lockbit | hxxp://lockbit 3 download

Analysis

max time kernel
134s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20250313-en
resource tags

arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system
submitted
01/04/2025, 20:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://lockbit 3 download

Score

10^/10

lockbit discovery ransomware

Malware Config

Signatures

Lockbit
Ransomware family with multiple variants released since late 2019.
ransomware lockbit
Lockbit family
lockbit

Rule to detect Lockbit 3.0 ransomware Windows payload 1 IoCs

resource	yara_rule
behavioral1/files/0x00040000000237d4-1667.dat	family_lockbit

Downloads MZ/PE file 1 IoCs

flow	pid	Process
310	1452	msedge.exe

Executes dropped EXE 3 IoCs

pid	Process
2416	builder.exe
5216	builder.exe
5940	builder.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
143	raw.githubusercontent.com
144	raw.githubusercontent.com
145	raw.githubusercontent.com
146	raw.githubusercontent.com
310	raw.githubusercontent.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_522727271\_locales\zh_HK\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_522727271\_locales\kk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_522727271\_locales\en\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_522727271\_locales\gu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_522727271\_locales\es_419\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_522727271\_locales\bn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_522727271\_locales\ml\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_522727271\_locales\af\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_522727271\_locales\bg\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_522727271\_locales\hu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_522727271\_locales\be\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_522727271\_locales\it\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_522727271\offscreendocument.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_522727271\_locales\hr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_522727271\_locales\fr_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_522727271\_locales\lv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_522727271\_locales\cs\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_522727271\_locales\de\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_522727271\_locales\tr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_522727271\_locales\ar\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_522727271\_locales\te\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_522727271\_locales\ro\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_522727271\_locales\nl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_522727271\_locales\zh_CN\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_522727271\_locales\pa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_522727271\_locales\vi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_522727271\_locales\ru\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_522727271\_locales\hy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_522727271\_locales\ja\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_522727271\_locales\iw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_522727271\_locales\zu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_522727271\_locales\sk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_344097528\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_344097528\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_522727271\_locales\eu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_522727271\_locales\gl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_522727271\_locales\ta\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_522727271\_locales\cy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_522727271\_locales\sl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_1776139782\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_522727271\offscreendocument_main.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_522727271\_locales\si\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_522727271\128.png	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_344097528\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_1776139782\keys.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_1776139782\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_522727271\_locales\no\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_522727271\_locales\zh_TW\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_522727271\_locales\lt\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_522727271\_locales\kn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_522727271\_locales\fil\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_522727271\_locales\id\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_763150128\protocols.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_1776139782\LICENSE	msedge.exe
File created	C:\Program Files\msedge_url_fetcher_2336_937317004\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_90_1_0.crx	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_522727271\_locales\ms\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_522727271\_locales\sw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_522727271\_locales\ne\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_522727271\_locales\is\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_344097528\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_1776139782\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_522727271\_locales\sr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_522727271\_locales\my\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2336_522727271\_locales\el\messages.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133880147050422545"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1279544337-3716153908-718418795-1000\{5E296747-F504-4E62-A773-AF6433FF2CB2}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1279544337-3716153908-718418795-1000\{F0BB4E0F-BC36-4FA4-A7BA-00235CF3DC16}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5732	msedge.exe
5732	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	5012	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5012	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe

Suspicious use of SendNotifyMessage 56 IoCs

pid	Process
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2336 wrote to memory of 2352	2336	msedge.exe	87
PID 2336 wrote to memory of 2352	2336	msedge.exe	87
PID 2336 wrote to memory of 1452	2336	msedge.exe	88
PID 2336 wrote to memory of 1452	2336	msedge.exe	88
PID 2336 wrote to memory of 2544	2336	msedge.exe	89
PID 2336 wrote to memory of 2544	2336	msedge.exe	89
PID 2336 wrote to memory of 2544	2336	msedge.exe	89
PID 2336 wrote to memory of 2544	2336	msedge.exe	89
PID 2336 wrote to memory of 2544	2336	msedge.exe	89
PID 2336 wrote to memory of 2544	2336	msedge.exe	89
PID 2336 wrote to memory of 2544	2336	msedge.exe	89
PID 2336 wrote to memory of 2544	2336	msedge.exe	89
PID 2336 wrote to memory of 2544	2336	msedge.exe	89
PID 2336 wrote to memory of 2544	2336	msedge.exe	89
PID 2336 wrote to memory of 2544	2336	msedge.exe	89
PID 2336 wrote to memory of 2544	2336	msedge.exe	89
PID 2336 wrote to memory of 2544	2336	msedge.exe	89
PID 2336 wrote to memory of 2544	2336	msedge.exe	89
PID 2336 wrote to memory of 2544	2336	msedge.exe	89
PID 2336 wrote to memory of 2544	2336	msedge.exe	89
PID 2336 wrote to memory of 2544	2336	msedge.exe	89
PID 2336 wrote to memory of 2544	2336	msedge.exe	89
PID 2336 wrote to memory of 2544	2336	msedge.exe	89
PID 2336 wrote to memory of 2544	2336	msedge.exe	89
PID 2336 wrote to memory of 2544	2336	msedge.exe	89
PID 2336 wrote to memory of 2544	2336	msedge.exe	89
PID 2336 wrote to memory of 2544	2336	msedge.exe	89
PID 2336 wrote to memory of 2544	2336	msedge.exe	89
PID 2336 wrote to memory of 2544	2336	msedge.exe	89
PID 2336 wrote to memory of 2544	2336	msedge.exe	89
PID 2336 wrote to memory of 2544	2336	msedge.exe	89
PID 2336 wrote to memory of 2544	2336	msedge.exe	89
PID 2336 wrote to memory of 2544	2336	msedge.exe	89
PID 2336 wrote to memory of 2544	2336	msedge.exe	89
PID 2336 wrote to memory of 2544	2336	msedge.exe	89
PID 2336 wrote to memory of 2544	2336	msedge.exe	89
PID 2336 wrote to memory of 2544	2336	msedge.exe	89
PID 2336 wrote to memory of 2544	2336	msedge.exe	89
PID 2336 wrote to memory of 2544	2336	msedge.exe	89
PID 2336 wrote to memory of 2544	2336	msedge.exe	89
PID 2336 wrote to memory of 2544	2336	msedge.exe	89
PID 2336 wrote to memory of 2544	2336	msedge.exe	89
PID 2336 wrote to memory of 2544	2336	msedge.exe	89
PID 2336 wrote to memory of 2544	2336	msedge.exe	89
PID 2336 wrote to memory of 2544	2336	msedge.exe	89
PID 2336 wrote to memory of 2544	2336	msedge.exe	89
PID 2336 wrote to memory of 2544	2336	msedge.exe	89
PID 2336 wrote to memory of 2544	2336	msedge.exe	89
PID 2336 wrote to memory of 2544	2336	msedge.exe	89
PID 2336 wrote to memory of 2544	2336	msedge.exe	89
PID 2336 wrote to memory of 2544	2336	msedge.exe	89
PID 2336 wrote to memory of 2544	2336	msedge.exe	89
PID 2336 wrote to memory of 2544	2336	msedge.exe	89
PID 2336 wrote to memory of 2544	2336	msedge.exe	89
PID 2336 wrote to memory of 2544	2336	msedge.exe	89
PID 2336 wrote to memory of 4856	2336	msedge.exe	90
PID 2336 wrote to memory of 4856	2336	msedge.exe	90
PID 2336 wrote to memory of 4856	2336	msedge.exe	90
PID 2336 wrote to memory of 4856	2336	msedge.exe	90
PID 2336 wrote to memory of 4856	2336	msedge.exe	90
PID 2336 wrote to memory of 4856	2336	msedge.exe	90
PID 2336 wrote to memory of 4856	2336	msedge.exe	90
PID 2336 wrote to memory of 4856	2336	msedge.exe	90
PID 2336 wrote to memory of 4856	2336	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://lockbit 3 download
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x2ac,0x7ffb14a3f208,0x7ffb14a3f214,0x7ffb14a3f220
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1884,i,16888950149335779969,7435611641132860076,262144 --variations-seed-version --mojo-platform-channel-handle=2380 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2232,i,16888950149335779969,7435611641132860076,262144 --variations-seed-version --mojo-platform-channel-handle=2228 /prefetch:2
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2596,i,16888950149335779969,7435611641132860076,262144 --variations-seed-version --mojo-platform-channel-handle=2588 /prefetch:8
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3456,i,16888950149335779969,7435611641132860076,262144 --variations-seed-version --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:5436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3464,i,16888950149335779969,7435611641132860076,262144 --variations-seed-version --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=5000,i,16888950149335779969,7435611641132860076,262144 --variations-seed-version --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:5936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4856,i,16888950149335779969,7435611641132860076,262144 --variations-seed-version --mojo-platform-channel-handle=4316 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4980,i,16888950149335779969,7435611641132860076,262144 --variations-seed-version --mojo-platform-channel-handle=5136 /prefetch:8
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3440,i,16888950149335779969,7435611641132860076,262144 --variations-seed-version --mojo-platform-channel-handle=3744 /prefetch:8
  2⤵
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5508,i,16888950149335779969,7435611641132860076,262144 --variations-seed-version --mojo-platform-channel-handle=5524 /prefetch:8
  2⤵
  PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5656,i,16888950149335779969,7435611641132860076,262144 --variations-seed-version --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  PID:5592
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5656,i,16888950149335779969,7435611641132860076,262144 --variations-seed-version --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5868,i,16888950149335779969,7435611641132860076,262144 --variations-seed-version --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5556,i,16888950149335779969,7435611641132860076,262144 --variations-seed-version --mojo-platform-channel-handle=6060 /prefetch:8
  2⤵
  PID:6000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --always-read-main-dll --field-trial-handle=6348,i,16888950149335779969,7435611641132860076,262144 --variations-seed-version --mojo-platform-channel-handle=6380 /prefetch:1
  2⤵
  PID:5152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=120,i,16888950149335779969,7435611641132860076,262144 --variations-seed-version --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=6592,i,16888950149335779969,7435611641132860076,262144 --variations-seed-version --mojo-platform-channel-handle=6624 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6532,i,16888950149335779969,7435611641132860076,262144 --variations-seed-version --mojo-platform-channel-handle=6272 /prefetch:8
  2⤵
  PID:5728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --always-read-main-dll --field-trial-handle=5604,i,16888950149335779969,7435611641132860076,262144 --variations-seed-version --mojo-platform-channel-handle=6664 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --always-read-main-dll --field-trial-handle=6356,i,16888950149335779969,7435611641132860076,262144 --variations-seed-version --mojo-platform-channel-handle=6736 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=5620,i,16888950149335779969,7435611641132860076,262144 --variations-seed-version --mojo-platform-channel-handle=6920 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=7064,i,16888950149335779969,7435611641132860076,262144 --variations-seed-version --mojo-platform-channel-handle=6716 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --always-read-main-dll --field-trial-handle=6004,i,16888950149335779969,7435611641132860076,262144 --variations-seed-version --mojo-platform-channel-handle=7172 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7472,i,16888950149335779969,7435611641132860076,262144 --variations-seed-version --mojo-platform-channel-handle=7440 /prefetch:8
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6928,i,16888950149335779969,7435611641132860076,262144 --variations-seed-version --mojo-platform-channel-handle=7504 /prefetch:8
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7284,i,16888950149335779969,7435611641132860076,262144 --variations-seed-version --mojo-platform-channel-handle=7408 /prefetch:8
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5404,i,16888950149335779969,7435611641132860076,262144 --variations-seed-version --mojo-platform-channel-handle=5428 /prefetch:8
  2⤵
  PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7388,i,16888950149335779969,7435611641132860076,262144 --variations-seed-version --mojo-platform-channel-handle=5552 /prefetch:8
  2⤵
  PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --always-read-main-dll --field-trial-handle=5360,i,16888950149335779969,7435611641132860076,262144 --variations-seed-version --mojo-platform-channel-handle=1944 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --always-read-main-dll --field-trial-handle=7496,i,16888950149335779969,7435611641132860076,262144 --variations-seed-version --mojo-platform-channel-handle=7012 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7616,i,16888950149335779969,7435611641132860076,262144 --variations-seed-version --mojo-platform-channel-handle=6572 /prefetch:8
  2⤵
  PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --always-read-main-dll --field-trial-handle=3604,i,16888950149335779969,7435611641132860076,262144 --variations-seed-version --mojo-platform-channel-handle=6584 /prefetch:1
  2⤵
  PID:5552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7916,i,16888950149335779969,7435611641132860076,262144 --variations-seed-version --mojo-platform-channel-handle=7928 /prefetch:8
  2⤵
  PID:5476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7940,i,16888950149335779969,7435611641132860076,262144 --variations-seed-version --mojo-platform-channel-handle=7976 /prefetch:8
  2⤵
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8092,i,16888950149335779969,7435611641132860076,262144 --variations-seed-version --mojo-platform-channel-handle=8108 /prefetch:8
  2⤵
  PID:5648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=6012,i,16888950149335779969,7435611641132860076,262144 --variations-seed-version --mojo-platform-channel-handle=6408 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  PID:4892
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x2bc,0x7ffb14a3f208,0x7ffb14a3f214,0x7ffb14a3f220
    3⤵
    PID:5096
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1840,i,6719843660522999391,7216351174629169694,262144 --variations-seed-version --mojo-platform-channel-handle=2700 /prefetch:3
    3⤵
    PID:5032
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2180,i,6719843660522999391,7216351174629169694,262144 --variations-seed-version --mojo-platform-channel-handle=2708 /prefetch:8
    3⤵
    PID:4548
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2604,i,6719843660522999391,7216351174629169694,262144 --variations-seed-version --mojo-platform-channel-handle=2588 /prefetch:2
    3⤵
    PID:3840
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4160,i,6719843660522999391,7216351174629169694,262144 --variations-seed-version --mojo-platform-channel-handle=4264 /prefetch:8
    3⤵
    PID:5988
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4160,i,6719843660522999391,7216351174629169694,262144 --variations-seed-version --mojo-platform-channel-handle=4264 /prefetch:8
    3⤵
    PID:1472
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4188,i,6719843660522999391,7216351174629169694,262144 --variations-seed-version --mojo-platform-channel-handle=4200 /prefetch:8
    3⤵
    PID:5884

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:3700

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:3064

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2ec 0x498
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5012

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4476

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:872

C:\Users\Admin\Downloads\builder.exe
"C:\Users\Admin\Downloads\builder.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2416

C:\Users\Admin\Downloads\builder.exe
"C:\Users\Admin\Downloads\builder.exe"
1⤵
- Executes dropped EXE
PID:5216

C:\Users\Admin\Downloads\builder.exe
"C:\Users\Admin\Downloads\builder.exe"
1⤵
- Executes dropped EXE
PID:5940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping2336_1776139782\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2336_1776139782\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2336_344097528\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2336_763150128\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2336_763150128\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
2043b3d94449fdfe95f7baf96da0cc72

SHA1
c09336fdfca5bb76dc091d40d0ef40bd899b7172

SHA256
977a6ee659bc0a9178ff75024b624f07156a2947483db11d014ead5b9333492a

SHA512
452555ba22c0ac33a66ae8700b871927d0457ccde71560b8b3fe9a6f2cff402acaef742fc04bb3f898524411e86ca4d3e960690055ef35155d1981c19ec06e6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
aa0d4cbf8910ac03ff780d1ad5225fa0

SHA1
6400c2ca8709c58cccc6bc027e4fd173153a9efd

SHA256
c4cf10732a3ec2147b07e95cb1bebe1c2703a7d06c3cebac8f046d100b885c21

SHA512
303486b6ba3f11ce9e13e1a1c4ae4366175b55f5561cd6b437bc78ab96698f350c9ea687690f83e659b08447244c09e6dce2ec4992f15f7e5b6e11c2fe349b2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
998db8a9f40f71e2f3d9e19aac4db4a9

SHA1
dade0e68faef54a59d68ae8cb3b8314b6947b6d7

SHA256
1b28744565eb600485d9800703f2fb635ecf4187036c12d47f86bbd1e078e06b

SHA512
0e66fd26a11507f78fb1b173fd50555dbd95b0d330e095cdd93206757c6af2780ece914a11a23cd4c840636a59470f44c6db35fa392303fb583806264e652016

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\383fd09a-ff3b-43f6-b4b7-c41868c73ad3.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
35f7fdd15d8c37844032e95ba4e84ad1

SHA1
4d1ca16f19d584954f95bddf73a8d2c9fff99529

SHA256
3fa768330becd17647e1ca084524bb7217c7138554df8d29d23065f2ba9a29fe

SHA512
31fe06f20066358361209aabb5be5b2deaeb2f569cad1dfe6a9434573c3629abcc3a557110fbf7c37b309b2b1ea80e97333da578b33df8b941c9174b7c5ba339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

Filesize
520KB

MD5
24f0e25e971c9a8eee8397f986fc1ac1

SHA1
aa08d7059c0719972cdbfbe6a16673e5331327db

SHA256
97dc9599f76853ff5c13684adc421e2f5e44db7800c783a872f34383bd42551f

SHA512
913a649d27909a36d67ec813da074d03480a8d6324727b89f21002c96f10f39fc113a3b75c914ca3158da4885d0f2821a11e31766d90f7383638d3d36c97d186

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

Filesize
2.0MB

MD5
65d91fc3598948b841b8075284aceea2

SHA1
8a426bf473aa44d0f411baed3ada62fc113a4496

SHA256
ce1a43e8c58ad5b1005d888597f14cc3eff9f11e3433e9bf44a5990bc1fb2480

SHA512
28279893bffcf5ae2abbde686f9d90a28938a84fddd866f9f4df024d8553b67882dc59dc0f2e49fdf7a1536735447428ca70797d639ae8cfea756fd36137cd3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

Filesize
12.0MB

MD5
2dad9f0ab35ce53109dbcc987ea256bd

SHA1
d8f5d13820ef3a7b4bc0469ba93daba33c270485

SHA256
378cfb2fc9fc976dba5de2179be9f8e997b3768ecd41d78ed35f0245575cc448

SHA512
40496e9f23f9156141e05ddac9b838b77cd344d5a7dd64d7b8482f3f969ac69176f910620dbe3d9282e40d31450fe01b1b7b822c02fe565b1de19227a37712ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006e

Filesize
19KB

MD5
5e5ae2374ea57ea153558afd1c2c1372

SHA1
c1bef73c5b67c8866a607e3b8912ffa532d85ccc

SHA256
1ef458d087e95119808d5e5fecbc9604d7805ea4da98170e2c995e967da308f3

SHA512
46059e4a334e0a5295ebcef8401eb94b8fa0971b200f0f9e788ed61edae5018c917efd30b01631cbd6bdadc5240c9fcad2966ea0aa9c94b538bcc369e10bbbaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000070

Filesize
48KB

MD5
df1d27ed34798e62c1b48fb4d5aa4904

SHA1
2e1052b9d649a404cbf8152c47b85c6bc5edc0c9

SHA256
c344508bd16c376f827cf568ef936ad2517174d72bf7154f8b781a621250cc86

SHA512
411311be9bfdf7a890adc15fe89e6f363bc083a186bb9bcb02be13afb60df7ebb545d484c597b5eecdbfb2f86cd246c21678209aa61be3631f983c60e5d5ca94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000071

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000072

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000073

Filesize
67KB

MD5
cc63ec5f8962041727f3a20d6a278329

SHA1
6cbeee84f8f648f6c2484e8934b189ba76eaeb81

SHA256
89a4d1b2e007ac49fc9677d797266268cd031f99aa0766ca2450bff84ac227d1

SHA512
107cf3499a6cf9cdcbfa3ef4c6b4f2cda2472be116f8efa51ff403c624e8001d254be52de7834b2a6ab9f4bcc1a3b19adc0bba8c496e505abbca371ef6c8f877

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000074

Filesize
17KB

MD5
6c2b5934ae37d4ca262ec9f1491b24e5

SHA1
690e66a60faf662529fecb4384252f06fb11a712

SHA256
25437c151150a3e94347ea5bc3e4802b36deb03e21f487f826dfddc250deccaf

SHA512
365bada3c7a4845d638f0cf9fbd89e09d8d2ddfb4c3c6895690b0e61cad9a84bde43cdd08244e8a0c99090660eb9e7ab0443939d37b22a8e877ddd363bb40d21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000075

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000076

Filesize
474KB

MD5
782dffd26455cf41dd4d19bae27a9615

SHA1
46f5793f8c8f6884c6960fdfd5830136833d27ed

SHA256
c440758e3b15674f702e6c3b6bc2ecce7fba31e9711cb77ea9ec1d123df80f2e

SHA512
4f4d97bc04d71ff209177d6797f6f9ab96d956acc58ae03a3c7c2308cf48b458ab5d52d4bbf30c96ac8ee717c36c51ebaf9910b483a6196962e9f2d582073374

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000077

Filesize
26KB

MD5
46d72f6516d89b722b914bbca0d9b021

SHA1
d9149a7cddb848854317eb03b8e1ebfefaeaf572

SHA256
c7d299c9bb315db9c29e791f6bc7418a646aba9a980256871e689d9b781c13a9

SHA512
5ea9392800f8075705619373d2d7f54718cf5f1dbc12c18cde74a8817d6d51a78704347e309ce978598a609e7133adccfdd0524aaee2d88e165901ab49b5199e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000078

Filesize
40KB

MD5
3051c1e179d84292d3f84a1a0a112c80

SHA1
c11a63236373abfe574f2935a0e7024688b71ccb

SHA256
992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3

SHA512
df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000079

Filesize
53KB

MD5
68f0a51fa86985999964ee43de12cdd5

SHA1
bbfc7666be00c560b7394fa0b82b864237a99d8c

SHA256
f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f

SHA512
3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007a

Filesize
52KB

MD5
103f553ec4a834dab1956fcc453aa182

SHA1
d01acd962e4e8a8920be1fef120ac4ef8313bca0

SHA256
7f4bc060374e33deaec419b8123dc6cf3cfac5524912ebb64285846adbfbe79f

SHA512
e1faf17f64f20d9dea51e587f72387cd506dc1dc76064ae3d7d382bdcf7331410ffd26b3c706dc1d93930831e28c1d00c6048163de3d490de835ffee37a8b1a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007b

Filesize
212KB

MD5
0b6383ac415d0b1219a3398c665e0950

SHA1
8859b76d2cf30a4304225c93f06cae6bf132ba40

SHA256
bba0402c2fc7540c6a6ca2509de7a4947bee6cd088a23e5e540c06c3a8899bd4

SHA512
fd23125e2074874bb902ee472431f67d1906bdc27d0e4f7f0e4eca6f8b3feab05284ffe80bfcd5d7fecec0d5fd231619f32052347fab5d7c2f3c9d51bf92320d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007c

Filesize
47KB

MD5
abcdc719204b75b443849e662c50e331

SHA1
e143b1671d4e72bb249c6d14f19429fef677a6e2

SHA256
0e5af9beefa2af0ad9e8da592b4f9de8f29cce2adda77f6bbd5b41d21ab550d3

SHA512
0f757179eb3937f1f610e8d629d3b5263a291ce975157afe364f13283e9e34c58ee2450e80f2d27ff12f8becaa64808e7542329663ece1064a15fbde1727d2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007d

Filesize
38KB

MD5
b8103746b4757c6332fe545f11de8f70

SHA1
588965d6333eb015af39c7f44ce71dfac67fb0f7

SHA256
4177d563a186175d3a67091c399db6c57fc271e202406e244d4bc8ad95b1aebd

SHA512
c83bd52d674d90752dfffeb76971a4f9684054d6f02cfdbe8f336758ac46d8b430f306cc64be00112b8c38d191afd1b8395d58600b12cefcb6a052ab70214ebf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007e

Filesize
21KB

MD5
ec0963f084571ccba8609e51d71bf6ec

SHA1
b4a93e1b2e235488747b17c212ae14e5551c2db9

SHA256
39041d7cca3821b6b33037d88740780d6c1b380cf4973f7a869b101d35b015c3

SHA512
88689aab98763297eb045308d3a1c415bcb0dcb58dc5d3f4338e5c92018666a0b0c5bc2cc444ffe333c4b6ea54f0286a4c6310a9e18d418fba83ff2698be5525

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007f

Filesize
36KB

MD5
2661bff6dabf18be9bcd62fc612912d2

SHA1
6e90a28a20d59b0383f87355b39f05254bfaff20

SHA256
d8be88da29a93137d4e69bdb3b486f9b48ffd789a4e54bc0200acd8decb1a6ae

SHA512
f210e2c8e29ec830fd6d46e60bf714abc224c5d1465a75395060fa6cecdf4d9b627c1208c40ef4c39e52cc1697c38f22c8f1882b30b3daf7eb4602dfe06efc69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000080

Filesize
21KB

MD5
0a903b23eba99ba2b042185f73543440

SHA1
06f18810707cd508f509144a640c9b0e1d283007

SHA256
869aece19c627a8742591ac2ed23db786eacd9c5c9532ddcbfde50b84addb2a5

SHA512
bbb2408f66c421d31febc80bd0ed23674a9662e7bee28f1e2f0239ce6ebbf9aaf031588a3d528103c21468522c9a679872e0de3a6237fa91b21d3656f5c643df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
87ba26e52059d17c3f84e9dae96d2e4a

SHA1
f829d54e19f89b012c0f4f148133edb299965354

SHA256
48a1aa88e1a40708cdbcd9d88eadcdba229301a73cf89bf2af8e5661913907ad

SHA512
fd43e6d7adce18a8aa8c92ca79b317ae44a33e5112c7f983dce48a2f458d247c57196aaeaceaa604a4fe9e8145f4e6256a781fac46c6cb617a7d2b6c1ef5276d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
86a46f7f1bbcb92bd423437358beb1d8

SHA1
b3b3545a978fb808973688df2081d8b9beabe417

SHA256
687fd9c1b78a77cc02243212bc2389554342f95720ef8828071204dbd7526580

SHA512
d67e15ac1f0d887b9824ae55f1c9b5052efe3961969ce992fedfc259c66bddb9e62c029824c4c6cec6029550d0e15c481f023e1b7fafc606833e7c911af825ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
ba878a047ecafbfc6fbb20cf79c8b2e4

SHA1
fedcec983769b50ae71404a8538d6f1bdee6be0e

SHA256
d7ed350f7d0fdab727ca6b3015f00a9d8545b7b8c8f1173045e88b5667438861

SHA512
0cf3626359c302d87beb7bbd9673085d4a2eeb7a31989381d922ae6a0e71f2c357e570a7be7534b1d0cf4b2ba0856ec31d061e92d64218232a79e49db418fa1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnGraphiteCache\data_1

Filesize
264KB

MD5
66de0bbab12a9bff3b453aa9222eec9c

SHA1
c6d2d3195d22102f24e5b9a67e6eeb92ba6502d0

SHA256
09b8510f59070177d3ce68a605569f394a694f7857920d3927cb9f5dd9dec3fc

SHA512
f0893eecd43a760e94a0734c313b26b4f6acf3a3c8b418fcddaa9c6ce7f23f0c848bd6d4e05f5a08702e26474a726bc0c1bb46e92c8c00539160638a505f6b55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
03e5db4623cbfffb79c6e92badd4aefc

SHA1
16826d8c5a4acf7194a9a1b191af4a7e4a423c8a

SHA256
2f4a5a3a1d77bf5a7e44f6e13113a4250f75d378a7c5caa0d790d36bf4e09d69

SHA512
2692a929068e92d0100a12d4228e3d298348b73b07781d141563cc388581a002108c863000348b2fbf36d6913c1e3916b039fc230b51a7ebdb8ae9b06d9b976e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
c8b21412aa62f9cb7f6dcea57a555559

SHA1
bf524c23ecfaa35cd3bb82e0be11ab20b55ef710

SHA256
ed89fc9be52b20efcca2587002013dc80254c3d7911044105a58a223d0038602

SHA512
8d7363b015b3a29c68c5ac70d1ae2c1ebd86850eba3750cb12ee305f757700fd9bbfba84309e2024dfc0b78025eb09fd309d95c9a0b9c9f220774e21d39b686e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
211B

MD5
596e8cf023500b2c5f674b79953eb42b

SHA1
89040e871d0e5a56ca3c625d63bf68445821c28d

SHA256
edc74f51a055aa3e19f3595305367c3e104e5a60a13c2a49d852c72d9129c286

SHA512
3a4639a1940e80c7f988b20731c6a8e171943c85a5da766d3d2f368bc725b4beb65c84dfb1899a9acb512edc2a4596f1b25c24b3dc7b956be15e4d0280bf36e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
211B

MD5
c55a912d8f6142071c66863f8ccd5640

SHA1
40f81c179d58277fdd4d8a83f598b79c4c90b8d0

SHA256
656b2e8c13970cfc0a4190a4c8b73cfeaa09848f979adec19ebf875b5bacd7b0

SHA512
f319bfdfb41f6bebf25d583c2b50945f43380b88bc42cec4168322623070a5e5775e10473418f5a246bf17a1cfafaff3ee5f06a08a1ee79f3f838d81efff2cac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
b8bd89386a63a068782b0be23c9b9006

SHA1
a50f5e1be0090621f3cc90f485de559cd8335a89

SHA256
30cf2b1e9a777b17bb7e6338b1a8150198b599fbacd14bc273dd5ecf8a2412e0

SHA512
98bfb762a6e3158259c8d309c469f6ca3924c75f9c21b33f2d5fca442ea1dfc3fa6aee93addcd325a6b57af65a41a7dab71ba77eac733390a88ddcbacdcb3b71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
3306be977cf8e9df38489caabd98f4a7

SHA1
d1bbe546ef6281c20921199dfda7adeb0dfd7440

SHA256
281ee2ad57beb4698d5b071bb664c5b037a1d6c6b24006c61af4ae6d3579c72a

SHA512
af3dabb858a5902e57be90cf6d26f42bea980ffff39a89536bfcda0d2cbaf9a007c334db5bde1e71e9e78bb3486411655ede94cec516e339efcac87731f45b11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
ddbcfc3c14b59d84449fb071f2c2e921

SHA1
d3edbe7403193af0d5b9b2ba3db2a8e79a8a36ca

SHA256
374de1a7c92cf3486147a86a8be192941e81819e53da15265a4bf370673b6fe2

SHA512
364161aabaa8e6413457e6e0b306eba97fe4014cb0b941c5c2b50d9ca7ae3840fc752ab17e633076e96528108e0fc7c8ae3b6f49343ddd3b5fd1e1d2d022f62f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
ece9cb64d92d636f13d66943c2b4f460

SHA1
b065aa772d6732a105b1c4aa14bc05c958185fdd

SHA256
3994c2b6cc50a79aebb3701b1fac08fa4854231aa43aebdf91259c2e8f3a042b

SHA512
994b8de15e8e63bb7a64c13ff3ecc8660897b93264c137ee37a088cadc8c94677920aa7113f3095b1933c2fc49802e062ffe254c87910c3316a74bd829c8d7de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
51bf0196432d7d684624a3ef9c785d52

SHA1
4192eedaa3520557bf8b70c3f03dec4be4360340

SHA256
cc9b164f709bfaec173d7f4dc64cb4361f0d69ce5e11f7addc9192daf0483e43

SHA512
159404add021ece597c4738ecc5f4447c60b564b92acb5dea90ea0d9d90d9d1081452b329cd3d3b62d1b065d5881df014ed9b57a5ae7bee4d498faffd6bc9997

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
79cb660d827ee9d28a5086fab06b6449

SHA1
9d0ab2faf720e56b07a749118a6c4547a6c873f3

SHA256
452b0773ecfeb3b28b0331d09a5991a4c20da25dc144707829af1635cc0d3f47

SHA512
f8511fde83369b93d2e28995406c6a011469cd9a6c3e43f73534c0d8ebde4892dbc462ca5e5e4c31facb53175d8405ef509b816b3ef1ca07c3805900741fe4f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
ba18efa80943320522efdd6576e7bb88

SHA1
00640acc67dea9e262fcbbdf81d11f9c295e9237

SHA256
2a44f3799354fcaf7819209f5ba756dd376470dfd51ea39a5ec32b1545be2560

SHA512
fd3162c2653007bca5e95f2cecb362aa2b621c9cb19063682837133feae9c87d4c4c0f7c7b24912a81adb38941f2e84fc5436982666bdd98b06e41f270d78240

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
74B

MD5
5f932db1c20e969ba0a634be87ee01e1

SHA1
69526c610898af6c5fba1b7773ef484285577b47

SHA256
8d41be113b5f7bb62effb33dfde256eaf48686094e8257b7320a8863d8c2a87c

SHA512
707797aa46915bd3d9330b51d4345928493e1f466e9207729db6ac271ffc33d26eda499a4ba5fe15e7cfa87668cb669f2f9f4932b6cc5b8190d1e6d00b819ed5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe57f5ca.TMP

Filesize
138B

MD5
0be27070aa078e7eb8df9ea74acb7ddc

SHA1
42af860eef5a8305ef69579523aed04fee679c7c

SHA256
6c8cc132e5391f2e55bd67a1ceab839aa9780922111261703a0b0573acdb51c9

SHA512
6d408d2c2bbe0f12cb3d06b73f02576eba5c8fc835027c779bff1a825bf079333bd8ce6b978b0b9bff952312185a001eb154e0a6dbc487ce63822d8625b91591

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\2\IndexedDB\indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
467B

MD5
792ec5240e9e6cb912af629e941d53d8

SHA1
9aa7d927f1c0c6b8a02cf4b2ddcfc49bb5ce9e0a

SHA256
136104d293d5b2681cf067ebfe25a3b8e80c3d69352ab2c7e635e89907b60af2

SHA512
727bb154be131215e3c74b6abe0a03b84ad36f9711ebf10f838daab75cca70b9c68c3325b3fe1f9b8749b833cd39b59de0689a7ddc97dc1b68bdbd765860f285

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
3fd4abb3655658560510bb1c3d69093f

SHA1
463adf292523900a6c334dd3401857b52258bdea

SHA256
866dd674720cc45b4fa9b3118aa6118c87b7dc8f7787a6ec722370a266b0d053

SHA512
73740356564bebaaedaa23fd0ec172238294c50f5c62c367cac2c01ea951f09c07f1771071d77f35a79e9852dc6fb264c80cbd7bc00787fd202a9f387ba8e850

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
900B

MD5
025da9b23b2c13591e80d27c5b9e0651

SHA1
39e0941c30a0c9db84d9f547d98335dd68053fe9

SHA256
6a14d457da3ed46563ed5cc7d0519c8a669437ea48e846c56c4dadf78b6980f0

SHA512
003cd6680d8e221018d4cf188677d11b0ca682feeb76d77154404cb13b532f3dbc1527c31eef92c47d3fed1436fd8a331d69a2caccb867ee3d9092ae2bda4df6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
13B

MD5
3e45022839c8def44fd96e24f29a9f4b

SHA1
c798352b5a0860f8edfd5c1589cf6e5842c5c226

SHA256
01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd

SHA512
2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
61KB

MD5
47bf35003346df50a3efa664db0e3605

SHA1
26fcf94cf3c2dea1f2805f3a527f26188fbcbb0d

SHA256
d2f918dfa5a4a142c753735527507e319995c0a649f46012400943c96158c8d3

SHA512
dd905840ed3e0c8eee5a4e60b08abe11554419c3a8e486c17d4c9e2dec42c9116b2c6d914fc9718b83668c74f9abf2b1dda07908bbb9d1647fe1725b5ac34eac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
54KB

MD5
0821b4081b57ba18558fc1aed3b8c116

SHA1
abf1158baeef4c864c0199498255ebc2e881cf91

SHA256
7c44db901ee99db33bf75854faf0e32be5b58df42344dd55a19a89ddd81023c9

SHA512
6f6d80d26b61b20ee20fd60dfa2fbd11d4d49d42f0dee7a05e88a5f3bc7ffdf6e92bac2c7bc35cbbb7a04dfd0a9cd37603b8d8a7c71a2b8623d69b7bd402a424

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
61KB

MD5
06d6f796400e46b5e2463419a5c98066

SHA1
05649b3a2bd784c4d3a4f3b5b90516d58615cdd4

SHA256
fceb484781a45c4bd73d0986e68783e9682bae551963020c571d0470f5a61c1c

SHA512
dcd4fe6cf6bb179d24d04c35d2897dcc9c11c456584c223d02e1b5520cb89abdf36e3ad097e8e9b7e7506f9f8ba3203bdf6dcf09cd9932264c8f392d05bee89f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
049e59f45d9a41c8e08a6550ab00cf81

SHA1
0e9b2726cd108b6ae0298cd4c59671a96535a0b0

SHA256
840df7781278d09683d31192a7882c4a11fcab633bf7ecea71334922b1f3fdf7

SHA512
576b41fc629a6ae748942b7d8aaac0f60d5078045cb3796d64fc7a39f250f0dda59f54eff44ec4bea3f980de0f347d33b976f6449c560cb1698263d74c85b6bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
86626e57fbab5376637bf6e7c3a425eb

SHA1
a58aeb7e24d17899376090e561fa5e4e72f53fee

SHA256
e362601f507dead7e095d1d16aaf20708f2922df0ebcc8754eb0f56789185d59

SHA512
dc76673c519fc9ea1671f47ae1b8d50c13902bb659610fb08a10bbc289463e8d8c88c7ebcad3db0427cb7cbf3e56892ad72ad365e0fc0fa7d81ed40137b69923

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
767be9490679198dd50ceb3410ce3453

SHA1
afe8a26e49bf0c2679613fb7e61f4373c598d92d

SHA256
9203b3aab2386616608f2ad953d952c09dc0a58e6f0351c2f7e61519559d0735

SHA512
d2baa18dbda530077bd3869bac440a6b4fdb7bd0a38580f0f65b96f8a0e6220c0744b730e534a929d8426d7e50b953d3d6b787b218da583afd0ea3d9f218b221

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
4cf9e94865c06fa3c69c84ac05875d9a

SHA1
c639fa39ef4bbbcf138be3519dc0580fb6459437

SHA256
551a54b82072a3cc9c8264bc5169860a903afe4133efcf2d3a038975092645da

SHA512
8c97b5e2f2d63db28175284d2d04d803b93c849e0c1c2965431f185a2dbe38a8150779cc405e8738b61e408f9a932a0a111906c0ff43df3f8fdef8c5dc3a657d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
3e4e452a072f8964a6fa401b5cfa6fcc

SHA1
8570bf8cf7a933e5c183304cb72f40416fe4270b

SHA256
63816f56252978f70c2d76bb1013980bc217da5b24db2921ff500152984ed4cd

SHA512
b42ea5d9d8911a217c1ccbe42fd4b35d25847995a94e1e5a7b1cb97b54c4e9699f30edcaedd55bd3edc5c5043b329ed0ffa2022f686aaed831e2dc8c3f4e8373

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe58534b.TMP

Filesize
392B

MD5
099a18267ba3fd401795f18bb9f63f84

SHA1
2f10b1fdac83f3fc135b2f3ba81c322461426657

SHA256
14e71915ef9ac52992b0fdfc261e16f2285ea75f3e2a775fa291f49a412df1d9

SHA512
2a8a5dfb8bb3c9add30cff6bc60d65cb6884ac2d212b0511f9583ca63ad85f9dbd973133c817c6fa9f3951b04c4ce538c6a5d55fbbf1e33e3e9e702ea405fdfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
f1cec000c4e4f0eaefe72466872144be

SHA1
dc9c83b328799df91815b15b07dc14f2e1e794de

SHA256
13b2cfcf52ab134dc04a9b764400b689effcb5b92819cebde8b0721677d09a2d

SHA512
538e8007f22e27b4424a56c3256d7431e4b3f29d522bdfca095ac1c8e6eb7826836f03cdf2c2d159778b9506de2bc80ea49c8daf00aa4818d4db1d62b3000501

Download Submit
C:\Users\Admin\Downloads\builder.exe

Filesize
469KB

MD5
c2bc344f6dde0573ea9acdfb6698bf4c

SHA1
d6ae7dc2462c8c35c4a074b0a62f07cfef873c77

SHA256
a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db

SHA512
d60cf86c0267cd4e88d21768665bbb43f3048dace1e0013b2361c5bfabf2656ff6215dfb75b6932e09545473305b4f707c069721cdde317b1df1709cd9fc61c0

Download Submit