neshta | 6a7edb32ef8f95313685dd4d046bd3ddabf086d4755c87e30df892d556a0a549

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
15/04/2025, 04:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe
Size

7.4MB
MD5

bf0d2cb47a218caf0a5299944be62c17
SHA1

80af3cb9f7449b42614c95742e59a59bce8b2f8d
SHA256

6a7edb32ef8f95313685dd4d046bd3ddabf086d4755c87e30df892d556a0a549
SHA512

9f448c9b03d70b8f7a5a920f8a34e630e69a83e55c081b00b4dcc1620b99b3a64707ab3565c4ad968fe2d056cef4e650de8b2ee9d9965a68b9fc4c54fd2b2e89
SSDEEP

98304:AotKEyDyaM5p+Wn4xTJkKDWbjf4Lv2ogKRlMOQSQ:RtKEyDyaVTgjWsMrvQ

Score

10^/10

neshta discovery persistence spyware stealer

Malware Config

Signatures

Detect Neshta payload 52 IoCs

resource	yara_rule
behavioral1/files/0x000600000002031a-85.dat	family_neshta
behavioral1/memory/4640-722-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral1/files/0x0001000000022f86-733.dat	family_neshta
behavioral1/files/0x00070000000242ca-761.dat	family_neshta
behavioral1/memory/4944-779-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral1/files/0x0006000000020329-909.dat	family_neshta
behavioral1/files/0x0004000000020405-908.dat	family_neshta
behavioral1/files/0x000100000002038b-907.dat	family_neshta
behavioral1/files/0x0004000000020444-906.dat	family_neshta
behavioral1/files/0x00010000000203a3-905.dat	family_neshta
behavioral1/files/0x0004000000020432-904.dat	family_neshta
behavioral1/files/0x0001000000020390-903.dat	family_neshta
behavioral1/files/0x0001000000020321-902.dat	family_neshta
behavioral1/files/0x0004000000020431-901.dat	family_neshta
behavioral1/files/0x000600000002030e-900.dat	family_neshta
behavioral1/files/0x0006000000020312-898.dat	family_neshta
behavioral1/files/0x000700000002037a-897.dat	family_neshta
behavioral1/files/0x000400000002043f-896.dat	family_neshta
behavioral1/files/0x0001000000021619-921.dat	family_neshta
behavioral1/files/0x0002000000020409-920.dat	family_neshta
behavioral1/files/0x00010000000215c6-927.dat	family_neshta
behavioral1/files/0x0001000000023443-929.dat	family_neshta
behavioral1/files/0x00010000000215c5-926.dat	family_neshta
behavioral1/files/0x00010000000215c4-923.dat	family_neshta
behavioral1/files/0x00010000000226c2-922.dat	family_neshta
behavioral1/files/0x0008000000020333-919.dat	family_neshta
behavioral1/files/0x0006000000020331-918.dat	family_neshta
behavioral1/files/0x000300000001ec06-987.dat	family_neshta
behavioral1/files/0x000300000001ecfd-986.dat	family_neshta
behavioral1/files/0x000300000001e8d8-985.dat	family_neshta
behavioral1/files/0x000300000001e8cf-984.dat	family_neshta
behavioral1/files/0x000300000001e8ac-983.dat	family_neshta
behavioral1/files/0x000300000001e8a6-982.dat	family_neshta
behavioral1/files/0x000100000002306a-981.dat	family_neshta
behavioral1/files/0x0001000000023068-980.dat	family_neshta
behavioral1/files/0x0001000000023002-978.dat	family_neshta
behavioral1/files/0x0001000000022ffd-977.dat	family_neshta
behavioral1/files/0x0001000000022ff7-975.dat	family_neshta
behavioral1/files/0x0001000000022ff5-974.dat	family_neshta
behavioral1/files/0x000100000002303a-973.dat	family_neshta
behavioral1/files/0x0001000000022f81-972.dat	family_neshta
behavioral1/files/0x0001000000022f80-971.dat	family_neshta
behavioral1/files/0x0001000000022f72-970.dat	family_neshta
behavioral1/files/0x0001000000022f70-969.dat	family_neshta
behavioral1/memory/5360-1000-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral1/memory/5224-1014-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral1/memory/4640-1019-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral1/memory/4156-1029-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral1/memory/4640-1093-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral1/memory/4156-1094-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral1/memory/4640-1111-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral1/memory/4156-1110-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta

Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
persistence spyware neshta
Neshta family
neshta

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

description	pid	Process	procid_target
PID 4156 created 2656	4156	identity_helper.exe	44

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation	2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe
Key value queried	\REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation	identity_helper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation	setup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\Control Panel\International\Geo\Nation	setup.exe

Executes dropped EXE 12 IoCs

pid	Process
3936	2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe
1612	2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe
5264	identity_helper.exe
4156	identity_helper.exe
4944	svchost.com
3096	IDENTI~1.EXE
5360	setup.exe
5224	svchost.com
2448	setup.exe
2796	setup.exe
2668	setup.exe
4944	setup.exe

Modifies system executable filetype association 2 TTPs 1 IoCs

persistence

Modify Registry

T1112

Change Default File Association

T1546.001

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*"	2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\PROGRA~2\Adobe\ACROBA~1\Reader\FULLTR~1.EXE	2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe
File opened for modification	C:\PROGRA~2\INTERN~1\iexplore.exe	2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe
File opened for modification	C:\PROGRA~2\MICROS~1\EdgeCore\132029~1.140\ELEVAT~1.EXE	2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe
File opened for modification	C:\PROGRA~3\MICROS~1\CLICKT~1\{9AC08~1\INTEGR~1.EXE	2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5428_94832150\manifest.json	msedge.exe
File opened for modification	C:\PROGRA~2\WINDOW~4\wmpshare.exe	identity_helper.exe
File opened for modification	C:\PROGRA~2\INTERN~1\ExtExport.exe	2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\69000d6f-e4b1-4f97-87e6-7f36cef6a54e.tmp	setup.exe
File opened for modification	C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADelRCP.exe	2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe
File opened for modification	C:\PROGRA~2\INTERN~1\ieinstal.exe	2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe
File opened for modification	C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\133030~1.69\notification_click_helper.exe	2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5428_1600328928\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5428_1801855145\manifest.fingerprint	msedge.exe
File opened for modification	C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\133030~1.69\elevated_tracing_service.exe	2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe
File opened for modification	C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\133030~1.69\identity_helper.exe	2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe
File opened for modification	C:\PROGRA~2\MICROS~1\EDGEUP~1\13147~1.37\MI9C33~1.EXE	2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe
File opened for modification	C:\PROGRA~3\PACKAG~1\{4D8DC~1\VC_RED~1.EXE	2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe
File opened for modification	C:\PROGRA~2\WINDOW~4\wmlaunch.exe	identity_helper.exe
File opened for modification	C:\PROGRA~2\WINDOW~4\wmprph.exe	identity_helper.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5428_1711679484\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5428_1801855145\deny_domains.list	msedge.exe
File opened for modification	C:\PROGRA~2\INTERN~1\ExtExport.exe	identity_helper.exe
File opened for modification	C:\PROGRA~2\WI8A19~1\ImagingDevices.exe	identity_helper.exe
File opened for modification	C:\PROGRA~2\MICROS~1\EdgeCore\132029~1.140\MSEDGE~2.EXE	2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe
File opened for modification	C:\Program Files\MsEdgeCrashpad\settings.dat	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\3d55fb17-9150-4538-b719-e7f0baf8e7cc.tmp	setup.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5428_1711679484\sets.json	msedge.exe
File opened for modification	C:\PROGRA~2\MICROS~1\EdgeCore\132029~1.140\BHO\IE_TO_~1.EXE	2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe
File opened for modification	C:\PROGRA~2\MICROS~1\EDGEUP~1\13147~1.37\MICROS~3.EXE	2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe
File opened for modification	C:\PROGRA~2\MICROS~1\EDGEUP~2\13195~1.43\MICROS~4.EXE	2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe
File opened for modification	C:\PROGRA~2\WINDOW~4\wmpshare.exe	2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe
File opened for modification	C:\PROGRA~3\PACKAG~1\{61087~1\VCREDI~1.EXE	2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe
File opened for modification	C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROBR~1.EXE	2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe
File opened for modification	C:\PROGRA~2\MICROS~1\EdgeCore\132029~1.140\COOKIE~1.EXE	2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe
File opened for modification	C:\PROGRA~2\MICROS~1\EdgeCore\132029~1.140\IDENTI~1.EXE	2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe
File opened for modification	C:\PROGRA~2\MICROS~1\EDGEUP~1\13147~1.37\MICROS~1.EXE	2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe
File opened for modification	C:\PROGRA~2\WINDOW~2\wab.exe	2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe
File opened for modification	C:\PROGRA~3\PACKAG~1\{CA675~1\VCREDI~1.EXE	2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe
File opened for modification	C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADOBEC~1.EXE	2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe
File opened for modification	C:\PROGRA~2\Adobe\ACROBA~1\Reader\plug_ins\PI_BRO~1\32BITM~1.EXE	2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe
File opened for modification	C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\PWAHEL~1.EXE	2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe
File opened for modification	C:\PROGRA~2\MICROS~1\EDGEUP~2\13195~1.43\MIA062~1.EXE	2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe
File opened for modification	C:\PROGRA~3\PACKAG~1\{63880~1\WINDOW~1.EXE	2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe
File opened for modification	C:\PROGRA~2\WINDOW~4\wmplayer.exe	identity_helper.exe
File opened for modification	C:\Program Files\msedge_installer.log	setup.exe
File opened for modification	C:\Program Files\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\PROGRA~2\Adobe\ACROBA~1\Reader\WOW_HE~1.EXE	2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe
File opened for modification	C:\PROGRA~2\WINDOW~2\wabmig.exe	identity_helper.exe
File opened for modification	C:\Program Files\MsEdgeCrashpad\metadata	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\2668_13389164069367490_2668.pma	setup.exe
File opened for modification	C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\133030~1.69\BHO\ie_to_edge_stub.exe	2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe
File opened for modification	C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\133030~1.69\elevation_service.exe	2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe
File opened for modification	C:\PROGRA~2\MICROS~1\EDGEUP~1\13147~1.37\MICROS~2.EXE	2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe
File opened for modification	C:\PROGRA~2\MICROS~1\EDGEUP~2\13195~1.43\MICROS~3.EXE	2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe
File opened for modification	C:\PROGRA~3\PACKAG~1\{D87AE~1\WINDOW~1.EXE	2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5428_1711679484\manifest.fingerprint	msedge.exe
File opened for modification	C:\Program Files\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\javaw.exe	2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe
File opened for modification	C:\PROGRA~2\MICROS~1\EDGEUP~1\13147~1.37\MICROS~4.EXE	2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe
File opened for modification	C:\PROGRA~2\MICROS~1\EDGEUP~1\13147~1.37\MID1AD~1.EXE	2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe
File opened for modification	C:\PROGRA~2\WINDOW~4\wmpconfig.exe	2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5428_94832150\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5428_1801855145\deny_full_domains.list	msedge.exe
File opened for modification	C:\PROGRA~2\INTERN~1\ielowutil.exe	2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe

Drops file in Windows directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\svchost.com	svchost.com
File opened for modification	C:\Windows\directx.sys	setup.exe
File opened for modification	C:\Windows\svchost.com	setup.exe
File opened for modification	C:\Windows\directx.sys	svchost.com
File opened for modification	C:\Windows\svchost.com	svchost.com
File opened for modification	C:\Windows\svchost.com	2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe
File opened for modification	C:\Windows\svchost.com	identity_helper.exe
File opened for modification	C:\Windows\directx.sys	svchost.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	svchost.com
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	svchost.com
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	identity_helper.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133891640684377078"	msedge.exe

Modifies registry class 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*"	2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000_Classes\Local Settings	identity_helper.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-308834014-1004923324-1191300197-1000\{32788B83-C712-48FC-930F-79164AD8E8F8}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000_Classes\Local Settings	setup.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
348	msedge.exe
348	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
5428	msedge.exe
5428	msedge.exe
5428	msedge.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
5428	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4640 wrote to memory of 3936	4640	2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe	88
PID 4640 wrote to memory of 3936	4640	2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe	88
PID 3936 wrote to memory of 1612	3936	2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe	89
PID 3936 wrote to memory of 1612	3936	2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe	89
PID 3936 wrote to memory of 5428	3936	2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe	91
PID 3936 wrote to memory of 5428	3936	2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe	91
PID 5428 wrote to memory of 3048	5428	msedge.exe	92
PID 5428 wrote to memory of 3048	5428	msedge.exe	92
PID 5428 wrote to memory of 5332	5428	msedge.exe	93
PID 5428 wrote to memory of 5332	5428	msedge.exe	93
PID 5428 wrote to memory of 2388	5428	msedge.exe	94
PID 5428 wrote to memory of 2388	5428	msedge.exe	94
PID 5428 wrote to memory of 2388	5428	msedge.exe	94
PID 5428 wrote to memory of 2388	5428	msedge.exe	94
PID 5428 wrote to memory of 2388	5428	msedge.exe	94
PID 5428 wrote to memory of 2388	5428	msedge.exe	94
PID 5428 wrote to memory of 2388	5428	msedge.exe	94
PID 5428 wrote to memory of 2388	5428	msedge.exe	94
PID 5428 wrote to memory of 2388	5428	msedge.exe	94
PID 5428 wrote to memory of 2388	5428	msedge.exe	94
PID 5428 wrote to memory of 2388	5428	msedge.exe	94
PID 5428 wrote to memory of 2388	5428	msedge.exe	94
PID 5428 wrote to memory of 2388	5428	msedge.exe	94
PID 5428 wrote to memory of 2388	5428	msedge.exe	94
PID 5428 wrote to memory of 2388	5428	msedge.exe	94
PID 5428 wrote to memory of 2388	5428	msedge.exe	94
PID 5428 wrote to memory of 2388	5428	msedge.exe	94
PID 5428 wrote to memory of 2388	5428	msedge.exe	94
PID 5428 wrote to memory of 2388	5428	msedge.exe	94
PID 5428 wrote to memory of 2388	5428	msedge.exe	94
PID 5428 wrote to memory of 2388	5428	msedge.exe	94
PID 5428 wrote to memory of 2388	5428	msedge.exe	94
PID 5428 wrote to memory of 2388	5428	msedge.exe	94
PID 5428 wrote to memory of 2388	5428	msedge.exe	94
PID 5428 wrote to memory of 2388	5428	msedge.exe	94
PID 5428 wrote to memory of 2388	5428	msedge.exe	94
PID 5428 wrote to memory of 2388	5428	msedge.exe	94
PID 5428 wrote to memory of 2388	5428	msedge.exe	94
PID 5428 wrote to memory of 2388	5428	msedge.exe	94
PID 5428 wrote to memory of 2388	5428	msedge.exe	94
PID 5428 wrote to memory of 2388	5428	msedge.exe	94
PID 5428 wrote to memory of 2388	5428	msedge.exe	94
PID 5428 wrote to memory of 2388	5428	msedge.exe	94
PID 5428 wrote to memory of 2388	5428	msedge.exe	94
PID 5428 wrote to memory of 2388	5428	msedge.exe	94
PID 5428 wrote to memory of 2388	5428	msedge.exe	94
PID 5428 wrote to memory of 2388	5428	msedge.exe	94
PID 5428 wrote to memory of 2388	5428	msedge.exe	94
PID 5428 wrote to memory of 2388	5428	msedge.exe	94
PID 5428 wrote to memory of 2388	5428	msedge.exe	94
PID 5428 wrote to memory of 2388	5428	msedge.exe	94
PID 5428 wrote to memory of 2388	5428	msedge.exe	94
PID 5428 wrote to memory of 2388	5428	msedge.exe	94
PID 5428 wrote to memory of 2388	5428	msedge.exe	94
PID 5428 wrote to memory of 2388	5428	msedge.exe	94
PID 5428 wrote to memory of 2388	5428	msedge.exe	94
PID 5428 wrote to memory of 2388	5428	msedge.exe	94
PID 5428 wrote to memory of 2388	5428	msedge.exe	94
PID 5428 wrote to memory of 2388	5428	msedge.exe	94
PID 5428 wrote to memory of 2388	5428	msedge.exe	94
PID 5428 wrote to memory of 2388	5428	msedge.exe	94
PID 5428 wrote to memory of 5620	5428	msedge.exe	95
PID 5428 wrote to memory of 5620	5428	msedge.exe	95
PID 5428 wrote to memory of 5620	5428	msedge.exe	95

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:2656
- C:\Windows\svchost.com
  "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\IDENTI~1.EXE" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5136,i,16381360428731388157,533316049074440500,262144 --variations-seed-version --mojo-platform-channel-handle=5928 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  PID:4944
- - C:\Users\Admin\AppData\Local\Temp\3582-490\IDENTI~1.EXE
    C:\Users\Admin\AppData\Local\Temp\3582-490\IDENTI~1.EXE --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5136,i,16381360428731388157,533316049074440500,262144 --variations-seed-version --mojo-platform-channel-handle=5928 /prefetch:8
    3⤵
    - Executes dropped EXE
    PID:3096

C:\Users\Admin\AppData\Local\Temp\2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe
"C:\Users\Admin\AppData\Local\Temp\2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe"
1⤵
- Checks computer location settings
- Modifies system executable filetype association
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4640
- C:\Users\Admin\AppData\Local\Temp\3582-490\2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe
  "C:\Users\Admin\AppData\Local\Temp\3582-490\2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:3936
- - C:\Users\Admin\AppData\Local\Temp\3582-490\2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe
    C:\Users\Admin\AppData\Local\Temp\3582-490\2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=135.0.7049.42 --annotation=exe=C:\Users\Admin\AppData\Local\Temp\3582-490\2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=135.0.3179.54 --initial-client-data=0x228,0x22c,0x230,0x204,0x234,0x7ff643a1c888,0x7ff643a1c894,0x7ff643a1c8a0
    3⤵
    - Executes dropped EXE
    PID:1612
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --force-first-run
    3⤵
    - Drops file in Program Files directory
    - Checks processor information in registry
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Modifies registry class
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:5428
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x2f4,0x7ffbc8baf208,0x7ffbc8baf214,0x7ffbc8baf220
      4⤵
      PID:3048
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1912,i,16381360428731388157,533316049074440500,262144 --variations-seed-version --mojo-platform-channel-handle=2340 /prefetch:3
      4⤵
      PID:5332
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2312,i,16381360428731388157,533316049074440500,262144 --variations-seed-version --mojo-platform-channel-handle=2276 /prefetch:2
      4⤵
      PID:2388
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2160,i,16381360428731388157,533316049074440500,262144 --variations-seed-version --mojo-platform-channel-handle=2484 /prefetch:8
      4⤵
      PID:5620
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3496,i,16381360428731388157,533316049074440500,262144 --variations-seed-version --mojo-platform-channel-handle=3580 /prefetch:1
      4⤵
      PID:4564
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3504,i,16381360428731388157,533316049074440500,262144 --variations-seed-version --mojo-platform-channel-handle=3588 /prefetch:1
      4⤵
      PID:4788
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --string-annotations --always-read-main-dll --field-trial-handle=4204,i,16381360428731388157,533316049074440500,262144 --variations-seed-version --mojo-platform-channel-handle=4228 /prefetch:8
      4⤵
      PID:4944
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --string-annotations --always-read-main-dll --field-trial-handle=4212,i,16381360428731388157,533316049074440500,262144 --variations-seed-version --mojo-platform-channel-handle=4800 /prefetch:8
      4⤵
      PID:4624
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --string-annotations --always-read-main-dll --field-trial-handle=4220,i,16381360428731388157,533316049074440500,262144 --variations-seed-version --mojo-platform-channel-handle=4828 /prefetch:8
      4⤵
      PID:5572
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4224,i,16381360428731388157,533316049074440500,262144 --variations-seed-version --mojo-platform-channel-handle=5380 /prefetch:8
      4⤵
      PID:5424
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5328,i,16381360428731388157,533316049074440500,262144 --variations-seed-version --mojo-platform-channel-handle=5396 /prefetch:8
      4⤵
      PID:2992
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5684,i,16381360428731388157,533316049074440500,262144 --variations-seed-version --mojo-platform-channel-handle=5140 /prefetch:8
      4⤵
      PID:4680
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5136,i,16381360428731388157,533316049074440500,262144 --variations-seed-version --mojo-platform-channel-handle=5928 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:5264
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5136,i,16381360428731388157,533316049074440500,262144 --variations-seed-version --mojo-platform-channel-handle=5928 /prefetch:8
      4⤵
      Suspicious use of NtCreateUserProcessOtherParentProcess
      Checks computer location settings
      Executes dropped EXE
      Drops file in Program Files directory
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:4156
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:5360
    - - C:\Windows\svchost.com
        
        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
        5⤵
        Executes dropped EXE
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:5224
      - C:\Users\Admin\AppData\Local\Temp\3582-490\setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\setup.exe --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
        6⤵
        Executes dropped EXE
        Drops file in Program Files directory
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 --annotation=exe=C:\Users\Admin\AppData\Local\Temp\3582-490\setup.exe --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x220,0x224,0x228,0x1f8,0x22c,0x7ff7589c6a68,0x7ff7589c6a74,0x7ff7589c6a80
        7⤵
        Executes dropped EXE
        Drops file in Program Files directory
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3582-490\setup.exe" --msedge --system-level --verbose-logging --installerdata="C:\Program Files (x86)\Microsoft\Edge\Application\master_preferences" --create-shortcuts=1 --install-level=0
        7⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in Program Files directory
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\3582-490\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 --annotation=exe=C:\Users\Admin\AppData\Local\Temp\3582-490\setup.exe --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0xf0,0xec,0xe8,0xb4,0xe0,0x7ff7589c6a68,0x7ff7589c6a74,0x7ff7589c6a80
        8⤵
        Executes dropped EXE
        Drops file in Program Files directory
        
        PID:4944
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5624,i,16381360428731388157,533316049074440500,262144 --variations-seed-version --mojo-platform-channel-handle=5348 /prefetch:8
      4⤵
      PID:5272
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5380,i,16381360428731388157,533316049074440500,262144 --variations-seed-version --mojo-platform-channel-handle=6556 /prefetch:8
      4⤵
      PID:5824
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5336,i,16381360428731388157,533316049074440500,262144 --variations-seed-version --mojo-platform-channel-handle=4828 /prefetch:8
      4⤵
      PID:4624
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6152,i,16381360428731388157,533316049074440500,262144 --variations-seed-version --mojo-platform-channel-handle=5648 /prefetch:8
      4⤵
      PID:984
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=6328,i,16381360428731388157,533316049074440500,262144 --variations-seed-version --mojo-platform-channel-handle=748 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:348
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2588,i,16381360428731388157,533316049074440500,262144 --variations-seed-version --mojo-platform-channel-handle=6436 /prefetch:8
      4⤵
      PID:216

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4688

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:5576

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Privilege Escalation

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROBR~1.EXE

Filesize
328KB

MD5
39c8a4c2c3984b64b701b85cb724533b

SHA1
c911f4c4070dfe9a35d9adcb7de6e6fb1482ce00

SHA256
888a1dd0033e5d758a4e731e3e55357de866e80d03b1b194375f714e1fd4351d

SHA512
f42ca2962fe60cff1a13dea8b81ff0647b317c785ee4f5159c38487c34d33aecba8478757047d31ab2ee893fbdcb91a21655353456ba6a018fc71b2278db4db2

Download Submit
C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROTE~1.EXE

Filesize
86KB

MD5
3b73078a714bf61d1c19ebc3afc0e454

SHA1
9abeabd74613a2f533e2244c9ee6f967188e4e7e

SHA256
ded54d1fcca07b6bff2bc3b9a1131eac29ff1f836e5d7a7c5c325ec5abe96e29

SHA512
75959d4e8a7649c3268b551a2a378e6d27c0bfb03d2422ebeeb67b0a3f78c079473214057518930f2d72773ce79b106fd2d78405e8e3d8883459dcbb49c163c4

Download Submit
C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADOBEC~1.EXE

Filesize
5.7MB

MD5
09acdc5bbec5a47e8ae47f4a348541e2

SHA1
658f64967b2a9372c1c0bdd59c6fb2a18301d891

SHA256
1b5c715d71384f043843ea1785a6873a9f39d2daae112ccdeffcd88b10a3a403

SHA512
3867bf98e1a0e253114a98b78b047b0d8282b5abf4aaf836f31cc0e26224e2a1b802c65df9d90dc7696a6dbcb9a8e4b900f1d1299e1b11e36f095ebaf8a2e5b8

Download Submit
C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADelRCP.exe

Filesize
175KB

MD5
576410de51e63c3b5442540c8fdacbee

SHA1
8de673b679e0fee6e460cbf4f21ab728e41e0973

SHA256
3f00404dd591c2856e6f71bd78423ed47199902e0b85f228e6c4de72c59ddffe

SHA512
f7761f3878775b30cc3d756fa122e74548dfc0a27e38fa4109e34a59a009df333d074bf14a227549ae347605f271be47984c55148685faac479aeb481f7191db

Download Submit
C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroCEF\RdrCEF.exe

Filesize
9.4MB

MD5
322302633e36360a24252f6291cdfc91

SHA1
238ed62353776c646957efefc0174c545c2afa3d

SHA256
31da9632f5d25806b77b617d48da52a14afc574bbe1653120f97705284ea566c

SHA512
5a1f7c44ce7f5036bffc18ebac39e2bf70e6f35fa252617d665b26448f4c4473adfa115467b7e2d9b7068823e448f74410cdcdfef1ac1c09021e051921787373

Download Submit
C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroRd32.exe

Filesize
2.4MB

MD5
8ffc3bdf4a1903d9e28b99d1643fc9c7

SHA1
919ba8594db0ae245a8abd80f9f3698826fc6fe5

SHA256
8268d3fefe8ca96a25a73690d14bacf644170ab5e9e70d2f8eeb350a4c83f9f6

SHA512
0b94ead97374d74eaee87e7614ddd3911d2cf66d4c49abbfd06b02c03e5dd56fd00993b4947e8a4bcd9d891fa39cab18cc6b61efc7d0812e91eb3aea9cd1a427

Download Submit
C:\PROGRA~2\Adobe\ACROBA~1\Reader\Browser\WCCHRO~1\WCCHRO~1.EXE

Filesize
183KB

MD5
9dfcdd1ab508b26917bb2461488d8605

SHA1
4ba6342bcf4942ade05fb12db83da89dc8c56a21

SHA256
ecd5e94da88c653e4c34b6ab325e0aca8824247b290336f75c410caa16381bc5

SHA512
1afc1b95f160333f1ff2fa14b3f22a28ae33850699c6b5498915a8b6bec1cfc40f33cb69583240aa9206bc2ea7ab14e05e071275b836502a92aa8c529fc1b137

Download Submit
C:\PROGRA~2\Adobe\ACROBA~1\Reader\Eula.exe

Filesize
131KB

MD5
5791075058b526842f4601c46abd59f5

SHA1
b2748f7542e2eebcd0353c3720d92bbffad8678f

SHA256
5c3ef3ec7594c040146e908014791dd15201ba58b4d70032770bb661b6a0e394

SHA512
83e303971ed64019fde9e4ba6f6e889f8fb105088490dfa7dcf579a12baff20ef491f563d132d60c7b24a4fd3cac29bd9dc974571cd162000fae8fba4e0e54fb

Download Submit
C:\PROGRA~2\Adobe\ACROBA~1\Reader\FULLTR~1.EXE

Filesize
254KB

MD5
4ddc609ae13a777493f3eeda70a81d40

SHA1
8957c390f9b2c136d37190e32bccae3ae671c80a

SHA256
16d65f2463658a72dba205dcaa18bc3d0bab4453e726233d68bc176e69db0950

SHA512
9d7f90d1529cab20078c2690bf7bffab5a451a41d8993781effe807e619da0e7292f991da2f0c5c131b111d028b3e6084e5648c90816e74dfb664e7f78181bc5

Download Submit
C:\PROGRA~2\Adobe\ACROBA~1\Reader\LOGTRA~1.EXE

Filesize
386KB

MD5
8c753d6448183dea5269445738486e01

SHA1
ebbbdc0022ca7487cd6294714cd3fbcb70923af9

SHA256
473eb551101caeaf2d18f811342e21de323c8dd19ed21011997716871defe997

SHA512
4f6fddefc42455540448eac0b693a4847e21b68467486376a4186776bfe137337733d3075b7b87ed7dac532478dc9afc63883607ec8205df3f155fee64c7a9be

Download Submit
C:\PROGRA~2\Adobe\ACROBA~1\Reader\READER~1.EXE

Filesize
92KB

MD5
176436d406fd1aabebae353963b3ebcf

SHA1
9ffdfdb8cc832a0c6501c4c0e85b23a0f7eff57a

SHA256
2f947e3ca624ce7373080b4a3934e21644fb070a53feeaae442b15b849c2954f

SHA512
a2d1a714e0c1e5463260c64048ba8fd5064cfa06d4a43d02fc04a30748102ff5ba86d20a08e611e200dc778e2b7b3ae808da48132a05a61aa09ac424a182a06a

Download Submit
C:\PROGRA~2\Adobe\ACROBA~1\Reader\WOW_HE~1.EXE

Filesize
147KB

MD5
3b35b268659965ab93b6ee42f8193395

SHA1
8faefc346e99c9b2488f2414234c9e4740b96d88

SHA256
750824b5f75c91a6c2eeb8c5e60ae28d7a81e323d3762c8652255bfea5cba0bb

SHA512
035259a7598584ddb770db3da4e066b64dc65638501cdd8ff9f8e2646f23b76e3dfffa1fb5ed57c9bd15bb4efa3f7dd33fdc2e769e5cc195c25de0e340eb89ab

Download Submit
C:\PROGRA~2\Adobe\ACROBA~1\Reader\arh.exe

Filesize
125KB

MD5
cce8964848413b49f18a44da9cb0a79b

SHA1
0b7452100d400acebb1c1887542f322a92cbd7ae

SHA256
fe44ca8d5050932851aa54c23133277e66db939501af58e5aeb7b67ec1dde7b5

SHA512
bf8fc270229d46a083ced30da6637f3ca510b0ce44624a9b21ec6aacac81666dffd41855053a936aa9e8ea6e745a09b820b506ec7bf1173b6f1837828a35103d

Download Submit
C:\PROGRA~2\Adobe\ACROBA~1\Reader\plug_ins\PI_BRO~1\32BITM~1.EXE

Filesize
142KB

MD5
92dc0a5b61c98ac6ca3c9e09711e0a5d

SHA1
f809f50cfdfbc469561bced921d0bad343a0d7b4

SHA256
3e9da97a7106122245e77f13f3f3cc96c055d732ab841eb848d03ac25401c1bc

SHA512
d9eefb19f82e0786d9be0dbe5e339d25473fb3a09682f40c6d190d4c320cca5556abb72b5d97c6b0da4f8faefdc6d39ac9d0415fdf94ebcc90ecdf2e513c6a31

Download Submit
C:\PROGRA~2\Adobe\ACROBA~1\Reader\plug_ins\PI_BRO~1\64BITM~1.EXE

Filesize
278KB

MD5
12c29dd57aa69f45ddd2e47620e0a8d9

SHA1
ba297aa3fe237ca916257bc46370b360a2db2223

SHA256
22a585c183e27b3c732028ff193733c2f9d03700a0e95e65c556b0592c43d880

SHA512
255176cd1a88dfa2af3838769cc20dc7ad9d969344801f07b9ebb372c12cee3f47f2dba3559f391deab10650875cad245d9724acfa23a42b336bfa96559a5488

Download Submit
C:\PROGRA~2\COMMON~1\Adobe\ARM\1.0\ADOBEA~1.EXE

Filesize
454KB

MD5
bcd0f32f28d3c2ba8f53d1052d05252d

SHA1
c29b4591df930dabc1a4bd0fa2c0ad91500eafb2

SHA256
bb07d817b8b1b6b4c25e62b6120e51dec10118557d7b6b696ad084a5ba5bfdeb

SHA512
79f407735853f82f46870c52058ceee4d91857a89db14868ee1169abd5c0fd2e3fa1ed230ab90b5f479a9581b88998643d69b0df498defea29e73b0d487f3b10

Download Submit
C:\PROGRA~2\COMMON~1\Adobe\ARM\1.0\AdobeARM.exe

Filesize
1.2MB

MD5
d47ed8961782d9e27f359447fa86c266

SHA1
d37d3f962c8d302b18ec468b4abe94f792f72a3b

SHA256
b1ec065f71cc40f400e006586d370997102860504fd643b235e8ed9f5607262a

SHA512
3e33f2cdf35024868b183449019de9278035e7966b342ba320a6c601b5629792cbb98a19850d4ca80b906c85d10e8503b0193794d1f1efa849fa33d26cff0669

Download Submit
C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jaureg.exe

Filesize
555KB

MD5
ce82862ca68d666d7aa47acc514c3e3d

SHA1
f458c7f43372dbcdac8257b1639e0fe51f592e28

SHA256
c5a99f42100834599e4995d0a178b32b772a6e774a4050a6bb00438af0a6a1f3

SHA512
bca7afd6589c3215c92fdaca552ad3380f53d3db8c4b69329a1fa81528dd952a14bf012321de92ad1d20e5c1888eab3dd512b1ac80a406baccc37ee6ff4a90dc

Download Submit
C:\PROGRA~2\COMMON~1\MICROS~1\VSTO\10.0\VSTOIN~1.EXE

Filesize
121KB

MD5
cbd96ba6abe7564cb5980502eec0b5f6

SHA1
74e1fe1429cec3e91f55364e5cb8385a64bb0006

SHA256
405b8bd647fa703e233b8b609a18999abe465a8458168f1daf23197bd2ea36aa

SHA512
a551001853f6b93dfbc6cf6a681820af31330a19d5411076ff3dbce90937b3d92173085a15f29ebf56f2ef12a4e86860ac6723ebc89c98ea31ea7a6c7e3d7cdc

Download Submit
C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\java.exe

Filesize
325KB

MD5
9a8d683f9f884ddd9160a5912ca06995

SHA1
98dc8682a0c44727ee039298665f5d95b057c854

SHA256
5e2e22ead49ce9cc11141dbeebbe5b93a530c966695d8efc2083f00e6be53423

SHA512
6aecf8c5cb5796d6879f8643e20c653f58bad70820896b0019c39623604d5b3c8a4420562ab051c6685edce60aa068d9c2dbb4413a7b16c6d01a9ac10dc22c12

Download Submit
C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\javaw.exe

Filesize
325KB

MD5
892cf4fc5398e07bf652c50ef2aa3b88

SHA1
c399e55756b23938057a0ecae597bd9dbe481866

SHA256
e2262c798729169f697e6c30e5211cde604fd8b14769311ff4ea81abba8c2781

SHA512
f16a9e4b1150098c5936ec6107c36d47246dafd5a43e9f4ad9a31ecab69cc789c768691fa23a1440fae7f6e93e8e62566b5c86f7ed6bb4cfe26368149ea8c167

Download Submit
C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\javaws.exe

Filesize
505KB

MD5
452c3ce70edba3c6e358fad9fb47eb4c

SHA1
d24ea3b642f385a666159ef4c39714bec2b08636

SHA256
da73b6e071788372702104b9c72b6697e84e7c75e248e964996700b77c6b6f1c

SHA512
fe8a0b9b1386d6931dc7b646d0dd99c3d1b44bd40698b33077e7eeba877b53e5cb39ff2aa0f6919ccab62953a674577bc1b2516d9cadc0c051009b2083a08085

Download Submit
C:\PROGRA~2\Google\Update\DISABL~1.EXE

Filesize
5.4MB

MD5
9036b1f2266a9cdd8b29fdb0dc6d557d

SHA1
7fc4c17901c2907b3d9fcfd436be55dc6df69b82

SHA256
c81f0eeb79898a345f7724464f71b1642b4b8294b50d549290144f3ee2fbaf69

SHA512
14251e50f7e6d83af357251af545b09ed14fd86783dce64bef84af7b4facf3a9ad4fdcefd4fb8cf355dc6d2692fccb0aeaaa87deaaa6d5a836887ff189eb483e

Download Submit
C:\PROGRA~2\MICROS~1\EdgeCore\132029~1.140\BHO\IE_TO_~1.EXE

Filesize
557KB

MD5
2b03f86c9209825849c716434fb730bf

SHA1
1148f00cf40b0872e08f47b38bbd0c9858802aa3

SHA256
6bb357968887ad126579fb157f455e359ea036a4960a9f98f5cec1fe53931c98

SHA512
8d9b5be64e9843ec8d05af21a951e8a7501fc8fb1fc4179959ec60ea150810c0db83b7e8cedb32c44b58a0f81d09c13c4d9d8b0536711978accf47709382e71a

Download Submit
C:\PROGRA~2\MICROS~1\EdgeCore\132029~1.140\COOKIE~1.EXE

Filesize
161KB

MD5
b67dba91dd68c0c9c7c78899faf33033

SHA1
4374c00761ec34d6416096524eedf439636baa94

SHA256
5fee43e3295682e179d6e10c568aeb640bbbcf0d6b962fd27f5b372a45fc272d

SHA512
7065a8c6552d7dff816e288056cc2bb371bbe078798df471369382a6620c0702020102f1c39485e0c57b65279a6f0484385944f7874575d8b4351c9fa03fd8f6

Download Submit
C:\PROGRA~2\MICROS~1\EdgeCore\132029~1.140\ELEVAT~1.EXE

Filesize
1.8MB

MD5
aeb70455f5c599fd2022ee73ff56bfc4

SHA1
7c3534c7cb80067ab5e6ace67e0ac0d0b8d0cc79

SHA256
47eb0dc0cd08f4faa389621c43d6407283e3c315012ef1078a6018c117f195b2

SHA512
5e11a5a9f28aa2e4f1d126f393232673043fffa84fa5280755ec6009e0226961343843cc0721e92d08b3fb7510fade31c118e56a993adffff3bdb4a251e67e13

Download Submit
C:\PROGRA~2\MICROS~1\EdgeCore\132029~1.140\IDENTI~1.EXE

Filesize
1.1MB

MD5
91a9df658e480362c108c71fd91d0247

SHA1
f94db13955eb70f2efecceb414225cdaa9b002ff

SHA256
94c99d3284962585c15fdb061e0685287df11c872ef930263e251d8d3084d5b0

SHA512
9f5815533354a931a68e1fd97de45124f7faef97243352feb787e40a110a27d1277c4d37a6c09cb7d506159a0f153632578626d04fe5d48040438619be159d39

Download Submit
C:\PROGRA~2\MICROS~1\EdgeCore\132029~1.140\INSTAL~1\setup.exe

Filesize
6.6MB

MD5
46e5df430f3f97f6cf88787698514165

SHA1
873621354ef29d4d267d693ffbd9e896d881f503

SHA256
4ea8adca8a7f73fc71c7e45ef98f8c422a8b161ca6b6fcd912aec701bebd08a5

SHA512
4ea1798977bfa5fc039b1f8518ac1a546c63f565258e3537292f531cfe11c5cd54755fd21600b24fa59464d99904cc9926d19686cee72d898e62db7757e35bf6

Download Submit
C:\PROGRA~2\MICROS~1\EdgeCore\132029~1.140\msedge.exe

Filesize
3.8MB

MD5
a943e9369c8e6b1e67dc7a91f58e691c

SHA1
7df172c9ab05dce69c198a55d5b7dc56c36323f8

SHA256
6773bf49098b9fa85725651bc789ec2bcef5dd563a356043468c1f7b235defef

SHA512
5a476bb13a93565132d5e1481295d6701e04250186086e1aab8e10d4882ad48a6f63e8f7d76a4d3dd07bd52fb7793bea2a49ea3d496f4f515ee767533166c3c4

Download Submit
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\133030~1.69\BHO\ie_to_edge_stub.exe

Filesize
554KB

MD5
205885bc273bb0e43beb4ec064af8422

SHA1
96cd3cad425fc1dbfdcf75f7085e9359b1911977

SHA256
cfac2c539bb9c3bc51975643d7c8576ba0a63dc7f1a451ca5daebf098fba8a3c

SHA512
ba6426390826437bb12ea90f11f6b112939cbf03082d81900249eccc64f1078cd73a26017810edca6410787fbdfb48383bd10ebcaed12f8910a52340173df02f

Download Submit
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\133030~1.69\INSTAL~1\setup.exe

Filesize
6.9MB

MD5
d55ae56406e1dbce540f8c385bc5c244

SHA1
479de824de2a013921f867ef738fa3a3100aa708

SHA256
98b7868bb8c9aae548ee7244a71f5a0602c25611643c61c94ba56332882f59ef

SHA512
ab7705081af40c74c8005fd8f673b070653b9b871a087cb86594424df957d4eb40930484c4b8c83a3f867297101f3c01d89e55b4cf35ec288bc406954780168a

Download Submit
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\133030~1.69\cookie_exporter.exe

Filesize
161KB

MD5
2f70ce2fd6a36867b80c9b5171f7ad01

SHA1
cdac4cb30c1ad3ac6793a7e057d58428e799d6c1

SHA256
eafdb0f86d520c66417edd0c1981c79ce7b79f2e24476402f939a577d250ed6b

SHA512
394ae58b149ad750c071b17b42817d9eaae794ca9b583a92155a57eafff15467ca1e767fbece8098c22d67a01baf66a5d489b4789db7284ab1a644be335f87ba

Download Submit
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\133030~1.69\elevated_tracing_service.exe

Filesize
2.5MB

MD5
e60af4c310c73019650b9eb2931c9bac

SHA1
8fa6c09ed7c8a357946479f7351582191260bd97

SHA256
029c237e6cc508cc4c0e97e4e5a9a3c7c54fb706ce237f38ab3b72fad63f2bb1

SHA512
61f3743569111df1846f3f13ba95f0a17eac7aafa3a885f72ffbc8b7e5471b757a44aadad27504dbd4ec4e5c52a4354d76443f75479359cac8e52c3ed1fbd1dc

Download Submit
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\133030~1.69\elevation_service.exe

Filesize
1.8MB

MD5
b7e311cd8c0144f008c49c42bb8fab3d

SHA1
d96d89cbe4e0b2961755df9383abd50a77988f2c

SHA256
5e0c8d2f25706df47c676a41f667b8a31b53e0de96143190161e3e24453d3263

SHA512
0df96b9e3dca1a470d6ee20f5646d3427538492c0031742a481f05ad40aa38981906e60cccb89ebbf44ed5356fbe1f22862298a4866608e73cb54e904bfabd16

Download Submit
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\133030~1.69\msedge.exe

Filesize
3.9MB

MD5
a954dbc45566e18f9051fc43503e0be1

SHA1
16bb38561d02a304cd397b6727925a548dedc22f

SHA256
1802e5c80c837c9f979783191e4df212a59d5d9a956ff2eb13f3e7093f5685ed

SHA512
3aeb5982ac4d9240f427ccd622fbf3a6cce6038ddf97564c1c3d10b02a10ec6b13fab5acba30cdd86e0bbc070acc0a3efd19c86fa83f0e8fc347f7d2e8ea9fdb

Download Submit
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\133030~1.69\msedge_pwa_launcher.exe

Filesize
1.5MB

MD5
48ca92017dbfb5348d63d658f69947eb

SHA1
f0d453619359cf2af688f0a80999d59cde9c3b9d

SHA256
bb591bce74dc3e902c2d1692b2f9427f4d2980ef2d7f019e918cac3107a2f40d

SHA512
84632fb9ec2e5aa0b969f73e439d1200a564d662bef50ecef9dedf287f780678a00f0a2f2e9f5f5414882dfb19fc26aa520ba55c954c8b79bdf878f2b7121db4

Download Submit
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\133030~1.69\msedgewebview2.exe

Filesize
3.4MB

MD5
9269b33ee0b68213ac019e331e814ca5

SHA1
7c8a4b2a304f482436670a7d36efd9c1546013fc

SHA256
a24f051bc53fb1f0209ce9dda174981657f3e6ad9bea3d8032f62e411e602e45

SHA512
dabd0c04313b251f76507e3a2a8e014d9febfd713271ca7f120d598b38756937a4d473a83a650b42da9c893514c3c258c5dd48438cf3d09fea1cbf7e56e7142b

Download Submit
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\133030~1.69\notification_click_helper.exe

Filesize
1.3MB

MD5
b45b21f37a1ef904d6cfe2d8e627cfc9

SHA1
b856b92d5770b19cfbce966e53621d3ed52555c6

SHA256
851b3a4693bed2bac57ec494181b04114adf644a840586ff5347999270c8c3a5

SHA512
75467dc78c9ec10aad97193f27f38e3392027a537b836b810db44fb2e1dabdf6da672c3ef63809aeb2cf32dbbba91e0b4cca9ad63e456b1c93b9a615bf6d6ceb

Download Submit
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\MSEDGE~1.EXE

Filesize
1.1MB

MD5
db1a2e2e2f92341ff6559107c71ec885

SHA1
bfd10b84287ed36626af1941a05b5ae6d078790e

SHA256
27158f6eac1dd2fc9774d28b5c90d2147ca6e138c2285395f2f979c3f62e4bfb

SHA512
2790689169807cd8be353936ff3824030495d6c7cf9ed06609e61d0db8a2247b319df234cbe4debb843478944fa2a1587f7c3dd64ae6b88ee3fc04d6ee9a37c2

Download Submit
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\PWAHEL~1.EXE

Filesize
1.1MB

MD5
d00b4c03d09a290101c94a55b5c8a0bd

SHA1
c6c48a3a167c3d3b603186673b7364f70112b16e

SHA256
0299a91e62192e68e2f468884e30e99b61afc9058eb162700383c0acdfdd142e

SHA512
2f2673451ddc9cfddb7a2fad0ac0ba0e0f2ab18a496130ba1d1280ae34482caf489b85743dae6f3edff0b5b112c2ca10c5aaf815dd8cecc529d7aa8c604ec82d

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

Filesize
1.1MB

MD5
1bfa8c82b2c5759a93fbcd568e55ad36

SHA1
52e6229323366ddd6aeaf2a83b590a9792e530f6

SHA256
5a08e3ceae03703ac7fab7e5527380519f156ea2441d3152f4be7dad5ccd17d6

SHA512
430c804f0b2203a78a942ca439f1e919867783772bcc893f12e249f918c89eb0fc5cd97fd1622e4909c3946be4d40b5edcb94dcf6d679abf335a91c0aba98072

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5428_1600328928\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5428_1600328928\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5428_1801855145\manifest.json

Filesize
176B

MD5
6607494855f7b5c0348eecd49ef7ce46

SHA1
2c844dd9ea648efec08776757bc376b5a6f9eb71

SHA256
37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd

SHA512
8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5428_94832150\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5428_94832150\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
01cc3a42395638ce669dd0d7aba1f929

SHA1
89aa0871fa8e25b55823dd0db9a028ef46dfbdd8

SHA256
d0c6ee43e769188d8a32f782b44cb00052099222be21cbe8bf119469c6612dee

SHA512
d3b88e797333416a4bc6c7f7e224ba68362706747e191a1cd8846a080329473b8f1bfebee5e3fe21faa4d24c8a7683041705e995777714330316e9b563d38e41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
7f1a0ed8c8cfe34a66c29c4dfdcb9a99

SHA1
c2e6085b37c606232429e9c40b3eccf4fd352f34

SHA256
ee791988d53edcb6b3043fde1d65f860b265b6e653b33b2ec025abbd757ad87f

SHA512
f12f55ce730fba96739a92a4d31ca96b6d96a7d59d53ff36c38e1247aded7b795216abf850ed0589de8f2a70a0dee6fc58749e05b927f05d31e7d9f9b7e72a9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
f9af10c6a8b5da0e7e3b3753bf52f8af

SHA1
f9f9dd3419cdc05a23733bb95b132f3d2bd59a61

SHA256
089a3963b34187cc45bc9f18dd579e887bea37452eb00b8d6c88440d483ccccd

SHA512
146c19a12f818683dec117ff0d371bc98ab0cd348b0604bc7675559bc65b2e07dd7c835d54a0b87c9bc53073e4b066276139954d256278ce20d1d02b97ae6eeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
2b66d93c82a06797cdfd9df96a09e74a

SHA1
5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

SHA256
d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

SHA512
95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
bc1b301b5c33bb4d9e2638fa1a44328c

SHA1
812c3c4153b45e17493e2bda402eeb80c3ec8343

SHA256
06ddfce4eb24e361e76cfa27611d77d6c264774a3766f3a61336acbd1fd49278

SHA512
8281618d90bb1d14c139f915d489f3e507263a95f0044a0134b41fc84e86de622417637e3fed1e2821cf06a1429220ef6e3b8bdce26ef2546e0d8aabf694ba53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
6d717295c52259b9cc334bd458c0eab3

SHA1
2b9f215573d75409409d674acbe4dfc3239273d9

SHA256
494b730fed9ca3612f991e4bf758c00ffcd1cfbb083e20d0b4fd3f5967dfbe1a

SHA512
ffe578d5ec236a3ef095a0421645f0777999bd20ffda6d6815e46676f1a0d8a1c8ae0e171ecb68da2e02530a0934737875a4b28038624083aac10033444dca42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
bb9a5e75db65fae4978e1078754cfce8

SHA1
ca880cb0aea6627cb5c7115d2c615029bdc20b15

SHA256
acc536223ea01048ce65981e293476ea454e5160b02ab8a14d2e6f09d8109468

SHA512
6e365d4a059ef310c92719d70d797f202ef40775a4b9a32d9b19965789383fee220fbeef6089349ff11df98b7c526dced953131077475a13a50e1690cc3ebb0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
1267688620a170354df1d25da539749f

SHA1
3ccfb06b1a8c2b63060b8b47451562134e7ec6f8

SHA256
e20392c010f0d8a2e62a76344525f8e7c05b2764be08c2200221999985fec623

SHA512
b3c29320ec59ed03b8ce996fba890ec3cdd39e296900ed1eb16c9229b9d43ef94c743748da9fc87e06de32c1a6d8257f4915413a841cdcf9ac33ec41d92bb67f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
ef1a3774e571acd5dbbcd0fa123a7183

SHA1
38d857ee2b39476cf4832b80c6e1c8f3ce123dff

SHA256
dc6684bbd77663a6b4f43c389169150d5b9359a5ba2415521088e7d6657acecb

SHA512
2f76797379591451858413e88049eecf19c765429ebd028a494ff885a421b300f93c7fee1cd8c75a1ba64b0121fbf7fd8e6531d65cf7d1fe5e1921db0c6b330e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
019387d71d3d6891121880dcb62acd9a

SHA1
a07edb0ab3b923c4171a211de3ae28c05bf29e9a

SHA256
2a0c9f282d152295d1488c5953f3d246763b3f63e4aa81658fc7c0ae28fa371a

SHA512
5b749672e79fc1b2670e426c725f64d3ed9b5b9bc703f3090c3bcf5adbbec00f11aa640a5dad479a7754230e84c655d9f3aea40648ad2b6c0f35f5c8bcbf305a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\37dcb1fb-1fb2-49cf-8d91-6f59c13bf972\index-dir\the-real-index

Filesize
72B

MD5
6c7cdede13b13812491ce6568d51e9c4

SHA1
38610fb3e70f0ef03ca5214c7a1acf84715e0e24

SHA256
29fc47db3c5dab7666071622aeed4ff9b23567429f68c9234a351631dcef4889

SHA512
13b4388604fb6283598cac2802db759edfe13f4206ddbbe8d97aa6ab95de5b2e49894067abc1560e9ef0e52b3ce637dcd0378b7a340cbb425f142652b6d5dc6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\37dcb1fb-1fb2-49cf-8d91-6f59c13bf972\index-dir\the-real-index~RFe57cb4f.TMP

Filesize
72B

MD5
53d1645d6dd3cb22713b509387f8918b

SHA1
0c4f7ef2bd350eb13ff34e698aa435c2870fae98

SHA256
2f4a43836133aa4d35425b6c2ef8625b5c97dbe479136f6a4432424f74f02541

SHA512
6f6255a88a74dcd0a2a36ef101743b13f6d48225d59da90f553da62f876b7c16b2b5bdab896d035bab52f477251886bdd3d9651f6a323d3a315b6834445aa17b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\6be0ea5b-0c11-4491-8571-7ff62c7ad5ee\index-dir\the-real-index

Filesize
2KB

MD5
b26053776633291e5ba932bf706568b3

SHA1
67b9f37738d6cc70a2336981a2dd3e6899f27009

SHA256
763141d2466acaef212e66ef876dcc21198b3dd485751be9c6c57bb73a7c5576

SHA512
051a9609dcc4dd0c54e9d0d9f43f526b7aed22fc7486610daf3bb861b2ad9a9b89c7378633df729bcf51e586d2d1f9142a44cfec8c1e2735c5ff951dffcbb852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\6be0ea5b-0c11-4491-8571-7ff62c7ad5ee\index-dir\the-real-index~RFe57df34.TMP

Filesize
2KB

MD5
1c51e38187cef3653e18ebc375f5a782

SHA1
7f60a7fc336503506a5489bf0d7a28445ac6ea7d

SHA256
8da0149bc47b4d9404a402b7e9ab7476186c4d0a37a0afc09ab80efced38d24a

SHA512
d330a8e11788140026accca56b169476464864e7dab1156bf589eee1fbf203d1717f8db39a3c36d05f141b88a75f1f185fddbcabe0341ee6456fc64ab5595eb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\970150ec-c581-456a-bcc2-9cc1e539d9b8\index-dir\the-real-index

Filesize
72B

MD5
e6fab76bc74ee941c141104e5fc2f416

SHA1
1aa5d52966a61f101d1a658d92221e9fe641e5bb

SHA256
cb3c0f79947c397d94e26fb29517740e8443b05a8bdbd78d55ed0330a3b199d5

SHA512
1bb2283f51449bb52ee79dcf8038440f7355eac64c8b81be6e92d2f03c4cd52a9837298dc0e77176353be9df0a4b9ac4ad009a4162ee37c1e42f2bec3357861a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\970150ec-c581-456a-bcc2-9cc1e539d9b8\index-dir\the-real-index~RFe57c890.TMP

Filesize
48B

MD5
4f5901063c77d8a7d3fb7f239b658a27

SHA1
131086c4d9cc2a1333de9b0a7a38b5364172400c

SHA256
7d6d253c48b4ff2c3d1b51db00946494c00d6ac06d3e2d859d9f5941d56ef423

SHA512
abf9e50bf061e43fde996b51c4213c12ccc8d73789a93fb09214ce6cd82914e6622e64ecc98ee21245d6681570813c6cd917bb0c4e455e8bd328bec303093813

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\f9fd1bd4-3821-4fd8-ac64-8914ddd027c2\index-dir\temp-index

Filesize
72B

MD5
c5930e262394e5bd4150092afc7af83d

SHA1
141741100b59db41395c40bd014ace82a8a9fcf4

SHA256
3ffe0f63c78bfecb75f7f97a2f3863603b6abc544d5776d17eaf7cfe8a055d35

SHA512
e13e05a2f4c20db0621e94b4fec9fa97d035fa76d285e5e5c27b845ab5043c0dfee9c11c1509905db5ce30840c3b7c3e750af04a041de991832318f34c09f44b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
322B

MD5
43ab5806f2976dffa7fefe73d4a88d9a

SHA1
ad82b697946b8ba0d1da6096d74bb6967ca39f41

SHA256
2194123ec61997e02eda895f350008b45403633861162765eab4b8acb9f87e02

SHA512
9f0c0793b57b8b8dbad58d59287835c32a5ba02734924267d4865781e2b97d012379388870310db68e91029a906903b3d325254716b0ca053364b5d2b5d41b74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
327B

MD5
4996db6c200c3ed7be322525cb302e82

SHA1
e5128bb5e1ef69ffdbf5df258223d572ac094090

SHA256
4e70f170e694c5ecfe8ed440045e524e03ef8850501a0920f2c56d0166149b69

SHA512
687a72709db081a9098049438a35863d372ac011471ec315e5f89439487e5fea8d1100a72d8ebc21507187cd30fcfdfd93eae999ebdd5f8123616a181f794701

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
090c907f82209ec71e305aa18594f5ef

SHA1
d3be89fbb6c9da52025fe7a0a89dfdebdda3185f

SHA256
05ec988f81a9744d3e9591ca6576e1305b81733ae09816c9004ebdb27afaee87

SHA512
e15e971ec307a344e3644140e111b3aea2fa701868a87d30e29dd6eed6287c4cb5283a9c4e631a976cd07945d4a2ad13a4c209314101d8dea3bf227e5def1928

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57dadf.TMP

Filesize
72B

MD5
6dd325a036de57c62130c3bfad9a89e6

SHA1
3a00cdefa3834deeedec6d4b0e84c16a4a2e2e31

SHA256
0fb936f9ffc3a135dd18bbf746e02e7739b0336463545b858a982a8e53d7e5ee

SHA512
0a131dfdcd599a057b82b4299592abc631cd99c7ad82ce76d0aed66efbfa4022f72b33e4ca922c311bc64fdfa19f1ac7490358c0ba56253a1bd9e7dd75822660

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
24KB

MD5
eea70e0b26cf1adef624420e599ed8ff

SHA1
d4867c279ec08a56a95a4d7c6f1450cd4d948db7

SHA256
bef091937ae688e86dc2b8aa777542c40575ef98e22e9f856d3c3ac2a11a28ae

SHA512
1a18a0a18862566f285968287c664c8694bcebcad7608d40fcd278dbc547aca6730c00a46ae7d2d3d6159a7f74570664543b4cd30717259474164ca82757ff85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
467B

MD5
e62a9c8247298833164e5e54c955e4bf

SHA1
a6c8b026e681241aa641a739935ec5a32a28efdf

SHA256
708261832f6f3d35af50a89ffe2c0b92faa88710950c6963cacca60e8646d727

SHA512
b69bb5240c0904832dcaa0c989a63300cba1cd332a5db319dc5fe9d125e39818d7539338a585a8dbe69f2f1cf63127a12018dc04b8f7c9f8510e6d2528894349

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
f7352c813be09ed2ae28a7052bc2671e

SHA1
fd4dc88f3324ed9059d08c0588541eb05f9066a2

SHA256
95d3624d0dde366f397547605fea941044e8f429564d35f1f74e3a181e376b25

SHA512
3f83f6610ce19775a77c1375fe4c0d0f1057ac3abe1bdcdb739ee27ef4546051e102bd5cf94639999cd525066db0a0410590f5fbf998b58df43b409d6dc9d692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
900B

MD5
001edf6c0f6fb0f39685352475a83dbc

SHA1
894d16f5453ba0facc122fc138bd8c2a4703c636

SHA256
e2f66806a839e7252eb66925efa7552616470ad9967da4cf6efcf1262a9aadd2

SHA512
ebfd692cf4d37166e84f3865c1e148471b0e9b8babc4ae470f53371c907778f421d22cc37036c699c2d2d356c408b1ddb5bc115188827b7aab3dde3b139b17e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
9fbe938850786ca25211427e19ae29d1

SHA1
2d4d55615acbf5081fc318dec02894658aba9596

SHA256
498b21251aca9a17b8339ff648b4d22c618778e9983d9cd31c67ba6fba4ddd58

SHA512
dd22a0c1acb7c709089966c96c0fc316e42ec19626e7f6fcbcdacf1bffd2cbecf88b09ce74f99171aa9a59a5d9f6d24df66f92a6b446a3713ff266030759b4c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
1b0c1b163b1937506549ea00d4e3da4e

SHA1
22445a8d1505a3015c8ed9153a83264a5b240c52

SHA256
4d798d08dbec692c7a6a53bc0f48397e0b3b59166730e97857624d9c594fbdaa

SHA512
03ed5abfe2b161f9976906d15f4e18879cc141166b1af06295009b4c0610fc8a36f9877136de1669762f58edd0e1e931ff9ae3fda134e91b7dc0aec592cee0d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
87ae3088459b7d2bf9ba31c8d18c479c

SHA1
07490a66d2ad3d6484fe8e6d8b6c768c3dbbc07c

SHA256
0a2ea075a442cf121bab2541a22298696e8bb72c25d4fc48df96a23fee0dcacd

SHA512
6d014544bf80a57029c915cd059b7d0a2873ca8c1e5acb4ea370e411339a7639de2dc524d6d8bd2660e7bade8ddc9aad448791196fb0187295be719fdbbf8031

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
554f3af959405eb6743b9eb887df26e2

SHA1
c3da697326fabd1f4978206c35ca4ff99b1f1de3

SHA256
5b165c69cff558f89a631619884dd977516eda70a85cccce2380379b12bdcb7f

SHA512
6e26edbb8ef97dc5d4575c8a97c2b56f7be39287489b192539a305aa6d574d77478a47845191a5177a5ef6ce7a114dbfc12587fca57b0833af4fb4ebe0e40a53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
39KB

MD5
fc93d390bab2d128237103715b2b7a12

SHA1
bf5ca14a8421d6c282936dfad9a2ba05d1cd6a55

SHA256
5c675ade099f3c354010cf17dad205a475945f9d18ac035b33eca6ed7d37ba61

SHA512
28dd7dfae3fde6574baa9556c9abc2e5d806748e2e15234f1f79872ec0ec03bc05dc7267bebb9d2da32c361d1ce7a7739181351bd83e0807ed765760c2090dad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
a7f2a5ceee5ed95c68f250b2b4e591b1

SHA1
0d3f6c27cd3229f7d63cb3dae323238d49944c3d

SHA256
15dea787e4137b2ee44b4170c51f5089054ebf51ee154992cfbf6328be405308

SHA512
5c4c23297b786fd0ac332abd320889c7ac52f4ef46afaf2dc0dadfab80c9ed0f05e40e7dec7d54f0399eb7cc49d5042e79643d65c11c8a05452fd66aaf1e945b

Download Submit
C:\Users\Admin\AppData\Local\Temp\3582-490\2025-04-15_bf0d2cb47a218caf0a5299944be62c17_black-basta_elex_neshta.exe

Filesize
7.4MB

MD5
7e887dd92c5a36b1899236551f5be533

SHA1
a39111a89b1a9a3ad8177b378b6e027dfd8ac9cb

SHA256
44d8d684e66610a2dafed46580fa8d54b858ec66e61629c4a2225860e3418ad4

SHA512
1e65447f5379e1e9cc6b14fb50429dd08681cb9d1107b544e379f91f7abf99143578b9271875863b34adab248a6467b689c3e191705b2caf245ae29d2e5a6d6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\3582-490\IDENTI~1.EXE

Filesize
1.0MB

MD5
9ed0264042170b4d2144d5150b9c87bb

SHA1
c7bea5fcec69cdf3ab54f560c41ee0064ecb71a4

SHA256
375958d87c9031b8a12c109dbd36f52800b4af9d05f009121d766729ede0b4f8

SHA512
7c71c9c851844c583e9ed17e9fb07b53c7dda0ccbb0fcd89a2435b5e9706361bf95a46876553eca5c2d95e8b46a6128932912037346d113502cd54736b5f5486

Download Submit
C:\Users\Admin\AppData\Local\Temp\3582-490\setup.exe

Filesize
6.8MB

MD5
bdb1aecedc15fc82a63083452dad45c2

SHA1
a074fcd78665ff90ee3e50ffcccad5f6c3e7ddcb

SHA256
4ea0907c3fc2c2f6a4259002312671c82e008846d49957bb3b9915612e35b99f

SHA512
50909640c2957fc35dd5bcac3b51797aa5daa2fb95364e69df95d3577482e13f0c36a70ae098959cb9c2aaeb4cfe43025c1d8d55b5f8858b474bcb702609749d

Download Submit
C:\Windows\directx.sys

Filesize
54B

MD5
caebe60046472fd243097b00afbcd4b5

SHA1
6c212890aef76796310957521924b4db98b9fd2f

SHA256
92b0ff861c5e878db40272c1c8bcb96a18741590f4681d7ba628f07ec596a7b4

SHA512
ac3554112ea2aec95e5b451672d3c59203d7f5829a2763194521b74f60c6ae7ea84ec99951aec4e67e4719e03a61df335ed19b7243155caa38083e91e37793f2

Download Submit
C:\Windows\svchost.com

Filesize
40KB

MD5
954a9af1b5a3ab2aabfa185e778c712b

SHA1
2e56bc05a093e7d4490d9a79a1b735b030b55d7b

SHA256
18ac91904c0ad479259e714029e22741b98fd232bba86932f89fc9921473e604

SHA512
67752bb46e034efe24ec3f4f700b0aacfccf4956d7d974caf09423e2cab967b871b17df6bb8e5985856b770e7e6ccba3b3f84bc06d0036e7b3e067a4b72ef425

Download Submit
memory/4156-1029-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4156-1094-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4156-1110-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4640-1019-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4640-722-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4640-1093-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4640-1111-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4944-779-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/5224-1014-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/5360-1000-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download