hxxps://drive[.]google[.]com/file/d/1MSK9fL2GqGavRFxWuJJll67zQEXfxAqn/view?usp=sharing

Analysis

max time kernel
68s
max time network
71s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
01/04/2025, 01:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1MSK9fL2GqGavRFxWuJJll67zQEXfxAqn/view?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 8 IoCs

Web Service

T1102

flow	ioc
4	drive.google.com
12	drive.google.com
17	drive.google.com
39	drive.google.com
150	drive.google.com
151	drive.google.com
152	drive.google.com
3	drive.google.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\_locales\ka\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\_locales\bn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\_locales\af\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\_locales\sv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\_locales\vi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\_locales\en_GB\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\128.png	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\_locales\de\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\_locales\kk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\_locales\es\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\dasherSettingSchema.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\_locales\uk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\_locales\ne\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\_locales\pt_PT\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\_locales\zh_TW\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\_locales\lv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\_locales\mr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\_locales\fr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\_locales\my\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\_locales\hi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\_locales\sw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\_locales\ta\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\_locales\ms\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\_locales\zu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\_locales\ml\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\_locales\ro\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\_locales\ko\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\_locales\hu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\_locales\is\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\offscreendocument.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\_locales\sl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\_locales\id\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\_locales\sr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\_locales\bg\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\_locales\da\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\_locales\mn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\_locales\fil\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\_locales\pa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\_locales\az\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\_locales\lo\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\offscreendocument_main.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\_locales\zh_HK\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\_locales\tr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\_locales\am\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\_locales\ar\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\_locales\en_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\_locales\sk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\page_embed_script.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\_locales\ja\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\_locales\es_419\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\_locales\gl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\_locales\nl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\_locales\ca\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\_locales\km\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\_locales\no\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\_locales\pl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\_locales\te\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\_locales\lt\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\_locales\el\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\_locales\en_US\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5888_1633123103\_locales\it\messages.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133879446157781602"	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-446031748-3036493239-2009529691-1000\{B6E797BF-B823-403E-AECC-604D035EA2E0}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1060	vlc.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1060	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	5376	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5376	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe
5888	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1060	vlc.exe
1060	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5888 wrote to memory of 632	5888	msedge.exe	86
PID 5888 wrote to memory of 632	5888	msedge.exe	86
PID 5888 wrote to memory of 5092	5888	msedge.exe	88
PID 5888 wrote to memory of 5092	5888	msedge.exe	88
PID 5888 wrote to memory of 4668	5888	msedge.exe	87
PID 5888 wrote to memory of 4668	5888	msedge.exe	87
PID 5888 wrote to memory of 5092	5888	msedge.exe	88
PID 5888 wrote to memory of 5092	5888	msedge.exe	88
PID 5888 wrote to memory of 5092	5888	msedge.exe	88
PID 5888 wrote to memory of 5092	5888	msedge.exe	88
PID 5888 wrote to memory of 5092	5888	msedge.exe	88
PID 5888 wrote to memory of 5092	5888	msedge.exe	88
PID 5888 wrote to memory of 5092	5888	msedge.exe	88
PID 5888 wrote to memory of 5092	5888	msedge.exe	88
PID 5888 wrote to memory of 5092	5888	msedge.exe	88
PID 5888 wrote to memory of 5092	5888	msedge.exe	88
PID 5888 wrote to memory of 5092	5888	msedge.exe	88
PID 5888 wrote to memory of 5092	5888	msedge.exe	88
PID 5888 wrote to memory of 5092	5888	msedge.exe	88
PID 5888 wrote to memory of 5092	5888	msedge.exe	88
PID 5888 wrote to memory of 5092	5888	msedge.exe	88
PID 5888 wrote to memory of 5092	5888	msedge.exe	88
PID 5888 wrote to memory of 5092	5888	msedge.exe	88
PID 5888 wrote to memory of 5092	5888	msedge.exe	88
PID 5888 wrote to memory of 5092	5888	msedge.exe	88
PID 5888 wrote to memory of 5092	5888	msedge.exe	88
PID 5888 wrote to memory of 5092	5888	msedge.exe	88
PID 5888 wrote to memory of 5092	5888	msedge.exe	88
PID 5888 wrote to memory of 5092	5888	msedge.exe	88
PID 5888 wrote to memory of 5092	5888	msedge.exe	88
PID 5888 wrote to memory of 5092	5888	msedge.exe	88
PID 5888 wrote to memory of 5092	5888	msedge.exe	88
PID 5888 wrote to memory of 5092	5888	msedge.exe	88
PID 5888 wrote to memory of 5092	5888	msedge.exe	88
PID 5888 wrote to memory of 5092	5888	msedge.exe	88
PID 5888 wrote to memory of 5092	5888	msedge.exe	88
PID 5888 wrote to memory of 5092	5888	msedge.exe	88
PID 5888 wrote to memory of 5092	5888	msedge.exe	88
PID 5888 wrote to memory of 5092	5888	msedge.exe	88
PID 5888 wrote to memory of 5092	5888	msedge.exe	88
PID 5888 wrote to memory of 5092	5888	msedge.exe	88
PID 5888 wrote to memory of 5092	5888	msedge.exe	88
PID 5888 wrote to memory of 5092	5888	msedge.exe	88
PID 5888 wrote to memory of 5092	5888	msedge.exe	88
PID 5888 wrote to memory of 5092	5888	msedge.exe	88
PID 5888 wrote to memory of 5092	5888	msedge.exe	88
PID 5888 wrote to memory of 5092	5888	msedge.exe	88
PID 5888 wrote to memory of 5092	5888	msedge.exe	88
PID 5888 wrote to memory of 5092	5888	msedge.exe	88
PID 5888 wrote to memory of 5092	5888	msedge.exe	88
PID 5888 wrote to memory of 5092	5888	msedge.exe	88
PID 5888 wrote to memory of 5092	5888	msedge.exe	88
PID 5888 wrote to memory of 5092	5888	msedge.exe	88
PID 5888 wrote to memory of 5092	5888	msedge.exe	88
PID 5888 wrote to memory of 5092	5888	msedge.exe	88
PID 5888 wrote to memory of 4528	5888	msedge.exe	89
PID 5888 wrote to memory of 4528	5888	msedge.exe	89
PID 5888 wrote to memory of 4528	5888	msedge.exe	89
PID 5888 wrote to memory of 4528	5888	msedge.exe	89
PID 5888 wrote to memory of 4528	5888	msedge.exe	89
PID 5888 wrote to memory of 4528	5888	msedge.exe	89
PID 5888 wrote to memory of 4528	5888	msedge.exe	89
PID 5888 wrote to memory of 4528	5888	msedge.exe	89
PID 5888 wrote to memory of 4528	5888	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1MSK9fL2GqGavRFxWuJJll67zQEXfxAqn/view?usp=sharing
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x218,0x260,0x7ffb963ff208,0x7ffb963ff214,0x7ffb963ff220
  2⤵
  PID:632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1820,i,8158347178827520932,12177497841424573890,262144 --variations-seed-version --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2220,i,8158347178827520932,12177497841424573890,262144 --variations-seed-version --mojo-platform-channel-handle=2216 /prefetch:2
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=1968,i,8158347178827520932,12177497841424573890,262144 --variations-seed-version --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3484,i,8158347178827520932,12177497841424573890,262144 --variations-seed-version --mojo-platform-channel-handle=3576 /prefetch:1
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3492,i,8158347178827520932,12177497841424573890,262144 --variations-seed-version --mojo-platform-channel-handle=3580 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4688,i,8158347178827520932,12177497841424573890,262144 --variations-seed-version --mojo-platform-channel-handle=4300 /prefetch:2
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=5224,i,8158347178827520932,12177497841424573890,262144 --variations-seed-version --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=5400,i,8158347178827520932,12177497841424573890,262144 --variations-seed-version --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5184,i,8158347178827520932,12177497841424573890,262144 --variations-seed-version --mojo-platform-channel-handle=5588 /prefetch:8
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5192,i,8158347178827520932,12177497841424573890,262144 --variations-seed-version --mojo-platform-channel-handle=5604 /prefetch:8
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6004,i,8158347178827520932,12177497841424573890,262144 --variations-seed-version --mojo-platform-channel-handle=6016 /prefetch:8
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6476,i,8158347178827520932,12177497841424573890,262144 --variations-seed-version --mojo-platform-channel-handle=6500 /prefetch:8
  2⤵
  PID:5740
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6476,i,8158347178827520932,12177497841424573890,262144 --variations-seed-version --mojo-platform-channel-handle=6500 /prefetch:8
  2⤵
  PID:5644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6692,i,8158347178827520932,12177497841424573890,262144 --variations-seed-version --mojo-platform-channel-handle=6688 /prefetch:8
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6912,i,8158347178827520932,12177497841424573890,262144 --variations-seed-version --mojo-platform-channel-handle=6932 /prefetch:8
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6368,i,8158347178827520932,12177497841424573890,262144 --variations-seed-version --mojo-platform-channel-handle=6864 /prefetch:8
  2⤵
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=568,i,8158347178827520932,12177497841424573890,262144 --variations-seed-version --mojo-platform-channel-handle=7132 /prefetch:8
  2⤵
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6584,i,8158347178827520932,12177497841424573890,262144 --variations-seed-version --mojo-platform-channel-handle=6376 /prefetch:8
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6516,i,8158347178827520932,12177497841424573890,262144 --variations-seed-version --mojo-platform-channel-handle=7116 /prefetch:8
  2⤵
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3820,i,8158347178827520932,12177497841424573890,262144 --variations-seed-version --mojo-platform-channel-handle=5820 /prefetch:8
  2⤵
  PID:604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=5804,i,8158347178827520932,12177497841424573890,262144 --variations-seed-version --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5748,i,8158347178827520932,12177497841424573890,262144 --variations-seed-version --mojo-platform-channel-handle=6868 /prefetch:8
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6952,i,8158347178827520932,12177497841424573890,262144 --variations-seed-version --mojo-platform-channel-handle=7008 /prefetch:8
  2⤵
  PID:2748
- C:\Program Files\VideoLAN\VLC\vlc.exe
  "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\Homefront Hacker (1st of April 2025).wmv"
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:1060
- C:\Program Files\VideoLAN\VLC\vlc.exe
  "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\Homefront Hacker (1st of April 2025).wmv"
  2⤵
  PID:2156

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4660

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:512

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x50c 0x510
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
8625e8ce164e1039c0d19156210674ce

SHA1
9eb5ae97638791b0310807d725ac8815202737d2

SHA256
2f65f9c3c54fe018e0b1f46e3c593d100a87758346d3b00a72cb93042daf60a2

SHA512
3c52b8876982fe41d816f9dfb05cd888c551cf7efd266a448050c87c3fc52cc2172f53c83869b87d7643ce0188004c978570f35b0fcc1cb50c9fffea3dec76a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
4fdcb4f1b1e4ca90011713f20fd06b93

SHA1
f1ea79d77b91f247923acaa78ae144cf958c11b3

SHA256
e21409d9424887cf5b0821e541286e59291b7d7a6d2bfab480f2054b80c04956

SHA512
4ca0279c017071e5f65d41e5cea7ac560a3b95ec24a82bbf555141561e93900d28e586e702db518d37771f8505526ce9c2c163732f5f50a32c2f070889ceb719

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57c208.TMP

Filesize
3KB

MD5
0e0f249e7eb5fe2dba5582d866cae7b9

SHA1
8009c3ae82f11bdd686a0b4f9b9713e00f9ab5c4

SHA256
10c25e81f6d16a02045ac41b5db2f17518e95d719c49baa191e86ad37d78e88b

SHA512
eb1bea9c827d646baf16504b969535bbc646a65dc2c9f487faac0722cf8d8c4f4fa23ec94144d935758aac57a99a4a581907d7df50956bf1cb642353f3036aab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Platform Notifications\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
233e995a184621ece04422340012b5bd

SHA1
2e3a07582d9ea6ac96aecafd647295c622ea69eb

SHA256
c4246ce77ffa15097b9ebfb35412267b925aff55e5bcc08107afbe1b2deeee20

SHA512
7060dc4956514eae64c2c74267ad4061aff0b2360378446c4de1190fdca498e36de0fc5b25bd0c545d65a0923e608e665ba5c24f0901d3ddedef43cc9590c48b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
39KB

MD5
1704165537c76e65e98da573179dae61

SHA1
a6daa3b09c98b2a062d76f0b8e45d6193dd55d04

SHA256
bfa215f46e2d405d02b89f20823f6023f2b708849ac042316fde7485b97ff709

SHA512
73d3cf3d9603e8af004f65c7f7d9b63e7471be35f4963885aca2f55689239a14eaef42ca8718f0889d1ab476867b8b955be5efbf76d88b08b2a8a0bac89ec95f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
2a75605570582a247a743737b1780a5c

SHA1
981875f660725ba8796063f745a959853d3ed720

SHA256
a163ded2b5a70b739f264c57e0c6e5070a5968af785fe25f2787955cfc4e6aa5

SHA512
a4e81f17a110f48cd3bd603702ce383e43c81a665c5fa1481395eeda086bd4a989c2f3510b9e9db80f856c0d968f3624805ab4f3755c724c3e8821c00fb580c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
593e1207ed93f6c0df65aaa4d90bca9f

SHA1
6fbb52c6b7250ff661432b81ffbc85891ce87ad7

SHA256
9709d069e715ae346a1b3cfb6d3e1b7bdfaf0f1bc2a0062f711efec8252c0065

SHA512
e4b412913d627b2afe8487de3426ffc2cc2783d754a35e0e1ae200796026f9df00aa7f3a523ffb2693cf973a03b9df418bd24c814d09bab608893ac7c3d1ae73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a7f8.TMP

Filesize
96B

MD5
a8ca4e3333bd874b9b5e6b8144e7944e

SHA1
eeed3839cbcd255edec04c08da215dbc95f638e1

SHA256
8ac80781310f6ac22e0b227dabff80ead7b9c1006eac24b13024267e0595d46b

SHA512
a3564e62ceb17bbe1317e60ad9a34293c048b69f959bca4a4fb362cf4d4c40c015cd96a4f9de9dcc043cbb5e44e1fcd54b61c7540ac243206e27529c79888342

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
e7540b5a2b50254ebe8b83cadd331c41

SHA1
c90e8abae6a32d683e957b1389df6a190032714b

SHA256
b48493a03ca22c41cdc12e1b6f3d405bd752a204a06104050653e71485565255

SHA512
025324ff8c04329937f2428a7724d4fb70993024198317045f70d3499a11d5c1544e0221b6fbd27f4f3dedc82a63fbde9546393dbdeb960f275fde8bef14986c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\3\CacheStorage\index.txt

Filesize
90B

MD5
ad4845e49f7c87b0d1900f13ff8fe80b

SHA1
dddcb82be4e688ee54f666114ead955e23f3cbca

SHA256
e9cf04bb9efe08c5d949188f7d07c1003209bd4decd95895fd60fdec80b356b5

SHA512
74169b9c4255bc514d834b2c3f4f1ac453c8bd89466718a8682b35cebdcea4b6617b34ba96db7d887657875efbc231f896ff2d90eace7367fc7f4777b6b8f469

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\3\CacheStorage\index.txt~RFe57610c.TMP

Filesize
154B

MD5
7d838f5301a1df982f7732cecddbeaf9

SHA1
1af2d28c161c6b6499bea7f37ac341d6d98b0385

SHA256
e744068b0b58b26e6ad6f850c5b134c074e40bf32922b1a06090ad20cc93a3c0

SHA512
0b6f1e60eaf6db6fafcecb16b7f202c8cb049d951b63550d46bc7a742d692d91c3c1385bdad6f58be0d178888eba73715bf2629d80c9ac877d67ad14b3e79711

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\3\IndexedDB\indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
463B

MD5
462725c5c0b8bc2a0165d6ec94f390ae

SHA1
86ca660ddf9619438f8c657a7f3f46e35ce16d4b

SHA256
cd1d1392abd54aa638529229ec2f3322101f0ee5b34422e116e2de7423b2206e

SHA512
d6116ff67180f7059ea78fa0315de5cdd926ebf6913d2a9693bdea024136ce1e64b7f670bbf0dc3ad1ff43a5df12a2357cde052d7dac8e454c31d69bca9e153a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
5c322370b23ae8d186dcaab2865c7898

SHA1
2513ac8d5371648b81822885abeb81bb33b21774

SHA256
83dd475056ae35bb495e5e5ddb3d5296f86b51ab85f8a1cfc88780243f2270e7

SHA512
47fb1ac05dd64be4706ea6f9826120882ed1cdcf540a3f1f9748f893559b172be6b50c4829116c91366348a8e6ea268a01db3c2727d55d796f581b6710c5e0b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
892B

MD5
153c62ad01217e369fe70f04215e61c5

SHA1
3e4788d5d4f9333295af34e8dd89e9a7d54adb18

SHA256
3088466239b8f939cce0ba90658bdead53be6a9b42d726ae01bbd4cd3c98af4b

SHA512
d3a46f06f93992f95d7f57c1359341b9f7009fb00df71501f69711223fa1769ab2c6f00d5d9cad81a5f0775efc2bdcf8fe36b04fca3c36e215c45107865705da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
0ac61de3824dfc70fba01002d628c851

SHA1
0a5a76264c868dfd099a2eb092d26d3c83d78a29

SHA256
150b8e37e9180c93827e0cd5a50e34c67e8b13ff02977345257d792e327c4521

SHA512
be1932a0ea0c4e4b5588efabb906e2367ee3b51906a26bbea574af6973ac26ac47bde8bed65ac65b31293009bbe4193d7fad7619f86830f7e7fcbbf14e647903

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
abbe577758b1d19925dd312adb431f82

SHA1
c998e16979c140cc27ce0fc5e3a3df93790d67d1

SHA256
5e00466655878ac33a38246fffe15aa931f3921e27d2c9f4e5885e83e0f6b7d9

SHA512
b401abd00ddb48671533fd949de236d48fa6137b5cd887f784328e1b0e9d864158fdf0a3e869de30589fa997df5eb036dfc52d7bc0f869ae02bd725d264d5a73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
50KB

MD5
fde95951a10752d3e4b0be5f86a13dc1

SHA1
5423ca54ca85437357761f1fb1c051f850e03df9

SHA256
562937ee4aeeb632b5ee7ea6cf9b9e02dc6373c9bbeee45f25133c1bd0c8f00e

SHA512
b16395262a1d2dc2d5f5ed486ed99600f093a014dc61986bb0c0ee788cfcf76336832509b1a68471c8fea3cc145a0240c3ccd0cdf52d977ce833b13849e0970b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
42d7d3f4d320735a4215be05f4a5e5cb

SHA1
572058ac58785f20e95371f17e8e848156073436

SHA256
947958044452cd8fd4189aa633da4b4ec692d1249fd1ec7f65372cefdcef9310

SHA512
5f616d0503eba8c71e5603252171f44e9bfb5609d411414201c943fcd25ea59874d093deb1e0b3eced703f29c8751274f225a616e5896669fc5c444426c24a00

Download Submit
C:\Users\Admin\Downloads\Homefront Hacker (1st of April 2025).wmv.crdownload

Filesize
5.1MB

MD5
9431310da0e0e06eda973beb74c9cbda

SHA1
b7b9dd2c0adabfd11863c36ba107d2ddc1154075

SHA256
0d8fdc0f577aacd731885407b29fb06d8bfa034d958e1ead5bcff50b5426884e

SHA512
462a9187cdd0eaef6acc8526dfb445c39446848ab2e09a42c513d01936f58cd14ae84471b427313fba1b48fafe45c359eeb22b8d67fa8677daf5d4c83b55ac8e

Download Submit
memory/1060-758-0x000001E3488D0000-0x000001E349980000-memory.dmp

Filesize
16.7MB

Download
memory/1060-756-0x00007FFB83110000-0x00007FFB83144000-memory.dmp

Filesize
208KB

Download
memory/1060-755-0x00007FF7977D0000-0x00007FF7978C8000-memory.dmp

Filesize
992KB

Download
memory/1060-757-0x00007FFB82E50000-0x00007FFB83106000-memory.dmp

Filesize
2.7MB

Download
memory/2156-713-0x00007FFB83110000-0x00007FFB83144000-memory.dmp

Filesize
208KB

Download
memory/2156-714-0x00007FFB82E50000-0x00007FFB83106000-memory.dmp

Filesize
2.7MB

Download
memory/2156-716-0x00007FFB82E30000-0x00007FFB82E48000-memory.dmp

Filesize
96KB

Download
memory/2156-717-0x00007FFB82E10000-0x00007FFB82E27000-memory.dmp

Filesize
92KB

Download
memory/2156-718-0x00007FFB82DF0000-0x00007FFB82E01000-memory.dmp

Filesize
68KB

Download
memory/2156-712-0x00007FF7977D0000-0x00007FF7978C8000-memory.dmp

Filesize
992KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads