hxxps://github[.]com/Da2dalus/The-MALWARE-Repo

Resubmissions

30/01/2025, 16:48

250130-vbellsxja1 10

30/01/2025, 02:38

30/01/2025, 02:32

30/01/2025, 02:25

30/01/2025, 02:21

30/01/2025, 02:17

30/01/2025, 02:13

Analysis

max time kernel
162s
max time network
164s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
30/01/2025, 02:32

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://github.com/Da2dalus/The-MALWARE-Repo

Score

10^/10

defense_evasion discovery persistence trojan

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "C:\\Users\\Admin\\AppData\\Local\\system.exe"	reg.exe

UAC bypass 3 TTPs 1 IoCs

defense_evasion trojan

Bypass User Account Control

T1548.002

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe

Downloads MZ/PE file 1 IoCs

flow	pid	Process
45	2224	msedge.exe

Executes dropped EXE 2 IoCs

pid	Process
792	7ev3n (1).exe
3400	system.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\System = "C:\\Users\\Admin\\AppData\\Local\\system.exe"	reg.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
22	raw.githubusercontent.com
45	raw.githubusercontent.com

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\7ev3n (1).exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 20 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SCHTASKS.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	shutdown.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7ev3n (1).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	system.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 15 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "200"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00	LogonUI.exe

NTFS ADS 10 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 590088.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 567210.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 425723.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 726283.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 141625.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 238491.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 293268.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\7ev3n (1).exe:Zone.Identifier	msedge.exe
File created	C:\Users\Admin\AppData\Local\system.exe\:SmartScreen:$DATA	7ev3n (1).exe
File created	C:\Users\Admin\AppData\Local\system.exe\:Zone.Identifier:$DATA	7ev3n (1).exe

Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
444	SCHTASKS.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
2224	msedge.exe
2224	msedge.exe
2696	msedge.exe
2696	msedge.exe
1940	identity_helper.exe
1940	identity_helper.exe
3728	msedge.exe
3728	msedge.exe
4228	msedge.exe
4228	msedge.exe
2896	msedge.exe
2896	msedge.exe
2288	identity_helper.exe
2288	identity_helper.exe
4704	msedge.exe
4704	msedge.exe
964	msedge.exe
964	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 38 IoCs

pid	Process
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeShutdownPrivilege	392	shutdown.exe
Token: SeRemoteShutdownPrivilege	392	shutdown.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
4228	msedge.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4844	PickerHost.exe
1644	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2696 wrote to memory of 3116	2696	msedge.exe	77
PID 2696 wrote to memory of 3116	2696	msedge.exe	77
PID 2696 wrote to memory of 1376	2696	msedge.exe	78
PID 2696 wrote to memory of 1376	2696	msedge.exe	78
PID 2696 wrote to memory of 1376	2696	msedge.exe	78
PID 2696 wrote to memory of 1376	2696	msedge.exe	78
PID 2696 wrote to memory of 1376	2696	msedge.exe	78
PID 2696 wrote to memory of 1376	2696	msedge.exe	78
PID 2696 wrote to memory of 1376	2696	msedge.exe	78
PID 2696 wrote to memory of 1376	2696	msedge.exe	78
PID 2696 wrote to memory of 1376	2696	msedge.exe	78
PID 2696 wrote to memory of 1376	2696	msedge.exe	78
PID 2696 wrote to memory of 1376	2696	msedge.exe	78
PID 2696 wrote to memory of 1376	2696	msedge.exe	78
PID 2696 wrote to memory of 1376	2696	msedge.exe	78
PID 2696 wrote to memory of 1376	2696	msedge.exe	78
PID 2696 wrote to memory of 1376	2696	msedge.exe	78
PID 2696 wrote to memory of 1376	2696	msedge.exe	78
PID 2696 wrote to memory of 1376	2696	msedge.exe	78
PID 2696 wrote to memory of 1376	2696	msedge.exe	78
PID 2696 wrote to memory of 1376	2696	msedge.exe	78
PID 2696 wrote to memory of 1376	2696	msedge.exe	78
PID 2696 wrote to memory of 1376	2696	msedge.exe	78
PID 2696 wrote to memory of 1376	2696	msedge.exe	78
PID 2696 wrote to memory of 1376	2696	msedge.exe	78
PID 2696 wrote to memory of 1376	2696	msedge.exe	78
PID 2696 wrote to memory of 1376	2696	msedge.exe	78
PID 2696 wrote to memory of 1376	2696	msedge.exe	78
PID 2696 wrote to memory of 1376	2696	msedge.exe	78
PID 2696 wrote to memory of 1376	2696	msedge.exe	78
PID 2696 wrote to memory of 1376	2696	msedge.exe	78
PID 2696 wrote to memory of 1376	2696	msedge.exe	78
PID 2696 wrote to memory of 1376	2696	msedge.exe	78
PID 2696 wrote to memory of 1376	2696	msedge.exe	78
PID 2696 wrote to memory of 1376	2696	msedge.exe	78
PID 2696 wrote to memory of 1376	2696	msedge.exe	78
PID 2696 wrote to memory of 1376	2696	msedge.exe	78
PID 2696 wrote to memory of 1376	2696	msedge.exe	78
PID 2696 wrote to memory of 1376	2696	msedge.exe	78
PID 2696 wrote to memory of 1376	2696	msedge.exe	78
PID 2696 wrote to memory of 1376	2696	msedge.exe	78
PID 2696 wrote to memory of 1376	2696	msedge.exe	78
PID 2696 wrote to memory of 2224	2696	msedge.exe	79
PID 2696 wrote to memory of 2224	2696	msedge.exe	79
PID 2696 wrote to memory of 2504	2696	msedge.exe	80
PID 2696 wrote to memory of 2504	2696	msedge.exe	80
PID 2696 wrote to memory of 2504	2696	msedge.exe	80
PID 2696 wrote to memory of 2504	2696	msedge.exe	80
PID 2696 wrote to memory of 2504	2696	msedge.exe	80
PID 2696 wrote to memory of 2504	2696	msedge.exe	80
PID 2696 wrote to memory of 2504	2696	msedge.exe	80
PID 2696 wrote to memory of 2504	2696	msedge.exe	80
PID 2696 wrote to memory of 2504	2696	msedge.exe	80
PID 2696 wrote to memory of 2504	2696	msedge.exe	80
PID 2696 wrote to memory of 2504	2696	msedge.exe	80
PID 2696 wrote to memory of 2504	2696	msedge.exe	80
PID 2696 wrote to memory of 2504	2696	msedge.exe	80
PID 2696 wrote to memory of 2504	2696	msedge.exe	80
PID 2696 wrote to memory of 2504	2696	msedge.exe	80
PID 2696 wrote to memory of 2504	2696	msedge.exe	80
PID 2696 wrote to memory of 2504	2696	msedge.exe	80
PID 2696 wrote to memory of 2504	2696	msedge.exe	80
PID 2696 wrote to memory of 2504	2696	msedge.exe	80
PID 2696 wrote to memory of 2504	2696	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Da2dalus/The-MALWARE-Repo
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff45a23cb8,0x7fff45a23cc8,0x7fff45a23cd8
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,14379143026513841991,3503527477847785259,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1956 /prefetch:2
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,14379143026513841991,3503527477847785259,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  - Suspicious behavior: EnumeratesProcesses
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1936,14379143026513841991,3503527477847785259,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14379143026513841991,3503527477847785259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14379143026513841991,3503527477847785259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14379143026513841991,3503527477847785259,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,14379143026513841991,3503527477847785259,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14379143026513841991,3503527477847785259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14379143026513841991,3503527477847785259,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1936,14379143026513841991,3503527477847785259,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6084 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14379143026513841991,3503527477847785259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14379143026513841991,3503527477847785259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14379143026513841991,3503527477847785259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14379143026513841991,3503527477847785259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14379143026513841991,3503527477847785259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14379143026513841991,3503527477847785259,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14379143026513841991,3503527477847785259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14379143026513841991,3503527477847785259,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14379143026513841991,3503527477847785259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1936,14379143026513841991,3503527477847785259,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6664 /prefetch:8
  2⤵
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14379143026513841991,3503527477847785259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6796 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14379143026513841991,3503527477847785259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7092 /prefetch:1
  2⤵
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14379143026513841991,3503527477847785259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7052 /prefetch:1
  2⤵
  PID:420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14379143026513841991,3503527477847785259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2628 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14379143026513841991,3503527477847785259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7004 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14379143026513841991,3503527477847785259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6888 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14379143026513841991,3503527477847785259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7072 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14379143026513841991,3503527477847785259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2532 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14379143026513841991,3503527477847785259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14379143026513841991,3503527477847785259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7076 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,14379143026513841991,3503527477847785259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:2932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff45a23cb8,0x7fff45a23cc8,0x7fff45a23cd8
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,4136763682123090605,14278144723116425729,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
  2⤵
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,4136763682123090605,14278144723116425729,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,4136763682123090605,14278144723116425729,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2608 /prefetch:8
  2⤵
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4136763682123090605,14278144723116425729,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4136763682123090605,14278144723116425729,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4136763682123090605,14278144723116425729,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4136763682123090605,14278144723116425729,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4136763682123090605,14278144723116425729,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3820 /prefetch:1
  2⤵
  PID:1792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4136763682123090605,14278144723116425729,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,4136763682123090605,14278144723116425729,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,4136763682123090605,14278144723116425729,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4136763682123090605,14278144723116425729,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1912,4136763682123090605,14278144723116425729,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5800 /prefetch:8
  2⤵
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4136763682123090605,14278144723116425729,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4136763682123090605,14278144723116425729,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4136763682123090605,14278144723116425729,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1912,4136763682123090605,14278144723116425729,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5348 /prefetch:8
  2⤵
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4136763682123090605,14278144723116425729,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4136763682123090605,14278144723116425729,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4136763682123090605,14278144723116425729,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,4136763682123090605,14278144723116425729,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5944 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:964
- C:\Users\Admin\Downloads\7ev3n (1).exe
  "C:\Users\Admin\Downloads\7ev3n (1).exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - NTFS ADS
  PID:792
- - C:\Users\Admin\AppData\Local\system.exe
    "C:\Users\Admin\AppData\Local\system.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:3400
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\del.bat
      4⤵
      System Location Discovery: System Language Discovery
      PID:4992
  - - C:\Windows\SysWOW64\SCHTASKS.exe
      C:\Windows\System32\SCHTASKS.exe /create /SC ONLOGON /TN uac /TR "C:\Users\Admin\AppData\Local\bcd.bat" /RL HIGHEST /f
      4⤵
      System Location Discovery: System Language Discovery
      Scheduled Task/Job: Scheduled Task
      PID:444
  - - C:\windows\SysWOW64\cmd.exe
      C:\windows\system32\cmd.exe /c REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "Shell" /t REG_SZ /d "C:\Users\Admin\AppData\Local\system.exe" /f /reg:64
      4⤵
      System Location Discovery: System Language Discovery
      PID:420
    - - C:\Windows\SysWOW64\reg.exe
        
        REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "Shell" /t REG_SZ /d "C:\Users\Admin\AppData\Local\system.exe" /f /reg:64
        5⤵
        Modifies WinLogon for persistence
        System Location Discovery: System Language Discovery
        
        PID:3736
  - - C:\windows\SysWOW64\cmd.exe
      C:\windows\system32\cmd.exe /c REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "System" /t REG_SZ /d "C:\Users\Admin\AppData\Local\system.exe" /f /reg:64
      4⤵
      System Location Discovery: System Language Discovery
      PID:1704
    - - C:\Windows\SysWOW64\reg.exe
        
        REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "System" /t REG_SZ /d "C:\Users\Admin\AppData\Local\system.exe" /f /reg:64
        5⤵
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:4168
  - - C:\windows\SysWOW64\cmd.exe
      C:\windows\system32\cmd.exe /c REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout" /v "Scancode Map" /t REG_BINARY /d "00000000000000001700000000003800000038e000005be000005ce00000360000001d0000001de000000f000000010000001c0000003e0000003b00000044000000450000003d0000005de000000000" /f /reg:64
      4⤵
      System Location Discovery: System Language Discovery
      PID:952
    - - C:\Windows\SysWOW64\reg.exe
        
        REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout" /v "Scancode Map" /t REG_BINARY /d "00000000000000001700000000003800000038e000005be000005ce00000360000001d0000001de000000f000000010000001c0000003e0000003b00000044000000450000003d0000005de000000000" /f /reg:64
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1072
  - - C:\windows\SysWOW64\cmd.exe
      C:\windows\system32\cmd.exe /c REG ADD "HKEY_CURRENT_USER\Control Panel\Accessibility\StickyKeys" /v "Flags" /t REG_SZ /d 506 /f /reg:64
      4⤵
      System Location Discovery: System Language Discovery
      PID:660
    - - C:\Windows\SysWOW64\reg.exe
        
        REG ADD "HKEY_CURRENT_USER\Control Panel\Accessibility\StickyKeys" /v "Flags" /t REG_SZ /d 506 /f /reg:64
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3376
  - - C:\windows\SysWOW64\cmd.exe
      C:\windows\system32\cmd.exe /c REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion" /v "rgd_bcd_condition" /t REG_SZ /d 1 /f /reg:64
      4⤵
      System Location Discovery: System Language Discovery
      PID:4688
    - - C:\Windows\SysWOW64\reg.exe
        
        REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion" /v "rgd_bcd_condition" /t REG_SZ /d 1 /f /reg:64
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4820
  - - C:\windows\SysWOW64\cmd.exe
      C:\windows\system32\cmd.exe /c REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t REG_DWORD /d 0 /f /reg:64
      4⤵
      System Location Discovery: System Language Discovery
      PID:1720
    - - C:\Windows\SysWOW64\reg.exe
        
        REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t REG_DWORD /d 0 /f /reg:64
        5⤵
        UAC bypass
        System Location Discovery: System Language Discovery
        
        PID:1136
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion" /v "crypted" /t REG_SZ /d 1 /f /reg:64
      4⤵
      System Location Discovery: System Language Discovery
      PID:4992
    - - C:\Windows\SysWOW64\reg.exe
        
        REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion" /v "crypted" /t REG_SZ /d 1 /f /reg:64
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4440
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c shutdown -r -t 10 -f
      4⤵
      System Location Discovery: System Language Discovery
      PID:3860
    - - C:\Windows\SysWOW64\shutdown.exe
        
        shutdown -r -t 10 -f
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1408

C:\Windows\System32\PickerHost.exe
C:\Windows\System32\PickerHost.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4844

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3a38055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:1644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\8ac893f9-403d-4656-8a1a-0a6ceab23048.tmp

Filesize
11KB

MD5
4f8b6f59aaae26dc8400e086f81d95b9

SHA1
c9a7d8e5169932e8143a65056ee3a23c7df5e174

SHA256
040138c6e2c4faaa5e85a2cefe019190653c841a0c0f48913f9148da40bd1aef

SHA512
925315686ae908b65e747394a05f25c8965e202a12d346014a7845f6d3a3d0d9473c817d4c0358317fd456044165f416544c8c7d20ed93290339f8338c1298a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e1544690d41d950f9c1358068301cfb5

SHA1
ae3ff81363fcbe33c419e49cabef61fb6837bffa

SHA256
53d69c9cc3c8aaf2c8b58ea6a2aa47c49c9ec11167dd9414cd9f4192f9978724

SHA512
1e4f1fe2877f4f947d33490e65898752488e48de34d61e197e4448127d6b1926888de80b62349d5a88b96140eed0a5b952ef4dd7ca318689f76e12630c9029da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9314124f4f0ad9f845a0d7906fd8dfd8

SHA1
0d4f67fb1a11453551514f230941bdd7ef95693c

SHA256
cbd58fa358e4b1851c3da2d279023c29eba66fb4d438c6e87e7ce5169ffb910e

SHA512
87b9060ca4942974bd8f95b8998df7b2702a3f4aba88c53b2e3423a532a75407070368f813a5bbc0251864b4eae47e015274a839999514386d23c8a526d05d85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc285b8e46347cefbadd495fb6305ddd

SHA1
a793e816d21648f4630785dd7bc99c81164b0e31

SHA256
988559ebd23a7c91d89ad477aea5d28a7c36743cf41cf420262e96a48fc18c2a

SHA512
eda1f44aeea0dcd8082dbb84798d589941fe068804d2af062740962e64868841c05a774be97bb2449f738f422cca245cbc46ac957f07e6486adf7a902912cf77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7885de98d30321ad7d8cff1e573214fe

SHA1
1443025d023faaaa73b646b9064ed261cbc59126

SHA256
512ace5ecbbca8b0d3ac8a8d7ab05ed6cd163f95e75cf2fe4fb79c3c0420c7c7

SHA512
e2c8c9c97246e1ad7888a52db337eb95289b4b0c9cefc9000facb692d83672853648563780e2a0e26019fc691d3583060b5e1eca4bed735b6a181b68b44b5c20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
de6ea456fdb74897c7e03a1b0b436ae8

SHA1
7df5ec9a271bba1628b1eec6424669e929f54667

SHA256
9c52c8ec0df661d21e8559fcdfa99fdd61d8fff4a679fabb45bbdb09b4fadb80

SHA512
ad35c8deb434701b79d378fd14058cdea6f0ee6a1160874902bc76f2c4f17dfd64b4202abb479d8cd0304156bd55a2ba20f132e073d3d475e1a31b949e86f48f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
9244244a2160520dd40efe1a1b659972

SHA1
3fd96d1c0674a205c5e9dff02f8fbaa245097a0b

SHA256
c20dd4c1cfbfce510ce8c3d328ceedee3403d3630a116ac8dfea50d72c5915d7

SHA512
2b995a3664591733e5719c3b1d516c17e9656ff12d8a586b084975e556bbafc5a50270bdd45057b58835c71ca0e9bbc6f42347cab4d2b78aa749758041f5122f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
4c109deedd7aad9590b6c466fe2a7670

SHA1
9698377509c900e5782d62565c19278e5faf7f70

SHA256
8c0414d4ff1526ad58ecb9be222292f37f4097e27522525ac816203644d05d2b

SHA512
c1ea635c2613bf47ffe6a5c6d8fda3da73de9121960e346451fad042f98a04e5e6936661f7beee5e3a61e4176e69b5cf10042673b5f0f255a2343820e160a5d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
a58e5646d40e37a47e8acfe146665763

SHA1
88b89843ead9130560b09120a944bae3ccec2671

SHA256
4dbe2aa2e5916178f31d590be954b0b466f5aef92cbc78eb1b4690c6c4cd2281

SHA512
6b30ac4510257949ac62d70d2dbf8aaa1ab04d5e1aa7082c5082d68273a0043747f1211733a45ad7945d5de58e4562d8a3af8ec2181d138a975fca53f2585e49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
20KB

MD5
4fa02ac6347763639aeb01d8adf287b2

SHA1
8cbf6b37f0cd329ba5b4f4f59437c55dd3057b37

SHA256
ec23a39504c8b289a6401723dd1a5153e9072e5f5beca20f88fac54ed3a477d9

SHA512
371e4b42152c578090254323dd4846df1ab38ac6bcff8ed6b67143dbfa5111c72e64366ac24b6ac04f3c405ce22e5f50f2a04e1805cce8b22ee8b95139a53afc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
45KB

MD5
8f9d2932e4f3f5a540b386a712682e98

SHA1
4970c452b3fdf11ca1829456021ae1b9d1bd1b99

SHA256
82a62c743cd6e6e7e3316cc4e220db263726b61d38f92d1cc3ef8591f6b5fa11

SHA512
b28c0f128ce0ec2656b644a16105f7547a89f7d0d4d69bc5e4c3f65273d218e45a62608a264dd102efe78c7c5e3761817c3a8534245eddf2b69c36d73d97d145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
e04402c84a8ce5e0b9c0db911e358f74

SHA1
acc55770a920ad848cb01e7a5ab64470aa27b6bc

SHA256
a078e427804839039c2ef81d701050d495b5ec11c8bbefc8fbae25efb2f84c34

SHA512
2a29ab2b1a0afb0f9508485da42ffba1e37060a955315dbc9156eb9016ce0824697aff922a74340ca866348d58daa6b2c7da2caf3f3de026c35410043b80ed2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
a43233915e3c78480f4ca716781e5082

SHA1
809ad39e1af44dc95a1107852738fdad9c9597d4

SHA256
7ba7927b738ebeb662bb795514f026adc71b8bff0e91e332566360902471af58

SHA512
a93adb584b79fd9629d82ec906271f23ff9eda9fee147d034259268565220acf5a1d8e061ca292d2f7919cd9debd63f8c75d3ef50397f49db9a02cce5a966317

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
a6195dcbb03d6c579908030ffda65bb3

SHA1
3314110cc9a2f922b0f3bf5626a126ab4e2873a4

SHA256
fbbc6b9e4f2b0ebfb2bf9e723e9d8e66568aa39c94304516ef92b91a3dc6503f

SHA512
3a39acda063d0e92a929cf123124dcae19dcae84862127af46b92fd7fbe4ac4111d11fcec4c99215567d42d6608b626ffb4edf6f7584b1fa79003cdc279f142d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
41679ba00bac8f9264f89cf9ab88d474

SHA1
d21611482409f74968d19cc5dd1be5d52a5282e6

SHA256
527531896f8bc51e0119ac21022a8cc87276bb836faf047a09f90ef3ed17ae25

SHA512
aa40cc88a4a3f2b5f44b3f36695a327ea8f8f4f758252d1672fb91f5240eb735a46a784b49491ce8cddcab8b3b6df0e9efd0fda63eebf148442b451e837d1078

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
28KB

MD5
0a6b385a566c5c73d27458520689a0de

SHA1
b676840a911fac37fa7145bfb41ad402e69494b2

SHA256
40c9c0b9b2678758c6d76634f8403a7aa09fdc3df0a580c1be7453c12965a67a

SHA512
af86cf5c44e15de9d523e9bca777e0053e1b1341e750b049ad1066a7ff5f51027045b330e7a21139d16aa256d194648043f30defb4c769fb147c7ff680087094

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
316B

MD5
9c413c474dd8bc178269d08730e67d2b

SHA1
d7391ccee48dc00a19db0e2455cde05c9c1c9fdb

SHA256
90e3c5e23f5e4d9a7aaa57ae7f590f08707f0a3a16b61c07c83f72ea9e202b19

SHA512
f492de43a02b00e6872545831d164308d59490a95f57028d1bc82aa0b4ee185bafd453c37b55efe0c966e6d1cc9f3058ff4298e19737f23a856c60ac4b0eebd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
24KB

MD5
e87683f165f3274bea82742fb671f896

SHA1
2c7d59bc187954dd30c4021b8ade6a68c31ea3e5

SHA256
20e530c5a42308569daa649d6e2ce8c39778ba677afa1a284ecec53403ee1bfa

SHA512
11fc6a6f159a743b4b7b21f4e79d5938473fb31bbd1980deacae0ef410c22c9acd787ded404abee070e7269f64a8bb611b2b4a8741a2120c5bb0fd59624bd69d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f0ea0c7774b506bd659417c4e847c77d

SHA1
75bd4a881f701f76cd0cd5de9de217d666f804a4

SHA256
52499e45a316c435e841290d56c53e6c37a168cb5d0f933905f331c3496ea46b

SHA512
eaab18e74abef34e3becbcfea5b34e392a70edcaa0ebb2340d0743cc1e870805f160027561b49ee18d6ff33e8818aab90c15982b2a53c2997bd2b5c284fb07c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
c7519ad2c94ad2c261ab5a4835f83770

SHA1
e85998100a8c3b74f337274fb68d0b50b6704ba0

SHA256
fee56ffd03de753f08fcc56d1273482612747dbd064cb77d4123925bc6571924

SHA512
0a5ceb6131e06f4af8cb056b3ba9822f88e2b9c54dc2498cfdd2b08cfceef2e410e0c0cc9ff390d48cce70cebe66c1d5a6168def91e7ebec414afc72b75c883a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
2KB

MD5
8997c2afcdfdbae660baa63040a4cf3c

SHA1
f8dac8f1daf8f24a8db2e63137af091aab813f79

SHA256
5c741fd00f7cce0676305909307932b693802c2d29db33c3c829a36fcffd8908

SHA512
9a9ab4aafb66170de86d73b29b9f018c34a243abdd1f8cea6cc8d2cc79b71d3082797b5e2cbeb8439a093e4dc473c64f1aa86505eb0257011898bd97561ece2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
20KB

MD5
9df05eff2f97f83b96f119a25ee1aa86

SHA1
b78d00c08b624e0da82ee13bb27f4eed8ba7c6ea

SHA256
6a7063da1f4054e538b8514beec29fead134a08db9c48c2b3ed2e211331be31f

SHA512
faeee3176287fff31f4f914b0e3d74619b43d2a0898db877fb4b6a99c6f8cb40df9a7ab9f1a5e260700a20818c145827f12b7ef420733586b16499bb29c7d30e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
25KB

MD5
fb7f25999ed8667802b98e6fced7c6b9

SHA1
4c3d3e22edc15b22498c4f027559e976733ae8af

SHA256
528f1208603b21bf150a0e6f9dd88df6b04927189b744a1f42b6c2e3df287811

SHA512
f5318adb09943c228401496f3332d738c81b79f2357aa6998628230a503bf3a9d6d341327329ca942770d30a14b0b787c46cb44f34145ca84914e77c3d11bf48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
5bf66f3ab8eaa3d8b52e1cde92cdc1bc

SHA1
25d025c4d871743a9efe49969a89d9b76690d136

SHA256
d8347a672ff71529393d1dc29d4a4c9a9558c032136c6a9404e5b56e78617532

SHA512
e4857ae5aed3b3c4d0c1d79375c0eabe9e8e67cf1a3131cd34412a7a447dc2db644c678e929c63d0ac673cbf7ca48094c941febdaf4b1fd1a5f9960c711497d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
937B

MD5
536ba5067c7a2e0a25215e5c6d98bbaa

SHA1
1b5cfeb3cc0ad25f09d30b2539c1778ece79821f

SHA256
d175af12c09878f75fad20526652197a65e09f7569d79c89ce075ef28bb64c2f

SHA512
56d7b265f4ac1124ee64e5f7e7dd3a6db216bcf4b4ca2cafb5bcda49a50f027ad3e7895a7b3089407c8b73b2ec16a1946eb8f7759392d1b07e13ca47b7d5b5c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
937B

MD5
d368dcd23b4f1d8cb369dee12d556ce0

SHA1
950ed6a2fce9e1283886da42e8e63efe7f2cd3d7

SHA256
0bc7a685ea68384f3b86fa264abb37b2dd1c4c230ce13dd810cf651f3dcf40ef

SHA512
8ce9c151d1466f9404d0409dad68002cb8dc5db45a1127728c6943a1ed8ed035c17b82a2a33e914d9c853d3ccdce36e74adc1311648ff4fe208d9c4a98a9490b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b91995b971308410d8ce08ee3c8eb70a

SHA1
c89f0e3efda7414cc0a0c49fcf8e1e1a4c493371

SHA256
e4ab19a2879be06bbf8c10820c5b440d0e3259a77a797ec94067cce5af951fc8

SHA512
6405a581c8133b5b5dccb94c7acae3b4b92f81ce9f47a6a777ce4c93dcb32af68a5fc1f30ea3660d0688b5364470a2d6b7ccc299cc11cfd416f711e8c4c05c93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
10c0de892233aa05bae74d84547abc8a

SHA1
9c6d0c0d11d57f82a474b2622ab01bfe5c0b36ba

SHA256
e7c1bd5bb1827cedc48fd55aaf14e452f70f63d5f8db262e7246532eb858a3a4

SHA512
b5edd46a8d6518f5245487800f36b60a7fb1de45bf274011ecc837b7e9df8833f04e3a74f8e19ab7c20bedec1242f9dea39e82dad4b667c9a2e155af977c38f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a14a771db5cc390cbe01dc0eb25fa173

SHA1
ed451248d5e7c41606d1a377e281cba06c679a77

SHA256
c31c09d065f33972858bf83ae18a42c51b431be1df882bee30f705787cabccc3

SHA512
73a7c30840093454f81073372c1ef01a8badc1bad4fe9532c1d0d3e3892c4a997a670486da9596e41e13456f991e303653d6e15b1afbe680bdfca1f23459a29b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5cc24764e5c8f1d5e867e2abca5d4f9b

SHA1
e0ddd6e146e6659263945ddf57daf75ff2f26cdb

SHA256
efdca25501d64f0a3eaac7b1e9aa538579d6305f478020dd432514f83f23bef5

SHA512
72ab453f6edb44c517832122d68959e98f21af0d26b30b4d543e15cabfe475468b8d7f68189319035a754d50c6df8617586d64b9aa683551116788236863c051

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
22890b7eafa0700e3fc11b800e293c5c

SHA1
adcf10d9fbf8c471f853cb7adb4edea7e1369ed5

SHA256
f06ef11155139d02c293bb5d3de0e694cc74b4b53d9b7c310a601f3f70fa66be

SHA512
a6a5f12955d6e5375844325fd5aa698774eeb294120cb8be9d7e0ad15330233a16da882434137dc3cbe26162d7ec19417cf1e4e07073595726b29eb35870dc16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
72e3b847057f2fe24979162ea4820147

SHA1
7e0cd5293398afb8cf62867ec552129cc1400e58

SHA256
6853d46a01adc6bfd5648b1595abdfd6c82f9debc2112a19593a4775d9c8cc4e

SHA512
2dcc023e478cb2e20d9a1d14970c63a41e5cc1ce6dd883a992bb6aa06ef5313df3923e257b11d172a97dab3f0d3c30b226932d744b5d89f4a6418a705d54587e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
11a3ff6c91539f1351296b9f6f0972fe

SHA1
3a030910ee5174b26ea181342fdc03c416bf73d3

SHA256
ad207f890cd050990d1c447bd405c8da48f1800356c9e58a0d588ef372630078

SHA512
680ca26e2ae706931e35c9c9fac96a7e338b8d3853e4a22b6459650488f176536f1a563c1bb0c6416435456f3998eb9dbfdd8f12d140162e8684cfd121df1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e9cdfc770ec9dd93287714cee0a17a69

SHA1
6e035904a571358666b1874460d56aa96d7de65d

SHA256
3561bf44f52bb95fe926501585f308add895f2d52825e263ab0dcad6fd628607

SHA512
b0db6016702751ab7cb2201d94ca4c6730df251a40ff687495dfdaa1670601a7b986bf0a1b0da3c3b01cc68150758799c08ebe56df3843b3330d3a0dae3e7161

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
64b6ed338c1682726545cadd66f26228

SHA1
0bdd82844278259a8ea15b832165cfca5f6c71ac

SHA256
d7ea5834381ecb3564a67524574aa4b1bc2ab52db82d6d2eea91f32979cd0130

SHA512
8c5b739271f101c016793425090d81b0ffb48d866624239bd1f626aa0d9142dfd2f2016fccda6246239e7374ba8443f4842d67ef17ba95efe958aa18352de7b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d1420f01bce87a4ec78064f2fba6c9bc

SHA1
5e0983c3d9c3921f781d9a4e470a60eff90b3f75

SHA256
529c638923018350094032daa38c0a50a75559ab02b3cf37698898fb06e1fb5e

SHA512
40a215f41ac4da49e4dbc6ec12a60f05f41a99736e5895e71184fb6a9111a9896992960a7e938d785fcd884c2113a42e3e711c72ecdb48d1df2f02b4defbfef1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
1f486f2792bffa7a446ef99e743d2725

SHA1
e4e6e04ca1a7144ed7a383c25e575c2f1ad9cba2

SHA256
0dcf71fb6ccfc4936296f604d0a92afb33271a1f9c8d1f2d363d045049c6be2e

SHA512
a8a18f3efd065287e432ecd35c5bf565a5a327c39e1559e9ed80231ec3a8237c500fa9cc8d3e687d8e30e630258eff0a54cb562ac5b332606cfd8eaeac56f4a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000004.log

Filesize
1KB

MD5
42539ea06c856f56cbd7487d5ac5fc36

SHA1
385de49df375001ae7b337bee08a155071bbc71f

SHA256
a58404f80e713625fd4f7cdbb3af70b17e70f94665b98caa45c82c4cbb55a787

SHA512
011f2fb79dc8c682aaf631cc791e47d1bfb8b4b1c0d23145ddb77e644482d3ff4ac312f8af8305c6885ea89ff106eca55f738f7eba0c508544a1a14060c13034

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000005.ldb

Filesize
295KB

MD5
da3076c6e62ddb3aba58dce2b6b8974a

SHA1
85710ed4a620e81804dea53574ab69c8ae4c7fca

SHA256
d86813357ae20122349f5a731440f0ff7a4fdc8ffbb31c55db7d738bf3d6588e

SHA512
2dd45f55024d7346a68aeeeb6dbd10f452e58bab2047f58c3848ef21fe272db6c10c7e89fb34685bf0ae315439eb052376328d864a9cf49e83f4c50fda746ac8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
480B

MD5
f64d0aca5eddde8900a233b45e3c85e3

SHA1
0fe54b8a8a479182a9a77b4bc255501335e0a32a

SHA256
35d8a224dd1935a62e07a7af11696adc2b4a0117fd1d4a0e3b2a1a0ca042bb06

SHA512
d7bb9b13fea2f11eb2a7a0cb9eedcf90fd29cb9733bdd624e817f2b9b780671c31f92d38e849a4d3780c2e4eb5baed5231778ae63ce4c63ca3e8846ac94e9793

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

Filesize
108B

MD5
fd8b4df9ca650fb40d137a1ad56e394d

SHA1
e120e3960ef00e63e6df8c0194bb2e0200088b49

SHA256
a4d60ed3956018d34341bb13ad5323e56248432ab7a5310210e81091e4e109ef

SHA512
2c911ee28b22c3ec821938dc18abf3c93d4c9e8788dec06004c1fa1cc29722ce5d991ca3e74c1d9fa466193b1c8b548701bd01f3d765a1dc67e129b1d3b0004d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13382677966143373

Filesize
28KB

MD5
acab289d7620e2e51ef00a105d9efeaa

SHA1
855c5caea68c3829fe9e73f75f4f0cc189cfb201

SHA256
d88de8b80f25aa23ba4f4dfd5ee147688170a5f0f9cf256de3af1c84f782ceb6

SHA512
64130d5a227892a8d5d3dc5c0caabc0549cf54ac4e75ad489198495eb7a3335586730a1a6dc5fdcd42ba7be7730faff22b64ad0702a7c86c4475b6f08f59fc46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13382677966372373

Filesize
10KB

MD5
0abb388ed94ccbf496f0051c725a6984

SHA1
5ad648204d124c779a4526a471e3be0a03a8fe4a

SHA256
ec3a8c0e821dcc483839cba7b86ae63f46705a55425a6b23a63106f17ff466b8

SHA512
3c22658f28a9bdcbdb3a38aa6de27f5b160d8fbdcbf60fb60b73ed456b6f012b9775c4e8b1ca1e73c50317a76120a43af61ae2fa00e59283ca64a11a7749e55a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
184B

MD5
91c1e8899efceb451c644c6c8aba3f26

SHA1
4baef0fe9b0502ec6b1b3f0e7a136df3139b0233

SHA256
215ac7df5e25c1ab2147d7bcec49cf91e0eb6f80929df9b684bf33e1546d26a0

SHA512
cc04699ed54f1ca0b47c6d07d23a522eadff1ebc4b443eaac2761d7e8d649b1355962c44662bdc07ab1ec60b0b748710d4285cf6fd95dd401d3867ec06cf250e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
8c121cb9c3a5f96337184b7474b5f841

SHA1
eb58d56bfa63c7008fc768ac330f55b77280d16c

SHA256
215a9635d6384e644b0fd74f34da03839a693f26cc4c24a03538792a9afff9db

SHA512
08d735668c7c19357e84d419ba2cc6a2994fbeba190933339d07bd7c51fdc50a932654e49606218df1ad7c645f31d5071832f505df91b2288bb1ecc3d0731adb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
86fad334817507806e9f7e0f26b556f3

SHA1
4342b676f1b54bd7ecf2b89813c48e66541a1eb7

SHA256
61eca9bdd8656dfdf4e3d88bcec6cad2dd8b906f86b420213b7f9fd4217642e2

SHA512
c220851f4b2fbcd23a175e03aba1c37ea17f0afcd17d7e6d60697eea1ab32255fedbe1824f9ceda0e7655f87570d578ec68fba5fb5570de0832c8855fa72a148

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
dac01a6a0efe885a8512840c845940cb

SHA1
8fffde1f3b082d74964b195da94960272562c3ea

SHA256
467b785db9cd57df1af19104762e1962f89e21475622883ab0b68550f7c5f463

SHA512
32af840808a6dfc19659de0409fcf224e5477d01ee4976c02f0a5f8e8d12ed896610f1dc0ff519e06b255c8d1da70429b882be82238f594483af744112a13ff7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
88d523eed202d933ae467248f8d0dc03

SHA1
51896e659ec7698ce499e5d8067fb35188bb0d83

SHA256
6dd195b933ae7772ce9cfc8aa70ade46741a32c2d28ce68b08709ed9f6cc1815

SHA512
1cd8deb1762fc8707fb13b35f6c063982d8dab39da4505f93a128b1f39337b653f68f24d316efcad64151d6fc54a182ae2bb1720898e081f70a2847c5a6ab222

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
180806538b8a5a453582a8605158d7bf

SHA1
2502832b5e4539ede06e90f2799bb7721601a2af

SHA256
c4b59d711df1408c24124057422caf073667ad4027ac94f5bfefd041a01e3add

SHA512
459f39e815b05f915c2afedb009af23e8924183dc28a7644e049978900f9472929e207f8e19099638d7bd1897a28b10a6098ae5fc5424dad4dbe9dd05fa29018

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0d5cc1f212441fc2d30ef71149df8faa

SHA1
ef8bcdf6ce25d32b812a07075321ca6644a7831e

SHA256
c383e7f36f090696b41bf609b3eb18e4fc4f2a99100adf47749fb97ae2fbb4b4

SHA512
248ade30923b166c696a692d0b9f8bdb0c78e571f8231cfc5ea044180f09863e2ad2a3bf0a5b65ada22dc53578914cde7c9c7900bcc878fc5fecea7b01f5e58b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
263c6bc89e2131608b7e4a258a0c022a

SHA1
6ecbbb1a619a82c58d00bd7c8c44f8469e19515b

SHA256
0be2b3f83449b5b0481dd4373e2e7b898114ff1b63249d56fe5e68f32c0197c2

SHA512
655bcf63aabcd25ee4ae34ed73de909cef0f45868bd2efcc10a9385412cd0a130ba1d4a36f0a55c8b483fbdccc56d9b1b5f33bc2d33c74e985068fd9378a8af8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cb09da6905bd1ea337ced43d32e802b5

SHA1
d6ba87e525ecfe0014707ff2da1a00b4a1dfde4a

SHA256
adc72cd126431ffe92aa2a4748cd21835c27482aa6107c41a2ec7ff577734be2

SHA512
37d610b761c764473f0c26c7c466b5b8513afd8b386e49cacef57585ca77d4d2a260ffd47b1861d07bd1332ac4bffe6f6051aa200b9612caaea32a32c9fad085

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f275b41f28ae57c9024356c201a4ea38

SHA1
5158cdda3d3600b6f86af11e6477ee5adf8d0644

SHA256
9b466b93e6a62b492666ffdfb3f39062b1a1369ea4341f980b3f1af1e2ac9efb

SHA512
3b053e810e6abb634baefbf412009e9d72e18061738e71b088b8d0029223db0044a8e5ef9ce50ff1f5046bd15315c35d63bae266f1ecc15c79291fe3c9eebdda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58508c.TMP

Filesize
1KB

MD5
8a915e5dc4516fe8facd2f0ae689a677

SHA1
637bfe8ae1ec6da132bac5c5e0dcfeac4df4ee6e

SHA256
61d4f254f6a77bab9cbcdcfac1b16a73662f9a4dbbb8e7b6245fd1844d00edd0

SHA512
3a0951bda9937c636e941ebb420dac09e4de802c05ce304fd7db726ffc140f910e3fc7b33b354e6ab6723ca93c805507f6b94a06d9bb317b9ac6261866dacb72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
064d53ebf78aae5d51af0923ca8e5885

SHA1
5d9a07f392858100b089b64d2262f9f22fc3c157

SHA256
3485557dbfb2ab829f7c9424b49b0bccede8cde86bcbc5046d870c8f44324cc0

SHA512
0401e7c7cc5b3926283e7b67420b36f190cef9a31fd2902de2fcd5f35bc1389f0dc1769b1eaddc2e1538496fd10fac03f770495d103eda47dbfa7441c94ef5ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
112KB

MD5
4baacf2ee54de55a424692b7127e4d9f

SHA1
677d82928cc22ec2c90183b9c762e1ba9f79db0c

SHA256
60243907e877b640594cbbb6440c114b6e52359c4fa7f62894ad966751991c82

SHA512
731e750c82ca254084d4f24147ddb068a918260dbe3335b72986d4a775dd47eac7a373a5e22e4717f6b54cd864f41c2052addf6edfafc70d531ed18095dd84c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
72KB

MD5
a4a5890748af6210c9a488196e90a83d

SHA1
1622a49596acbce7800a71d4b50e2215ed3c1c31

SHA256
8ddeaa18b5a9bb6a53e59e1b138386cf8b985723134e96481cb737113fb57fb7

SHA512
7ce41669f16809fc679995dea676ebb3a7414a0a662e2291bd8656fcb2ee96c046a3d4ade7eae88b986dcb6a55f9833ff14af486416ad55446c5815c1bb2d098

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
8KB

MD5
26090cfbb1e5ac533203e637422f08db

SHA1
b7390437eda8dbde4163f2ff9c896334a598375e

SHA256
89b18d196939bbc1f397e525ff4132fa65a48caf400dcfcf12e8224060cc9a46

SHA512
dc0923c0a4948a48e852b9e02c96fb4f771ceafcd760ed1701f33d1b65be72b0ef75df5c98ca37395b80d2473bf06132416ff9db2961c99227d94e41cb870885

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
316B

MD5
a9563d5b83da43bd82636842eb4e4174

SHA1
1015639792e9c40f6f8b21df40a542345cdc533a

SHA256
4cc13a1d733cde333e61c2a8a19afee3f32b18d7611c5e44b09305c17d126d7b

SHA512
f0235bcdb57304a6a3fc0f59340a90a5be04006a25ecf7b762a47a4826a42ea9a266cfdf4ce5070909f74433e369e3f1d3a3495be51b6b8dbf2143f135b3b0ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
318B

MD5
976c229ff58bde64e028e08ecdb518d5

SHA1
6da4b3d9c776f65cd76cac08145dd733a0b98399

SHA256
a9065113a31a540d2b28bbc4d11660f5bdc9637dda947d8d3a9858feaaeead7a

SHA512
354dccc7679f49f8ba2b53c764313c07fd30a4767027717385f3c8a20935ea45f1207548aabde07631b2f90ae06152dd621f48368fcb6346a5629b5b855b8c4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
334B

MD5
3e0a7ee433d8f140d154f55a5f90d232

SHA1
874d2c372954dfafc8dabd43ad106e4f27becee3

SHA256
950007b38e22eef7926c32ff403d03971a18470a5d335c917bc28227e507a35e

SHA512
6eb6edb6083a61a422b0b7bd4f974ec2eb6dc4d4a8cbc17e49bea2c2a12669b0a6a43cca8aa7fc6d53e9de7f92be8537e81c86c19a49be22caf5ffebb03050cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
5324d6ce07527680afcd55f52a18432f

SHA1
71979f85c24e4a7a802a54bc3bd83e03dd041109

SHA256
1b371a86e5f5ffee960f79d3a952cd927ce15e46c007d6b194d3e4dd160847cc

SHA512
d972fa01df17d9766c84b9860e16b5eae5bced1f48e44d30941ff2c10e6f374eee200b5a3f94ad09c622d8d9a4257e820487d9a4c892a8fa80099af213ca9b12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
59150ff8a900b9271a6bc0a0e90c7dcb

SHA1
75344a5c7de2e41b9fa15d1eef65d0b58879ee79

SHA256
e1c83c14333a9e10188a9524f81fb0cbf1de619c863ba75ce75a169ff90617b0

SHA512
3925bafda6970e48a1e1aeb3e2cd45228334655781bbe6601bceb6a1bf9cefb36b1cfbe6790cb8e83b041bec102343d4e6271f585699955f90e21034cf03745a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
b856c5a6fb13562b7c50aa089ec167ff

SHA1
7665e769fa85985d5bc5eabbf82cc9cb0f41e5a3

SHA256
fe37d0d62ec441b3dbeccac68a713c0494448ca0b499a583a01a42e795cf6ce6

SHA512
7132813f1eb5e58727ae14957aa3045e614d6a7784856f645ddebfad40359c34229a7f9f9d8224826d1c807a70b410b6d86ad689d4f8cf06b2f138bd7ea5a456

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
20KB

MD5
ef9588ca82f853399e5968af99985e74

SHA1
80d9df4f75c3e789ddf10584d9ff9de2b6154cb0

SHA256
9d550015f47a4d5d502f8a2f5b33bd9cbd136f4fea7c64754c8cc5a9651f7fe5

SHA512
a77b6b0bcea459ab4fc1e5d0983e85b86a6b0835849345f6afbfb27a5e84d8d1a38ff16e21ecf862e95d0a74e3fe97fda28bea66752b8bd64fd44c8ba680a5c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
16KB

MD5
ac8f1da831b06f5891a57d2b5b63c8b2

SHA1
b37e329c54d76c85faf0816b8a8dfd9ee8fbb52a

SHA256
68a82d49ecdbd1464921b522c5bd2cca2a5d283eff1d5fc58f23a6b0ab7ba7b8

SHA512
305a34524de3b5c04767845755e6f300707100795a57dbdf889ff21565704e66e70ed8d0e60f359ae205f7cc86caaea5be68d848320629641c1060dcafdb8f27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003

Filesize
20KB

MD5
7e86d5c1bf2ff36b15bfbd8fcf748b16

SHA1
59a1515ddff8caec85c4f27ffb17b69a42ec6226

SHA256
82f03e141e82546b261c1a24cd9ae3cfd4b19a7b4f343a296428deeda88cf856

SHA512
943fdf966d2ca4bfb35e01431e7bae1611e86d4bbf9c27524ba4502a9a93b8c0bb39e7760a8ee76993c4099da1ff49febe0b48468f134d4121f22a0ffb41bf2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000004

Filesize
20KB

MD5
2a029687e73114ebcb4fad10c0114e8a

SHA1
f09cbbed46b9f8c731568bdcee13024e89bda397

SHA256
fe6e92a5b020858bbdd8089533c6f22703bc5927e22f689c384164096705b11b

SHA512
211dc45e2bb5739bcf863c44ca8132f92e895b3c95d074929aa4338698d53c6ccb3a8e2f23180260d9226073f4f5cd21a200010a7a224de7c8ac2e1cc853730d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
763e7d6e688595ae37c91cd96deaffa4

SHA1
257c425c62c2fc190e1ab2c994f0e423d12a187b

SHA256
2b81e3bb626c1d21fc835b5af95959b4112e8433f8990cedac958996f5fd50d8

SHA512
455261271256dd9fade4d5a0a08463a61b434c55f157cd0a4d955f843b387cac9d2c812596c0b15184d775940180a8c73dfdfbdd005ba7192dc5a3d94052f576

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
01b6f0e138bed87f864febfed54b8ce2

SHA1
cfe59f55f3fc711dfc2b6b82e9d560e24043c405

SHA256
0bd4894ddfa4d2d7e4ade7de5335d00a870fc3ed4a947c68bd306d6feafdcb95

SHA512
8e39fe7bc51c8049d7a69100d055dbf37674f3dea0c94bf458d8e95781cd70e7ef83eabe544bf58ec1669dc68a5aad3c77e8cc0587891b2ea02048449f374b10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d38e33571b2b99cfbada088615daf8ee

SHA1
cad2e2aca6fa84ff1ad96106c0bfd1acbc2fbbaf

SHA256
ef720654e4e0b21fcba4647b70a19fb020d88fcb7f48cb4c3ab534ab0cd64925

SHA512
ad3a11f8402b82efda7b86f8abe1781e002843114506af8c1b91968920e0bb627b71eecd2cce2d637f9e618a80a83df890c009f6205d550e806c8581d7b9c075

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
d6fbc61f624a659799e70e92dfa9b8e7

SHA1
46d4a28d8359a84c166a005b2c50efe260ff525f

SHA256
f0c1d08498c2836b9a2802e0d0859ac85d3c0c24fff0ada58dcacb6effaaaf7a

SHA512
b61567d024d837864f9636dd04526d4e2b05a619357641061237c9702ce85e8b77612e319c14ece4265729ee7a54714d279b5e7d49fec4a1bd1dd0f84465e2e3

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 141625.crdownload

Filesize
315KB

MD5
9f8bc96c96d43ecb69f883388d228754

SHA1
61ed25a706afa2f6684bb4d64f69c5fb29d20953

SHA256
7d373ccb96d1dbb1856ef31afa87c2112a0c1795a796ab01cb154700288afec5

SHA512
550a891c1059f58aa983138caf65a7ea9c326cb1b94c15f3e7594128f6e9f1295b9c2dbc0925637dba7c94e938083fffc6a63dc7c2e5b1e247679931cce505c6

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 425723.crdownload:SmartScreen

Filesize
7B

MD5
4047530ecbc0170039e76fe1657bdb01

SHA1
32db7d5e662ebccdd1d71de285f907e3a1c68ac5

SHA256
82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750

SHA512
8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

Download Submit

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads