hxxps://drive[.]google[.]com/file/d/1fQybrjc4eLszyruftxvkIimzx48pQRT6/view?usp=sharing

Analysis

max time kernel
51s
max time network
52s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
14/04/2025, 18:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1fQybrjc4eLszyruftxvkIimzx48pQRT6/view?usp=sharing

Score

6^/10

microsoft discovery phishing

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
6	drive.google.com
7	drive.google.com
11	drive.google.com
15	drive.google.com
24	drive.google.com

Detected potential entity reuse from brand MICROSOFT. 2 IoCs

phishing microsoft

flow	pid	Process
267	1396	msedge.exe
262	1396	msedge.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\_locales\nl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\_locales\lt\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\_locales\en\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\_locales\el\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\_locales\bg\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\_locales\zh_TW\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\_locales\ml\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\_locales\de\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\_locales\pt_BR\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\_locales\zh_CN\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\_locales\ne\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\service_worker_bin_prod.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\_locales\da\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\_locales\si\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\_locales\ur\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\_locales\sl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\_locales\fr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\128.png	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\_locales\mn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\_locales\id\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\offscreendocument_main.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\_locales\hr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\_locales\uk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\_locales\hu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\_locales\cy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\_locales\ar\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\_locales\sw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\_locales\hy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\_locales\no\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\_locales\pl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\_locales\sr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\_locales\kn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\_locales\sk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\dasherSettingSchema.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\_locales\gl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\_locales\ms\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\_locales\en_GB\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\_locales\zu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\_locales\es\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\_locales\kk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\_locales\am\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\_locales\en_US\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\_locales\it\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\_locales\az\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\_locales\en_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\_locales\es_419\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\_locales\ka\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\_locales\lv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\_locales\iw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\_locales\ru\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\_locales\tr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\_locales\ta\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\_locales\vi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\_locales\ja\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\_locales\sv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\_locales\fil\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\_locales\km\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\_locales\ko\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\_locales\gu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\_locales\is\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\_locales\th\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1758164992\manifest.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133891301315351729"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-446031748-3036493239-2009529691-1000\{05CA52E1-84C1-4CE1-94AA-766F1FCE85C2}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
5324	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5324 wrote to memory of 3320	5324	msedge.exe	84
PID 5324 wrote to memory of 3320	5324	msedge.exe	84
PID 5324 wrote to memory of 1396	5324	msedge.exe	85
PID 5324 wrote to memory of 1396	5324	msedge.exe	85
PID 5324 wrote to memory of 2120	5324	msedge.exe	86
PID 5324 wrote to memory of 2120	5324	msedge.exe	86
PID 5324 wrote to memory of 2120	5324	msedge.exe	86
PID 5324 wrote to memory of 2120	5324	msedge.exe	86
PID 5324 wrote to memory of 2120	5324	msedge.exe	86
PID 5324 wrote to memory of 2120	5324	msedge.exe	86
PID 5324 wrote to memory of 2120	5324	msedge.exe	86
PID 5324 wrote to memory of 2120	5324	msedge.exe	86
PID 5324 wrote to memory of 2120	5324	msedge.exe	86
PID 5324 wrote to memory of 2120	5324	msedge.exe	86
PID 5324 wrote to memory of 2120	5324	msedge.exe	86
PID 5324 wrote to memory of 2120	5324	msedge.exe	86
PID 5324 wrote to memory of 2120	5324	msedge.exe	86
PID 5324 wrote to memory of 2120	5324	msedge.exe	86
PID 5324 wrote to memory of 2120	5324	msedge.exe	86
PID 5324 wrote to memory of 2120	5324	msedge.exe	86
PID 5324 wrote to memory of 2120	5324	msedge.exe	86
PID 5324 wrote to memory of 2120	5324	msedge.exe	86
PID 5324 wrote to memory of 2120	5324	msedge.exe	86
PID 5324 wrote to memory of 2120	5324	msedge.exe	86
PID 5324 wrote to memory of 2120	5324	msedge.exe	86
PID 5324 wrote to memory of 2120	5324	msedge.exe	86
PID 5324 wrote to memory of 2120	5324	msedge.exe	86
PID 5324 wrote to memory of 2120	5324	msedge.exe	86
PID 5324 wrote to memory of 2120	5324	msedge.exe	86
PID 5324 wrote to memory of 2120	5324	msedge.exe	86
PID 5324 wrote to memory of 2120	5324	msedge.exe	86
PID 5324 wrote to memory of 2120	5324	msedge.exe	86
PID 5324 wrote to memory of 2120	5324	msedge.exe	86
PID 5324 wrote to memory of 2120	5324	msedge.exe	86
PID 5324 wrote to memory of 2120	5324	msedge.exe	86
PID 5324 wrote to memory of 2120	5324	msedge.exe	86
PID 5324 wrote to memory of 2120	5324	msedge.exe	86
PID 5324 wrote to memory of 2120	5324	msedge.exe	86
PID 5324 wrote to memory of 2120	5324	msedge.exe	86
PID 5324 wrote to memory of 2120	5324	msedge.exe	86
PID 5324 wrote to memory of 2120	5324	msedge.exe	86
PID 5324 wrote to memory of 2120	5324	msedge.exe	86
PID 5324 wrote to memory of 2120	5324	msedge.exe	86
PID 5324 wrote to memory of 2120	5324	msedge.exe	86
PID 5324 wrote to memory of 2120	5324	msedge.exe	86
PID 5324 wrote to memory of 2120	5324	msedge.exe	86
PID 5324 wrote to memory of 2120	5324	msedge.exe	86
PID 5324 wrote to memory of 2120	5324	msedge.exe	86
PID 5324 wrote to memory of 2120	5324	msedge.exe	86
PID 5324 wrote to memory of 2120	5324	msedge.exe	86
PID 5324 wrote to memory of 2120	5324	msedge.exe	86
PID 5324 wrote to memory of 2120	5324	msedge.exe	86
PID 5324 wrote to memory of 2120	5324	msedge.exe	86
PID 5324 wrote to memory of 2120	5324	msedge.exe	86
PID 5324 wrote to memory of 2120	5324	msedge.exe	86
PID 5324 wrote to memory of 2348	5324	msedge.exe	87
PID 5324 wrote to memory of 2348	5324	msedge.exe	87
PID 5324 wrote to memory of 2348	5324	msedge.exe	87
PID 5324 wrote to memory of 2348	5324	msedge.exe	87
PID 5324 wrote to memory of 2348	5324	msedge.exe	87
PID 5324 wrote to memory of 2348	5324	msedge.exe	87
PID 5324 wrote to memory of 2348	5324	msedge.exe	87
PID 5324 wrote to memory of 2348	5324	msedge.exe	87
PID 5324 wrote to memory of 2348	5324	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1fQybrjc4eLszyruftxvkIimzx48pQRT6/view?usp=sharing
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:5324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2f0,0x7ffe457df208,0x7ffe457df214,0x7ffe457df220
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1824,i,14494970227771139988,12016576545371216681,262144 --variations-seed-version --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Detected potential entity reuse from brand MICROSOFT.
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2172,i,14494970227771139988,12016576545371216681,262144 --variations-seed-version --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2440,i,14494970227771139988,12016576545371216681,262144 --variations-seed-version --mojo-platform-channel-handle=2924 /prefetch:8
  2⤵
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3496,i,14494970227771139988,12016576545371216681,262144 --variations-seed-version --mojo-platform-channel-handle=3612 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3484,i,14494970227771139988,12016576545371216681,262144 --variations-seed-version --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4968,i,14494970227771139988,12016576545371216681,262144 --variations-seed-version --mojo-platform-channel-handle=5004 /prefetch:2
  2⤵
  PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=5216,i,14494970227771139988,12016576545371216681,262144 --variations-seed-version --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5380,i,14494970227771139988,12016576545371216681,262144 --variations-seed-version --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5396,i,14494970227771139988,12016576545371216681,262144 --variations-seed-version --mojo-platform-channel-handle=5452 /prefetch:8
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5852,i,14494970227771139988,12016576545371216681,262144 --variations-seed-version --mojo-platform-channel-handle=5872 /prefetch:8
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6196,i,14494970227771139988,12016576545371216681,262144 --variations-seed-version --mojo-platform-channel-handle=6216 /prefetch:8
  2⤵
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6196,i,14494970227771139988,12016576545371216681,262144 --variations-seed-version --mojo-platform-channel-handle=6216 /prefetch:8
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6508,i,14494970227771139988,12016576545371216681,262144 --variations-seed-version --mojo-platform-channel-handle=6620 /prefetch:8
  2⤵
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6636,i,14494970227771139988,12016576545371216681,262144 --variations-seed-version --mojo-platform-channel-handle=6380 /prefetch:8
  2⤵
  PID:5376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --always-read-main-dll --field-trial-handle=6860,i,14494970227771139988,12016576545371216681,262144 --variations-seed-version --mojo-platform-channel-handle=6852 /prefetch:1
  2⤵
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7036,i,14494970227771139988,12016576545371216681,262144 --variations-seed-version --mojo-platform-channel-handle=7080 /prefetch:8
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7008,i,14494970227771139988,12016576545371216681,262144 --variations-seed-version --mojo-platform-channel-handle=7060 /prefetch:8
  2⤵
  PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7016,i,14494970227771139988,12016576545371216681,262144 --variations-seed-version --mojo-platform-channel-handle=7108 /prefetch:8
  2⤵
  PID:5364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6044,i,14494970227771139988,12016576545371216681,262144 --variations-seed-version --mojo-platform-channel-handle=5420 /prefetch:8
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --always-read-main-dll --field-trial-handle=6528,i,14494970227771139988,12016576545371216681,262144 --variations-seed-version --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:5812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=6908,i,14494970227771139988,12016576545371216681,262144 --variations-seed-version --mojo-platform-channel-handle=6912 /prefetch:1
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=7028,i,14494970227771139988,12016576545371216681,262144 --variations-seed-version --mojo-platform-channel-handle=6368 /prefetch:1
  2⤵
  PID:808

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:3144

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:5912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:5576

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
8625e8ce164e1039c0d19156210674ce

SHA1
9eb5ae97638791b0310807d725ac8815202737d2

SHA256
2f65f9c3c54fe018e0b1f46e3c593d100a87758346d3b00a72cb93042daf60a2

SHA512
3c52b8876982fe41d816f9dfb05cd888c551cf7efd266a448050c87c3fc52cc2172f53c83869b87d7643ce0188004c978570f35b0fcc1cb50c9fffea3dec76a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000098

Filesize
29KB

MD5
17a531565b004fa6c21d2d194b36c141

SHA1
4ee89c121d91f13b5a8205d04421f47e6f548ff7

SHA256
1af0c5d03e58e9dc3df95a2dcc9f0972bb2b8af4b9ea723231111122c5d20587

SHA512
8f9593ee1dcb6dac11dd65337a762b7e9d985b782c8a7b0269df24fa3d630382fbe85b4fd5ddaf59ff9f2a68f54309883af7a5ed5b7a8d122fdd1b3eee92f53b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
cef787fdd5f7a0954b824c338daba85b

SHA1
7b31586058163c46e29dfec939aafc1a4cc71fe9

SHA256
e0ca92b662efc0a0b3a51cf4ff14e53689d6e4ac588ad305741dbb6c08feef3e

SHA512
baabcbc8b4bf1691820ee012b3534d2921d94856c9bdb4ec1b7f852cb09c90faf87704d4cbc2209ba720090f1f6577eac9ac01219a22e6032b15cf8c544c3451

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57d7b3.TMP

Filesize
3KB

MD5
8a73bac662a9ad075375b34acc41ed47

SHA1
aa36393a9f5205e77b6b585e022927bff8da4acf

SHA256
45f7f338becb34e5ca81bb2d793d938f66208dfe03e650f1141cad882aeba9af

SHA512
1bb6ff68bfd39f13a976f52673e33028a4b2cdbfb693bf746b46b92450ff36f0240b30626e900a1992f7f6d86da5be46104e43ac0a3b6d1d8d2d48f02c3d9887

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
2b66d93c82a06797cdfd9df96a09e74a

SHA1
5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

SHA256
d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

SHA512
95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\LOG.old

Filesize
341B

MD5
844d78c6a7ecccbf8905e08d357c0d67

SHA1
f2f3cc06097c7393ae168ec95a001eb430f8a918

SHA256
b573ee01c1f768bc9e98ebba6348b38dd353826e8adccca53e3293df1537ea76

SHA512
2a39b5dcf08a3d932401cb3c4b5a5fb7d10a89f7fb16423563099250354daa33860e801d81e99ffab5917650afc67cadf8beec148398d36153a4dc0dfe66e469

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Platform Notifications\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
c64493669d80b7358d348ec2e56c92a7

SHA1
ed854faf5764194810f9067be6b7a63b6e9e3052

SHA256
10c3d8ee865688d17c26f194f89bdd57bf7ea725abd9eed4468d4fe736e8d9e0

SHA512
8f071261f7e87fdfd509b2281868eca6099bc7b740d3345b8f3b159b5ac01fde6ce95ff332bc35a866dad617676ca8892ed5297db96439fa2f75a671365f5958

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
f9d5ea9692a4175a48e5c4c9a00dab8c

SHA1
4d0ffa8c8f9acdcec7f83f3c7519320b321983fa

SHA256
6cd9b9ef9800b258d69df3ef8e4c746d63e16f4e55bd9c309b071d71521d1881

SHA512
028e3d84a1e547bb8678efa0e05388c28ffb9adc1475ca725a6d601629453b87e614035ba62503c3e0c8c32e352df66fbcebe94c1c92491ccf881a978b6a8c54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
b272280d1183162bc5c657e3470c8d51

SHA1
0c3cc16cd54e3d368fdb71157ba8fe6c66fefb14

SHA256
dbcbfba15933ff17b6c9ebc2ef4b82ab5f743afd378d9a3c7e3f34eabf3f284f

SHA512
487df078c4348981683e84af63a862543354595a15070f680df4bd0e47cb5ffaec696da7c4710cdafbad01e82193a34ed71f780173a9b7d83b7ba1b929eadefa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
39KB

MD5
3de795c8a8fbe6b9aae45f273f54f909

SHA1
1db50ea3452b2613f3d80a185f6b6d70eb24abc2

SHA256
f2848b605b5dae8fa74b2b37e1eea5c90d2bae10f5ba3e1659e8033c39c774cf

SHA512
7c9dca76e414fb8a4f69eae579e9ac1f8311881c650b587cab6a00585aa99e23bf906456ac21071cbae79d5127df6a957b6c3ec304504877e3841e05d80ee120

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
327B

MD5
d3882028c0f22584f13842ce2b372a57

SHA1
62230f862fe2da4b3eb3d52db3eb7560d823dcb7

SHA256
7e8653aca899f243677eeb090b40e2621168101de24af03b2fef239ad8c4f220

SHA512
0c46ba20e13ecc0554d47154f6c1268faf4cee344204d368f50b2ddf9544374229fad73000b6fc588163dd8e7dbf3d77f4fe95b2f54bd6272605e10e61cdeb4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
3c6e9f79693ff28c954b5c62abd17f86

SHA1
ba9ed19d8bd63786cafaba2150844550d8ea53fb

SHA256
43bb59ef7eedf452d6e89d84647434ce8607494559fa08ed6ac7d535427366db

SHA512
4aa4e629fb9f3bd3baf672f34f93a29a23efa2be3e93bd712054fcec84b3ab88be5bf87a13fe621da2532f329606d92b0ed965a141c92ac8cfde3d6428ba46c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57c505.TMP

Filesize
72B

MD5
eb6efd2202dd267a70f5ddb6982031e0

SHA1
d8f90623d1ddd1b302786f189a1b336a5fb2aeff

SHA256
d439e53b7588656767d9dfbeaeafae08d89dfbcd0318fd49b61ab9e7484d09ab

SHA512
91e5d76b853fb4df228825b52b748276864dc99f790a04051c0a4494d940be0405d4c4a36349c0586a3cf45fccf016365efa6e896bcb39843fc1e42cf7fc0724

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
7a3289ebb8f592a95d6849186a84e13e

SHA1
fb3b5878a85699a62627ba3805c2232409926701

SHA256
9fbd4e42289cf28d8a05d0d9ee2c32351a85a5b497ac3aa83af0585332a12791

SHA512
41d9cffd1658ddac2d148fd502eb9c685be00df3f711483a508760bfdc48c4bc6bc3072be3ca9ae801caa539f955f4bf7808cf111e5806414072c070bf349597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
31a57a570dd6acc7267fbbc9e6c8dc1a

SHA1
04f5d3beb98176faa675b004afe3c9fd8b113092

SHA256
7c41314b8c8d779b808a60c1b8955769c006b6d57783f3d73b6f09922d5df4c0

SHA512
4fa976ae65ce7fdd9aa580b21e7a4bd6dce1d9892c6767e89af06b1c92308b13bff9b9ee258910ca612e9bec64704790cf53a9a0dc6e9b84c87fc16fe639375f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
adce378a2ae0a554e67676e9bd9666f3

SHA1
02d8078497fc47560ba9f553a6c00b2cf78e9e6b

SHA256
2e3cafaa05d563365aded2347bb8b3c8183b027855ad44682fa10c60d9d708b2

SHA512
851da3d2c7f6f760ef2cbc8bf5f7022d0a18d94640f1aaaeed16ca380f939b117aea4d99dc76da218772273bb939a5717198907a0e049d370e00e9e8a2e07f27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
3b11870526f17586cc43bffb16930169

SHA1
c4d0cbc10a25a98a72dd7dcc17d364e4db7550f9

SHA256
114829611dc5c9a137668710d06d926035119921e19dbfdee577797ceebbaf14

SHA512
15bba11f2f72b6a3bad753263e7de5c193005569db8f9e29a04c7b38d91ab4610d3ae52b018864ee00f2511b4d882a01d6527d4307ca28bceefeb0c78db8744f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
649746377a60bee4fa806e7fbb7a80df

SHA1
99bdca2ebc6d50da49957f1ba62ed9ec972c7e1e

SHA256
b4ed9f18232efe87cd6b75292289026e500ccd5edcbec6c397d1dbaadc164269

SHA512
f514cd5ff299569b7c8ee7b225a9a6924994c8202381c2ea47266e7d473d083f07cde50079462aa77fdcea666bdabd730cc827e562783ebd5a5f1d3b0bb5693c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
57ed2a069e3cce39f53bcf3c29dc5d13

SHA1
88012b7f939015de4dddca350dab442d34c349f8

SHA256
93d8e631264ca862775ff69f6fd83c846cb3e7735e203f22e432d6e3877fb84e

SHA512
700316870231e7cc7743cc4ddce6b4cc8781916276948de8ac4987896265a061ee8db0b576cfbbe359c1c868a56061e67c47d259023d3cfcf5aae6d8f65b77c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
c6da773bb92ef414e7954ed00390e177

SHA1
b2932866b62d3536bee9c81a32533dba1c30d30d

SHA256
b128ee55035c6eb1c936c9e51d24f36913d8a9c9612666499c524291ce704629

SHA512
b747d6b7db7cf0156dbb8d2d14a70c65d4b97af86e736c2ca44f331f6f087c2207a31709678b8e11cd19fa2fd21e19b366a236558a47c4b9ac94161ec54ae1f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe5816a0.TMP

Filesize
392B

MD5
162c9caac9630e6e67c1dd1320172487

SHA1
b4569ab72f54d58a386b264da200e0fe471946f4

SHA256
6bf0be7dae068ec2072c8fdffa115d3780e5d703394fa94dfa0f19910a078c4d

SHA512
22dbcec86980f014b1fb665d553cf39ba3cfa67bca2edc357cd7e4fb85f512a7233d68c9e462410a24e45243ee511239a43cdc05eb1522848eaeceeee27d9926

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
551c5b36078b405d1aa1587327809131

SHA1
0ffc049afa7b1e72c14af7878db7cee9db258226

SHA256
0d689af725b074865d6119f717baf7b1f3225f5c694cede916466ee5410d981f

SHA512
9acad05eaeb0a28d975057842d5cfd50860b9d0507f475db5406d131f7562131fac6a025229d148ddacfb8bf1966400588d0d74a924394a9ddaf9811e07fee2c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v16

Replay Monitor

Loading Replay Monitor...

Downloads