hxxps://drive[.]google[.]com/file/d/1ojCvNdex1TZ4NdWAyxLgwEKNsI8xMypx/view?usp=sharing_eil&invite=COSIi-YJ&ts=67eb82a0

Analysis

max time kernel
95s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20250313-en
resource tags

arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system
submitted
01/04/2025, 23:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1ojCvNdex1TZ4NdWAyxLgwEKNsI8xMypx/view?usp=sharing_eil&invite=COSIi-YJ&ts=67eb82a0

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs

Web Service

T1102

flow	ioc
21	drive.google.com
27	drive.google.com
196	drive.google.com
197	drive.google.com
9	drive.google.com
10	drive.google.com
20	drive.google.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1588665305\_locales\pa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1396201765\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1825978554\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1588665305\_locales\ml\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1588665305\_locales\fa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1588665305\_locales\zu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1396201765\protocols.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1396201765\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1588665305\_locales\ja\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1588665305\_locales\bn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1588665305\_locales\th\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1588665305\_locales\lt\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1588665305\_locales\lo\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1588665305\_locales\kn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1588665305\_locales\es_419\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1588665305\_locales\hi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1588665305\_locales\iw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1588665305\_locales\az\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1825978554\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1588665305\_locales\eu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1588665305\_locales\nl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1588665305\_locales\fil\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1588665305\_locales\is\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1825978554\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1588665305\_locales\fr_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1588665305\_locales\sk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1588665305\page_embed_script.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1588665305\_locales\km\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1588665305\_locales\my\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1588665305\_locales\ko\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1588665305\_locales\mn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1588665305\_locales\it\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_838890457\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_838890457\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1588665305\_locales\no\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1588665305\_locales\fi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1588665305\_locales\ka\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1588665305\_locales\pl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1588665305\_locales\zh_TW\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1588665305\_locales\ro\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1588665305\_locales\kk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1588665305\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1588665305\_locales\en_US\messages.json	msedge.exe
File created	C:\Program Files\msedge_url_fetcher_1568_407191413\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_90_1_0.crx	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1588665305\_locales\hr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1588665305\_locales\te\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1588665305\_locales\cs\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1588665305\_locales\ca\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1588665305\_locales\en_GB\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1588665305\_locales\sw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1588665305\service_worker_bin_prod.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1588665305\offscreendocument.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1588665305\_locales\lv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1588665305\_locales\mr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1588665305\_locales\pt_BR\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1588665305\_locales\tr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1588665305\_locales\zh_CN\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1588665305\_locales\ne\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1588665305\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1588665305\_locales\pt_PT\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1588665305\_locales\hu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1588665305\_locales\am\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1588665305\_locales\be\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1568_1588665305\_locales\sv\messages.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133880226407117802"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3446877943-4095308722-756223633-1000\{3FA6FCF9-198D-460B-AAA2-1C8F2E9BBD4F}	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1568 wrote to memory of 4116	1568	msedge.exe	87
PID 1568 wrote to memory of 4116	1568	msedge.exe	87
PID 1568 wrote to memory of 2532	1568	msedge.exe	89
PID 1568 wrote to memory of 2532	1568	msedge.exe	89
PID 1568 wrote to memory of 4776	1568	msedge.exe	90
PID 1568 wrote to memory of 4776	1568	msedge.exe	90
PID 1568 wrote to memory of 3896	1568	msedge.exe	91
PID 1568 wrote to memory of 3896	1568	msedge.exe	91
PID 1568 wrote to memory of 3912	1568	msedge.exe	92
PID 1568 wrote to memory of 3912	1568	msedge.exe	92
PID 1568 wrote to memory of 4776	1568	msedge.exe	90
PID 1568 wrote to memory of 4776	1568	msedge.exe	90
PID 1568 wrote to memory of 4776	1568	msedge.exe	90
PID 1568 wrote to memory of 4776	1568	msedge.exe	90
PID 1568 wrote to memory of 4776	1568	msedge.exe	90
PID 1568 wrote to memory of 4776	1568	msedge.exe	90
PID 1568 wrote to memory of 4776	1568	msedge.exe	90
PID 1568 wrote to memory of 4776	1568	msedge.exe	90
PID 1568 wrote to memory of 4776	1568	msedge.exe	90
PID 1568 wrote to memory of 4776	1568	msedge.exe	90
PID 1568 wrote to memory of 4776	1568	msedge.exe	90
PID 1568 wrote to memory of 4776	1568	msedge.exe	90
PID 1568 wrote to memory of 4776	1568	msedge.exe	90
PID 1568 wrote to memory of 4776	1568	msedge.exe	90
PID 1568 wrote to memory of 4776	1568	msedge.exe	90
PID 1568 wrote to memory of 4776	1568	msedge.exe	90
PID 1568 wrote to memory of 4776	1568	msedge.exe	90
PID 1568 wrote to memory of 4776	1568	msedge.exe	90
PID 1568 wrote to memory of 4776	1568	msedge.exe	90
PID 1568 wrote to memory of 4776	1568	msedge.exe	90
PID 1568 wrote to memory of 4776	1568	msedge.exe	90
PID 1568 wrote to memory of 4776	1568	msedge.exe	90
PID 1568 wrote to memory of 4776	1568	msedge.exe	90
PID 1568 wrote to memory of 4776	1568	msedge.exe	90
PID 1568 wrote to memory of 4776	1568	msedge.exe	90
PID 1568 wrote to memory of 4776	1568	msedge.exe	90
PID 1568 wrote to memory of 4776	1568	msedge.exe	90
PID 1568 wrote to memory of 4776	1568	msedge.exe	90
PID 1568 wrote to memory of 4776	1568	msedge.exe	90
PID 1568 wrote to memory of 4776	1568	msedge.exe	90
PID 1568 wrote to memory of 4776	1568	msedge.exe	90
PID 1568 wrote to memory of 4776	1568	msedge.exe	90
PID 1568 wrote to memory of 4776	1568	msedge.exe	90
PID 1568 wrote to memory of 4776	1568	msedge.exe	90
PID 1568 wrote to memory of 4776	1568	msedge.exe	90
PID 1568 wrote to memory of 4776	1568	msedge.exe	90
PID 1568 wrote to memory of 4776	1568	msedge.exe	90
PID 1568 wrote to memory of 4776	1568	msedge.exe	90
PID 1568 wrote to memory of 4776	1568	msedge.exe	90
PID 1568 wrote to memory of 4776	1568	msedge.exe	90
PID 1568 wrote to memory of 4776	1568	msedge.exe	90
PID 1568 wrote to memory of 4776	1568	msedge.exe	90
PID 1568 wrote to memory of 4776	1568	msedge.exe	90
PID 1568 wrote to memory of 4776	1568	msedge.exe	90
PID 1568 wrote to memory of 4776	1568	msedge.exe	90
PID 1568 wrote to memory of 4776	1568	msedge.exe	90
PID 1568 wrote to memory of 4776	1568	msedge.exe	90
PID 1568 wrote to memory of 4776	1568	msedge.exe	90
PID 1568 wrote to memory of 4776	1568	msedge.exe	90
PID 1568 wrote to memory of 3896	1568	msedge.exe	91
PID 1568 wrote to memory of 3896	1568	msedge.exe	91
PID 1568 wrote to memory of 3896	1568	msedge.exe	91
PID 1568 wrote to memory of 3896	1568	msedge.exe	91
PID 1568 wrote to memory of 3896	1568	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1ojCvNdex1TZ4NdWAyxLgwEKNsI8xMypx/view?usp=sharing_eil&invite=COSIi-YJ&ts=67eb82a0
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x260,0x7ffa069ff208,0x7ffa069ff214,0x7ffa069ff220
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1884,i,17746165603195193097,17168875070260964219,262144 --variations-seed-version --mojo-platform-channel-handle=3804 /prefetch:3
  2⤵
  PID:2532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=3768,i,17746165603195193097,17168875070260964219,262144 --variations-seed-version --mojo-platform-channel-handle=3764 /prefetch:2
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2344,i,17746165603195193097,17168875070260964219,262144 --variations-seed-version --mojo-platform-channel-handle=3844 /prefetch:8
  2⤵
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3092,i,17746165603195193097,17168875070260964219,262144 --variations-seed-version --mojo-platform-channel-handle=3880 /prefetch:1
  2⤵
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3084,i,17746165603195193097,17168875070260964219,262144 --variations-seed-version --mojo-platform-channel-handle=3876 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4968,i,17746165603195193097,17168875070260964219,262144 --variations-seed-version --mojo-platform-channel-handle=4976 /prefetch:2
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4848,i,17746165603195193097,17168875070260964219,262144 --variations-seed-version --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=1588,i,17746165603195193097,17168875070260964219,262144 --variations-seed-version --mojo-platform-channel-handle=5152 /prefetch:8
  2⤵
  PID:5964
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5724,i,17746165603195193097,17168875070260964219,262144 --variations-seed-version --mojo-platform-channel-handle=5856 /prefetch:8
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5724,i,17746165603195193097,17168875070260964219,262144 --variations-seed-version --mojo-platform-channel-handle=5856 /prefetch:8
  2⤵
  PID:532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6164,i,17746165603195193097,17168875070260964219,262144 --variations-seed-version --mojo-platform-channel-handle=6172 /prefetch:8
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6340,i,17746165603195193097,17168875070260964219,262144 --variations-seed-version --mojo-platform-channel-handle=6336 /prefetch:8
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6196,i,17746165603195193097,17168875070260964219,262144 --variations-seed-version --mojo-platform-channel-handle=6200 /prefetch:8
  2⤵
  PID:5500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=564,i,17746165603195193097,17168875070260964219,262144 --variations-seed-version --mojo-platform-channel-handle=5936 /prefetch:8
  2⤵
  PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5976,i,17746165603195193097,17168875070260964219,262144 --variations-seed-version --mojo-platform-channel-handle=5952 /prefetch:8
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5980,i,17746165603195193097,17168875070260964219,262144 --variations-seed-version --mojo-platform-channel-handle=5940 /prefetch:8
  2⤵
  PID:5604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5284,i,17746165603195193097,17168875070260964219,262144 --variations-seed-version --mojo-platform-channel-handle=5944 /prefetch:8
  2⤵
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5792,i,17746165603195193097,17168875070260964219,262144 --variations-seed-version --mojo-platform-channel-handle=6224 /prefetch:8
  2⤵
  PID:5524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6276,i,17746165603195193097,17168875070260964219,262144 --variations-seed-version --mojo-platform-channel-handle=6264 /prefetch:8
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6300,i,17746165603195193097,17168875070260964219,262144 --variations-seed-version --mojo-platform-channel-handle=6436 /prefetch:8
  2⤵
  PID:1724

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:5176

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:3944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping1568_838890457\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1568_838890457\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1568_838890457\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
7b0736a36bad51260e5db322736df2e9

SHA1
30af14ed09d3f769230d67f51e0adb955833673e

SHA256
0d2adfd06d505b9020c292d30597083d808bfd90ddc0fe173def5db96832a087

SHA512
caabdc6a8601b93f3c082e6506b3c9efe2242b90e92e86306dc0bd4857d33343ba395325fabb21f5db562d3e3932f52f77de547f379072d0154efd5f1b1cdeb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
0c1fe7289e9acab699b0c92bacf58eb1

SHA1
8af6cea7990ffcfd8498103795ed40b7efa98896

SHA256
591e48b62ec95869b613af80289d464ede45d480c4dac7fadbd9e594009d3bdc

SHA512
31422a699c12c938939e1e98e2695e2e5ae49d973b83f57e81407874345b4f50426e5e140a6f4920142e7cbbf3716667adfe2a2301fbb414d89a665f72c878ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57abff.TMP

Filesize
3KB

MD5
2e6d2e5794c83645e339725c7fce05eb

SHA1
c6201f7ccae064fcf9076b8c5a8fb142fdea1da6

SHA256
35f3f0532249551d92e72e9b752303e4faddb453323e315c78d8688fb5b6a92d

SHA512
39b1fc20530218fe41526dfdb6e0eaf221188d16c667630c8c9aca3a5989ee2d48a52fc88c939488ee3f952307a87d8d7e09952264697751161360632a2a70fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
f77a00579861b2113a3df579760d41d6

SHA1
8d4a5a425aae7709667c34cfe5c144849766b26e

SHA256
fb57972af60e21da5366c9ce24eef8fbb7186412ab25ea250424d5e28c3e5b43

SHA512
f9a6e21a279e07d4b0f22d95644678b56b9862d4ab2bce7449ef8c22ef310d9d29de45b1908bb0d0072597fbbb5e50f45aa84e9fa44617e0767276386f3617ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Platform Notifications\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
748e85771c15aa62e8435ab4a18c098f

SHA1
b99aba08ffaf8e16049095b54c9ff9f5b971d97e

SHA256
934e8cbeb1920f9eb60f837a21597282b726972b5653febf52c4fed58e6886e2

SHA512
bda4d6da9371fcfa9f5c1a247aba62c4d854c4e852cfc70903e232c89d8f0e5821832a01bfe9df25116adcb9def31c80c841f578a565f2c76d5f0f3f6bd0740c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
39KB

MD5
fee21cfbf9f1acaa6457b3d421583207

SHA1
31a80c14f716d6643c57af354d14a91dc6062c25

SHA256
4b8b75d0efc252c66246498aa9d47b1c0970cd6dd6f42dbd438f5aa6ae01f2c6

SHA512
d7183de7e1a178057445a5e7af00458a63e39bdbbd3024f0e03b7e1b01d7c38f948b5e635e7a8b2428ea08b82f884d3c51705f1b52ca39c7675dcdff5ca6a8e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
48B

MD5
ccbb3b1edadfefbcd85c357da4bf956b

SHA1
ddaa86aa7922ec823723457aa1294d0169834d07

SHA256
d2ecf971fca75b9e0c99723c23895c2d03eaee1b30111089b9726cfb0e6da3df

SHA512
dba31312e1d01ff4297a11047dd541b25aaee75cc0dbe1c00b931320dfaeb5bf4fddc168cd678923cdb6eaac3b1f29c03f20a0426fe633d20e0d654de17128dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
7c3d4e04afde342f5691448eb25d2563

SHA1
7dd57be795ba2f00cf759036b7f5d1137c322f1c

SHA256
091159a3758070073e027273128a18ca6204c0e1780101afa9cbd204cb8931cc

SHA512
28d3b4a60b1a0e295666ba5b12d4e773e4562795f2346605193e3a4b9a007f2f3ea18994b40a64778c78d897e7efda7d678c976d50d7e5d0a95ed23fd26af641

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57951c.TMP

Filesize
72B

MD5
dcdbf4748dbcbf303f5530fa20206077

SHA1
1b7c0bcc81f73b1e1e6da2213e9eed16651d7d6b

SHA256
e5c81d5ee9322d0cefe3d501514f92111fc68338b3eae6bd5bd50670a068a585

SHA512
4903a609a63fcc24754b6ef34ee8f25f882daf5225b429f8cddbf9fb07a0864e97ed5b15070930b5fb1d0e95bce4cc5eb54fc5eecc79a023414a5b014e2ca204

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
8ce4f641ab2085550145652fb68e9190

SHA1
1dd0f48aaa88698f8d04a8cd0b8bab91bc3163d4

SHA256
a3712aecf29d5a6b04ee254fdae03dbad6614271079a17a2656be98dc0e3a523

SHA512
70a155c6663be396bc178309501ab4b44260d305f0e3186ff70cdb677bfc9bbec5d9dcdc26a44fd4e4479c65a0a9ce95a40af35a623526b7ec0dfb2d65a48800

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
467B

MD5
3e20bc3eeb3f5922e49f76b435ecc2ad

SHA1
89b54a8d64e77b488dfc308989b05bd499d90189

SHA256
a67a22b13b4d0af22fc7ee0452f97143b0a440c43de804d607ff095ff48c69f1

SHA512
f52438c43ff8ba4a202e81e451ecfd655b5dc522bcd2969423d1ba44d1b10a6d27de491654d99ab7b0825c8805859172d3993cd1b1e74d65e0d146b6b268b84c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
8fea8324a56c48e861e2629af92115a2

SHA1
d2b02f19b657f42e642b609adde111bb74db6b2c

SHA256
1cff8bb12e42c0da7a4b853818257d6325453569adfc61ffa07be892c03c1237

SHA512
5c7e312c7f700936cec1b99ce833d608aced1d57793ecf3dc8a04f3da25bcb2c658ee46bd6f30567ea7104495cf4de60d1917aa96bb8a9318fe0c7391fa56f97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
898B

MD5
092a513b61267a40efe583d758246090

SHA1
a41ed86a31238f21299b4258e77f9bcb82313a9d

SHA256
37e91d754b3e28695bb30c33a41faec1aea3b1a05d93d34e2cd6fe153ca27fa2

SHA512
a09b0cf577a1d20a8f60996a6ed21064cffb0c3be3f45495a831810a38f50c2b2c64654141f0bbca3035a9a4da6a584800e0ef5aa561c287e4b17675a3f12c49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
78aa92a0e3841531ab05529bb9dbeb73

SHA1
3cf0f97aa60ad1e0d5495a62f56cc67d86246b14

SHA256
0c3bc40731dd58486272f2baa0bf5c431770e5623aa17da1b435640fc690d017

SHA512
39d1fa533b266a3d45c3c55e09780f9dc9886b2c148dcb04495e4c696ede74694bb7d7eab4a3f0dc29f6a336f690bb34c0b80201ca5c941110876be5b59a7f4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
b4b8b7e73fba5fc7484886fab06e9912

SHA1
35ae9f1ed2142592118b7cb1e9416c4f6affefff

SHA256
71dcd7326f9125ef21a99ac61348679836052b70867f112f2c9a726978d4acf1

SHA512
7ad03ebbb262d16aa4de8592649ce5ebb29bdb8f9bd42293ffc5bec69cb656d2c5239a28a8ebe0aa12dfa0d8bf7c0b7712550aa6e990dede3d4ad2c8948f3422

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
54KB

MD5
9f93898b49561738180222ace33a49be

SHA1
e23d49264bfb4d131eb4e447f2d6ccd4dc7b6ad2

SHA256
f6ab379cb94b23df7714e9c8540efc61e87264f3ee008050a5cd5ca0522f1960

SHA512
eee41c66489552587de8301ac142d85300173fd2ef763b217b016701d90862eb5bd345380f7c80b74b45b1354a78790aee4fc0b98b9404c985d5f100ab883c94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
4c6bc65b3d4d2c5e346d51c7fc7cf9df

SHA1
c0d89b71eae5ed09bd4868193a1d5707ca459bb7

SHA256
ed30c99d093e533ca40aa8d143d7d50798fc01f86d445d295e3f51082dedf872

SHA512
1e84278da919e8abce3ed9631e834b930c9675d674a7d58e39fe0ae9b9e50fa43f74fec908c45e5d5cfd70a00021b7c77b7af3989e9e20419f3ba5579cb5c591

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads