Malware Analysis Report

2024-11-16 15:51

Sample ID 240202-zez4yahcfj
Target image_2024-02-03_093833388.png
SHA256 7639612c53d3fa5f745b0c97c181ced9989104fc8c4535774e4388efe71ffd52
Tags
google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

7639612c53d3fa5f745b0c97c181ced9989104fc8c4535774e4388efe71ffd52

Threat Level: Known bad

The file image_2024-02-03_093833388.png was found to be: Known bad.

Malicious Activity Summary

google phishing

Detected google phishing page

Downloads MZ/PE file

Loads dropped DLL

Executes dropped EXE

Enumerates connected drives

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

NTFS ADS

Enumerates system info in registry

Modifies registry class

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-02 20:38

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-02 20:38

Reported

2024-02-02 21:14

Platform

win7-20231215-en

Max time kernel

1199s

Max time network

1219s

Command Line

C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\image_2024-02-03_093833388.png

Signatures

Enumerates physical storage devices

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\System32\rundll32.exe N/A

Processes

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\image_2024-02-03_093833388.png

Network

N/A

Files

memory/1984-0-0x0000000001B40000-0x0000000001B41000-memory.dmp

memory/1984-1-0x0000000001B40000-0x0000000001B41000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-02 20:38

Reported

2024-02-02 21:14

Platform

win10v2004-20231215-en

Max time kernel

1183s

Max time network

1166s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\image_2024-02-03_093833388.png

Signatures

Detected google phishing page

phishing google

Downloads MZ/PE file

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3343787304" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 0085cbc01b56da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3209880586" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3344881070" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3209880586" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005f2859d464fb564ea9e97dd009a434cc000000000200000000001066000000010000200000004b86bf3701c25e9bf95ace73cfe2142aa78c90ef9d100776f0f4de7f292e59cc000000000e80000000020000200000006ba0709650a4d9895285713f5b4d3afead5012129b6368c9828a9e4518eb4717200000001e45cc3322c756fbe53f2393c92c11cee615119a9c0537f4c3daf49954de9e4a400000009a223edfcb946d3e5522dc1ce6311a387ddcbcb06e5b9a2e40ee69885560de9b435213b2e4b25ea5dd37e4ed3b8856611fd11e4014cb677756847a768b7e27ad C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005f2859d464fb564ea9e97dd009a434cc000000000200000000001066000000010000200000006a0216e41bddb5d253844bf495f93e9c5ae1568faeca459ec76ffa2a779950f0000000000e800000000200002000000000c61d260f0fc5d6105ca02ea5b4a4aa91bef6611a704f3ba37477be19ebbd8e20000000b6700feecd01cf280c6d4255121c43bf2fb1253d71342dca333c4840dff686f4400000004419b6d44c4f07ea8c059dd39d24b9bd934b6b5678c526c793ef8807a91802e9af20b41ed4f8adaeda85a5689a3dfbf82173ec780cb32385c481c6a60c7c0573 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31086107" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005f2859d464fb564ea9e97dd009a434cc00000000020000000000106600000001000020000000a6ba1d93fb1b26e187f7b81f980666dbc869d87a11bf00300e67dde30dd60365000000000e80000000020000200000003ec2c0df5a8a19dea7a24368f1293a8084290864f1f6a3ffa0f86fe5ab21c722200000005b2a990062bd088ccbcc1ec6e5a40fcc902345714813f88af3d3ccd30453e35f40000000517c6343d2c0efcfd1a5149329b58fc7d5f90c2a67458f45c65226b789aa7c1f57b4c6790af7344633d11c52d8fe2c5c85948fe0cc5d12560cd5e3ee4cc73ca9 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31086107" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005f2859d464fb564ea9e97dd009a434cc00000000020000000000106600000001000020000000ab9e261a8bbda1470776f1f871fcd731ce702234946ee448dea88ae83e2c606a000000000e8000000002000020000000c7dbe531b1180f8720832bc02fcb9c3a5a9e547b665f0fb77b7aee6b462abe7c20000000f9859defcd5793d7a1cc2b36638c06bad75611c2d4882313cb66b1f3d310c47d40000000fa313e714f5eb26a32dff0d7c41878f4ac2bf64bc7f8706e56db66899a47835de63c4d56af6454d1640fa7ea1ead897a35ff2899dc04e0b18c4758e1edb05887 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 809a8dc81b56da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31086107" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{EAD7D75A-C20E-11EE-BCD9-5A2E32B6DBC3} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c00cf4cd1b56da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f03a39c11b56da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31086107" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{F2F47722-C20E-11EE-BCD9-5A2E32B6DBC3} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-996941297-2279405024-2328152752-1000\{7AAD0223-7ACF-4602-86EC-135F643B5749} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 494261.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 836 wrote to memory of 4168 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 836 wrote to memory of 4168 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 836 wrote to memory of 4168 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3200 wrote to memory of 2740 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3200 wrote to memory of 2740 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3200 wrote to memory of 2740 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1408 wrote to memory of 3752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 5044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 1484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\image_2024-02-03_093833388.png

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\SkipSubmit.xhtml

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:836 CREDAT:17410 /prefetch:2

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\SkipSubmit.xhtml

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3200 CREDAT:17410 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc05bf46f8,0x7ffc05bf4708,0x7ffc05bf4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,8501462731613337202,8512212889428013922,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,8501462731613337202,8512212889428013922,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,8501462731613337202,8512212889428013922,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8501462731613337202,8512212889428013922,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8501462731613337202,8512212889428013922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8501462731613337202,8512212889428013922,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8501462731613337202,8512212889428013922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,8501462731613337202,8512212889428013922,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,8501462731613337202,8512212889428013922,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8501462731613337202,8512212889428013922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8501462731613337202,8512212889428013922,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8501462731613337202,8512212889428013922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8501462731613337202,8512212889428013922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8501462731613337202,8512212889428013922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2152,8501462731613337202,8512212889428013922,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5436 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2152,8501462731613337202,8512212889428013922,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5424 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8501462731613337202,8512212889428013922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8501462731613337202,8512212889428013922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8501462731613337202,8512212889428013922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8501462731613337202,8512212889428013922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8501462731613337202,8512212889428013922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2152,8501462731613337202,8512212889428013922,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5900 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8501462731613337202,8512212889428013922,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2152,8501462731613337202,8512212889428013922,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2520 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2152,8501462731613337202,8512212889428013922,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6692 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,8501462731613337202,8512212889428013922,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6708 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2152,8501462731613337202,8512212889428013922,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4020 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe

"C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding 5A9840CA12DAA20D9B3F22997C93FB85 C

Network

Country Destination Domain Proto
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 206.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 16.234.44.23.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 28.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 211.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 183.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 104.193.132.51.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 195.233.44.23.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 185.13.222.173.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 23.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 api.bing.com udp
US 13.107.5.80:443 api.bing.com tcp
US 13.107.5.80:443 api.bing.com tcp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 goggle.com udp
GB 92.123.128.137:443 www.bing.com tcp
GB 92.123.128.137:443 www.bing.com tcp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 137.128.123.92.in-addr.arpa udp
GB 92.123.128.170:443 th.bing.com tcp
GB 92.123.128.170:443 th.bing.com tcp
US 8.8.8.8:53 170.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 20.190.159.71:443 login.microsoftonline.com tcp
IE 20.190.159.71:443 login.microsoftonline.com tcp
GB 92.123.128.171:443 th.bing.com tcp
GB 92.123.128.171:443 th.bing.com tcp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 171.128.123.92.in-addr.arpa udp
GB 92.123.128.146:443 www.bing.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 146.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 92.123.128.133:443 th.bing.com tcp
GB 92.123.128.187:443 r.bing.com tcp
GB 92.123.128.187:443 r.bing.com tcp
GB 92.123.128.133:443 th.bing.com tcp
US 8.8.8.8:53 187.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 133.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
NL 40.126.32.140:443 login.microsoftonline.com tcp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 www.virtualbox.org udp
GB 104.103.242.199:443 www.virtualbox.org tcp
GB 104.103.242.199:443 www.virtualbox.org tcp
US 8.8.8.8:53 199.242.103.104.in-addr.arpa udp
US 8.8.8.8:53 download.virtualbox.org udp
GB 23.44.232.84:443 download.virtualbox.org tcp
GB 23.44.232.84:443 download.virtualbox.org tcp
US 8.8.8.8:53 84.232.44.23.in-addr.arpa udp
US 8.8.8.8:53 74.19.199.152.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EAD7D75A-C20E-11EE-BCD9-5A2E32B6DBC3}.dat

MD5 22b040dc5662bee39431504741b77a0f
SHA1 074a6d003571229a17c061f29c4b50917af8c6d1
SHA256 fed33e26506c8ebaf7580d3fe2cc9fee7e83da9bf4ef9a3b3220ce9b6f8270d6
SHA512 bbb96e005d46633eae247c6180ab9ef2999093fa909629b27c134df2620ce4462ae57d522b6f2165cc3b4bb781d5da68b0aa02a293b4627a82ee7d141ebf7bce

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\CCM17AA0\qsml[1].xml

MD5 4d33e0c393fd98b45912fbef3e547433
SHA1 8bf60d0136f46cb47191144b84ad9729526c3aec
SHA256 e4818bfe3b375e7f34188176eee148444d672f386bd4451b6a01671c8cbc5efe
SHA512 fcbe304e3694164fdf5ce6aa70057d8ca792309718f8cca4baec88486e0c8a401461d78e45aca2017071a6b3f6f276a0493f31b37214cc2b61af2af93262e694

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8PO8IKDM\qsml[1].xml

MD5 5f1088da0d20a5f20be7c6eade888930
SHA1 b11bd1a497f1517a01641baa4bfe331834b4d7e4
SHA256 282cbfe92c1174f1bfd8f8accac9e619078bca2ca7a6c2ddf0c0db1b082c8d72
SHA512 94e96fcd9ec0a4b1401b5a9b74d321d3abaaa387114bbd8e33c0690e36addb90e37a64f41c884b3dfdc67163a2b4d2e6e44dfdb065e452ef0b02c7e035b548e4

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\AAZL0E9Q\qsml[1].xml

MD5 55bb0e78ad13bb3dc2c9a5d22d59ac8d
SHA1 871a7f5adf8391aa78fc62912ab5ef6c8a334c21
SHA256 9a6c21ed1cee753b38318b29209bac6e298713c1b0db68177e629bdababd3502
SHA512 15aff2284b210db1139fde25dbdd06e08428887d5f073fad0451b39a37dddeafd9473ced25a9e41896797f1bd45c2b2d0503dcdb5ce97b69ac8f164d9112fbf3

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\PG47MANB\qsml[1].xml

MD5 aff6c23629ffd27deb720cb2e05b1d4c
SHA1 70536b3301c6391eb36f70e14b860f09a10faed4
SHA256 ff5af4d02eb25702d380a476c37e102936c2fc4be76158dbdd407c845ace4e06
SHA512 0ac73b16d6a98df5d2160b7fb7f0c0cccc0b09f17e3caab241147744554b4213a88e0252125bc519f6f756ed8d70a342aa470de0818c732b37781281725a1172

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\CCM17AA0\qsml[2].xml

MD5 11d0a7badb51a078e42ee8579deb34ed
SHA1 05cebd28a87b7e56f766a1875f36730d90336586
SHA256 adefc7826811fb254a7b139e96c12e4e4500d33e9e374d0e5ba6f61d9508df24
SHA512 e6d70b0a42f4fdb2c741f1dc4370800ae0543dcde7c2ac05b03f2271a120ddd1024978fa439d490e70c2915c33e8a5263e305aaadfd469c0dec3259838803240

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8PO8IKDM\qsml[2].xml

MD5 a7670d88fce1ed019ff21b5b4509dc75
SHA1 7968302755edd833745bcb93a265415ed098162c
SHA256 dc39389fb99ec269a6740518665d88e8fb4da3acfc786a912a2adb9c6b495940
SHA512 6f11f851456411eda9123124ed41d7f99e79db322e0cef80d74c588bd2d62512ab869b236a254cc377ce7a4e04e63d8fe5996847a204099c9436b86a249d3915

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\AAZL0E9Q\qsml[2].xml

MD5 62e958545efcb787eb9d340118656f8a
SHA1 ffd2a3633402f1e5c90bd79b3731b7a422ecf132
SHA256 bcabe3e46726376e702b0eb3eceec1860930d94e4eff5058e8c2b338be3e4f94
SHA512 74c43ef2de930b115d8033bd5eeeaa2402a259f50d56da669a71e8521637d5fa27ab22858584feedbf3e45df4be618801f4a3727ca4e9718c45067ec7948095d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\PG47MANB\qsml[2].xml

MD5 4873a2f230de7e705f7bdd56c8b7f572
SHA1 ce2c5883907c288da319081e40d0567c23f19178
SHA256 3b9dc84e2bcdf8ce284219f646380348ca97656a5a354ad693f8b51085797113
SHA512 291ecfb55c6006941ff9d8707c20079f5be49e5fa3907db91ff9be2b1bd90a62d8853fae29e2096154b0127b057fc633c6eee80d85529e4296e4f227f1b69b2a

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\CCM17AA0\qsml[3].xml

MD5 abdddceda0c46b96a33a6ed9a084cb02
SHA1 d69fdec25d2ca973a3375e7bf49ff42916b8b78e
SHA256 32dfc58b95d814f51d5ed359cb5aa261f175ad093cbb7f6271c14245d5ee2ab9
SHA512 c71fc2d902acc0d81fd197442ed1cd21cd404d89f07e04860659f5c3c2e3d3f2d5e3fe6e7d9f0cebb998dcf6d2ac798a7eb571058ffe0339efde71f465b4a381

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8PO8IKDM\qsml[3].xml

MD5 6017b98d08e6b02e1e6276732761b070
SHA1 93d3ae9024b29101e5c192685aee2f67161619d8
SHA256 9b88ae60214ba1fc94db5673321daf27e09260b48b45766fc003183db73de7f4
SHA512 233da6cbf9b1c75e86d896b3de2a70d80388e9a903d4cb19fdcc454603eed092e2e97aef4351e72090871078a28aa6c286d8651fbc8017d6e197279aace60d91

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\AAZL0E9Q\qsml[3].xml

MD5 acb08ac1eed692d9995289c814519679
SHA1 63e5c08d200d4cbc93243560ba7ffff0916f1715
SHA256 3bb78eb12856a88133436614745370baf50c85bbb72b6aff96a9a1316d098b9e
SHA512 278351f9ce0b730837d0714a76a24115d60d76483f609303157129a2a123f8e23179b7003fa3294b97a068c81ca4a4bc04e1ff8350355ae393dac9a5c97c7bc0

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\PG47MANB\qsml[4].xml

MD5 af170c218261e05f51c382fc2b872984
SHA1 2b264cba9e98bfdf737996246b55bdfdcc554475
SHA256 dd0f041f0b73e7f2f6c6e564c4caba7cff8c9441de4387eb6bc0ef214eda7590
SHA512 181a913861fdd7c19a2aa7d4140a43faeef2b122f40d7f30e6f0148e94817dd618189811996410608957e8594b48c187607fa4a694b53914eb72b131d1d2c696

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\AAZL0E9Q\favicon-trans-bg-blue-mg[1].ico

MD5 30967b1b52cb6df18a8af8fcc04f83c9
SHA1 aaf67cd84fcd64fb2d8974d7135d6f1e4fc03588
SHA256 439b6089e45ef1e0c37ef88764d5c99a3b2752609c4e2af3376480d7ffcfaf2e
SHA512 7cb3c09a81fbd301741e7cf5296c406baf1c76685d354c54457c87f6471867390a1aeed9f95701eb9361d7dfacce31afd1d240841037fc1de4a120c66c1b088c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\mtw0pfb\imagestore.dat

MD5 30d99538c06e087e89baffec60072d3b
SHA1 c3dc9ac7ff8fd976399a5f95ef032357ef0c4b90
SHA256 07425ec81912955bd07bce722d76fad563fbcffd9f48db355c1230d15683c94b
SHA512 a7459e12e7f2d2c4848964fa8598ad0fa02f34b7b1d2fd621d85354f90ef529962fb05e5587cc21c82ab80b9d481c3dfb76a019b435e7c51e4aae90a696c1e6e

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8PO8IKDM\TOPFQ_QzuUqMUn8gaWzZ3QICTDg[1].css

MD5 3fdc415b7ee0e353841b8dad18b2562c
SHA1 1e6ecc945c5c24e2dd519b6091615eece8502d37
SHA256 b764bfb3963cd6f505791a93a3a09dc312149ac10866d34eafc20d4ca4c8bd43
SHA512 eef3ef6694f5e1985508cdb05a41b8573afc2f63f53d138e3e588b255f517dae06306c14881f192a9ad4332302f091982a7312a0acac13b7c7cdebb51a049f35

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{C9FEC922-9B4A-11EE-BCD2-7E02F21A0140}.dat

MD5 c9ec81439fa9aa2fd7c6f1c812dcf105
SHA1 7f25545afcc3e52a00e46edf66a027bfc9997742
SHA256 ce29862e189690a65620d01b26e3391bf973fa9c657deed844f1099d510832e1
SHA512 81fd004637cb1cd246f381a875d0a3acc3989a3397000c4bf81814c5ed53d51bb3d501bbabfc981e48461aa3f3b8c6fe9d40ad009b5b36331541b10ccd41f8c1

C:\Users\Admin\AppData\Local\Temp\~DFAF02092E4F473C07.TMP

MD5 5f15a96fecbe9ffbcc997dc66700ec88
SHA1 ffd1e8d31768480f56179d5a560e5d4dfe80f174
SHA256 c0065932db837918906d9e8a20b9a68d7f30f69fb5471bfe5df6414bdf507aa7
SHA512 18033947b066d106e8aa0b41d2a22a899fc9718662cf22666c34b71e628186e4940304f4a51614a58c03f96b8e151d4127f114cc679f0dc7275ef49c2693b9a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 eb20b5930f48aa090358398afb25b683
SHA1 4892c8b72aa16c5b3f1b72811bf32b89f2d13392
SHA256 2695ab23c2b43aa257f44b6943b6a56b395ea77dc24e5a9bd16acc2578168a35
SHA512 d0c6012a0059bc1bb49b2f293e6c07019153e0faf833961f646a85b992b47896092f33fdccc893334c79f452218d1542e339ded3f1b69bd8e343d232e6c3d9e8

\??\pipe\LOCAL\crashpad_1408_EQDFLPLCJEFAITAT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b12cd818bff06f9d4adff14b5efef0c0
SHA1 f379af9b68d079d37df16360bae9ece095ca87dc
SHA256 a96d70cb71b6e96ec023bc711f277b9a36028a6090f581d45965ef5c1ae84d7d
SHA512 d427b591ee98d3640650a7f3c1e9a334e6a1297bdfe32c2c616df22bcd726928be40ccdca75c9ec83d0e577cfb5c863820af4c691155319ce3dadf86b82541f1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118A

MD5 dea14f5e2b1622e2c8d3191f31b489b8
SHA1 baaf3ed6e622b2e4fbd27bf951f072d850ff6a34
SHA256 8bd09e2f908df603dd7205d46ab2e1039c336e19388eb9a76da9140dfb73ffb0
SHA512 8448f70dbf82de21095aad82eaea3849a94c0dc68c48e74b308ffb3178567aa8b66c5df7119f9c3fbea84186fbfe991c12431c5807ff7056bbf6f4498c273eb2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118A

MD5 608b181c27d81f1eb67e52a62a5b27a6
SHA1 99d5ac0e0c90d0e1a8412c71b25f7ef02f7287e3
SHA256 3127900225518fd7c717266520271f7399df506820e50105d31b0ca0fefa3188
SHA512 c42b4545db0fa90652c3383e056f40d80d17c12fc489a06d38e6e1babb4a1c000102ebe4a0670d37546542fef234f56cbed21a0da92685b98b1cf36712df6214

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 832f95e7894cf0e97eb518b2c5b36635
SHA1 a183498ba0c516ec1dc72c8c79a7b451fa6a1d65
SHA256 89edbe8c046d254971ff24f3032d03925c69fae63c07a7c62ac73886eecbcdae
SHA512 5ef7f56b93a560e7b61d6047dc259eb5efca9cb807ea0580c41d5e814ce9ddd04de2dd83d18c92e5154701086cb9f9afde41af05a875897d08a13b539691e440

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ec75c812-0a67-4f66-ae2a-4036e05be765.tmp

MD5 bed6fc457d80ca4c6ad83d5568987c66
SHA1 ff41e6ca732e7528afc125dd14b013e3e3069c6b
SHA256 be29e08e2ad07d3e592cd7adf5d7307236e4d41047abad5bb218b51f8d4d6170
SHA512 3a8dcef24904f5c229ccca8d2b1e89d5f72b6410547aa8ed51a9aca8013bdda4564b03090fa0ab2217a80c9596a52c4308836a81be1a84cb599200aae518881c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 2bbbdb35220e81614659f8e50e6b8a44
SHA1 7729a18e075646fb77eb7319e30d346552a6c9de
SHA256 73f853ad74a9ac44bc4edf5a6499d237c940c905d3d62ea617fbb58d5e92a8dd
SHA512 59c5c7c0fbe53fa34299395db6e671acfc224dee54c7e1e00b1ce3c8e4dfb308bf2d170dfdbdda9ca32b4ad0281cde7bd6ae08ea87544ea5324bcb94a631f899

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177

MD5 c8f5a7e58e51e322af9883674fab29bc
SHA1 1676ceebb9aa02518e4031d477472281c087a14a
SHA256 11ef35c3fcf953bc5c343c0a3f45ed2173ea1ef1607bffe7a5fd6f2bfdc603e7
SHA512 e72e2cdfea9b6635fa0112086dbe1361055ebbabc7832e30bc0b35ea18499125dbdf1a9690deceac4a6d97b0afbc1d13cd9ad472f10f0c46ea1069728d83d73b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177

MD5 9cb3c6e22487a2e840ace8c38807852b
SHA1 ffd0b5c48b5732fbff87f05b3ff66b541fc2f49b
SHA256 084940dba7b388ecf226f718b565c359ddb32c55d36364d68f93ea4de8b364fb
SHA512 8689fafb5db28337f421d24c2063ac897eaf0f0ac7db844995b0abf23ed3d573a4f0caa10c79f791b77a5b6cd912d72d575b3695ba9d9d538ee53654bb49b026

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 9bf386d3246210a24f1232cb813bfdd9
SHA1 95752dec933ae83e1bf6cfdd8bd1a9168053eac6
SHA256 5835cd4a0ce14a12caed88c20e0d3078c69eb332a5b94a9314faf064afe9e1c1
SHA512 374bf881951d15f78fd3232f283623c3288490153263a460a99a42820c193212b1edd7ab26232fe4488449730f55a926fe4382617dbbec3201cd29ccfde3c75c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 314f304aa7c1d660ddd9e3db3f80dfc4
SHA1 8d4e8725a48812e3eca7f4559ae63f93d4b96ecd
SHA256 48a195348d071508d6ef5649dd66f0ca56d7ffafb88960d6c2ce1d945e845d0e
SHA512 6da7478737ff2967ba5dae9156c7a1b3fab295a8483d6dc1f36041b0b3b401784f10d779601356f54fcdb962b2060606b194c605eb14af77e65b1e7a8693cae2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 2e86a72f4e82614cd4842950d2e0a716
SHA1 d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256 c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA512 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 88a552e6be1ac3978c49143983276b3a
SHA1 dbf4f4dc62a3da564b1a87b5191dc9a72a9b9423
SHA256 927121d8118a41fa3460b9ad84daeae59ea60dc9607e462b7e1341bea60da8d5
SHA512 125b13be3d209ff5cc12d8f9f12d01d271cd50c2800059241ebb419167c21adfa9d979ff6b8d88052f5d302e98090b7c8ceff4894b397168d8ba6d8a6204fb9a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 c3c0eb5e044497577bec91b5970f6d30
SHA1 d833f81cf21f68d43ba64a6c28892945adc317a6
SHA256 eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb
SHA512 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 56d57bc655526551f217536f19195495
SHA1 28b430886d1220855a805d78dc5d6414aeee6995
SHA256 f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA512 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4d0fbf03de5d85f7818f28882e80841c
SHA1 c83dfc4cadf90daf4470188fc634faafde3e2937
SHA256 045c83b9a2719a83013a541a0534072c45b93849b166d0770bcf5b8103038839
SHA512 38273af7d5edfd3463c709add13bd64253db68edba6087b8299050b252e073c0834e84b0430a168604a4bd6ae929d72b5aecf9876ba8ddfab4da2e4830a79038

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 74e33b4b54f4d1f3da06ab47c5936a13
SHA1 6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c
SHA256 535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287
SHA512 79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 aefc738e1745ca3cf36461aad479d80d
SHA1 457595a2ae39dcf6010d6756552ad3a81ba7dedc
SHA256 b38cbefb49a3cfedef33fb61909e9d19009abef1dac204e0e90036be2f6f5b32
SHA512 840ec2045c3a0d6529898e1a9cb37a12409ac14dfb6c8a504abb61a9db66c5cf060085a8e11c57bbc123116c21b44a973a9a17f35128a6a50a99ce1fd8d5b841

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 7bb514fddaeda52f74a53b57c735e3ce
SHA1 4cd89568ce444b10312a573375e316fec63586bd
SHA256 d16bf0edefa9d842cb3e43d99a99f53e8bb94b19c00a46a06416c8d3c63f8254
SHA512 58c50743c96024ab00b70c785c449f8c60384857c1c8695ed7d6776030680a3dbd4fb371c57cd359dc44c6c6148912acc00287e46ce39461a7e5384961304c68

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

MD5 68f0a51fa86985999964ee43de12cdd5
SHA1 bbfc7666be00c560b7394fa0b82b864237a99d8c
SHA256 f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f
SHA512 3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

MD5 3051c1e179d84292d3f84a1a0a112c80
SHA1 c11a63236373abfe574f2935a0e7024688b71ccb
SHA256 992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3
SHA512 df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d917212f2dd21bfbca11232cd4f2e2a6
SHA1 d20648afe551b7c5393a9ab8b3a80f263a133457
SHA256 438a07a9f20e53a71c7f4b3324d194c623874fca02815ce5b6bc6e66ccc64f10
SHA512 8a6db5b3371d9d35d8bef66babf60ec3e44e1b392141e1b998ec06961078ad9616da7133b40bd19f498953deb0dce7c7b156e391358110ca5178168b6ccd353c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c6926f95e46ebf8a1b62ea7621df4da6
SHA1 3b75f17fe881150058a06b84d671312e8923f7b7
SHA256 2f1642afbde87b8249c1f03b8a172a40cbfb053d1ecc0d4cc7fbd487801c182a
SHA512 e28cd44a9b94bf2529e1c66e7266f7207b3894d45d150e4299f8bd871a273a13f0942090b876f9bd0c0c43702e75eb665d843630e752a6c5102a24fd345a410a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bd27ca1cdabed0d0deddbb74562faf3e
SHA1 d3e36fd9db54231a734d32958588f4f1494d30bf
SHA256 d1b04f3133ced6338af756dc8d84b1037d24b7dd2c4028d94aa85d3f9fc0390a
SHA512 946cdd8e0b898097f539c8d727f7bd1cf0059c09a7d23896530f44ee0253edfebde762cadca8bfdf75757eccbd15235e1f9d2147d855c7e37dbd599f5fee3616

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cc6a443fcbae93cad0992aa8eec96307
SHA1 6679ce4e912edbe084b7fbfcb8a895342c0e3ed7
SHA256 b55a7b73b6c4e6de95dfce3bff78060a022ca4a7fb4898761ee26d804f17b9fe
SHA512 c6060252bd57f9ea792e99cad74e529f8858becd9dab602651b7d01f6ddd3915dc3c946fe15c6a5a82f2292b5002ac6f12fdc5864a6901ef28fe0aab90edfb87

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d064ac5427d13fd2a300cb3ac2f19edd
SHA1 78acfad1c2c361c85e00bf4ab0cb141eb5b64f4b
SHA256 45fb0cb9e9e75d698a49b472dd4754b022e471f8e25349f6d1bd12b89b90ce40
SHA512 832cda131b362a3264fc816f122b1a81b00c527d3257670bdef88e946f69128ae873eb51483cf007ab9cedf6de101d6ecc243bea1db90de2c6f5a999c609a3b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2de1ae39957c5887cca56fc8f86596b9
SHA1 b74ace5659e9eabe4bb0caa55587d262a437b0b6
SHA256 0f177112a8ed87773c301d22a47e49c8d2af5c843aa6a1de921f732ad6d225a5
SHA512 03400035e4b5b4dae59a66b06eef38cd2102d85030e73383d5f780f39ba9af3281effa9b8d541d50f66b9f7465e47683417541e75b169e6989f0ea893e2a3030

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2f23a4638a68787e7f1e09682b468918
SHA1 3846781aab4642a48777bf7d36fb0fec2ef69d71
SHA256 6d50d9851e27430414cba47d57c82ff90dc9ff867de6d456c1549331f65e76ca
SHA512 f480e621359738aeb3ec8e996ede11dc554e6246db208bd94ecfb953ac93715d0ccde645e69339bd1048d6a896d30b28b40fc28e622c833b8812fdbb252cecb3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 199a97d76dbc835760cae8304c21de56
SHA1 befc9061fd7fb158235ec594c8db62562ea9a576
SHA256 e815eefb3940cbe34390f1036d78c07fd0c3b5c2bd04c6b00073172576c52d13
SHA512 f57d8fd560f5498352b41212de2423ba791d4db0f1bb30fa383ca38b2b1fa03575294e795d22d84d196b7c62c704a6b5dd4fee512ef6b8380f1981d970ace293

C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe

MD5 8ea5e3b9e1be0d5c263d9c0594c886f0
SHA1 ea80c5837b4a3e8ba6cc95b657b192f7e99216b7
SHA256 ea0e736901fbb292a5b6d1b31f1b266f171838788dd6381950ccaaf7207c1655
SHA512 340b121fe25593d0ec2ff07a35803120aef5bee2c4fce92474218cc2dd67ee882d43c273bf9bfe9c5c371b3f25b9a473faa2ce0960bcd8d76277b9a2b31be123

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 fe8abfe7e5483399f9878a9b10f3361e
SHA1 8dac5ca8d2598451764f603efd7d4e28d9df3323
SHA256 455806d6a26cd55f4093b9b6c4ff9d69e8394ab0d2000c7d7fa5fb533b255c7c
SHA512 797118a0d0a7b292a83a8242e7123ba7349f76af3c7990cc861014f6141fd03db3d5030210d496ba539fac0226271827ce3af6e1fcc65ea596a5965854d15f7b

C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe

MD5 7eb3b8c0ffc8444f140c25c0da8f3bc7
SHA1 988920ded345dd8179bd295dff633bf083a260c0
SHA256 568a12b34858fff84505e518e10d0a9b68b5da02a54673ce2193824d7edab556
SHA512 b4314e3fcfca7f4b24865d4eaa266e50114425c0c6c9fc1037af3ea00e9c296793af37d25946686c625cb6c04274a5f1028c541c061f5efff594e5351b4f42c8

C:\Users\Admin\Downloads\VirtualBox-7.0.14-161095-Win.exe

MD5 f11741db84a55ef8260c2aeab4ac9035
SHA1 7893aadc466c6d58f7f97fbfac6ba1a639823139
SHA256 2994f1bf27e3137732fe23735d8e7334c5be1ca56f14232f8a6b3d9167f573b4
SHA512 d7abfcaa39f73d3e4e1a50ebf95299b7abb100d00f8360f8851df6c1791f7d1c41fa6aebadf2ba321a458b41ff1c83dd744e40c19fbcaa35283e501114d4aa42

C:\Users\Admin\AppData\Local\Temp\ed56a6jqwub4767e6sbhoa88\lbmokpdxsjgem9c4tx0couc3.msi

MD5 6f07a49d9e8c65095a04149e5cb0375d
SHA1 f95edd20b7a1e5348de1a22cc1dd2da3efeedd2f
SHA256 ce19f6b4a14b565ff64ea7c2f48aaadfd1f321ae65762a5160f0af0e4336b141
SHA512 ab424d5eb8df9791af7daaf36eb5ce10eb2e525d6ff6911cb9019038a19546dbe5f2ef7d9b013bd891e3bda7283c0dc5fdb99315ddb0d8eed44a5655ffea97a3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66AE3BFDF94A732B262342AD2154B86E_683B8EA584E734D2258F215F97D5554B

MD5 2636de1f08c38d109d475c5c1db7d192
SHA1 619067083da7b852beaf16ed4308e6758ac8596e
SHA256 898e283638c3be0fe77bc7cb30395fb1a6d3236ef7dac866ada6ae4b09b0945a
SHA512 5a7c2a9f5717edf893c1bbcef965b1936ab3092c9e3f93759d0cb0ab8ce53ae6bb89d7d3c1dfe69faff196b0bb831671453cc2a51136227e627388a4568e8176

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66AE3BFDF94A732B262342AD2154B86E_683B8EA584E734D2258F215F97D5554B

MD5 95d8a5f7deb52070f938136979f9e924
SHA1 547512c75868b7e8c148e01ac93e2613bc73d67b
SHA256 6267852099bb19cea9ec3a910b31eed900161bdf103eefc667931bef530a6271
SHA512 2f88887143ef6ae5b8ef314bd4c814259f00b73fbfe079ef4403f1a1cd9c6407123c2fab1452e5e8dbb9032025b043ca83c6c3f915fd0aede828b7075abfd908

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5

MD5 0976dc6dbb3ffc9adf9dfa5daebc2a94
SHA1 0dd9e7ddc75468c0393696c0ec1878f8ebc39917
SHA256 4da011fc7a72dfaacfa0c05679b324d82f2ca99837126ee95c846c3014594516
SHA512 dee0d9e4cf6a55d4f9d6f192e19d81ed204616b078613da0c4cc93bec4a7b8b659aa66be3e8d231a0c3e865963bfbb4c556b818c58b6d17bf060e2b082670460

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5

MD5 021c542ed186eb6de84580c36bd4ddd2
SHA1 7bb9a094df3e03d8a16e60b9ad3110968eceb7d4
SHA256 8dcab862fcbfa911877a4d11c61b20db1683a97fa203efd5180b26407e56e918
SHA512 b438ede00fdd4d43513bfe2365e5b5653374a190de5fd222d0e5afa439bfe2386c1790bc24bcc972aee4a479b817a5c2f7627b5445f8c86b28ce7a6ee422b091

C:\Users\Admin\AppData\Local\Temp\MSI920A.tmp

MD5 8ef3f382e4dc0352d9a1c28dae6e06f4
SHA1 cb9e16a28942c04f37e0a836d95f76d9b503dc57
SHA256 e7783153fdc59c09bc45738c55e63948de7f72cf226e92c12476a95446659999
SHA512 3d1bc92f28c35b787944a531d782634cf573316f160eedf3d5197662f90670a11d348403db2999bf428888d5cde91e197da8cf938c338f3be4c29056261dea6e

C:\Users\Admin\AppData\Local\Temp\MSI920A.tmp

MD5 3e96d4bbea9f87cccdb9f1ba6d14309e
SHA1 1de6ef91b7d961ea5cbd4e23ca14174dc966b4e3
SHA256 b5cc30d5a2678bf4a8d1889e1db385bccac012156562551e6c508e0801e912ff
SHA512 e25fcca4699aaeae4f0953c69b65b2ea150c0049c5cf5e4370e279617d6553461f7ce2729fce049d4118ff66c2cd3f7eb537e0fcd8249fad32ce17373cf4b9b2

C:\Users\Admin\AppData\Local\Temp\MSI92F6.tmp

MD5 02359997e7733c3bb2e6e72fbec297ec
SHA1 52c9b974a6be20a0971ca74cf63767cb0733f2c4
SHA256 528426eb1eada0628b4cc081533bd03d11a22fc62ae904de8b26716d493e8c3d
SHA512 50b161197321c2067f5c8a49cb467aa3a272f52e61f41b0c7088f37188ba14eb4d35d920a296ea0fc351d12c8c8cef3fbd47597d95ccfba63b2c2d043fe823b5

C:\Users\Admin\AppData\Local\Temp\MSI9326.tmp

MD5 3c14b679ef191d3928ceacb82cfe89f7
SHA1 0d30fe6b9997d00fa6422f88c1c6beb74bad0f0d
SHA256 16208d94bdfcd043fbd0a2f1ae82ffde1f667c28e241d75b227181ac4e2be315
SHA512 de376422c25582afd2551b376c50b4e66ffce91fdd4a37062763d755b824f656c87896173bcaff73710d642c02bda2722c355ca4f2579f2583e0933656a2c4c6