39b8d89f49c86b2a1f876763e3b4666749c85de715aa10aa96a00d5a2d83861a

Resubmissions

21/04/2025, 09:34

250421-ljrrga1rt5 10

21/04/2025, 09:28

250421-lffj2aytdt 7

Analysis

max time kernel
100s
max time network
104s
platform
windows11-21h2_x64
resource
win11-20250410-en
resource tags

arch:x64arch:x86image:win11-20250410-enlocale:en-usos:windows11-21h2-x64system
submitted
21/04/2025, 09:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SDK/Assemblies/ru/Microsoft.SqlServer.Management.Sdk.Sfc.xml
Size

1.1MB
MD5

cbc260866772459c24f03ed7bd79eb22
SHA1

378fcd2a7265fe766f3471c9815306111f6a976f
SHA256

6a63f6462d698253d0a95387d278ee0cc2ec57af45a47c11a9f109246913b61c
SHA512

b4d949935b46ca0c2e2c257ac806b40325b9b4aefd9c8e7c6e2a91cbb4eb1f1a7e88912ec005ace3e1c347cfcf3d6474c0912f9e025d29738ff3e829eefde4ec
SSDEEP

12288:Fhw0tMjRZczlsUflER0SlNnk2wEl2URS2EPgGyfb/n/A:x

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 9 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5520_618969777\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5520_1673389865\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5520_1673389865\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5520_618969777\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5520_1535617300\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5520_1535617300\protocols.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5520_1535617300\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5520_1673389865\nav_config.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies Internet Explorer settings 1 TTPs 29 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3664858464-2411077738-2029630556-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPMigrationVer = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3664858464-2411077738-2029630556-1000\Software\Microsoft\Internet Explorer\GPU\SubSysId = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3664858464-2411077738-2029630556-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3664858464-2411077738-2029630556-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "8"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3664858464-2411077738-2029630556-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "9"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3664858464-2411077738-2029630556-1000\Software\Microsoft\Internet Explorer\GPU\SoftwareFallback = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3664858464-2411077738-2029630556-1000\Software\Microsoft\Internet Explorer\GPU\Revision = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3664858464-2411077738-2029630556-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "268435456"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3664858464-2411077738-2029630556-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "13"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3664858464-2411077738-2029630556-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateLowDateTime = "439916770"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3664858464-2411077738-2029630556-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3664858464-2411077738-2029630556-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\HomepagesUpgradeVersion = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3664858464-2411077738-2029630556-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3664858464-2411077738-2029630556-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionHigh = "268435456"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3664858464-2411077738-2029630556-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3664858464-2411077738-2029630556-1000\Software\Microsoft\Internet Explorer\GPU\VendorId = "4318"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3664858464-2411077738-2029630556-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateHighDateTime = "31175385"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3664858464-2411077738-2029630556-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3664858464-2411077738-2029630556-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3664858464-2411077738-2029630556-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "395196024"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3664858464-2411077738-2029630556-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3664858464-2411077738-2029630556-1000\Software\Microsoft\Internet Explorer\BrowserEmulation	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3664858464-2411077738-2029630556-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3664858464-2411077738-2029630556-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListDomainAttributeSet = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3664858464-2411077738-2029630556-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionLow = "395196024"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3664858464-2411077738-2029630556-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3664858464-2411077738-2029630556-1000\Software\Microsoft\Internet Explorer\GPU\DeviceId = "140"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3664858464-2411077738-2029630556-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3664858464-2411077738-2029630556-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1"	iexplore.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133897013921888227"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3664858464-2411077738-2029630556-1000\{C83A547C-3EE6-485B-8132-38C71218D6D5}	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
5520	msedge.exe
5520	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 6000 wrote to memory of 5812	6000	MSOXMLED.EXE	78
PID 6000 wrote to memory of 5812	6000	MSOXMLED.EXE	78
PID 5812 wrote to memory of 5520	5812	iexplore.exe	81
PID 5812 wrote to memory of 5520	5812	iexplore.exe	81
PID 5520 wrote to memory of 1948	5520	msedge.exe	82
PID 5520 wrote to memory of 1948	5520	msedge.exe	82
PID 5520 wrote to memory of 3236	5520	msedge.exe	83
PID 5520 wrote to memory of 3236	5520	msedge.exe	83
PID 5520 wrote to memory of 2612	5520	msedge.exe	84
PID 5520 wrote to memory of 2612	5520	msedge.exe	84
PID 5520 wrote to memory of 2612	5520	msedge.exe	84
PID 5520 wrote to memory of 2612	5520	msedge.exe	84
PID 5520 wrote to memory of 2612	5520	msedge.exe	84
PID 5520 wrote to memory of 2612	5520	msedge.exe	84
PID 5520 wrote to memory of 2612	5520	msedge.exe	84
PID 5520 wrote to memory of 2612	5520	msedge.exe	84
PID 5520 wrote to memory of 2612	5520	msedge.exe	84
PID 5520 wrote to memory of 2612	5520	msedge.exe	84
PID 5520 wrote to memory of 2612	5520	msedge.exe	84
PID 5520 wrote to memory of 2612	5520	msedge.exe	84
PID 5520 wrote to memory of 2612	5520	msedge.exe	84
PID 5520 wrote to memory of 2612	5520	msedge.exe	84
PID 5520 wrote to memory of 2612	5520	msedge.exe	84
PID 5520 wrote to memory of 2612	5520	msedge.exe	84
PID 5520 wrote to memory of 2612	5520	msedge.exe	84
PID 5520 wrote to memory of 2612	5520	msedge.exe	84
PID 5520 wrote to memory of 2612	5520	msedge.exe	84
PID 5520 wrote to memory of 2612	5520	msedge.exe	84
PID 5520 wrote to memory of 2612	5520	msedge.exe	84
PID 5520 wrote to memory of 2612	5520	msedge.exe	84
PID 5520 wrote to memory of 2612	5520	msedge.exe	84
PID 5520 wrote to memory of 2612	5520	msedge.exe	84
PID 5520 wrote to memory of 2612	5520	msedge.exe	84
PID 5520 wrote to memory of 2612	5520	msedge.exe	84
PID 5520 wrote to memory of 2612	5520	msedge.exe	84
PID 5520 wrote to memory of 2612	5520	msedge.exe	84
PID 5520 wrote to memory of 2612	5520	msedge.exe	84
PID 5520 wrote to memory of 2612	5520	msedge.exe	84
PID 5520 wrote to memory of 2612	5520	msedge.exe	84
PID 5520 wrote to memory of 2612	5520	msedge.exe	84
PID 5520 wrote to memory of 2612	5520	msedge.exe	84
PID 5520 wrote to memory of 2612	5520	msedge.exe	84
PID 5520 wrote to memory of 2612	5520	msedge.exe	84
PID 5520 wrote to memory of 2612	5520	msedge.exe	84
PID 5520 wrote to memory of 2612	5520	msedge.exe	84
PID 5520 wrote to memory of 2612	5520	msedge.exe	84
PID 5520 wrote to memory of 2612	5520	msedge.exe	84
PID 5520 wrote to memory of 2612	5520	msedge.exe	84
PID 5520 wrote to memory of 2612	5520	msedge.exe	84
PID 5520 wrote to memory of 2612	5520	msedge.exe	84
PID 5520 wrote to memory of 2612	5520	msedge.exe	84
PID 5520 wrote to memory of 2612	5520	msedge.exe	84
PID 5520 wrote to memory of 2612	5520	msedge.exe	84
PID 5520 wrote to memory of 2612	5520	msedge.exe	84
PID 5520 wrote to memory of 2612	5520	msedge.exe	84
PID 5520 wrote to memory of 2612	5520	msedge.exe	84
PID 5520 wrote to memory of 2612	5520	msedge.exe	84
PID 5520 wrote to memory of 2612	5520	msedge.exe	84
PID 5520 wrote to memory of 2612	5520	msedge.exe	84
PID 5520 wrote to memory of 2356	5520	msedge.exe	85
PID 5520 wrote to memory of 2356	5520	msedge.exe	85
PID 5520 wrote to memory of 2356	5520	msedge.exe	85
PID 5520 wrote to memory of 2356	5520	msedge.exe	85
PID 5520 wrote to memory of 2356	5520	msedge.exe	85

C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\SDK\Assemblies\ru\Microsoft.SqlServer.Management.Sdk.Sfc.xml"
1⤵
- Suspicious use of WriteProcessMemory
PID:6000
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\SDK\Assemblies\ru\Microsoft.SqlServer.Management.Sdk.Sfc.xml
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of WriteProcessMemory
  PID:5812
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" -- "file:///C:/Users/Admin/AppData/Local/Temp/SDK/Assemblies/ru/Microsoft.SqlServer.Management.Sdk.Sfc.xml"
    3⤵
    - Drops file in Windows directory
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Modifies registry class
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:5520
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2e0,0x2f8,0x7ffac724f208,0x7ffac724f214,0x7ffac724f220
      4⤵
      PID:1948
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1836,i,3740292632039424938,11599938915558511605,262144 --variations-seed-version --mojo-platform-channel-handle=2116 /prefetch:11
      4⤵
      PID:3236
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2076,i,3740292632039424938,11599938915558511605,262144 --variations-seed-version --mojo-platform-channel-handle=2072 /prefetch:2
      4⤵
      PID:2612
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2492,i,3740292632039424938,11599938915558511605,262144 --variations-seed-version --mojo-platform-channel-handle=2648 /prefetch:13
      4⤵
      PID:2356
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3504,i,3740292632039424938,11599938915558511605,262144 --variations-seed-version --mojo-platform-channel-handle=3524 /prefetch:1
      4⤵
      PID:3220
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3508,i,3740292632039424938,11599938915558511605,262144 --variations-seed-version --mojo-platform-channel-handle=3528 /prefetch:1
      4⤵
      PID:1680
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4152,i,3740292632039424938,11599938915558511605,262144 --variations-seed-version --mojo-platform-channel-handle=4224 /prefetch:1
      4⤵
      PID:2376
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4156,i,3740292632039424938,11599938915558511605,262144 --variations-seed-version --mojo-platform-channel-handle=4264 /prefetch:9
      4⤵
      PID:2964
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=4184,i,3740292632039424938,11599938915558511605,262144 --variations-seed-version --mojo-platform-channel-handle=4232 /prefetch:1
      4⤵
      PID:244
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=4228,i,3740292632039424938,11599938915558511605,262144 --variations-seed-version --mojo-platform-channel-handle=4256 /prefetch:9
      4⤵
      PID:336
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4240,i,3740292632039424938,11599938915558511605,262144 --variations-seed-version --mojo-platform-channel-handle=4248 /prefetch:14
      4⤵
      PID:2336
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5416,i,3740292632039424938,11599938915558511605,262144 --variations-seed-version --mojo-platform-channel-handle=5432 /prefetch:14
      4⤵
      PID:4608
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5460,i,3740292632039424938,11599938915558511605,262144 --variations-seed-version --mojo-platform-channel-handle=3544 /prefetch:14
      4⤵
      PID:2240
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5464,i,3740292632039424938,11599938915558511605,262144 --variations-seed-version --mojo-platform-channel-handle=3560 /prefetch:14
      4⤵
      PID:3180
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6116,i,3740292632039424938,11599938915558511605,262144 --variations-seed-version --mojo-platform-channel-handle=5804 /prefetch:14
      4⤵
      PID:1708
    - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.exe
        
        cookie_exporter.exe --cookie-json=1140
        5⤵
        
        PID:932
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5796,i,3740292632039424938,11599938915558511605,262144 --variations-seed-version --mojo-platform-channel-handle=4220 /prefetch:14
      4⤵
      PID:4788
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5796,i,3740292632039424938,11599938915558511605,262144 --variations-seed-version --mojo-platform-channel-handle=4220 /prefetch:14
      4⤵
      PID:3240
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6296,i,3740292632039424938,11599938915558511605,262144 --variations-seed-version --mojo-platform-channel-handle=6312 /prefetch:14
      4⤵
      PID:4204
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5804,i,3740292632039424938,11599938915558511605,262144 --variations-seed-version --mojo-platform-channel-handle=6300 /prefetch:14
      4⤵
      PID:4428
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5800,i,3740292632039424938,11599938915558511605,262144 --variations-seed-version --mojo-platform-channel-handle=6324 /prefetch:14
      4⤵
      PID:1368
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6500,i,3740292632039424938,11599938915558511605,262144 --variations-seed-version --mojo-platform-channel-handle=6524 /prefetch:14
      4⤵
      PID:5392
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6780,i,3740292632039424938,11599938915558511605,262144 --variations-seed-version --mojo-platform-channel-handle=6164 /prefetch:14
      4⤵
      PID:5688
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6948,i,3740292632039424938,11599938915558511605,262144 --variations-seed-version --mojo-platform-channel-handle=6960 /prefetch:14
      4⤵
      PID:2368
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6772,i,3740292632039424938,11599938915558511605,262144 --variations-seed-version --mojo-platform-channel-handle=6952 /prefetch:14
      4⤵
      PID:4976
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6324,i,3740292632039424938,11599938915558511605,262144 --variations-seed-version --mojo-platform-channel-handle=6808 /prefetch:14
      4⤵
      PID:1668
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5492,i,3740292632039424938,11599938915558511605,262144 --variations-seed-version --mojo-platform-channel-handle=4340 /prefetch:14
      4⤵
      PID:1540
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4380,i,3740292632039424938,11599938915558511605,262144 --variations-seed-version --mojo-platform-channel-handle=4276 /prefetch:14
      4⤵
      PID:5424
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4408,i,3740292632039424938,11599938915558511605,262144 --variations-seed-version --mojo-platform-channel-handle=4556 /prefetch:14
      4⤵
      PID:1464
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4544,i,3740292632039424938,11599938915558511605,262144 --variations-seed-version --mojo-platform-channel-handle=6192 /prefetch:14
      4⤵
      PID:1812
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5384,i,3740292632039424938,11599938915558511605,262144 --variations-seed-version --mojo-platform-channel-handle=6072 /prefetch:14
      4⤵
      PID:4632
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5304,i,3740292632039424938,11599938915558511605,262144 --variations-seed-version --mojo-platform-channel-handle=6032 /prefetch:14
      4⤵
      PID:5168
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4548,i,3740292632039424938,11599938915558511605,262144 --variations-seed-version --mojo-platform-channel-handle=5860 /prefetch:14
      4⤵
      PID:832

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:1192

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
19a247f5884c6ef93cb894bc01475095

SHA1
7bd4b9e3658678a6269a40161aeac29477a3e2f5

SHA256
c4234c33a6ba4bdb7e2e16d3ba0d1da09064e11397ed43aeec3a36f13276ffb5

SHA512
9909f1cdb5316f88d60c65dc5d98e019218b2e2828398fcc501d5ccd01d50f0af9fccce3029f6f622e6bdf31b9f02a95aeded3b40a2ebf035cc74e1ce4928858

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
069bd798917e483f4b8078616c6efcb0

SHA1
2bfae68c9b49a3d97d087dd89b3e4c9235a6e7c9

SHA256
470dab81bc47ccd16bce8aa76c0500b1ce152839df80eda4b3de4cfdd9f2da93

SHA512
7964ddd4bade861d744138593a684399508868d531c6da763a6028ac1ba96a7f2e9c8b79a280a25e9cc8a01406f3ca1387a5d2fd74ab6942092cdfe008013da2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
e3785f1e58f78ffc0d021f3f51129491

SHA1
305601d3197c644b3d4b65f89dda5765cee2aedd

SHA256
2e2f3ce61b88d3cc370e8735c3c9372fa95cd996396b199516102dcb29af5638

SHA512
39aeec13a87d7ff42a72b5652ea243119513a65f88acc26a5a5248300588362b1f6e468ec7566d96554649c78c1b547d34e03933629305590a42d224e1442745

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57bb61.TMP

Filesize
4KB

MD5
66e332cf59c77f06ffb5bba316dedb00

SHA1
7da54ac5747eb72cf4c1c4f7eaa8fc1ea6dee62a

SHA256
8c6b91755cb7c2cc5a1c35eed9f2ba1ea504455c3b621a4458dba376251a1b7a

SHA512
2b0862dd279bf736226ad29655689151a58fbd4252b2357456e80efd4fda6d4ee778d8bc004fdc654d4ad81530af576415ab87f4612a7395bc05bd9fb674da0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
69KB

MD5
164a788f50529fc93a6077e50675c617

SHA1
c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48

SHA256
b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17

SHA512
ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\content.js

Filesize
9KB

MD5
3d20584f7f6c8eac79e17cca4207fb79

SHA1
3c16dcc27ae52431c8cdd92fbaab0341524d3092

SHA256
0d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643

SHA512
315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
2b66d93c82a06797cdfd9df96a09e74a

SHA1
5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

SHA256
d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

SHA512
95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ef348dca67d22c5721e86ac81b39615d

SHA1
1dae9f6fef9c29cf0f25613e0e66d354ddccb6b4

SHA256
bf8b9bb8a197ee09b876eb413aa980b419bcdcb73c8aa55e34120604efc7b0ac

SHA512
0d6c47f0658cd6a6b2e6eaccab15105c43b5635473308aee02056f5f7eddf3236637254de39424784a1ff7be782fc34c83bc816df1aab6d4f9e6f08312cfaf6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
62f165301260c8458c82518df706bf2d

SHA1
fdad8396bb184117020913300c2353cd2eee6799

SHA256
337b0d75d5e197cb4fc18a1189b2647bd7708cb847778e0bab6064cbf744b4a8

SHA512
bafa282e69a1f5cb42149697c40b4f9fed1ff6e4a9e650b1c10f4db233a2b0bf2d4496a9c69c0ed7db86a126a64bb7bd52e74085274359a556489b3155a573dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
37KB

MD5
1572ac7db7184386c0d02e4929456171

SHA1
a6881dfcb24b7de2b2dc7991e5e1dd4544f94bd0

SHA256
696764189696ade7dee93ade959325939d0fb6601f0775b6fe103d618c4251db

SHA512
464e4cba2df5eb0c083d1b1a6bfc2cc7a0ec8421c299216a5a4cf9793761ff1ae01d8e4e00702fc0aa8188de3c2ff23f46ea345cff93c896b5fa4e864d43ac26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
876B

MD5
63e028ea629d3645dd23efbfaabfb04f

SHA1
9f1c0d105543320041cd97287658ed7873df7332

SHA256
dd19cbffb5f163cface22e8955a2c2a8d133445a5613b2c208500480d5f13e8e

SHA512
72ccc8448bed0d401c954c86e3617fb1efd3ac06bd068b89eacbf18105c3017bb59ff65de7caf8ffe3596c510819a55e672024a6ace574b45fd0621f356d5fa0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
dd3584cd1c1b1fbd758bf16e306b454b

SHA1
c7b2822a1a272e51c1a2ca18acca233ecabd1b67

SHA256
53cada0983cb59552cb91b877b5a6c469a27331896624ea8b18b28fce919da86

SHA512
170782543785c0f4d2b6282e0afe8bf44ee08c57dc5e18bb5152b2b4fe0a07e2dca8e7657ddc44feb80de825dd37c08f2928a7d847959a3e347b76c25ac1ed06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog~RFe585232.TMP

Filesize
467B

MD5
15f8039ea4f33c7edf7ba6f86fe5611c

SHA1
c337126e229677414b3a87c5e9cb5fed61edb05f

SHA256
73f3d0bceeb18f55b1d187edde3d2f96dc56a89e80028d0bf11bf8c92674f3d3

SHA512
c1e8ac443be9063deae07fdf5ad1a8da95e95c2ac25504874b2db39e17e4f4b3d53ffe3463f6e4732e5581186be2b3db40473bd999b8ec80a0957acbb96206fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
22KB

MD5
46cbcd98b0383629cfcacbd887a8569e

SHA1
f476b4699954bde9652cdb8c7dd85601e316e857

SHA256
c3cfc4079d320d3cf4f3fd0d8b778814954f9ca4893bcd068b365858117b25d5

SHA512
4b78fdcf64477200c96c5c8cdc7c79907e8394a2332bf808365467c5887c9493fd8ea547e7f5326b569cf375a9d9fd2d103f8aeb9dc70a4da32ff1895474dd25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig~RFe5852ed.TMP

Filesize
3KB

MD5
47430e0e9ad4838b6b88191b7966810f

SHA1
8933b4ce19e396751f93687305d3d378c48e2e0f

SHA256
98c1f419b9efe0d2a9f4350442d90916bd07593d9ecde4706030d1502cfb90d2

SHA512
e3a4e44240a11ce2173acfe66f6b52bdae8fc9c97dfdca441700ab47b5c73a46b71405da95a2cc08c34507fddf4349923c33da57da244e45b5019b9898e6b65c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
30KB

MD5
154de0e63f8472ee02b28b47a67b950f

SHA1
c794e515cf125b3f08103b301fd3441ffe3ce6ef

SHA256
bfe9e1099ef92ad1c2d188323bde711fbb6aafd8f20d2107d04a8fff6791e0cd

SHA512
a1922b49c095b30e9b76b2118695a2e7d2996f70849b8ec8bb33b6a28a4a44fd5551a4225038d6c4f1b64819eefd8e72174f314132234966920b653c09e86741

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
6KB

MD5
1f13a1eb66e98eab365b7d66ac8551b3

SHA1
e9e7d63514e1dd39d6fe5cc5d52dc86df0e51991

SHA256
4bdc3f8bce9e1a3126f8682ca6bcffd894bd4c645cf9803e0d7a8fe18023df2b

SHA512
5ca50ccd95e3bc0576ddaa5bfaf6ec302fa622b561b7f9072230ab28ca40704b74a3e7a2b54cf49f01182ebe9da608acd4f22c5db007f9f05ac283222d422de6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
7KB

MD5
a4d7635fb75a5017c4ab846836209f66

SHA1
97d5260a5b2b91fa5b6dc61fe7afee8fa2e91edd

SHA256
2ba6cf4f856c8ac4a53c3a4ae881fbede15a17f62dc41c05ae2bbc7a0a702c79

SHA512
5a7f653d3923125cf91d64dc1982cdbf3ef0fabad7ee1a71f80d364a12e5561161796182c4ec3ac5def708d11eac0f808fe7322edea3323e27c49e50e01d4c99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
39KB

MD5
985b0374f6694f041f38a62ce86ec85c

SHA1
2ab0b21150a7c712c0b5d5cdbaecb8053b719735

SHA256
75d732d50c0fe083c664f300a2b1241406e2e2316e7c32706ed90353df023441

SHA512
17914ff0be77cdcea1db5977d7822f96d3bcf3cafdbe982c234a59cb3d183fd3bc0975375b3d518ea8cd612939e1e1bff13c81c7abce19f9a857a53b5ad9dfc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\WorkspacesNavigationComponent\1.0.0.5\nav_config.json

Filesize
2KB

MD5
499d9e568b96e759959dc69635470211

SHA1
2462a315342e0c09fd6c5fbd7f1e7ff6914c17e6

SHA256
98252dc9f9e81167e893f2c32f08ee60e9a6c43fadb454400ed3bff3a68fbf0d

SHA512
3a5922697b5356fd29ccf8dcc2e5e0e8c1fd955046a5bacf11b8ac5b7c147625d31ade6ff17be86e79c2c613104b2d2aebb11557399084d422e304f287d8b905

Download Submit
C:\Users\Admin\AppData\Local\Temp\2b7e8086-d71d-48c3-ac5b-21fb0e0edea1.tmp

Filesize
10KB

MD5
78e47dda17341bed7be45dccfd89ac87

SHA1
1afde30e46997452d11e4a2adbbf35cce7a1404f

SHA256
67d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550

SHA512
9574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\cd2ef53d-962e-49c4-a488-7bc3378be780.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5520_494994416\54b23eb3-f5ef-4a69-a899-af87fa01d1a2.tmp

Filesize
153KB

MD5
b0917d8e6c5b6be358bff67f84eb8336

SHA1
a6e221edcb19a1cc81575b4ddd927fd9a6fbdd6d

SHA256
dff2c9d9755f96713c08f4932a9091080808ec34c0823feac2206fa526f91e60

SHA512
cd5822bbf91e8f7f5ab2b471a4bf8b464bde95465e2fccc6a57e5a287ca55d5062bdd6d4b3cd76f8529ee7a9081b6a7aad7dc2a7581c344ce4fd2d3256bdf451

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5520_1535617300\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5520_1673389865\manifest.json

Filesize
160B

MD5
c3911ceb35539db42e5654bdd60ac956

SHA1
71be0751e5fc583b119730dbceb2c723f2389f6c

SHA256
31952875f8bb2e71f49231c95349945ffc0c1dd975f06309a0d138f002cfd23d

SHA512
d8b2c7c5b7105a6f0c4bc9c79c05b1202bc8deb90e60a037fec59429c04fc688a745ee1a0d06a8311466b4d14e2921dfb4476104432178c01df1e99deb48b331

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5520_618969777\manifest.json

Filesize
43B

MD5
af3a9104ca46f35bb5f6123d89c25966

SHA1
1ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8

SHA256
81bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea

SHA512
6a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1

Download Submit
memory/6000-14-0x00007FFAA9950000-0x00007FFAA9960000-memory.dmp

Filesize
64KB

Download
memory/6000-0-0x00007FFAA9950000-0x00007FFAA9960000-memory.dmp

Filesize
64KB

Download
memory/6000-4-0x00007FFAA9950000-0x00007FFAA9960000-memory.dmp

Filesize
64KB

Download
memory/6000-5-0x00007FFAA9950000-0x00007FFAA9960000-memory.dmp

Filesize
64KB

Download
memory/6000-6-0x00007FFAE98C0000-0x00007FFAE9AC9000-memory.dmp

Filesize
2.0MB

Download
memory/6000-1-0x00007FFAA9950000-0x00007FFAA9960000-memory.dmp

Filesize
64KB

Download
memory/6000-2-0x00007FFAA9950000-0x00007FFAA9960000-memory.dmp

Filesize
64KB

Download
memory/6000-13-0x00007FFAA9950000-0x00007FFAA9960000-memory.dmp

Filesize
64KB

Download
memory/6000-7-0x00007FFAE98C0000-0x00007FFAE9AC9000-memory.dmp

Filesize
2.0MB

Download
memory/6000-15-0x00007FFAA9950000-0x00007FFAA9960000-memory.dmp

Filesize
64KB

Download
memory/6000-16-0x00007FFAA9950000-0x00007FFAA9960000-memory.dmp

Filesize
64KB

Download
memory/6000-18-0x00007FFAE98C0000-0x00007FFAE9AC9000-memory.dmp

Filesize
2.0MB

Download
memory/6000-17-0x00007FFAE98C0000-0x00007FFAE9AC9000-memory.dmp

Filesize
2.0MB

Download
memory/6000-11-0x00007FFAE98C0000-0x00007FFAE9AC9000-memory.dmp

Filesize
2.0MB

Download
memory/6000-12-0x00007FFAE98C0000-0x00007FFAE9AC9000-memory.dmp

Filesize
2.0MB

Download
memory/6000-10-0x00007FFAE98C0000-0x00007FFAE9AC9000-memory.dmp

Filesize
2.0MB

Download
memory/6000-3-0x00007FFAE9963000-0x00007FFAE9964000-memory.dmp

Filesize
4KB

Download
memory/6000-9-0x00007FFAE98C0000-0x00007FFAE9AC9000-memory.dmp

Filesize
2.0MB

Download
memory/6000-8-0x00007FFAE98C0000-0x00007FFAE9AC9000-memory.dmp

Filesize
2.0MB

Download