hxxps://discord[.]com/channels/@me

Resubmissions

03-04-2023 12:43

230403-pxxreseg53 7

03-04-2023 12:34

230403-pr95kaef67 7

Analysis

max time kernel
437s
max time network
441s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
03-04-2023 12:34

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://discord.com/channels/@me

Score

7^/10

microsoft phishing

Malware Config

Signatures

Executes dropped EXE 2 IoCs

Processes:

dismhost.exedismhost.exe

pid process

3336 dismhost.exe
3356 dismhost.exe

Loads dropped DLL 10 IoCs

Processes:

dismhost.exedismhost.exe

pid	process
3336	dismhost.exe
3336	dismhost.exe
3336	dismhost.exe
3336	dismhost.exe
3336	dismhost.exe
3356	dismhost.exe
3356	dismhost.exe
3356	dismhost.exe
3356	dismhost.exe
3356	dismhost.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Detected potential entity reuse from brand microsoft.
phishing microsoft

Drops file in System32 directory 8 IoCs

Processes:

cleanmgr.execleanmgr.exe

description	ioc	process
File opened for modification	C:\Windows\system32\LogFiles\setupcln\diagwrn.xml	cleanmgr.exe
File opened for modification	C:\Windows\system32\LogFiles\setupcln\setupact.log	cleanmgr.exe
File opened for modification	C:\Windows\system32\LogFiles\setupcln\setuperr.log	cleanmgr.exe
File opened for modification	C:\Windows\system32\LogFiles\setupcln\diagerr.xml	cleanmgr.exe
File opened for modification	C:\Windows\system32\LogFiles\setupcln\diagwrn.xml	cleanmgr.exe
File opened for modification	C:\Windows\system32\LogFiles\setupcln\setupact.log	cleanmgr.exe
File opened for modification	C:\Windows\system32\LogFiles\setupcln\setuperr.log	cleanmgr.exe
File opened for modification	C:\Windows\system32\LogFiles\setupcln\diagerr.xml	cleanmgr.exe

Drops file in Program Files directory 2 IoCs

Processes:

setup.exe

description	ioc	process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\bfedd155-f214-4838-929f-135ce4df12f6.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230403123636.pma	setup.exe

Drops file in Windows directory 4 IoCs

Processes:

cleanmgr.exedismhost.execleanmgr.exedismhost.exe

description	ioc	process
File opened for modification	C:\Windows\Logs\DISM\dism.log	cleanmgr.exe
File opened for modification	C:\Windows\Logs\DISM\dism.log	dismhost.exe
File opened for modification	C:\Windows\Logs\DISM\dism.log	cleanmgr.exe
File opened for modification	C:\Windows\Logs\DISM\dism.log	dismhost.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

cleanmgr.execleanmgr.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0015	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0004	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0015	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0004	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0015	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0015	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0015	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0004	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0004	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0015	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0004	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0004	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0015	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0015	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	cleanmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

explorer.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	explorer.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	explorer.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies Internet Explorer settings 1 TTPs 37 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXEexplorer.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{F84A8D0A-D21B-11ED-8FFF-DAE3AE61CC88} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\discord.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31024680"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31024680"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000010d3bb75b0ea114e9ca1233a5a090b7b0000000002000000000010660000000100002000000025f1cedff36e56e8f398db3b36b476461074660849227ffee8b8885924d24405000000000e80000000020000200000005382de99e5ec03ee1cf3a81040716380ccd03515cbf1bdcff9f76b926e21adf120000000aaf3f39c3eb8d08f87266691706c9dca393c6d3d488178a0af31e762ca95f21f400000007130946ff0fe255af037d1a1f565b4111db46821174fb1ae28df0e7f846198f908d27f9fff5ec3f4420f4036796d157f770a60b840469f1b03e2cff676a2c494	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000010d3bb75b0ea114e9ca1233a5a090b7b0000000002000000000010660000000100002000000032c1a77f29ccb551fc57d66725fbd28abcc2a85af8b3c649d0c76857cab6acad000000000e80000000020000200000007a6ff2c34ab6262f028680fd34297beb50813bb159214045f199d1a399d5349e200000009b8ae94c838163fd2e7b0ddadfd9ef4abb49e2d6e3932f57ffcf163748f61e1b40000000de8f05fc30d556abe63f4fdce3e04b96f2d408d77a06a98a71f9073b03e0b41b6d2ed485dda85c28e4825752950c6ea31cd2162cfe156434b157aecc88ec3fb4	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\discord.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3437291226"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 9068d1d02866d901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\DOMStorage\discord.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3437447491"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 5036e9d02866d901	iexplore.exe

Modifies data under HKEY_USERS 15 IoCs

Processes:

LogonUI.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "247"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe

Modifies registry class 42 IoCs

Processes:

explorer.exemsedge.exemsedge.exe

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "18874369"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "18874385"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 1e00718000000000000000000000e4c006bb93d2754f8a90cb05b6477eee0000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f706806ee260aa0d7449371beb064c986830000	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\NodeSlot = "1"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	explorer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-144354903-2550862337-1367551827-1000\{3343F663-41D0-4B81-89E1-461CEEC8D7E4}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\HotKey = "0"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev = "0"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000010000001800000030f125b7ef471a10a5f102608c9eebac0a000000a0000000	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\WFlags = "0"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\ShowCmd = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "6"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "48"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 0c0001008421de39050000000000	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{65F125E5-7BE1-4810-BA9D-D271C8432CE3}"	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

explorer.exe

pid process

2908 explorer.exe

pid	process
2908	explorer.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exe

pid	process
4476	msedge.exe
4476	msedge.exe
4744	msedge.exe
4744	msedge.exe
1748	identity_helper.exe
1748	identity_helper.exe
3276	msedge.exe
3276	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
2908	msedge.exe
2908	msedge.exe
4036	msedge.exe
4036	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

cleanmgr.exe

pid process

2652 cleanmgr.exe

pid	process
2652	cleanmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 40 IoCs

Processes:

msedge.exemsedge.exe

pid	process
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe
4036	msedge.exe

Suspicious use of AdjustPrivilegeToken 26 IoCs

Processes:

svchost.exeexplorer.exeAUDIODG.EXEdismhost.execleanmgr.exedismhost.exesvchost.execleanmgr.exe

description	pid	process
Token: SeManageVolumePrivilege	3392	svchost.exe
Token: SeShutdownPrivilege	2908	explorer.exe
Token: SeCreatePagefilePrivilege	2908	explorer.exe
Token: 33	4916	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4916	AUDIODG.EXE
Token: SeBackupPrivilege	3336	dismhost.exe
Token: SeRestorePrivilege	3336	dismhost.exe
Token: SeTakeOwnershipPrivilege	3336	dismhost.exe
Token: SeSecurityPrivilege	3336	dismhost.exe
Token: SeBackupPrivilege	2652	cleanmgr.exe
Token: SeRestorePrivilege	2652	cleanmgr.exe
Token: SeBackupPrivilege	2652	cleanmgr.exe
Token: SeRestorePrivilege	2652	cleanmgr.exe
Token: SeBackupPrivilege	3356	dismhost.exe
Token: SeRestorePrivilege	3356	dismhost.exe
Token: SeTakeOwnershipPrivilege	3356	dismhost.exe
Token: SeSecurityPrivilege	3356	dismhost.exe
Token: SeBackupPrivilege	4612	svchost.exe
Token: SeRestorePrivilege	4612	svchost.exe
Token: SeSecurityPrivilege	4612	svchost.exe
Token: SeTakeOwnershipPrivilege	4612	svchost.exe
Token: 35	4612	svchost.exe
Token: SeBackupPrivilege	2516	cleanmgr.exe
Token: SeRestorePrivilege	2516	cleanmgr.exe
Token: SeBackupPrivilege	2516	cleanmgr.exe
Token: SeRestorePrivilege	2516	cleanmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

iexplore.exeexplorer.exemsedge.exe

pid	process
2820	iexplore.exe
2908	explorer.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe

Suspicious use of SendNotifyMessage 4 IoCs

Processes:

msedge.exe

pid process

4744 msedge.exe
4744 msedge.exe
4744 msedge.exe
4744 msedge.exe
Suspicious use of SetWindowsHookEx 7 IoCs

Processes:

iexplore.exeIEXPLORE.EXEhelppane.exeLogonUI.exe

pid process

2820 iexplore.exe
2820 iexplore.exe
3484 IEXPLORE.EXE
3484 IEXPLORE.EXE
2504 helppane.exe
2504 helppane.exe
1892 LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

iexplore.exemsedge.exe

description	pid	process	target process
PID 2820 wrote to memory of 3484	2820	iexplore.exe	IEXPLORE.EXE
PID 2820 wrote to memory of 3484	2820	iexplore.exe	IEXPLORE.EXE
PID 2820 wrote to memory of 3484	2820	iexplore.exe	IEXPLORE.EXE
PID 4744 wrote to memory of 2240	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 2240	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 4824	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 4824	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 4824	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 4824	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 4824	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 4824	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 4824	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 4824	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 4824	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 4824	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 4824	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 4824	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 4824	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 4824	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 4824	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 4824	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 4824	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 4824	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 4824	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 4824	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 4824	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 4824	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 4824	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 4824	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 4824	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 4824	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 4824	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 4824	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 4824	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 4824	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 4824	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 4824	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 4824	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 4824	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 4824	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 4824	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 4824	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 4824	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 4824	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 4824	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 4476	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 4476	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 3108	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 3108	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 3108	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 3108	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 3108	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 3108	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 3108	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 3108	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 3108	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 3108	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 3108	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 3108	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 3108	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 3108	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 3108	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 3108	4744	msedge.exe	msedge.exe
PID 4744 wrote to memory of 3108	4744	msedge.exe	msedge.exe

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://discord.com/channels/@me
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2820

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2820 CREDAT:17410 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3484

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3392

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:3648

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf8,0x124,0x7ffedbee46f8,0x7ffedbee4708,0x7ffedbee4718
2⤵
PID:2240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,9221486254553418634,7951928315327301160,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
2⤵
PID:4824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,9221486254553418634,7951928315327301160,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,9221486254553418634,7951928315327301160,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2980 /prefetch:8
2⤵
PID:3108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9221486254553418634,7951928315327301160,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3852 /prefetch:1
2⤵
PID:2876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9221486254553418634,7951928315327301160,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3860 /prefetch:1
2⤵
PID:2708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9221486254553418634,7951928315327301160,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
2⤵
PID:1908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9221486254553418634,7951928315327301160,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
2⤵
PID:2128

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,9221486254553418634,7951928315327301160,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3908 /prefetch:8
2⤵
PID:3480

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
2⤵
- Drops file in Program Files directory
PID:5116

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff6b6dc5460,0x7ff6b6dc5470,0x7ff6b6dc5480
3⤵
PID:808

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,9221486254553418634,7951928315327301160,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3908 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9221486254553418634,7951928315327301160,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
2⤵
PID:552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9221486254553418634,7951928315327301160,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
2⤵
PID:4456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9221486254553418634,7951928315327301160,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
2⤵
PID:1468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9221486254553418634,7951928315327301160,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
2⤵
PID:3792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2140,9221486254553418634,7951928315327301160,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5728 /prefetch:8
2⤵
PID:3980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9221486254553418634,7951928315327301160,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
2⤵
PID:4608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9221486254553418634,7951928315327301160,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2688 /prefetch:1
2⤵
PID:436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9221486254553418634,7951928315327301160,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
2⤵
PID:4408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9221486254553418634,7951928315327301160,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
2⤵
PID:4228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9221486254553418634,7951928315327301160,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
2⤵
PID:4768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9221486254553418634,7951928315327301160,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
2⤵
PID:4012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9221486254553418634,7951928315327301160,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:1
2⤵
PID:4232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2140,9221486254553418634,7951928315327301160,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6288 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:3276

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9221486254553418634,7951928315327301160,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
2⤵
PID:5020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9221486254553418634,7951928315327301160,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1
2⤵
PID:5092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9221486254553418634,7951928315327301160,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1784 /prefetch:1
2⤵
PID:184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9221486254553418634,7951928315327301160,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
2⤵
PID:4552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9221486254553418634,7951928315327301160,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6512 /prefetch:1
2⤵
PID:1364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9221486254553418634,7951928315327301160,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
2⤵
PID:3860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9221486254553418634,7951928315327301160,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:1
2⤵
PID:3420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9221486254553418634,7951928315327301160,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
2⤵
PID:2260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9221486254553418634,7951928315327301160,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
2⤵
PID:1976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9221486254553418634,7951928315327301160,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1
2⤵
PID:5064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9221486254553418634,7951928315327301160,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
2⤵
PID:2824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9221486254553418634,7951928315327301160,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7120 /prefetch:1
2⤵
PID:2092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9221486254553418634,7951928315327301160,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
2⤵
PID:1352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9221486254553418634,7951928315327301160,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
2⤵
PID:2512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,9221486254553418634,7951928315327301160,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6432 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9221486254553418634,7951928315327301160,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1
2⤵
PID:3648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9221486254553418634,7951928315327301160,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
2⤵
PID:3260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9221486254553418634,7951928315327301160,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7600 /prefetch:1
2⤵
PID:2608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9221486254553418634,7951928315327301160,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1
2⤵
PID:4496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9221486254553418634,7951928315327301160,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8068 /prefetch:1
2⤵
PID:1932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2140,9221486254553418634,7951928315327301160,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5604 /prefetch:8
2⤵
PID:2312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9221486254553418634,7951928315327301160,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:1
2⤵
PID:1908

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1908

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x408 0x33c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4916

C:\Windows\helppane.exe
C:\Windows\helppane.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:2504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://go.microsoft.com/fwlink/?LinkId=517009
2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:4036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffedbee46f8,0x7ffedbee4708,0x7ffedbee4718
3⤵
PID:3552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,17465928862169940662,10893577599886953991,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
3⤵
PID:4396

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,17465928862169940662,10893577599886953991,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,17465928862169940662,10893577599886953991,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
3⤵
PID:3008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17465928862169940662,10893577599886953991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:1
3⤵
PID:2512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17465928862169940662,10893577599886953991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:1
3⤵
PID:3600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17465928862169940662,10893577599886953991,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
3⤵
PID:4340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17465928862169940662,10893577599886953991,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3856 /prefetch:1
3⤵
PID:4796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,17465928862169940662,10893577599886953991,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
3⤵
PID:3128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4864

C:\Windows\System32\cleanmgr.exe
"C:\Windows\System32\cleanmgr.exe" /D C
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:2652

C:\Users\Admin\AppData\Local\Temp\E97047E7-97DB-4291-AA2D-BB4C5A4D5CED\dismhost.exe
C:\Users\Admin\AppData\Local\Temp\E97047E7-97DB-4291-AA2D-BB4C5A4D5CED\dismhost.exe {E1BB27C7-A8A6-4233-9B0A-9DC2D2178A96}
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:3336

C:\Windows\System32\cleanmgr.exe
"C:\Windows\System32\cleanmgr.exe" /D C
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:2516

C:\Users\Admin\AppData\Local\Temp\C3071437-7ADB-4723-BAD1-4B4F5CA28FED\dismhost.exe
C:\Users\Admin\AppData\Local\Temp\C3071437-7ADB-4723-BAD1-4B4F5CA28FED\dismhost.exe {648FB013-FB95-4C12-9F5C-4EA95DF5DFDD}
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:3356

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4612

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3950055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:1892

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
Filesize
1KB

MD5
178927c3fd2d054bc8049f91c69bb368

SHA1
a858a7e3850a3bb6e8cc94290f68dc05761e7e70

SHA256
330eac584065c18fd6aa8aa9c3a27e8f38a7ba7f70857fc6d64c118601a5ba0c

SHA512
9d86c27e338bb499e8168d0eb257b918bf7e59c5d95e76a89b178c7e8c5f64291183f9848c4aa0148812aa8cbdf40dd9cb0293e97a56ceb9cf5ee5bf7312d393

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize
471B

MD5
8b82e64a7691fb70aec48c12c37eb312

SHA1
96084b73e24ced2adea93695f71a62092771ce79

SHA256
5e1b36f0cccb94221d862d2fe35c892d699d397a87f74f18a668a57ba7ef8d5e

SHA512
36802e6043f76d717a376d762f84e89be4bf5b6675bcc662f9f768dfe6487582654333ede1f871cadaa5b5120ad5147ca81bd79b5092623d38f1fbf4037237f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
Filesize
438B

MD5
127b3f09ef8d4ced666b66b3f6e8a11a

SHA1
96f5cdee3447cef658718066336b0476d2e4aa63

SHA256
221f06c29cff64c895cba015c3b2283d77d997ad85c933816b01a15206183201

SHA512
b33533b9e2cb0529ec0c8465898ebbbafbf716274e085ee0b31ca1dcaf0fe776f2ece64f440fa7b16bf89e9a52a289bb5d037093b18826a9cd461f90d66b462a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize
434B

MD5
62cdd40fc217c69e39b430897ec46213

SHA1
978afe0b57f37f3a01ee7ee324d84df2cba92811

SHA256
18a1d0658a6e1a6c0221d95ed4d0e2e2eb5a687ed9d106aa24d1f16297b7b7e7

SHA512
d06a0bbc1df1ca751645f260a3d3a70a9d4b62652eb7a9ab88c70f3647092e2a41b54ed997baa24d5ccbd52d02d831a2be1e9bb61f723a11560fe542f86bddc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
014c9ce3e520f19a8bba679c7296f8c0

SHA1
dea10f30a0c313c5c9e23e45b21ed5c5e02624b9

SHA256
8d37ac330684d1c59dfd971e5e5b8b1923e4d127262a8ed5159896358c52a295

SHA512
d473297d1104abedeb488e33d49b6d563d0c8e002dad29abdcd7b7735e14d1b32c36bd057421a52befdbbbce06260c58530ffd38aad4878af74a722e664f050f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
014c9ce3e520f19a8bba679c7296f8c0

SHA1
dea10f30a0c313c5c9e23e45b21ed5c5e02624b9

SHA256
8d37ac330684d1c59dfd971e5e5b8b1923e4d127262a8ed5159896358c52a295

SHA512
d473297d1104abedeb488e33d49b6d563d0c8e002dad29abdcd7b7735e14d1b32c36bd057421a52befdbbbce06260c58530ffd38aad4878af74a722e664f050f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
74772d44bd57caa87b1ab5641ddd714c

SHA1
a76f5b90ed28fe7678fd7dce57073bb9344a7411

SHA256
e12de4c8c5bb3808f4a9fec5f4c6957bfe75794f2d92cee7089828b38fbedfa2

SHA512
5aec46ae45a1de627f5d526b8e2c884910708f36261993c96a81fbe2e71745ecabea4915225e0b3fa90af86001aee2f2295006a813037a36098dca1d38a9aabd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
381d75be2ef0d97091c9ec08d18ee75b

SHA1
e23445bb9d2c4eba3022f1669fa7a60f0a9ddb32

SHA256
511d5c40d8d21c727ee7d4e43660046f85fd519aef01f49a4e1cb227a06a4738

SHA512
08d1bf00a1fc33730a758ac3be8cf84e3ab45ed302e29d889f98c228d678d4165e4719d666be1cf19cc5565e3c3a0d178b54efb8df42d9364f94cb8b6d9b3302

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
462f3c1360a4b5e319363930bc4806f6

SHA1
9ba5e43d833c284b89519423f6b6dab5a859a8d0

SHA256
fec64069c72a8d223ed89a816501b3950f5e4f5dd88f289a923c5f961d259f85

SHA512
5584ef75dfb8a1907c071a194fa78f56d10d1555948dffb8afcacaaa2645fd9d842a923437d0e94fad1d1919dcef5b25bf065863405c8d2a28216df27c87a417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
Filesize
62KB

MD5
c75e16ebee81303c7d361cff076c69a7

SHA1
ed658ee2e5f92380ec1cddb47d9294d26980ce69

SHA256
da5719acdf85d2d237fa2afe4cee6fb0c81e42dd8f4d5e85d674932d79a23e00

SHA512
dcde0b218d0288af970d1a2a84ea3f4d203a7148fcb328ce0b6b72fdf49e7f39bfa61242e4a5ebe884daec18387be8582f59157b985265e4ba3fca78721ca381

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
Filesize
67KB

MD5
a69d5a892093579ba2eb14e030cb887b

SHA1
1138a13f8c61e87ffa9f611345fbe1c57d836725

SHA256
7076781310ea6ad20afb3e8d4089aa877eada0cf19684b44a615d779c1427f65

SHA512
85a8327fc6ac3f7eef2a96454e3dd7a284c99fabf8f6d814382714d3ed8ea21f7f7b6d599953fce74989a64a4c9875db844bca0710b333646be1f783edf7d6dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
Filesize
38KB

MD5
e4c780a544249a7967b82f07268ef432

SHA1
64b38d103f06b8de4241c62835f67b28a96d286c

SHA256
4d2dc675ba41d56f2aa6cc1286f3f127590c9748f7b4e0bf4c79b0b4bd620a9a

SHA512
74b9135f09dffd7a081889235d2f4c7a343291a4c4458ac69754cdd5790b455b9b98a128561d516202549e83671de13cc4e4b9cfb3ff195dc3d23b42885edf49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
Filesize
18KB

MD5
d98f6933949ebc124cc652c76b4523eb

SHA1
b5cb19f3a4924d02e67b3a41c6474a741a6a6f73

SHA256
9e3f1271c142e7da1cde822650f2c087db51c39a38db21cbfbad503e882116d5

SHA512
b6eb511bbd0a32ecaed2c24fd4b9638b5b81f322dbaed7b48647ab3e8c2b1c06e23c12ad10acb24da0cf18843104395e14bafc1cdc4f8af1d104fcce3cbdb638

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022
Filesize
33KB

MD5
d989f35706c62ce4a5c561586c55566e

SHA1
d32e7958e5765609bf08dcdefd0b2c2a8714ce34

SHA256
375dfe942a03ee024b5cc827b3efda5550d13df7530281f50862ce3b33fcb716

SHA512
84b9347471279e53ec5f151caf47fd125b9c137d4bf550a873c8f46e269098ea5e2882b1dc1fe3b44095308df78f56d53674928f44a1e76d3bd7dc9d888d91dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026
Filesize
47KB

MD5
19699f0f6a53ebc90c71e6264d3e6276

SHA1
c0ada614f35aea455f9d051a42b6461ff19f1630

SHA256
656aafe9ef5a8831a0194aea6ebce129d2fe9907f2b6bba2a80581fa1addcd51

SHA512
23fc690bd3133c2624020329dadfe9206a74598954d2eea725d55bc1bff7a769d3811f0a4d56fe0b187ecedb88e268d8252627a958728b909d73ae07616aa3fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027
Filesize
19KB

MD5
ca7fbbfd120e3e329633044190bbf134

SHA1
d17f81e03dd827554ddd207ea081fb46b3415445

SHA256
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db

SHA512
ab85f774403008f9f493e5988a66c4f325cbcfcb9205cc3ca23b87d8a99c0e68b9aaa1bf7625b4f191dd557b78ef26bb51fe1c75e95debf236f39d9ed1b4a59f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029
Filesize
117KB

MD5
cc57fc633852467183e13878195494f6

SHA1
ff2002884e0f1741b84c1d759fd21dadd13d70e4

SHA256
7472e67925544939c5fca52d138f6d18ed6818080220b91ded2f103e24c7cb2d

SHA512
c4c9af5aeef7c6d63c29acc7ebb7fb16aeb288a953bfce63821687d9f7331bc110377763178d8b5293bc842a9fc77413d658df42981b5631536cde010002f2b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a
Filesize
16KB

MD5
2c094d7d94be387a5c7fefe0a19f3fd5

SHA1
03f0f428af901d71836c91fc085612a72da54252

SHA256
f37add73bac04d18dc5329b7ac8fef1cfe18502a540cd5aa6b8a5f7d49b9641c

SHA512
726c48f3fc53162ab312a33f13dbd001ad596204af07e889f47392d24e4bb0938c7bb8d1a090a116e257c39b6bf62f0471934a2d391a701f7792e32f22075e14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b
Filesize
32KB

MD5
a5c1baf4d59507093fecb277af7bfe00

SHA1
9e2afe1a95d9022027ff6700bcc624a32bd35e32

SHA256
f34bdb86293948699847c148d0d63268c6e6a8f15052b13e4daf02a189846227

SHA512
32b4e82c52a799e8db6bae740f7231a7eeda8dfad0d68828eaf8da8c2840caf53201629d443ceb437bf7a730334ccad25c0304715ab9b95a09c629a2bfb76182

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c
Filesize
91KB

MD5
160b639118ed63ab37d9edd3a2854696

SHA1
82ac61926c9b2e8c33e48f9ca126090a62b4759d

SHA256
253a78cff6b789bbed315437cab299292071c323b2f4efb3eeb084ac8f0e8eb0

SHA512
212580eb3974c30f020ac5518fc7908596cc5e8e6bd4d2ab35648f10ced1e7baa8ef71f48732e402c777ce0823b92278a5c5bfce85f907a4001e2cffe3b8a254

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d
Filesize
126KB

MD5
495f9fce6be31b1773027e3a0413b4cf

SHA1
7404697685bade1e3459080dccc4ef814736a7e6

SHA256
ee99a81dae33ff2dcff1f7bfcdeae9b8509e95087df9db4cbb34ffce2b9f563f

SHA512
41cedb8fe384094f91ae32e0ae642d8f09709376a593338819524a1f69d4b9b4618bb9d69eb276c553f2b5018aa4fc5feb50437dd09b210f28a0721a6b58b2b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035
Filesize
18KB

MD5
aa9b83f527f9508819df2255c76c9f7f

SHA1
1e7a051eaabce7e153f98f64ee0e84e564e194b1

SHA256
fc16cd578cd72cb69bb15aad729eea569f6565edb0067f375e16069de101c0c1

SHA512
6dd3fd8a0c26ae7f5efa37fd33849fb6bca273eb610dd5d6176bb4dce965301c6a362884c2e6c168fccca234375cacb93a5d0755aaeb46f79030f000c7c2f9dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036
Filesize
48KB

MD5
1e7768364a8db1e88535d1ca1ee9cd6b

SHA1
90d26fec8305c95cc5f6fa4b2398456d88627570

SHA256
eb24872de47889683879df871844b6468d59bb8126f106189b44bbe305853a0a

SHA512
a47fa27c6b7fe18bb7e82ce09f30d3cebc32a8cd63da4ca822ceeb1ac90569bf64e66632367673c1da9e3983c330f26a6edd7696e5e6e1814cfedef017d0fa19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037
Filesize
50KB

MD5
76cbfdea30bc3bceb18667c8c79c5c80

SHA1
8058bf49903b1fb1523b42b98ecfdbf0c18d623a

SHA256
9af26e8bd2c281c25bd1dc4fa4ac2eaa229c03108d8ae6370f2819936cc23271

SHA512
8e37f5b033908d4d7b2c8fbc5ea7c0b7cc83bc12d1c787c5e9d14de99c6cbea1ee4756868a01e2e209404ba2936507cafa7092fc869230b8de9a38f0ebf452d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
d3594ed2c38ef9d8f2de792727203da9

SHA1
fe2a796367e26e95f2f0d30f148a9d2cd7aab7bb

SHA256
7c5f340403268dd4ed9933a834cde0f0fe8d098f3e6cca4c6292ed4e3d1b55d9

SHA512
d6edb393f11d4d06dd568959ac0d20ef005f6a9ea80b4a4faf9cbff833fceed74e971775620cc8326902b36e72b672e9f6ffbcfc53941e57d374f416261f1954

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
4d42798b1f7d8acc2d5dc7dbe986c474

SHA1
1c41b150a3414cc31aae6ccf592daa07af4a968b

SHA256
069711672dc7dbcaf6093c8259f1a39ec0019370850ea864b71c1fb634a189ad

SHA512
9b7471b66871c379b147f73a34e5558f8ba334248639e0039c55b8582f60ec2b2c5259ff4af0401e06b36355cec52d12f467456315d31d40a47b134c3814e492

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
48B

MD5
d391300e4954bd533f7c1a43b2798c0c

SHA1
846f925b1d3750e48f495968755ffb50cb4800d1

SHA256
02bb5dddca4d3cccbcd88522ae428cd9e5b3605b130b8f08dc10f0f65a7b416f

SHA512
603b8abc86b1880768021b34d8fddf4dfd2656c4ba07c9b499e4e71f4536d399284ab32925ef5fc1cf6f7b1d6bcdc36dc95784f6058c1d62b587b71e1c61dd76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
a34e9670e0bf42a0be69dc5b3ee58f1c

SHA1
90d33064983f43cc683c5b082304a0bb729622f2

SHA256
5b315cfebc3fe4a04d57585752ecbe3fde44905d4bd0b6ffc490e2a140157cfe

SHA512
0c1b088420bb1d000f48eb52538b332ef674061316108117be5729eda68e946200a0863a82eac0244c5d9773725de8a4de28678a4b672a7dc7d707cfa56f9f6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
Filesize
28KB

MD5
4a1352dc4f6360ccb0cbec2d1f39e89e

SHA1
3a5aa3b44db869f5b28c848a7159e2cf1021de2d

SHA256
fbbf2ca30d178e21d5f2b7185468664c69338beb5324d22bbc2eda3647ef3b23

SHA512
cf576ea6619270affdd397a52719361a59c14ff6df55fe8361323a76500cdc5f27f1a4798e0d5b724e05fb678587dfe4b88399fd599609e1df32935f5ad0a692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
972fe3360f96012a8f1e23e117e3eb2f

SHA1
44b61562bc89a9c23904987a1798d755903b2de3

SHA256
bdfc6f1369bf796aa503f4ec69e81e48d018980f5ae667e0c2ea38402b8e1aef

SHA512
b7aaaf4206a1102d2b457ccb1701216b1ee95053ac796021082cfcf85fa6818eb64d92607f63bbd0cd51a6e49748d417fe837101c81d26fddbbb789c375bcdbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
Filesize
124KB

MD5
986d472b84b7dafcac22cc6965bbf8c8

SHA1
0744678998d164f34755acbb9220868fe9f48b78

SHA256
ad16f0dea2b3c73708d25174341c77e1418d2a5f5bd75ae70012a7fd86fdd49d

SHA512
3c0e9b69a358a20db50bdb7bba656137c5916788ddc0872f9e43d1ba200ffcd988c570b17f05b703c9e8088cf0403f5988ae02de732eb423827379bc431e4402

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.microsoft.com_0.indexeddb.leveldb\MANIFEST-000001
Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
Filesize
331B

MD5
cdd719af03899c9476783cd2a06e90ad

SHA1
2218e8db30be74b9ff5b1db7198d0fb83c74cd2d

SHA256
03afcf4cfd6dc27c9eadd5758cb1f2e99a94b84839cfe9db84b4490625d79db2

SHA512
677bedb5fb11289f5f60397da5b52d7f49f9ffe02adc2805a321ee0964e5e2d7bd2198e30af80ea6eca91feb1172fca52baae0c2c69ce7a10e24f8b787d70590

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
623fe8b721095beb15504a606683d085

SHA1
3e902799ee12e86293beaa51c4bbbe158582710a

SHA256
937bb4ff1bd4455a236722458821829d38813a97b4ee50a7b0ac1bafca96f818

SHA512
4e870e4bbd5e202fa71f16c6ff5c40f30fdfb5b541447d80526f8e79b3788477481a2937a275bc9eaad9db4deba5883a03752b70c0fd06d2d0ee6e37b4d08a08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
c637747203a2415723f762c05765e92a

SHA1
f9b0242a4b8fb24ca74d0bc5748fdfd4c8b69407

SHA256
ef711f870c4a6f8e284b55da75edcdb1c5f43cde16634d7f6469b6108e152e14

SHA512
8fb002e2ac5b1dfa312ef64aa4d73748c9329aed034e1cac3a16c2cd98200054678b69b60671e408d7b90d985bc9d8d9992c48579fa46221a8d6d505e0ae2335

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
7KB

MD5
25729d00738398687183217608273253

SHA1
1339535776e05dfa55503513660edf5d6930a4ae

SHA256
bb4e0e16cabc04030e17c182e39e8d907b2993f42c37dc8e6e2df5fc1c699696

SHA512
1b3278d67e19eae412390c77088c33bb1c5f156c8e22c997423e2af72c35381efc06d5da3a3c7b39e4d469579a5611d2ee232b21e693ad76c2b0db49885b2b47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
6KB

MD5
3b2cdafbeb1c5cee10a6aa8c35af703d

SHA1
a2b3e4f48ad2fc09537a6391ff7d7e6c6c8dd150

SHA256
64c9a695fc55bb040ee5119bd689f01788bb464c8a7b377efec22f4af57f93ab

SHA512
f1ab64ba25e73180560bc6d604ef3301691c26cbf899868857dfddaaad19f7d9faa827f8f18bf816a4a16af49c6e6754eb0481f451486753eac950b89f2fc521

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
6KB

MD5
118e6d8992fc3e2f9015fa6f68611020

SHA1
ab571fc60d687edfcb41ab6d4bca1f63bbd75ddf

SHA256
7f63a90150c19cb18c2db980ecdf6a838ae501889f1cf0d684bd602f94a6a7e7

SHA512
e8de00d4476aeb50bd178965915efdc7af9c69cbc1f09e260f321d4d4ad4827bc3863ae99fd958a22171a5e2e050a1eb5e9ec0fe570e7c0f03dee00a2ad8b385

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
97f465ccdcb42040f6dc6c292ce9b705

SHA1
cd9504fd9929b52d86b59f682f5eb54c88aabb0e

SHA256
9e2c5172359cfda9260881acb4043ead8d70998313409ccdd2d799b8da618b28

SHA512
f07cdfdfdba9492bdf62e827fdf744ce3501078ccdf1e93f87a75ed27f274f7fc64e3d96b3cbb8e9472ed36884cb06339484b847d7e7f7da9bf5f50713eb8d8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
0d23d0e569da7fc9376c18d50b284b37

SHA1
5ff757383441de2344f1a1142232c479a810e214

SHA256
12046745b2362078f4ee5cb389e9cd3beb4e3f828f0e19bfaed0f59bc477885d

SHA512
e5366d58dd818c2259c26294d2561e2711fb1a5b9d8b623d54617d4bbdfa67dbd5e2dddb1b17d07061cb077c04ef92b0fd8e89420fb82045c0163ec151f6b7a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
51af63365152976e6aacfe9b2dd29bc6

SHA1
27ea8bcdee201c2c53be8609c1483b6c78e8912e

SHA256
ba43cbdc16ddd550eb840f94cfb233b8069f9ee5a1e6435629e35e2e1f79c94b

SHA512
290a872bd41d4c1feaea70df27761125962f49d5273039d8ece0dee170c3b9486b7f566c55126ebc8118abdf62ba72d379d17d7c3da16bc7fd459fd53f2cd6aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
11KB

MD5
a50945c8f20bc6493691a7f32bc19c8f

SHA1
10ce6b7c8016480f7cbd76378cbce3395f2e3f17

SHA256
4fb667db720905ccbac761a4519173358cfc74bff6195014a7a23aed27ebd2d6

SHA512
a83e8a17fe574b3393e449110909f726bfafaab25a764b363244b6bc0e12746c6bb7f25e60ff013877c4c330a976679a06f365ffbe7e31c06555b057c781b1d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
4KB

MD5
1b0b5424f62e1f802ff5ff2799811139

SHA1
bc4da7d2d95d09c86dcc9143b8ba9534746728dc

SHA256
e59133838df022b9679c1fa22a869809b37c41539032b7cb3e262c4be047124f

SHA512
aa9fc258859b1d85c7848980b4ee4b9cf7116c2584c36332f301b4c7d40a736919609c966bc823035879fbfbde2414b7a675ad684c819ba74f9d6b5dbaec1917

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
88c34dd59235c3569f50098d304918b2

SHA1
5b4304b1b6f054fb0cba184306d87300b6bbfa8f

SHA256
a2d6f63709b600a98f9f8e2002aac68834fa761d8317281afe16e29c3edd0c2b

SHA512
ca6ec1280faebcf8fed01431e6e809ccdf1fdc4d759a17d3add4bb9a979b29e635ce328a18ab6c00d3e13b76210e10f10e60806eefbd37ae7d1d6ed88b593d0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
7b013f071887c71eef52b580ed13f2fb

SHA1
e115a6454dfa1c18071cba535e38cb36adda05e7

SHA256
c34813ec6642f20f061c5f8aa7b35b6f10bfc0fd484d0788cb8bbe91dc415318

SHA512
b0d578d2ce5d880650815fc5f1d69f5c675a5b75c4879b01774e208587ff5e6d3202cad3c26c9df78af1f2b49b51a04dba85223cfc230084f9dd9afcbc21ad18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
152902308adb99b9f33fb322a67632d6

SHA1
5cf8d66a4a12c83a0d332b2fc23177eb1f452f40

SHA256
cf0acae551afb390c062bf72493c57df8e57d722cced0eb7fac644f63d9b65a2

SHA512
c239e9bc0679d2b95895af23a13fc97c3c02fb96a77ccb1ff70004101af726a3d9342ede569be2ac9ea2e0e7373d0f1e9df3dc0f8e3a510e2868c878059e521f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
722d563e55882a39cfd36fdaf7bb1470

SHA1
8cb96cafb41812b6707084d869dcb90c6b1fecdf

SHA256
91544c21d02e2386b964d099b08799244813cd9562ae729840abaac309e83e4d

SHA512
00385be2bd41c8a491b08200d84f221e5369089867623ea92115d689687d0fc1457569bf5e2e4c27fba0258f1496788f0393ba0565326e2e110b162f9b40f5ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
84b71c84de62e23a4624741ef2d39899

SHA1
c25a2f628e0864352c8f6108bafb36c032240de1

SHA256
51bdcfebb816ec2d99d4a886ebc19f76bc4a831b7fc70ef505b5475346aeee36

SHA512
97f01465e498312a4efdba2ff1533a1dd78fbd1e14509584c9282464609e3ad165b3cf7296ae29395cb6e1a3b98667d92a1950f6750d056ff04a92cb3c78878e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
61cbfa202bebd16908cbba13586b8daa

SHA1
15792b0e9333cd2c9bb3d0f2632ba4664d124779

SHA256
867fe40e9973e45b5783244e3a12f4ec4c9e077789c4cd5e556294923f0f5e64

SHA512
4aaa7cb82b67cfa9d4e44c896256f436ac451869d0f1e9b068f96cca6e773ce55a836ebc1e9d6f0d96f2afd6c8fbadeccc26a735cde14be1eea93b6a6102b2c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
11KB

MD5
296c19f9a5a8925b902963c5c0c62f99

SHA1
aa1ac1b417af24e6c0cac634811f45572b270612

SHA256
4bfb6afb0f4f8bd8754875ebd492f8af59889229e7cce8c6e5e74751c059fe4d

SHA512
98a4fd70b898c517052fea408b83a56a8a9f9055522a7a1a4a5d09d7cd0828925615fbae3578eb64e388161cdb0082d43cad5b6399ed94836a5247a7f601be32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
11KB

MD5
296c19f9a5a8925b902963c5c0c62f99

SHA1
aa1ac1b417af24e6c0cac634811f45572b270612

SHA256
4bfb6afb0f4f8bd8754875ebd492f8af59889229e7cce8c6e5e74751c059fe4d

SHA512
98a4fd70b898c517052fea408b83a56a8a9f9055522a7a1a4a5d09d7cd0828925615fbae3578eb64e388161cdb0082d43cad5b6399ed94836a5247a7f601be32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
11KB

MD5
67cec186fbe01da20215bb62e4163f50

SHA1
384de2076357e6af0c34c04602810bf32abea2f5

SHA256
b6afc7f265f2f3ac2b48d8a8612d7867c8f55c9cbf6250d68e40fb4f2d3936ea

SHA512
ac8e2a31d329ec9951f55a7ca1152189cf0f16577cc24b7194c8d4aa73a07d9d0d05facfa2487aa323b81864517bf77bb2977ec282f7168417c9e00d75e0b2ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
130644a5f79b27202a13879460f2c31a

SHA1
29e213847a017531e849139c7449bce6b39cb2fa

SHA256
1306a93179e1eaf354d9daa6043ae8ffb37b76a1d1396e7b8df671485582bcd1

SHA512
fbc8606bf988cf0a6dea28c16d4394c9b1e47f6b68256132b5c85caf1ec7b516c0e3d33034db275adf267d5a84af2854f50bd38a9ed5e86eb392144c63252e01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
c325881ebe65f710ffde9291a337fa80

SHA1
1ee282fbda5f7c9b49406abfc182cc83148883e6

SHA256
3b769be053cc0fb275a708dbd5e7cca5af41a5b4994385cbd19266e880da9c0c

SHA512
f28ba69ec56f4d1dd8e241cb47d4514ac7f9d9cb177929f1c48dbb04bcc9adea13d95f415dfb4c660eb3c79ad1211ca15459b3c566179365d026ab3e5b4cad0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13324999086261019
Filesize
63KB

MD5
cd1d27bd57c551becc9c90446107082a

SHA1
49c69f77dba0eb6f76bbab1a5dbef1210cd498aa

SHA256
55c693cf75e6e3b3b594a9bc81be52cb9fe5fa6fe6a3477feb1b4bfdbd693933

SHA512
836e468c6d334dfb7899bda7861c5070d552e1ec8151dfcffef4a12c34ef14a90028f3c363df5ae8a4058e033f59c8f26de63c9dc89860125a3c3235d46c1dcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
Filesize
316B

MD5
317778f9642bd47e9611954d6169bcb7

SHA1
94d35260c68b551fd6a30e31f9207e6759e18773

SHA256
1e70e1b7002551c7f90e1b20bd42f9be1aeb428c91ee8c575e84dc3384ea3b5c

SHA512
d9bf96e10dd8671104188911b9d3a2d35fa85c2ab60e2166f54390fa12d3c51ee3c8006fe0167266a99772e7f66e91ca6aeeb54472dcee32e967fb82ec61f09a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
Filesize
350B

MD5
e9c965b64ee36bf6e876b05b4c0d7c48

SHA1
f0c041ece24fe8605ec5de3ea1c246bb5907cf38

SHA256
df784c6e444efa946226b36b5caaaccd3a84e29ae950d347a698c32ad901e682

SHA512
d2b88f769aa9a9c425a47d7f8afbe051c9d4349119e934958d3dde18c6c06047c1ea8379ae014ac356fdb164e1b9e0c56913db51d2ae52c2557c90bc6664135b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
Filesize
326B

MD5
92a602769835130cee620729fd33ec9c

SHA1
be9b51d5ab267aebc30a9c9b4b8b6fffc3eeaf59

SHA256
17c612fada93b32184c65a186172aa22bfc9a1984aa27c1b79d50b6f06574a7c

SHA512
22663ea619e960c286817c0025e3a47314e47ffdd1b17a6bfd1c0d8fdda882ef8213aa94a1f8784d43258bcfbd6f65d77ca35ba35037fe4256271a35db5e13bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
dba0879f702cc58727a933be08cbdfe6

SHA1
918b015a1197f0e92e54f132f1a3151f16e3f5eb

SHA256
fa59b4476b41cbbbc035cf870dcd2e5dc837d283d9a0a8fa92dce928fcd2d9ec

SHA512
bfe374af68066640fd6ed2020c95b9ba6a8e7b89164df83d784c50f8a70caeb2adee13e1055fb9b0af132dba27725ac1bec97f202566ec94e0a12d2329697dd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
77afb613cd1d5b82f2a312464d327f27

SHA1
91c74b830f1d0e93624e1fb2d62e02eb8b5243a7

SHA256
cb79d378294ebba14521abb9ba833bb9dc1641300848f4bfedb4ce0a1e7fa52c

SHA512
ae8e0362b5b62d604e3b3a498b879aff00b0f559703f40e3baa4b59cb4c237d633411cb5d52fca3f354f84218b3ee423ea788e7bb1312b6d148488152dc5237f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
dd639511dea15edca3137ba05fb00745

SHA1
75b685bfb30f217af653e55abb504e67afbc23c5

SHA256
597a02337f7bfa01d04fdc88b5a2bf66fd3e10beef01fe97fc7dacb4d2bfe51a

SHA512
1a9ca8d8e646407d08bce50ec87146f7a6595156c26e4845ef5c5a707ce18c6270b27f960227c1ee74b402d54fcc76df30015cb4cdccc03fc7adb5a8c25250dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
4b2a8995df23d8098556f0e2c71adcf4

SHA1
f4e2dbfb7922d28b06025713f131b147b7479a8b

SHA256
c197936c5e2a147e01fa689fe616a63864ba2b1d68d3cd80be5197ef06e62bd3

SHA512
f365c9c1ed76769356cdcbfbef25637fcebb6296625a6f087c2327e0b9a5b477b459438be9af523e6016fdc207e1c6842629a0178ea4852c94a1ed7933e43a76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
edd3e5c500ddbca8d626336596f0ecf9

SHA1
acabf3471fa982466b9a8f6077a921e254ea0b4c

SHA256
3a3c3cf90bfd99f874fbbb2f130c41cb225ad9400be2bfd166ae84898cd98e90

SHA512
35c2e263d56092295eec6b7f6c3aa2cc445e2bf83d154d5e5143ccf697de9d1e17a22983d021aaa07f5be89411c3ffc75a63fb0d184db365d04aec5f54ec811a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
ee2cf187797bfdd16565265d4540f997

SHA1
5e07f698954d94994dc4a02e69b9e9122485110e

SHA256
91168fb20b6a8bdf2faea76c84150dc9001af15a66db3a1a40ffd3d8d533c08f

SHA512
7d746b5b811683c510262d3054a3091b881ec21ef1cb55ccf236da0258d8d545210cde06bf889709c070cc5d33c9261a5b55911d80800cabdb6b4a3d63bd30f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
f0a8b522cbac39828ea7017705c9997d

SHA1
23961ec805802363416cb416b96797b3e9659c1a

SHA256
f196b30b46ca315cad08690199c1e1cbe526356dffb47d14105894cf7c953e99

SHA512
659ed4ca18622537326b624ac89dd1680f17ffd76afdea54ab32b8e78d605a2024231119340e134321b348007062f7b9b105d536792816ac96b1244830f9c8c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
208fdc08cf2d0915158402464191f41e

SHA1
c4376659b53ba3e406be4fbe2480bcc2ab280191

SHA256
4265894038b73425050f0d4092767df95bf4855ea50de5a24e79645c86e91e96

SHA512
36df927245a8c38ae0b6ad0b027fc3802328e004b273055c209a10fb4af11ce1507a9886828e6fc067d226c8d52993682fc7c78e427e35b6a67b0fbe044ec9d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58f8c3.TMP
Filesize
538B

MD5
303ee412469c939b6e8566a2d1851434

SHA1
098c81d71f98ccf01f28ab0bcc9adbb4ba10f622

SHA256
af7a4eaf6fbc3f1f409345fb8c9c830c932c8e36f23b18a4197e97f06f626bc4

SHA512
f54c19d8e6e1bbcb9804913da295eb84bcc53e965c937e3973f93032e4fd96c3c8d57008ab8bacc38d34a7988fde8e6ce1a71de9790aee4d108fd2f4ca31ed25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
Filesize
128KB

MD5
ad405c888ab31f5b51c8e71a353e7f02

SHA1
87f73b1f5172b55fa5d3e9eb0ed3b0c725090c6e

SHA256
18c00525694f90fdccd966ab171fff3b70e2e4222378b2f4aab59dba3d9ad331

SHA512
1967027bb71ab14a01fbdc92f6d4436d0070d85af0d2dec4191ae3c357032aabc0b575458dfc83b295704f4f373eaa80d11c67751031c447d8657b9eec9f18d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
Filesize
116KB

MD5
a589989be986d3fcc8662f3bfb4b9773

SHA1
f5c61c249e7bbaf597b4e00c245d8fdd466cbd8a

SHA256
b61b26a9b36b40e64f22e5f0ce91e0d720772de7f4fb78c82e8121c0b2de4b17

SHA512
97efb70a1c6e78b521ec46afe8700e80c2da38520d7acda2270dfa156b637707a74a0ddf56220f6c5657792a2cecda16ce220afd2b30b53a58d268ee14ac27cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ccbd1cce-5274-4975-aa95-193a48e5e370.tmp
Filesize
5KB

MD5
d25020f8d57884c8cf19c9600e7b71aa

SHA1
f1b542f56ab2d2697ff80a44f61bb5e59dff2b1f

SHA256
30941629cad3db37f9657bbc2aec54cd377d83cff06a6a1460f90e9fbc191b65

SHA512
807fe0f1d245d8ef4bd7ebee70754494bcc25bc5dfd34e1f8e40608691b94729455feb74c43609c21237122786349a316b47df4208c508c7409539e4f80ec123

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
9KB

MD5
4707c164c6a93e261ebf0f0e725f04a3

SHA1
94e52ea0b9294617d669b08033e32a125fb0cedc

SHA256
45182b6747f31d5e5cb838e85fa510a28049366fd3e03e1f2f908b1571b836cc

SHA512
912d3b8ff55b7fe46490c09562f9b8fd37db8fb9b015ca08d1c1295c6fc073569f01a9e15895c1f643000295734faf1bc9f523814f7cf5e86c6bc8ce1fdd289f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
c3d8eb25c191ad6eeda0c74d4f5bf6d8

SHA1
5ec677d8ed16a30d29a605c384256b39f755f984

SHA256
1e4829b168c15351899aa7a9454e73224b3ad4349eb6b058e5d5a45a64a4bc22

SHA512
0474bf5d236116ec8461f4e88e3a5df8712d33a09227b95cd99521d86a09c70061bebfc059106a0117ef3b78f268aa7c018563b9f22c35f3645a176cefdc10ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
4a9f69b535fcd513c5d7e8c0aa072d64

SHA1
459f843768481f76a222ba2148f7178e8eb9d7c1

SHA256
c6d230f2a8080e22a22c0dd8af149e93df26c78e83badbb059eb4d0eb633776d

SHA512
99be470bb21b5c30d45913a6a4c4f85e37466e8ed9005007a794249bebc2228100b4e59cb76a478d3802f66d36f8e428c8611e2e76d5497b0424bb65e6537bd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
3a93e31816eb899f952865bf14a8f09f

SHA1
d859bd89ff680393a3892f957af34af4724be72e

SHA256
0dc1807b301fd126b3a80f1f63cff1260fda0a1fc51607aab1a3887eb961177c

SHA512
7a8ef50f899ad18b83d605bc1ad6d49ede4a2feb05070d56787830d07915e3afb8fbf339dc0a0b9c69ef7acc31446c57e0b0f99c7c8ae795f9ce3a2af7008fbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
d1eb2f56d6c76375a3eb20ccf07a13bc

SHA1
0b0d92990a30ebfadbecc80801434c77bfaef02c

SHA256
d5a7263c36b2eceb756d7fdcaa47381d13e542be9d0129d95998c0c577b5a660

SHA512
52613d3f177e5126b741f9d05e1c7360a1c3973fcb52f994f1b24c6c9d1c79beec9e445ba6bfeafb8bfbab0a0095547c13ea5e2bf4c14c8441fe276185d47ffc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
3a93e31816eb899f952865bf14a8f09f

SHA1
d859bd89ff680393a3892f957af34af4724be72e

SHA256
0dc1807b301fd126b3a80f1f63cff1260fda0a1fc51607aab1a3887eb961177c

SHA512
7a8ef50f899ad18b83d605bc1ad6d49ede4a2feb05070d56787830d07915e3afb8fbf339dc0a0b9c69ef7acc31446c57e0b0f99c7c8ae795f9ce3a2af7008fbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
de604ce4c12b2a42f243be2a650e714a

SHA1
f778b3dcb0bf25096883a495431ccef6e10afb2e

SHA256
a8ed0f854fc6dfd2774f311b861797ffcab6995df81afcb7eabe1b0df5547155

SHA512
9aabd93ba158b6ecd553a4220dc870bff2bb035311647d663f14c0b2e1f74788016ab2d8c0bf377b2311349d4587f1d4c16b10c7388beb452d7a448cf4614723

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
c98b249842d6e449ae71d71f1d0b8d46

SHA1
ec9b37ca1d5e7181cfd79b413c01381e09823eef

SHA256
47ebb172ad46178ad17d44108ef17a471d6b6ba19266422018667fe09de4fe92

SHA512
0a93e314905dd8fe7b4fe82b4dd7f7001e4bb0724e6555a6a5645df31d3ab49468e75f72b42962ddb5cbb432b22e3f945a3b0e7a8b1e009b26be617d2f38eb07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\phzg4yt\imagestore.dat
Filesize
24KB

MD5
68b7290cee4defaebb2aa7fea6b2bdf3

SHA1
b842edc795885745cb10aba6c62f6f36fcbaf21c

SHA256
66511ac410a18d8ed155646940e60214c44d77e8ebf036deb2202dbb7420a709

SHA512
ab5b5c3efc2b5de82cfad161a95c443773732041248ceaf732042e3d8fe803818b4d494ef12e9f48fc1f45a529d188a7da3c2e9b1ddfff73d5052c255eb78fbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4VT6R2QM\ec2c34cadd4b5f4594415127380a85e6[1].ico
Filesize
23KB

MD5
ec2c34cadd4b5f4594415127380a85e6

SHA1
e7e129270da0153510ef04a148d08702b980b679

SHA256
128e20b3b15c65dd470cb9d0dc8fe10e2ff9f72fac99ee621b01a391ef6b81c7

SHA512
c1997779ff5d0f74a7fbb359606dab83439c143fbdb52025495bdc3a7cb87188085eaf12cc434cbf63b3f8da5417c8a03f2e64f751c0a63508e4412ea4e7425c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EY3KXMB3\86c157237af2732f6d83[1].js
Filesize
651KB

MD5
24f4d27ed9549aaf4d47784d6b3a46ee

SHA1
03ce9eac6db8c63c39ed0140fe1954134341dde8

SHA256
e276a12c7f43a48c783fc43cfece89324cc0f45c0c95673f8bc3efda671fbe32

SHA512
6c233bc1d7ccd06619984e646d46878f26ffe8815b240a74fefb23f4793ed7957f7d1c4af05b1646da630580e74b0b1e3f0971d200ffa662d0292f44dc3e3e01

Download Submit
C:\Users\Admin\AppData\Local\Temp\C3071437-7ADB-4723-BAD1-4B4F5CA28FED\DismHost.exe
Filesize
142KB

MD5
e5d5e9c1f65b8ec7aa5b7f1b1acdd731

SHA1
dbb14dcda6502ab1d23a7c77d405dafbcbeb439e

SHA256
e30508e2088bc16b2a84233ced64995f738deaef2366ac6c86b35c93bbcd9d80

SHA512
7cf80d4a16c5dbbf61fcb22ebe30cf78ca42a030b7d7b4ad017f28fba2c9b111e8cf5b3064621453a44869bbaed124d6fb1e8d2c8fe8202f1e47579d874fa4bc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
3KB

MD5
096ec434c9c3a5c64b95b01efa5d1b22

SHA1
d8ecca51b13dd8cdd1d95aaefb10e3ad3d42080a

SHA256
9b7ba4bb1fca4fab78d94a3515d1c9b3209781dc8779524d3b3b2143694b34dd

SHA512
6490fbb69f6302346db1d48d4d275022afe9dfc1697f03ca7e86e4073c00748cf58792697957099d099e0fad722d6c358e773d05f22de2b4bf955b055a1370ec

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
11KB

MD5
707a31f0af44e5cf5916660396e5980a

SHA1
30b5853ff0084f112c4d8da5aba6cbbaefd650c3

SHA256
5f0ff4a6b8ed5835f4aefa618e76f5c5e27cac3cc6e2bef51e7eee9270da5ee9

SHA512
2ba5f1a9ed0bc0d1449bbaabc9802aa7a261daf5c524f5c2c9b5907a8af489f43206454160413fc2f69b21b218937bebf5ffdc8d6cbfe5dc541f7d1d05acc737

Download Submit
C:\Users\Admin\Downloads\7a337df3-f80f-4480-87f8-00c9a19e100e.tmp
Filesize
1.0MB

MD5
25266adf50c5c6191abedb59a9273585

SHA1
6c55401152733f9d0d29ec05362766a6395a33c3

SHA256
6a6cc8824b99f10092d737d2444737037dc14e2dcf8a5b317465d8357ce96988

SHA512
cb301aa3d09b071343006682e7ae0ef0a351e82581fb297579e7462f47bef69d68c6d9f9959486f93a4490caa90e61c5a7dbec9d594d04125afbf08028c52c2b

Download Submit
C:\Windows\Logs\DISM\dism.log
Filesize
45KB

MD5
4263c947853009d72cf40fa753ba31fd

SHA1
d6ec20b7225de1e9749ccf49b28dc087a8fd38ac

SHA256
9f57d64e796cef7960bbc28408636ea49c24d6c1642bb1102caf557f0b8443ec

SHA512
d154222330767c25cf35d0429f33d117ef0f5988bceb6650670dfb8518a57e5e415f5184db39d4464fe97c3d3220468af3c992c929238e9ce5ef564ba024de8a

Download Submit
C:\Windows\System32\LogFiles\setupcln\diagerr.xml
Filesize
9KB

MD5
2fe46473e7ddd66785fbfe67d5ee8734

SHA1
796f6c9bbd4cf00fa74e2435b49224168f5d248d

SHA256
8fac3db83b8a31c1349a34857167a435234be0f06bf3016996e99322cc807227

SHA512
d262166469cea91f80c93cf0092ef5c2952d298b5f9a4c59ffbfcbe85164c93311c5fbec75a7fab772afca8804a63d9d7ea96a5753541065aec5b58454931cc3

Download Submit
C:\Windows\System32\LogFiles\setupcln\diagwrn.xml
Filesize
9KB

MD5
5792300ac0f225cbbeb3a285937e6f5b

SHA1
b6c19b4de4c4e81d84fa46bb2e2cdc363a57cb0c

SHA256
668b804405c7305709b8e8e6c487e87e590170f6d64a4dafc3e6ccd25ad4d038

SHA512
1fe9aa69cd39584eee716cdd846f7e2203b426572180c0d88752bd808ba01310486329f22fb013e718e3d77a9955d676205a8fe97b8fce8c7a810db4b9e6709a

Download Submit
C:\Windows\System32\LogFiles\setupcln\setupact.log
Filesize
14KB

MD5
ffe69cded84489767c9942fdb2b10f6c

SHA1
fadf9c6b3f823bb0e363d2ad070f7e72da550853

SHA256
b910163e1c613bd6bfb8d08d492ff67f093e6c120675dec61ea78dbd12d03e23

SHA512
21f62dfb89194d275d8c2cb02af5568f4f67f28d9e957a2c1bbef9a91302e3be0c60ef1257766275a62d5ccf7b439ae2ec71afde3908c1d46478b8353417e56e

Download Submit
\??\pipe\LOCAL\crashpad_4036_RIPVMKEJXHQEADSS
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\LOCAL\crashpad_4744_TRLKTRNMLAPEMDMV
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2516-2082-0x000001E880340000-0x000001E880352000-memory.dmp

Filesize
72KB

Download
memory/2516-2071-0x000001E880340000-0x000001E880352000-memory.dmp

Filesize
72KB

Download
memory/2652-1980-0x000002A38DD90000-0x000002A38DDA2000-memory.dmp

Filesize
72KB

Download
memory/2652-1995-0x000002A38DD90000-0x000002A38DDA2000-memory.dmp

Filesize
72KB

Download
memory/2652-1979-0x000002A38DD90000-0x000002A38DDA2000-memory.dmp

Filesize
72KB

Download
memory/3392-163-0x0000023B09F40000-0x0000023B09F50000-memory.dmp

Filesize
64KB

Download
memory/3392-183-0x0000023B12260000-0x0000023B12261000-memory.dmp

Filesize
4KB

Download
memory/3392-186-0x0000023B12290000-0x0000023B12291000-memory.dmp

Filesize
4KB

Download
memory/3392-185-0x0000023B12290000-0x0000023B12291000-memory.dmp

Filesize
4KB

Download
memory/3392-144-0x0000023B09E40000-0x0000023B09E50000-memory.dmp

Filesize
64KB

Download
memory/3392-187-0x0000023B123A0000-0x0000023B123A1000-memory.dmp

Filesize
4KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads