1688a2a3cf7354f279722dc

Analysis

max time kernel
208s
max time network
210s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
31/03/2025, 19:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

.html
Size

44KB
MD5

e8dbcd85d41057a349b33bccf99dc36f
SHA1

707a8c75ab0070f698fd06980691452e64a9e72d
SHA256

abc9a11f5cadec640bce7e81fabe0713a8c5aa95a1688a2a3cf7354f279722dc
SHA512

9b71db8bf4fbafb4de9763eebb2abb1351abfc74ac7209662d23dbfdf85f89ff20a13d62bc186e068bf4c5a64d97e1b4d4e95f6f9bf905711af355bd773a554c
SSDEEP

768:HBpq1J9cOGMnevT3x8gAts0gZk9TFXWt7aXfsW9l+X9hJYFnzOMD5QBdxaXfsW9t:HB81JKOGMnevT3x8gAts0gZk9RC7aXfh

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM. 1 IoCs

phishing steam

flow	pid	Process
164	3096	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133879243421745311"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-83325578-304917428-1200496059-1000\{4B76C4D2-61A6-407E-AA27-8224B18BBD35}	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe
1172	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1172 wrote to memory of 832	1172	msedge.exe	87
PID 1172 wrote to memory of 832	1172	msedge.exe	87
PID 1172 wrote to memory of 3096	1172	msedge.exe	88
PID 1172 wrote to memory of 3096	1172	msedge.exe	88
PID 1172 wrote to memory of 100	1172	msedge.exe	89
PID 1172 wrote to memory of 100	1172	msedge.exe	89
PID 1172 wrote to memory of 100	1172	msedge.exe	89
PID 1172 wrote to memory of 100	1172	msedge.exe	89
PID 1172 wrote to memory of 100	1172	msedge.exe	89
PID 1172 wrote to memory of 100	1172	msedge.exe	89
PID 1172 wrote to memory of 100	1172	msedge.exe	89
PID 1172 wrote to memory of 100	1172	msedge.exe	89
PID 1172 wrote to memory of 100	1172	msedge.exe	89
PID 1172 wrote to memory of 100	1172	msedge.exe	89
PID 1172 wrote to memory of 100	1172	msedge.exe	89
PID 1172 wrote to memory of 100	1172	msedge.exe	89
PID 1172 wrote to memory of 100	1172	msedge.exe	89
PID 1172 wrote to memory of 100	1172	msedge.exe	89
PID 1172 wrote to memory of 100	1172	msedge.exe	89
PID 1172 wrote to memory of 100	1172	msedge.exe	89
PID 1172 wrote to memory of 100	1172	msedge.exe	89
PID 1172 wrote to memory of 100	1172	msedge.exe	89
PID 1172 wrote to memory of 100	1172	msedge.exe	89
PID 1172 wrote to memory of 100	1172	msedge.exe	89
PID 1172 wrote to memory of 100	1172	msedge.exe	89
PID 1172 wrote to memory of 100	1172	msedge.exe	89
PID 1172 wrote to memory of 100	1172	msedge.exe	89
PID 1172 wrote to memory of 100	1172	msedge.exe	89
PID 1172 wrote to memory of 100	1172	msedge.exe	89
PID 1172 wrote to memory of 100	1172	msedge.exe	89
PID 1172 wrote to memory of 100	1172	msedge.exe	89
PID 1172 wrote to memory of 100	1172	msedge.exe	89
PID 1172 wrote to memory of 100	1172	msedge.exe	89
PID 1172 wrote to memory of 100	1172	msedge.exe	89
PID 1172 wrote to memory of 100	1172	msedge.exe	89
PID 1172 wrote to memory of 100	1172	msedge.exe	89
PID 1172 wrote to memory of 100	1172	msedge.exe	89
PID 1172 wrote to memory of 100	1172	msedge.exe	89
PID 1172 wrote to memory of 100	1172	msedge.exe	89
PID 1172 wrote to memory of 100	1172	msedge.exe	89
PID 1172 wrote to memory of 100	1172	msedge.exe	89
PID 1172 wrote to memory of 100	1172	msedge.exe	89
PID 1172 wrote to memory of 100	1172	msedge.exe	89
PID 1172 wrote to memory of 100	1172	msedge.exe	89
PID 1172 wrote to memory of 100	1172	msedge.exe	89
PID 1172 wrote to memory of 100	1172	msedge.exe	89
PID 1172 wrote to memory of 100	1172	msedge.exe	89
PID 1172 wrote to memory of 100	1172	msedge.exe	89
PID 1172 wrote to memory of 100	1172	msedge.exe	89
PID 1172 wrote to memory of 100	1172	msedge.exe	89
PID 1172 wrote to memory of 100	1172	msedge.exe	89
PID 1172 wrote to memory of 100	1172	msedge.exe	89
PID 1172 wrote to memory of 100	1172	msedge.exe	89
PID 1172 wrote to memory of 100	1172	msedge.exe	89
PID 1172 wrote to memory of 100	1172	msedge.exe	89
PID 1172 wrote to memory of 3840	1172	msedge.exe	90
PID 1172 wrote to memory of 3840	1172	msedge.exe	90
PID 1172 wrote to memory of 3840	1172	msedge.exe	90
PID 1172 wrote to memory of 3840	1172	msedge.exe	90
PID 1172 wrote to memory of 3840	1172	msedge.exe	90
PID 1172 wrote to memory of 3840	1172	msedge.exe	90
PID 1172 wrote to memory of 3840	1172	msedge.exe	90
PID 1172 wrote to memory of 3840	1172	msedge.exe	90
PID 1172 wrote to memory of 3840	1172	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\.html
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x24c,0x7ffb311bf208,0x7ffb311bf214,0x7ffb311bf220
  2⤵
  PID:832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=2008,i,5905179194376356882,7550539795066549694,262144 --variations-seed-version --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Detected potential entity reuse from brand STEAM.
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2188,i,5905179194376356882,7550539795066549694,262144 --variations-seed-version --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2536,i,5905179194376356882,7550539795066549694,262144 --variations-seed-version --mojo-platform-channel-handle=2540 /prefetch:8
  2⤵
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3452,i,5905179194376356882,7550539795066549694,262144 --variations-seed-version --mojo-platform-channel-handle=3496 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3460,i,5905179194376356882,7550539795066549694,262144 --variations-seed-version --mojo-platform-channel-handle=3540 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4212,i,5905179194376356882,7550539795066549694,262144 --variations-seed-version --mojo-platform-channel-handle=4232 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4252,i,5905179194376356882,7550539795066549694,262144 --variations-seed-version --mojo-platform-channel-handle=4320 /prefetch:2
  2⤵
  PID:756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3844,i,5905179194376356882,7550539795066549694,262144 --variations-seed-version --mojo-platform-channel-handle=3880 /prefetch:8
  2⤵
  PID:768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3492,i,5905179194376356882,7550539795066549694,262144 --variations-seed-version --mojo-platform-channel-handle=5180 /prefetch:8
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5240,i,5905179194376356882,7550539795066549694,262144 --variations-seed-version --mojo-platform-channel-handle=5464 /prefetch:8
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5400,i,5905179194376356882,7550539795066549694,262144 --variations-seed-version --mojo-platform-channel-handle=5412 /prefetch:8
  2⤵
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5820,i,5905179194376356882,7550539795066549694,262144 --variations-seed-version --mojo-platform-channel-handle=5848 /prefetch:8
  2⤵
  PID:888
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5820,i,5905179194376356882,7550539795066549694,262144 --variations-seed-version --mojo-platform-channel-handle=5848 /prefetch:8
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6040,i,5905179194376356882,7550539795066549694,262144 --variations-seed-version --mojo-platform-channel-handle=6064 /prefetch:8
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6096,i,5905179194376356882,7550539795066549694,262144 --variations-seed-version --mojo-platform-channel-handle=6236 /prefetch:8
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6092,i,5905179194376356882,7550539795066549694,262144 --variations-seed-version --mojo-platform-channel-handle=6300 /prefetch:8
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6288,i,5905179194376356882,7550539795066549694,262144 --variations-seed-version --mojo-platform-channel-handle=6340 /prefetch:8
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6504,i,5905179194376356882,7550539795066549694,262144 --variations-seed-version --mojo-platform-channel-handle=6516 /prefetch:8
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6668,i,5905179194376356882,7550539795066549694,262144 --variations-seed-version --mojo-platform-channel-handle=6684 /prefetch:8
  2⤵
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6068,i,5905179194376356882,7550539795066549694,262144 --variations-seed-version --mojo-platform-channel-handle=6672 /prefetch:8
  2⤵
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6828,i,5905179194376356882,7550539795066549694,262144 --variations-seed-version --mojo-platform-channel-handle=6968 /prefetch:8
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --always-read-main-dll --field-trial-handle=6516,i,5905179194376356882,7550539795066549694,262144 --variations-seed-version --mojo-platform-channel-handle=6648 /prefetch:1
  2⤵
  PID:5256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=3920,i,5905179194376356882,7550539795066549694,262144 --variations-seed-version --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:5964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=4456,i,5905179194376356882,7550539795066549694,262144 --variations-seed-version --mojo-platform-channel-handle=4448 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4248,i,5905179194376356882,7550539795066549694,262144 --variations-seed-version --mojo-platform-channel-handle=6856 /prefetch:8
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4200,i,5905179194376356882,7550539795066549694,262144 --variations-seed-version --mojo-platform-channel-handle=6536 /prefetch:8
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6772,i,5905179194376356882,7550539795066549694,262144 --variations-seed-version --mojo-platform-channel-handle=6292 /prefetch:8
  2⤵
  PID:5832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=4236,i,5905179194376356882,7550539795066549694,262144 --variations-seed-version --mojo-platform-channel-handle=6764 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --always-read-main-dll --field-trial-handle=5436,i,5905179194376356882,7550539795066549694,262144 --variations-seed-version --mojo-platform-channel-handle=3824 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --always-read-main-dll --field-trial-handle=4464,i,5905179194376356882,7550539795066549694,262144 --variations-seed-version --mojo-platform-channel-handle=4316 /prefetch:1
  2⤵
  PID:5468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7056,i,5905179194376356882,7550539795066549694,262144 --variations-seed-version --mojo-platform-channel-handle=7036 /prefetch:8
  2⤵
  PID:6036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5352,i,5905179194376356882,7550539795066549694,262144 --variations-seed-version --mojo-platform-channel-handle=3832 /prefetch:8
  2⤵
  PID:5976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5996,i,5905179194376356882,7550539795066549694,262144 --variations-seed-version --mojo-platform-channel-handle=5460 /prefetch:8
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3828,i,5905179194376356882,7550539795066549694,262144 --variations-seed-version --mojo-platform-channel-handle=3300 /prefetch:8
  2⤵
  PID:6016

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:1404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist

Filesize
105KB

MD5
14667dd43f1bd818b7069de235cd39d2

SHA1
04d38a3a09f323ec60e3cbbfb00e439c2ffa67d8

SHA256
c863e3dc3514a5701f337d5f10e70fd96d0dd54539033a80c72007f4dcb97bf4

SHA512
05f7fdd43261f730c6549879036e0a46d2c047d71654d45b22b1978da0c848cc5bf5dd4e837a5f60d0b3715683dc0f74fc6c2f9c3aa62bac37c385984b9184c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
5a7e1750438748bd333b79a94ca69b2a

SHA1
94fd1be56969e269ce195ba29c3d464d356d6556

SHA256
6d7a64a318c25c643323d5cf1c0c80ccf2f2433e7d74b722fca90468f8f9b914

SHA512
842509c0f495ee24d152ab3f7867183d7cd64b01b5a9305405682abbbff3aa18a8ad7d97ee039393fdd1766fc17ad2df1caf711dc4db8dc7b9df608ffc0fdc7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
eec55fe349980566b1dbf1d409d28c3e

SHA1
654ce4b550defea0851f12e8ff81ae9298bb3f60

SHA256
2e81ea3d7ddfc0274f3955d5131143c481e63f2529514c5295873b393d508efe

SHA512
58e02658d08732b5f36e868331a483b5fde15475a6c5f704a19c97d920399c3f7d41a8fa163c66683bf403598f8f48f0cf9fa468f9783fcabd9136a55cec0059

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000070

Filesize
19KB

MD5
3e7e1e400d14e56197fd989b2f2e1365

SHA1
8323a4e76e7f67a7a250b64f03aecd5eedb8bc48

SHA256
174a5fd4947101492926a9547cb568a9827807bc61dbf73ba3624a7c07a41152

SHA512
f3632feced2de0286419d29d99d59084de8fc48a76140ae255d029b29fddbdf9aa33f97b7cb403e4d26e13573cacbc4a1da1bde48009da5fb8db0f178043c85a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000071

Filesize
32KB

MD5
ad6a2101f96364c2d3ee3c271b3964c0

SHA1
1e26ed208a7aa4f2f5740cef06feb2c13d719938

SHA256
f579e2672bb674ccbca8b5393432b3e19ae0bd162e812f8d59e15467a993ab67

SHA512
09cf9880c1dff13410e0537b6ea6f9f346315ca1dd3858f90a00bb01d541513e42af9a175887bfe414090ca612fdc8fc407bea3e7e2950d50f40a97ef2cbf66d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000072

Filesize
43KB

MD5
967ad9e00913657ed40b69812fa87610

SHA1
1a3e632eac7f77ab5b3e452524d2465bf29a9d52

SHA256
de6d77e14b0695b93a46e7f614d6bb50150950c9f55293566d8f594673b5896b

SHA512
38856beb5bdbf1b6a3da50a11b696028bdaef61fcc3f775bed0556f30677937dacb624e547c3dff7100ebe22533253bf12af238f3cdfa7a5791e992acc2f6ddd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000073

Filesize
36KB

MD5
21f4955f4e7a07d5cae4a46fc74ab263

SHA1
3e3e25ca71bb03ce2c9b2a495b346b9653568b1d

SHA256
0870954849b1ccc0e6a9754cfbd3ce33f791cde77156d1f84519713ac47c37c5

SHA512
ec857db1522f15d6b769dc775550eb0023e27c080de45f6c091bae25b8524ed17fba0ca84af38459bb1d772bf479327b031e5ef677d3eb7f65c703c03fc70b84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000074

Filesize
23KB

MD5
99ac50a1ae18a48efdb249532fa19ff0

SHA1
c057907d8c800ea4d03bae8793b2aa686006dcf7

SHA256
590c8da5c8db4ef7e0906830a04188636d1c9b3f447f8fd270ba5431f7aaa0e1

SHA512
42233810ffdddac0bb25897a026d424f14ed4526f629250e1ea5aa4700460c6ae3bf1252fb42c2ca391db71093f4d154f69eff178c8b9aab4fe660ffd089d30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000075

Filesize
27KB

MD5
1b426a95ceb50d255df9458733818c61

SHA1
7af69a7e2c5bd92650e794942d9398614b502fc9

SHA256
8b37c74dad1ba4db120faeffbdb3fe0c405bf9d8b2b488b81332cd564f88ac1b

SHA512
40f9d2c1f86474a951b5dffea502b2366b2cca4276dba18183f36b33ce9b72557020a7de2f0f467da7b2063445807c3724bb43b4a069d98e7b2b17c832d289b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000076

Filesize
36KB

MD5
fa88a6b7d76d38dbcd1b3dfc8d8c192f

SHA1
fd6341788429d858a0ee8f466668cce580a3c0ad

SHA256
b14a017f4a21fae1d261b61e884ab1a22a2b7aa1aa038a85b176c73a601aa1e3

SHA512
53626b9cdcd08138391810af0cc7bb8990a0a3354bca05db6065930aee616f4b328a4cf4a3ff667461d319bccaf713d6e79f040bc5867ec1f503e2076f2bb49b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000077

Filesize
251KB

MD5
342c39efecea5e58752087dff51197ca

SHA1
0dd779afe0d3df1af101e57eeddbc709c11191cc

SHA256
a6590e57f239cbf61f90e78f3782d8ff0ac2c30f329b63713e03ddd6b7a56f85

SHA512
bad7e5b64895d947f1f2749037d0144871827375a1b7cf2391fea2293d33261d9f4611300a3f98acc4d0997d424da1080ee1a5d46700e345ff0f5c0b4eba50dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000078

Filesize
263KB

MD5
b2d7d5cc832a07b809ba2d0b9dc56344

SHA1
97db4c19d1381e3850d9f3efe66cc213f7b513f8

SHA256
6677ef5ca57ea0d9479ac50253c4e525d2b9a6b0439923f0dbf08e793dacc5c3

SHA512
7d16febb803afd0523a47f229d5105e6b3c819a0650f76541a926a15debd0bb0aa7e40c1d8091d3bb917e5cb17b3eb83e60448453f1e8d81a76675c63f6d03e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000079

Filesize
121KB

MD5
2d64caa5ecbf5e42cbb766ca4d85e90e

SHA1
147420abceb4a7fd7e486dddcfe68cda7ebb3a18

SHA256
045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f

SHA512
c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007a

Filesize
82KB

MD5
05ecabf63a15a6dd0c169c036d7d0de1

SHA1
9f4650519a86afc34fec4cc5102b5fd6a46758cc

SHA256
86c67c526eafa80394d4a3931d6b2dd4b080a1aa1bd53ff6efde9292a11729fb

SHA512
cb436fe597c724f39e0066b8e17e6122e270f59069e41a1f573c4bae71e9ab75101a6b2f7a3d689473bb9ca4665478ca326cb3b6b8d7d729528f97a9b2a6c7b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007b

Filesize
119KB

MD5
57613e143ff3dae10f282e84a066de28

SHA1
88756cc8c6db645b5f20aa17b14feefb4411c25f

SHA256
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14

SHA512
94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007c

Filesize
61KB

MD5
0797a0380092d38b40d99553e5b2809a

SHA1
1b65de7f510b313c4f1e06ad860fecb47ece178b

SHA256
c75871e657be8ab039bfdbdc89c95ce0c49ea3e25b396aac30fb0beeb64a2b76

SHA512
c6a76ade1400141e89f742190911140fed30b66a500f680e2e6a8b6140fd1f262700d4fb0929c1e75ec420f8f8956adbbcf1b7017e7062d787c330e40bb82576

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007e

Filesize
221KB

MD5
9893bdebb53fdda30b58c3ae9e7c21b0

SHA1
9e2fdc00ed3b33838c4d552a92c37383010ec2b6

SHA256
faba2882d06365eae2122c295938ea2c794949d884175ff4abc98fd7b62a3fcc

SHA512
c793d87d6dddf78835539a7c8266198259fbc3e2da8a3456ffa637f4a1eb1dac918c699fae2d01db2973e5c45fba5606deb54a6b5244a3aed9f0850e9f2395e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007f

Filesize
205KB

MD5
4a34d2b44120b8b518dbae030c15fb5c

SHA1
69e747723f2a9f14d4a0ff6a859043d7509e0325

SHA256
6f324daf146cd0dcc2c99ccaa8f5bcd6d0a3e52e5fdde560295cf2d7ba6324c7

SHA512
48c539b0cf4790f5c764285a8f23af3c3196eab7e4ec34c609ae4c1a41b4cc6d013b24d5db53e4fbf1c56c8c283debc9d275e78133fafd22bc69734e3086ea72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000080

Filesize
236KB

MD5
9c4da7aeead6d24c399f1d4ebbfa5ce0

SHA1
d1acd4fb59f4e66e6a96051fe363a8356d0c3cb5

SHA256
b4c9965afafc554477be05b37ebc15f74b37e6daa7cb4eab58841aee8078161a

SHA512
13f71ec22b2f2d8e1dbca602602ba38aa4daab597d212818f3d4e70f1b1b217435a394a693ae4125c68710d3f8167fe69fb7a00bb5fc554473421ab101611919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000081

Filesize
25KB

MD5
21a3035e4db54d5cffe69a1fa276bd3c

SHA1
fc2d58cb2616e0491d58ee55fad16a53d617ef00

SHA256
c348a5356dd8066525beaa7ed341636b483aefa011008e3138a413918e48dd90

SHA512
171d06bd61038353736f40e6befdec02a8624bf11995f9d40b56a0cf723d348953301bdb51f66a166f5ff701232e487e188c49e0d77fcdbcab8bc3b60309364c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000082

Filesize
17KB

MD5
d7f20e7973c054a1f9b6889b0d6c32b9

SHA1
5f7cd72f492ed2d6d5f7b325ca4a27588c35c3d4

SHA256
518bd81a163e773988a481b6a364dea4ec9963cd666a12833064bb6879f79619

SHA512
f26a0a45cb7072bde26cbaa9e18cdb72407cefb2f00c3b3b6e4d738544ddba2d48adc78dbd6f6ce3c3262da261c1d71b383f8653da6ec262da5770e150527aeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000083

Filesize
50KB

MD5
084a54fb0e0916ec48e5d72b3b00a34a

SHA1
56fee24c1b2f7e4fa239b77db2042011247ecfff

SHA256
d0afd09c28da1903d26ec51d66cc9c27c914e525d8efab53146fc473a5a539eb

SHA512
ea835da842ce6bb57089186e52c2a7da1d2f403a835d63baae4bbcd293ed70c2509167d39664f4aa71569588650c7aa48d5c4a350f21df0cf089d5063530821c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000084

Filesize
34KB

MD5
cc4c88bb4d82f20cfc58fc3a745aac40

SHA1
a3b5a679bb56a099cd2a824983b86ac6d8de2b2f

SHA256
7afd209f0abf4aca04a8d61a5e3edf535723c53d1c22a470bd0737c5b36e1cb4

SHA512
cf5be8038d959d0be12489fe85bec39fe0cf455652e213f09ad024cb3e9b09e725228af173876297a07214bef216a6e51efaf71017ac57d38c9ae675a568934a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000085

Filesize
17KB

MD5
ff9874fd858faeb26b729eced0656260

SHA1
d21a1be977518aefbdfbff8166d2c0a1502ec5ce

SHA256
80d84732905c9a06e9515e65d2191c2b5b0cda97ce2765950a93f869607e66a7

SHA512
ac24cdeb68b70db87615d678b3e1baae32b15be0d82ecc93030cf031485f6a8d7ccb42af2c6a404582c7ab202cbb8c700d29f6e71373a069dbcbed9ac6da4cf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000be

Filesize
114KB

MD5
1c880af05f9cd8fc6a57cd182bcabd21

SHA1
8fdbee2d68cdcfae90e1994a067a2be6d4efc1d3

SHA256
a29ad24a0b8477fff121feea7f4eeeee6aa08f24844fe632d920a340fbfc13a5

SHA512
853157f21cd434deaf17cc28428061e14b62b9fa394a0f4bc8d4b4958c68157395690b50f8b5c3a99c082c78e2439af6eddd2e31c52aabdd84cdbb93ccb3b9b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
9c5524748caf08c80902cd3ff8b7ca84

SHA1
7dbb77062339dc66a8cc14733933bc215a14ec5b

SHA256
5ee0ce136a818c3f89c6923f2e9cce022bbf8eba638f65e5a1ac8a189c0ec160

SHA512
25798cceabde9c9c1d25cbbfa40aec90db34ac11fe850aa7caeb3683a9e36109bbeb7fae68413a9e6208768b1eafc4c476bbe20fb3138b146bc625bebeabd04e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
dd9d436024c2f0f11f57efd722e1d7bb

SHA1
8822e4cfdb1e6d3e7de79489081f9e3e4b6971c7

SHA256
4bbf454e439d66d495505497578482ac6e8b8cb5129713a24cb4b4ad91fd51b0

SHA512
6b58cc09e696439a81394636889905544213e50c652b265a51edf3d6c3377b8e548b2d88bfc5a6576ab7d434fefd484f0ac5e3e59ccf7c15db667effbe7ba07b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe58c9d3.TMP

Filesize
3KB

MD5
ed59f948b70285f63f20cf005052f285

SHA1
7e6a3d9de71ab51dd1f04a84576a4461c37235b7

SHA256
e79911e9458512a9d0f3f572fdfc7a29305a53f456ad92d6dd5fd0451c776dcd

SHA512
1a8d957f36615cd11046319b7d85dd014c90695eb30eeeb2a845e02c61f906a7fcff832e66834e04920a4d30a95d883ac828e138b911611884889e328ac58a2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
69KB

MD5
164a788f50529fc93a6077e50675c617

SHA1
c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48

SHA256
b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17

SHA512
ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_1\content.js

Filesize
9KB

MD5
3d20584f7f6c8eac79e17cca4207fb79

SHA1
3c16dcc27ae52431c8cdd92fbaab0341524d3092

SHA256
0d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643

SHA512
315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
ca7445a44608a88982ef12b543bf9020

SHA1
2a7562915a404aeb4f23aa6903445398b98a2f9c

SHA256
52145731dfda98d833624f1da878048a587fe5180d0bbf6aa1c5afd6bf95e32f

SHA512
d1bffc023e09fc71855e4c223e43dc9be8816bd5b94e3a4dfd54789250fe3933190196c4a01b363e30e7d887f8cb4e9e6ae10f9463388d1b23cb6d89b4adcd81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
5e3bf7fac2532944259e40655785f46f

SHA1
efdcd73f7800930a3704c89a1bfc2c4dedc5ce4c

SHA256
aefba856f6c064378d8a71be3597be894a4e0839a921e939d1a4ee2154b14879

SHA512
11b551149389850bd9bfc645510b2abfee1a94f597df3a5648da86a29694b2b9e981f0ebe83fcc627a2cdd90d7f0f3cb749cc4f7047018637ec3a74bd759ca92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\e7f65d4c-d6ae-4b66-ab4d-be9fa7576265.tmp

Filesize
4KB

MD5
01748b4191bec7d191c1110097e417b2

SHA1
5f5cd1a126fbf097a6976a1360692798f64e46a8

SHA256
55f593cbeca6084a47af232f1e83a2ea63e7869d2c84e7972dde38d1d7dbe89c

SHA512
b21e9dd07fbff1db63f60f27e67f8b247ce18b194365e56fac9c71e359db2f269c747b835e8404e81f8c325b372b2d13a496fe2b7b532ed605cf14e87d025f1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
0373b09293dc57cbea0abc5ce9c1618f

SHA1
bcd6b514f00ef2c96d980aedfb61f725476b8fdc

SHA256
ee9f1d5cef1d85583ef1a3f6df1d2eebd51bd74c17faadda3f15a426d2829d0c

SHA512
5c80a66765e29e858d53d82f2323667e82000d8967fda3793d537d45830d1019b3d0568efc07f6148b363a071cae2df586a741831c23dc0f2469714915cd7fff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
be3329359335e8c891e7bb13e43b1d33

SHA1
d3fb3e0ead20d1d5a8ac95f0da2bf55129a60aae

SHA256
d3534ea1e030d5ac8294e620e22e6c1e3b7ab74c6cb3de789a2782e8499b2db7

SHA512
a9d43b0531ba8b32ff4fdda4c4714d08a0e815a18ccfc604d9374b8d20f2419b1a5afe6f5618136eec23a626ccf832c02cb350699c2b8c00458214a0ecbe3598

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
70c69a0ddd6a12875cd8a2aae0f67a63

SHA1
6a0880cf3901ec7009c30eaa71d193bd43ebe423

SHA256
4adf30e90884e69374d59643e56bc4a696252fe38c081b66f0989af7072f6f55

SHA512
cecd3d4b63df6526d0b196e231866e5056b557129ee351695e05c9f08e8f02dad7c4934a3733aceb18d637c868d1342b001ffc812fe42e1e65eba635b0773706

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
669ae10a652170e8eea74eec53be4a0a

SHA1
909f43f7955237e2279116c7ba191ebb3c368a3b

SHA256
9e6c92fea98d07dba17b3532418b0fd1b5af795b9e17368e676a9f8251c00ac4

SHA512
98cde9659d5772511f3131edd4d8d5c11d3a5a1cab7eae13372b726c65105be3b4d7b6a98230239663dd4b66652c46d55d413f292f3f9cb47702ec1a38144057

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
c78174020fd8fbc5d5670777267fdbea

SHA1
9eedb22571dde3fa7915376a33554b5068c0a0a2

SHA256
f20a258831df771ac7bd2def8edf8c0e6478b7afb64d8979e9d0f5b0ac41bee6

SHA512
152a4f13d0d379e457b2ae71c11d661b956337c188ea57a0247b7c2ed95359887d5b5ab21eb00c167d91e2846dd91368e161eae3c307549444b58c7e7f6fae07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
4KB

MD5
f18f76086e3c4cbd821dc3c03b149ab8

SHA1
0d13e0594c6504d9d74bff4c803c97378fa9e40b

SHA256
421b1caf9295b6f20ee79c41174c92b7360141a2190d7efcc12c5bf17599f6c9

SHA512
548ea0aa82629dd8457f119613a591677385f9bfee1767ac82068388ab9cd0f39c4c59fa833f77d9ba5c34061ff007940a1ea6376b1c8603b8261bffb17e123d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
880B

MD5
2f48196f45e7e661cbf090d9f99ee5f6

SHA1
e9a9bc5a2408ddd59f0de2bbd1a65b796792efd5

SHA256
faaa66091a246a3cccd753c1758df7f3550751023818f54fdc0fe8c731110664

SHA512
55a6b3337f8f5ba84b4ee9b1d7cb972a4786a23b6254b8e4d5d9985ce2eee1489953baf8bc34691c6c8d2b1a15535a71aeb51699926063be91fe688ab3d48d71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
8991b4479ba6349bced83b8e6d43a021

SHA1
d2f73f7110c6fa9aad55407b3a7f4cb31c8a984b

SHA256
91db1e13eb0163430c2122a0ceada423cb195e572c094db448eb1fe1c1031acb

SHA512
f4c4fd93aa293501a2cee05c3e82bd19895826418a64c21df0726c559b396c4dfb2c3c1ef10ff43f94fd2d89a88f06b14c9470c3b4641478037081981d30eb87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog~RFe587376.TMP

Filesize
469B

MD5
cb6dc0bd7b8699fca3b71d3bb2543d0b

SHA1
12e2b6c019c371cf40d7bfb89ed15123b9c62d20

SHA256
33542b123c42f97946520e56a81f5ec53740f5aea67ea1e26bac39675566642a

SHA512
4ecd657683e1e565634a51af5175dd49a4b2fcdc0bcf2d8f1a9e9af3caa69825f07897197da6605c27e8efabea9a233d8ad23951b12bf0c39b557ad2fe7c9a1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
22KB

MD5
56a63f182b2938fbe3e59fbf9681dc08

SHA1
b76578ca24fb20b8bd5dafad4296e5a46735a5e1

SHA256
36edc2510fb072092e4c6b95efe4521857d9dcb7f0b45afdf5e8ef02e5d19593

SHA512
b17246b7c61e26fce1f211311b578d6b3d22c03a042137bb2bb5b23018ce5290a8fbf7a34b2f66fa30b2027296b8a570478f66a144385c320d63c1cef64434f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig~RFe587412.TMP

Filesize
3KB

MD5
c7569efb2fa9fe93c0ea2f0896f54036

SHA1
e231c700b778b624f6065b035e5803fdd8b4db4b

SHA256
2422f055fd21adce7a027c3eaab1bbc474345a26cb1b9762b3d7572ebde67d3f

SHA512
c394da9a75cca87f6e20cb2abbc2e087d3e374b613bbc960f255ebfc8f01d4349fc8a487ec56ff8141f47566cf021dc33196e42b6295ce5399ff78e5ce4b066f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
39KB

MD5
24d7d5c0c96884f23f1481e7649229fa

SHA1
04202fcb1693f26f02572fea164c6753f0a315c3

SHA256
f4e814446cfa2a3d3ed91d2660a6859ed9571fd6aff80641ab3980512172acb4

SHA512
fa1f29189bf20df1aad51ac847e34bb9121ba7863a90b51b51b21ef8b24ea2768f6c95095c8796ab3e4d8418df4998fac76ef1764825f428d4b64f3b722a1181

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
6KB

MD5
b89a67f76da8143e5df32b9abede825b

SHA1
e52fd24b5bb17a63ec2bedcdf08a9aa355006d6d

SHA256
fa41244b049cf353b92f74fa5b73dfa53dfe74b94b3bf187bc50eda5d86ee43b

SHA512
d6b73d2d17d674687476dfcbb509b932ffe66c17ebb50609936c73955b8fc235b66ce63733807c883fe5509eb9627865f33db3b4066ac5d8d9ad37628f69045e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
7KB

MD5
90aa2681261715a80ab97b282b9201ff

SHA1
81c78314bbbc99fb9238cbb9e2bfe49059d3e2f7

SHA256
c7be67800f837748112c7eb384c622feca17e7592df2f2ca53b8f1d71822179d

SHA512
5acdd5a04970aab184536e947bb9dc7f3a702cb2d74486a503c1c59483e5a448a277d0d9551ea33ec5386e6b0cd9ffd60189aa5fb9d07bfdba830653addae466

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
19KB

MD5
32ad0ee7beab0b72e5df6c5c5ba461c1

SHA1
8c3472b22300342fe0746844e09a459dc6d01c93

SHA256
c8eec8078063782d4d0b0173819fb9342833e3727cd05457035737e4155533ad

SHA512
8661660d6c392599f06860dee341a6551b4ca2c1cda05f9e1cae50a09fc6a1a2b70b9d847569c7234c4a8d520121fded70d9a28866c878d0dade3336abc318d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
30KB

MD5
f52cf190e843c27b76dffa12091492a4

SHA1
d83f54e4d527df674ce0a49fd98398328532d60b

SHA256
c7474e0e5106221b43e3137ea9d4881c97fea285bbcb889a3b2aa648fc45b4ad

SHA512
fbcf727d57801f11a3edd28fff46c4743ad36c98ab006b1427bcc256437de44b56987efbfda38007ef126b1983bcbbe78313485317681517770ba0af239b433c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
5d5fdc420a0e3fde44182dfe36772430

SHA1
70a781dd3be0c70ecb5ff9776c43418be765fe89

SHA256
2b57b50235fe27d8dd15b693b8ead1a890fcf99d910d70c919afcc717cca1da9

SHA512
9c9e85cf08e00d25dbe15f8787543c9efdf0b5cde83ff2a57dfd28217b6e24165b10ee6ea040040b003bc0ce3ff88abccb1ccde4931cf420653d0a539aa3f351

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
464bfb52b164bc42662a0a7e55fbb284

SHA1
f3d631e2e14968512583373930669abc5b276407

SHA256
fb449b48481087159ab3c7b362e036cfd317b31e372653d2346be428a311bbb3

SHA512
cf7a7a8b5bbff3584ac23d68e1888f287558a3e1cf58363b1f44b9a1013fee952d8639d7639e3ff9502487dc4dea532e3e8738fd131a921fd0b7dae0f7a1ac52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe57e639.TMP

Filesize
392B

MD5
01b9accc416bccaf46225fcd3f67d1a9

SHA1
6935c15fa3a8615816368112c299688d692cc1be

SHA256
e0a74bcda3b78c62cbe2b943690353fb69980eb7a7251cc10f36d1763da36662

SHA512
c9476e3cdca7f942df0dffe3368fbf333dbe100d65440e498e3508fbb3def8432ac171ca060bae7f05e12e34bdcc1de2e592b63c78907086eee32be822716e08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
3811261b7248db6ed69f0d5826fe26ee

SHA1
8ca83c0a672238597ee4a49b8b0f90f0a183ee22

SHA256
79158e17f7d3c991e61c749f04d2f6bbea9746544f2fa607598d7d6f458cfd79

SHA512
8ec4b058690b20306adb534de0f7dfb8091ef555a7c6c54d30011817d36937b169b0fb094a8ff02534735c8b5085e0c79f64fc59431da8674b03c1708e632c0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\249281dc-7628-4981-846c-e9634f3bca44.tmp

Filesize
10KB

MD5
78e47dda17341bed7be45dccfd89ac87

SHA1
1afde30e46997452d11e4a2adbbf35cce7a1404f

SHA256
67d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550

SHA512
9574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\f923712a-bebf-4468-a1b5-47425b061496.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1172_2025954428\69c7c936-3905-4019-a8a2-ca545b461463.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads