Analysis
-
max time kernel
299s -
max time network
292s -
platform
windows10-1703_x64 -
resource
win10-20231220-en -
resource tags
arch:x64arch:x86image:win10-20231220-enlocale:en-usos:windows10-1703-x64system -
submitted
08-02-2024 04:47
Static task
static1
Behavioral task
behavioral1
Sample
199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe
Resource
win7-20231215-en
General
-
Target
199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe
-
Size
896KB
-
MD5
7bcffb4889d877a42cc6135b4372862f
-
SHA1
3387c35e128a221c186cdb5b2d534ed4070904c4
-
SHA256
199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965
-
SHA512
a88500d0b7419e0aaf3e1f753ed6de91060b9ffbae12c733b373ee46f909eed842f99a59bb7f006932de69f0d118565d5e6539fb3b119d443de7bb066d0e7854
-
SSDEEP
12288:EqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgagTI:EqDEvCTbMWu7rQYlBQcBiT6rprG8a4I
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000\Control Panel\International\Geo\Nation 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe -
Drops file in Windows directory 9 IoCs
Processes:
MicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exedescription ioc process File created C:\Windows\rescache\_merged\3720402701\2219095117.pri MicrosoftEdgeCP.exe File created C:\Windows\rescache\_merged\3720402701\2219095117.pri MicrosoftEdgeCP.exe File created C:\Windows\rescache\_merged\3720402701\2219095117.pri MicrosoftEdgeCP.exe File created C:\Windows\rescache\_merged\3720402701\2219095117.pri MicrosoftEdge.exe File opened for modification C:\Windows\Debug\ESE.TXT MicrosoftEdge.exe File created C:\Windows\rescache\_merged\3720402701\2219095117.pri MicrosoftEdgeCP.exe File created C:\Windows\rescache\_merged\3720402701\2219095117.pri MicrosoftEdgeCP.exe File created C:\Windows\rescache\_merged\3720402701\2219095117.pri MicrosoftEdgeCP.exe File created C:\Windows\rescache\_merged\3720402701\2219095117.pri MicrosoftEdgeCP.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 15 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
firefox.exefirefox.exefirefox.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe -
Enumerates system info in registry 2 TTPs 7 IoCs
Processes:
chrome.exechrome.exechrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Processes:
browser_broker.exeMicrosoftEdgeCP.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000\Software\Microsoft\Internet Explorer\Main browser_broker.exe Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000\Software\Microsoft\Internet Explorer\Main MicrosoftEdgeCP.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133518414567476751" chrome.exe -
Modifies registry class 64 IoCs
Processes:
MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$http://www.typepad.com/ MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus MicrosoftEdgeCP.exe Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\accounts.google.com MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\m.facebook.com\ = "0" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$MediaWiki MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\linkedin.com\Total = "0" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\facebook.com\Total = "0" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\NextUpdateDate = "414194004" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData\RulesFileNextUpdateDate = "413529613" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{169751D7-5753-428B-BED5-F76425E75B4C} = "0" MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 MicrosoftEdgeCP.exe Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\facebook.com\NumberOfSubdoma = "1" MicrosoftEdgeCP.exe Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus MicrosoftEdgeCP.exe Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\linkedin.com\Total = "0" MicrosoftEdgeCP.exe Set value (data) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 3b9c9ff3495ada01 MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CRLs MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active MicrosoftEdge.exe Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.linkedin.com MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com\Total = "6" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" MicrosoftEdgeCP.exe Set value (data) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\DynamicCodePolicy = 05000000 MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0" MicrosoftEdgeCP.exe Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "6" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\accounts.google.com MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\facebook.com MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\FileVersion = "2016061511" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\Certificates MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1" MicrosoftEdgeCP.exe Set value (str) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage MicrosoftEdgeCP.exe Set value (data) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = a19173084a5ada01 MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3934047325-4097474570-3437169968-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0" MicrosoftEdge.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
chrome.exechrome.exepid process 6020 chrome.exe 6020 chrome.exe 7848 chrome.exe 7848 chrome.exe -
Suspicious behavior: MapViewOfSection 14 IoCs
Processes:
MicrosoftEdgeCP.exepid process 400 MicrosoftEdgeCP.exe 400 MicrosoftEdgeCP.exe 400 MicrosoftEdgeCP.exe 400 MicrosoftEdgeCP.exe 400 MicrosoftEdgeCP.exe 400 MicrosoftEdgeCP.exe 400 MicrosoftEdgeCP.exe 400 MicrosoftEdgeCP.exe 400 MicrosoftEdgeCP.exe 400 MicrosoftEdgeCP.exe 400 MicrosoftEdgeCP.exe 400 MicrosoftEdgeCP.exe 400 MicrosoftEdgeCP.exe 400 MicrosoftEdgeCP.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
chrome.exepid process 6020 chrome.exe 6020 chrome.exe 6020 chrome.exe 6020 chrome.exe 6020 chrome.exe 6020 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
MicrosoftEdgeCP.exechrome.exefirefox.exedescription pid process Token: SeDebugPrivilege 2864 MicrosoftEdgeCP.exe Token: SeDebugPrivilege 2864 MicrosoftEdgeCP.exe Token: SeDebugPrivilege 2864 MicrosoftEdgeCP.exe Token: SeDebugPrivilege 2864 MicrosoftEdgeCP.exe Token: SeShutdownPrivilege 6020 chrome.exe Token: SeCreatePagefilePrivilege 6020 chrome.exe Token: SeDebugPrivilege 5348 firefox.exe Token: SeDebugPrivilege 5348 firefox.exe Token: SeShutdownPrivilege 6020 chrome.exe Token: SeCreatePagefilePrivilege 6020 chrome.exe Token: SeShutdownPrivilege 6020 chrome.exe Token: SeCreatePagefilePrivilege 6020 chrome.exe Token: SeShutdownPrivilege 6020 chrome.exe Token: SeCreatePagefilePrivilege 6020 chrome.exe Token: SeShutdownPrivilege 6020 chrome.exe Token: SeCreatePagefilePrivilege 6020 chrome.exe Token: SeShutdownPrivilege 6020 chrome.exe Token: SeCreatePagefilePrivilege 6020 chrome.exe Token: SeShutdownPrivilege 6020 chrome.exe Token: SeCreatePagefilePrivilege 6020 chrome.exe Token: SeShutdownPrivilege 6020 chrome.exe Token: SeCreatePagefilePrivilege 6020 chrome.exe Token: SeShutdownPrivilege 6020 chrome.exe Token: SeCreatePagefilePrivilege 6020 chrome.exe Token: SeShutdownPrivilege 6020 chrome.exe Token: SeCreatePagefilePrivilege 6020 chrome.exe Token: SeShutdownPrivilege 6020 chrome.exe Token: SeCreatePagefilePrivilege 6020 chrome.exe Token: SeShutdownPrivilege 6020 chrome.exe Token: SeCreatePagefilePrivilege 6020 chrome.exe Token: SeShutdownPrivilege 6020 chrome.exe Token: SeCreatePagefilePrivilege 6020 chrome.exe Token: SeShutdownPrivilege 6020 chrome.exe Token: SeCreatePagefilePrivilege 6020 chrome.exe Token: SeShutdownPrivilege 6020 chrome.exe Token: SeCreatePagefilePrivilege 6020 chrome.exe Token: SeShutdownPrivilege 6020 chrome.exe Token: SeCreatePagefilePrivilege 6020 chrome.exe Token: SeShutdownPrivilege 6020 chrome.exe Token: SeCreatePagefilePrivilege 6020 chrome.exe Token: SeShutdownPrivilege 6020 chrome.exe Token: SeCreatePagefilePrivilege 6020 chrome.exe Token: SeShutdownPrivilege 6020 chrome.exe Token: SeCreatePagefilePrivilege 6020 chrome.exe Token: SeShutdownPrivilege 6020 chrome.exe Token: SeCreatePagefilePrivilege 6020 chrome.exe Token: SeShutdownPrivilege 6020 chrome.exe Token: SeCreatePagefilePrivilege 6020 chrome.exe Token: SeShutdownPrivilege 6020 chrome.exe Token: SeCreatePagefilePrivilege 6020 chrome.exe Token: SeShutdownPrivilege 6020 chrome.exe Token: SeCreatePagefilePrivilege 6020 chrome.exe Token: SeShutdownPrivilege 6020 chrome.exe Token: SeCreatePagefilePrivilege 6020 chrome.exe Token: SeShutdownPrivilege 6020 chrome.exe Token: SeCreatePagefilePrivilege 6020 chrome.exe Token: SeShutdownPrivilege 6020 chrome.exe Token: SeCreatePagefilePrivilege 6020 chrome.exe Token: SeShutdownPrivilege 6020 chrome.exe Token: SeCreatePagefilePrivilege 6020 chrome.exe Token: SeShutdownPrivilege 6020 chrome.exe Token: SeCreatePagefilePrivilege 6020 chrome.exe Token: SeShutdownPrivilege 6020 chrome.exe Token: SeCreatePagefilePrivilege 6020 chrome.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exefirefox.exechrome.exepid process 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 5348 firefox.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 5348 firefox.exe 5348 firefox.exe 6020 chrome.exe 6020 chrome.exe 6020 chrome.exe 6020 chrome.exe 6020 chrome.exe 6020 chrome.exe 6020 chrome.exe 6020 chrome.exe 6020 chrome.exe 6020 chrome.exe 6020 chrome.exe 6020 chrome.exe 6020 chrome.exe 6020 chrome.exe 6020 chrome.exe 6020 chrome.exe 6020 chrome.exe 5348 firefox.exe 6020 chrome.exe 6020 chrome.exe 6020 chrome.exe 6020 chrome.exe 6020 chrome.exe 6020 chrome.exe 6020 chrome.exe 6020 chrome.exe -
Suspicious use of SendNotifyMessage 64 IoCs
Processes:
199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exefirefox.exechrome.exepid process 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 5348 firefox.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 5348 firefox.exe 6020 chrome.exe 6020 chrome.exe 6020 chrome.exe 6020 chrome.exe 6020 chrome.exe 6020 chrome.exe 6020 chrome.exe 6020 chrome.exe 6020 chrome.exe 6020 chrome.exe 6020 chrome.exe 6020 chrome.exe 6020 chrome.exe 6020 chrome.exe 6020 chrome.exe 6020 chrome.exe 5348 firefox.exe 6020 chrome.exe 6020 chrome.exe 6020 chrome.exe 6020 chrome.exe 6020 chrome.exe 6020 chrome.exe 6020 chrome.exe 6020 chrome.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe -
Suspicious use of SetWindowsHookEx 5 IoCs
Processes:
MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exefirefox.exepid process 3668 MicrosoftEdge.exe 400 MicrosoftEdgeCP.exe 2864 MicrosoftEdgeCP.exe 400 MicrosoftEdgeCP.exe 5348 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
MicrosoftEdgeCP.exe199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exechrome.exechrome.exechrome.exechrome.exefirefox.exedescription pid process target process PID 400 wrote to memory of 4276 400 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 400 wrote to memory of 4276 400 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 400 wrote to memory of 4276 400 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 400 wrote to memory of 4276 400 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 400 wrote to memory of 4276 400 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 400 wrote to memory of 4276 400 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 400 wrote to memory of 4276 400 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 400 wrote to memory of 4276 400 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 400 wrote to memory of 4276 400 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 400 wrote to memory of 5056 400 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 400 wrote to memory of 5056 400 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 400 wrote to memory of 5056 400 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 400 wrote to memory of 5056 400 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 400 wrote to memory of 5056 400 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 400 wrote to memory of 2440 400 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 400 wrote to memory of 2440 400 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 400 wrote to memory of 2440 400 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 400 wrote to memory of 2440 400 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 400 wrote to memory of 2440 400 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 400 wrote to memory of 2440 400 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 400 wrote to memory of 2440 400 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 400 wrote to memory of 2440 400 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 400 wrote to memory of 2440 400 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 400 wrote to memory of 2440 400 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 400 wrote to memory of 2440 400 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 400 wrote to memory of 2440 400 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 400 wrote to memory of 2440 400 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 400 wrote to memory of 2440 400 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 400 wrote to memory of 2440 400 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 400 wrote to memory of 5780 400 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 400 wrote to memory of 5780 400 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 96 wrote to memory of 6020 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe chrome.exe PID 96 wrote to memory of 6020 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe chrome.exe PID 96 wrote to memory of 6080 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe chrome.exe PID 96 wrote to memory of 6080 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe chrome.exe PID 6020 wrote to memory of 6012 6020 chrome.exe chrome.exe PID 6020 wrote to memory of 6012 6020 chrome.exe chrome.exe PID 6080 wrote to memory of 6100 6080 chrome.exe chrome.exe PID 6080 wrote to memory of 6100 6080 chrome.exe chrome.exe PID 96 wrote to memory of 6124 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe chrome.exe PID 96 wrote to memory of 6124 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe chrome.exe PID 96 wrote to memory of 5180 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe chrome.exe PID 96 wrote to memory of 5180 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe chrome.exe PID 6124 wrote to memory of 5228 6124 chrome.exe chrome.exe PID 6124 wrote to memory of 5228 6124 chrome.exe chrome.exe PID 96 wrote to memory of 5296 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe firefox.exe PID 96 wrote to memory of 5296 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe firefox.exe PID 5180 wrote to memory of 5348 5180 chrome.exe firefox.exe PID 5180 wrote to memory of 5348 5180 chrome.exe firefox.exe PID 5180 wrote to memory of 5348 5180 chrome.exe firefox.exe PID 5180 wrote to memory of 5348 5180 chrome.exe firefox.exe PID 5180 wrote to memory of 5348 5180 chrome.exe firefox.exe PID 5180 wrote to memory of 5348 5180 chrome.exe firefox.exe PID 5180 wrote to memory of 5348 5180 chrome.exe firefox.exe PID 5180 wrote to memory of 5348 5180 chrome.exe firefox.exe PID 5180 wrote to memory of 5348 5180 chrome.exe firefox.exe PID 5180 wrote to memory of 5348 5180 chrome.exe firefox.exe PID 5180 wrote to memory of 5348 5180 chrome.exe firefox.exe PID 96 wrote to memory of 5312 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe firefox.exe PID 96 wrote to memory of 5312 96 199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe firefox.exe PID 5312 wrote to memory of 5300 5312 firefox.exe firefox.exe PID 5312 wrote to memory of 5300 5312 firefox.exe firefox.exe PID 5312 wrote to memory of 5300 5312 firefox.exe firefox.exe PID 5312 wrote to memory of 5300 5312 firefox.exe firefox.exe -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe"C:\Users\Admin\AppData\Local\Temp\199dd5435ecb34721acbbc4348403bb03c9eb975cb3b4c9bccf644e1d1fa2965.exe"1⤵
- Checks computer location settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:96 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com2⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:6020 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffe648a9758,0x7ffe648a9768,0x7ffe648a97783⤵PID:6012
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1824 --field-trial-handle=2068,i,2342537280867654959,8580993118181319549,131072 /prefetch:83⤵PID:6224
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2884 --field-trial-handle=2068,i,2342537280867654959,8580993118181319549,131072 /prefetch:13⤵PID:6300
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2876 --field-trial-handle=2068,i,2342537280867654959,8580993118181319549,131072 /prefetch:13⤵PID:6292
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1788 --field-trial-handle=2068,i,2342537280867654959,8580993118181319549,131072 /prefetch:83⤵PID:6204
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1544 --field-trial-handle=2068,i,2342537280867654959,8580993118181319549,131072 /prefetch:23⤵PID:6172
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3816 --field-trial-handle=2068,i,2342537280867654959,8580993118181319549,131072 /prefetch:13⤵PID:6896
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3676 --field-trial-handle=2068,i,2342537280867654959,8580993118181319549,131072 /prefetch:13⤵PID:6884
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4764 --field-trial-handle=2068,i,2342537280867654959,8580993118181319549,131072 /prefetch:13⤵PID:7792
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4732 --field-trial-handle=2068,i,2342537280867654959,8580993118181319549,131072 /prefetch:13⤵PID:7784
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 --field-trial-handle=2068,i,2342537280867654959,8580993118181319549,131072 /prefetch:83⤵PID:6284
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3488 --field-trial-handle=2068,i,2342537280867654959,8580993118181319549,131072 /prefetch:83⤵
- Suspicious use of WriteProcessMemory
PID:5180
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5476 --field-trial-handle=2068,i,2342537280867654959,8580993118181319549,131072 /prefetch:83⤵PID:5316
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1404 --field-trial-handle=2068,i,2342537280867654959,8580993118181319549,131072 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
PID:7848
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 --field-trial-handle=2068,i,2342537280867654959,8580993118181319549,131072 /prefetch:83⤵PID:5260
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5684 --field-trial-handle=2068,i,2342537280867654959,8580993118181319549,131072 /prefetch:83⤵PID:7728
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5788 --field-trial-handle=2068,i,2342537280867654959,8580993118181319549,131072 /prefetch:83⤵PID:5612
-
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com2⤵
- Suspicious use of WriteProcessMemory
PID:5312 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com3⤵
- Checks processor information in registry
PID:5300
-
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video2⤵
- Checks processor information in registry
PID:5296
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com2⤵PID:5180
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com2⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:6124 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1940 --field-trial-handle=1728,i,3786061775035018364,6357427421644701085,131072 /prefetch:83⤵PID:6344
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1728,i,3786061775035018364,6357427421644701085,131072 /prefetch:23⤵PID:6164
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video2⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:6080 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1788 --field-trial-handle=1848,i,1821288868154012468,17744623305132332991,131072 /prefetch:83⤵PID:6320
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1516 --field-trial-handle=1848,i,1821288868154012468,17744623305132332991,131072 /prefetch:23⤵PID:6312
-
-
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3668
-
C:\Windows\system32\browser_broker.exeC:\Windows\system32\browser_broker.exe -Embedding1⤵
- Modifies Internet Explorer settings
PID:3524
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:400
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2864
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2900
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5056
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2440
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4276
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵PID:5300
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5408
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5780
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffe648a9758,0x7ffe648a9768,0x7ffe648a97781⤵PID:5228
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com1⤵
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:5348 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5348.0.1343141614\1978526893" -parentBuildID 20221007134813 -prefsHandle 1640 -prefMapHandle 1628 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {182774f6-a3cb-4fe2-9ee3-f4afedc67de1} 5348 "\\.\pipe\gecko-crash-server-pipe.5348" 1732 22c93fed158 gpu2⤵PID:4076
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5348.1.1363348394\883338381" -parentBuildID 20221007134813 -prefsHandle 2140 -prefMapHandle 2132 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e2efd27-1b08-4701-a73e-db4f42cd912d} 5348 "\\.\pipe\gecko-crash-server-pipe.5348" 2152 22c93ef9258 socket2⤵PID:5252
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5348.2.744467591\1241028760" -childID 1 -isForBrowser -prefsHandle 2984 -prefMapHandle 2980 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1921fc6-bccc-4e8a-a8b5-bdae4a8ed49f} 5348 "\\.\pipe\gecko-crash-server-pipe.5348" 2920 22c981de258 tab2⤵PID:6260
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5348.3.1390615045\1501068672" -childID 2 -isForBrowser -prefsHandle 3508 -prefMapHandle 3504 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b09a37f0-e60a-4487-b254-59b7181ab31a} 5348 "\\.\pipe\gecko-crash-server-pipe.5348" 3520 22c99518258 tab2⤵PID:6476
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5348.5.1065435765\241448856" -childID 4 -isForBrowser -prefsHandle 4804 -prefMapHandle 4800 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b10ede0-7465-4c19-919f-7737a58e744f} 5348 "\\.\pipe\gecko-crash-server-pipe.5348" 4636 22c9a40e758 tab2⤵PID:6688
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5348.4.1216734357\1216003246" -childID 3 -isForBrowser -prefsHandle 4684 -prefMapHandle 4680 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {90c1e427-9e24-4340-a9f1-cdbf4b3e86e7} 5348 "\\.\pipe\gecko-crash-server-pipe.5348" 4696 22c81c63b58 tab2⤵PID:6744
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5348.6.1436634819\457931622" -childID 5 -isForBrowser -prefsHandle 5408 -prefMapHandle 5380 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {30849265-3806-437a-890c-7acd78fc7eda} 5348 "\\.\pipe\gecko-crash-server-pipe.5348" 5344 22c96dbbd58 tab2⤵PID:6192
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5348.7.1829052485\957656645" -childID 6 -isForBrowser -prefsHandle 5444 -prefMapHandle 5448 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {48de9595-1ed5-404c-8258-e9e895ad3462} 5348 "\\.\pipe\gecko-crash-server-pipe.5348" 5436 22c981cd958 tab2⤵PID:6184
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5348.8.1447511135\1939455280" -childID 7 -isForBrowser -prefsHandle 5640 -prefMapHandle 5644 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf8e0751-0459-401d-8a91-bed858f47cce} 5348 "\\.\pipe\gecko-crash-server-pipe.5348" 5632 22c9a0b6058 tab2⤵PID:6216
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5348.9.1964176118\233401402" -parentBuildID 20221007134813 -prefsHandle 5468 -prefMapHandle 5472 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {392a63f3-ddbe-477f-871d-88d0c2d76eb5} 5348 "\\.\pipe\gecko-crash-server-pipe.5348" 3488 22c93fefb58 rdd2⤵PID:2800
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5348.10.1160844676\875202426" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5444 -prefMapHandle 5448 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f97b336b-cf55-4ad0-a6e9-b69e65c4c8a0} 5348 "\\.\pipe\gecko-crash-server-pipe.5348" 5928 22c94253c58 utility2⤵PID:7712
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5348.11.1535612768\725604294" -childID 8 -isForBrowser -prefsHandle 6280 -prefMapHandle 6276 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ffe2e797-1d20-43ca-b493-f6743fc2a731} 5348 "\\.\pipe\gecko-crash-server-pipe.5348" 6288 22c981cbe58 tab2⤵PID:7776
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffe648a9758,0x7ffe648a9768,0x7ffe648a97781⤵PID:6100
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:6704
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
40B
MD58a018f5df0c818f74ddca85878733868
SHA1c449236141dfcb55f3b4033c79732710bd97298c
SHA256e4b33f9fec52af9c7a5eff6489916f3df2956ba5d51612e67230f003e311bfb3
SHA512ccd48e49f880257b1efdc5ba582b57205e0d747eeaafd70f4618435a0fc1c754e7ca3f58b0b3da35a12ef8ce0448135612f4e0ced3e6bb315ea5ae6d6824fb37
-
Filesize
34KB
MD5b63bcace3731e74f6c45002db72b2683
SHA199898168473775a18170adad4d313082da090976
SHA256ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085
SHA512d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140
-
Filesize
16KB
MD59978db669e49523b7adb3af80d561b1b
SHA17eb15d01e2afd057188741fad9ea1719bccc01ea
SHA2564e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c
SHA51204b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a
-
Filesize
1KB
MD58b5b87848b5c99fe221f57724ad4ad4d
SHA1602f00510616d808657d94b91876be9c718e6280
SHA2566052f4d46ab81d2d1081d527ab40a5ade14cd8849dc47f8a0df67c968c0ca931
SHA5124efad429c752fcadccdab5843c19b135d4e422bc7414efb72f4d2d825097a0b9f9d73cacd4e77418e1b1eaf6416d8b55826101088283b61df7044453f313bb49
-
Filesize
4KB
MD51729a888a64253e4d1299a4fb83ffc4d
SHA167f723bbaf786ab1aff856484e89a9bb46d65867
SHA256ca1f750f4c5c875426d42926a9180f8f8714111734d250f9876a5badc721b97d
SHA5129ac9abbb03dfd87d9e526363526e4a722f1621415890fe8448d9f6648bae9c2c28b0dc9bf188bd3a7d6da008c19ae8ecf105371c3621f748e32988599728082a
-
Filesize
5KB
MD5896ef6b7ea82b1acccb9c5529b431615
SHA1e3cd117d97110ae3254e5190771df4ccc26c92cc
SHA2569c9c9de8c5f47ef7f6c5856bb4d8d3da1463f51f6ba3a7290c2a684767b72532
SHA512a2692349fe7e21ac067199e8558178195afbd4bb961eb34f15d149b4830a097f8f30ca04cd3f52dc23f5dae1a22415939afa14c0852e84dd38533fae23b66bf5
-
Filesize
1KB
MD58cdd01bfb77631545b4bd35e426901e8
SHA185e7ad98bada892c6ec0fcca54f21b826beedd48
SHA256df0e32c2dad0e85fd5e5f91a5872ec9b733311ebcf353f269d1b7229ed3a35ef
SHA51281e8033795f7d6aca7af84a8f3eaec2d08e210fddcf28a0a68950daaad3c886aba79c250a8e900520a8f8e2068c84ba143e4b8e3f31cbc8d741fb50d33795e49
-
Filesize
1KB
MD560c68b999afdcd4106f7ab151d59f92b
SHA15fd87462a61b2b9747ce0aaf4bcee6fcdd16ff94
SHA25665d6482fd5b632295a7a4635e8a36dcfc9c9977f2aa8dfbc4ce7219be42bdc01
SHA51256af0b8639d4e90ee8343762bd9f89f3a769117f008e8445148f11706daa95ac23fb9b5ad0dc28669a3607afc3c9befebd216d643cc0e7b467e40dfdb3199454
-
Filesize
1KB
MD520a33f2eb797ad555e376395a616bbe7
SHA1c283269936a02262b94fac1862d21ab85b2e7067
SHA2569cd6437ed75e37ab7e1ba8cc277b98e88c303052ab94df4200ad4748c07ffb1a
SHA5123fe9db2c62a08158e6cc61927a88d2f101b9b7bb28803c34d50d8695e966caee62e5bed3fe61356b419b50f73707a5401540b59d9bf8c9c8b166087f3e198f62
-
Filesize
875B
MD5b6d5128f82332d9a211af25381b0bbaa
SHA1313f7efd686ce3619b83af2fa3c7c831e3f41299
SHA25610d598bbe6923623570b6844575d07c5eefacd47d134c9ed619b6b14c141e110
SHA5123bb4ef9f25622b48027684432147b07d98ebaaf023ade924143452b36a6afb4c45c02bc394456f1666a8d968b2273b39e6f9e282129b74b9b2ad29dab1aaf982
-
Filesize
1KB
MD52295e9cde82fbf16f3deab0258f18148
SHA12707b1fcd0fe179f57cee6660464b438fd13104b
SHA25675d6e16ba61653f226bc2c9fd00d59c3d1fa4f6ed355fa093a8a513c20489c6a
SHA5129ffb884159fe8551c92b5ae7dbedfcae5112eb4f88986ff5eadd9d1e14e58014b73f4cea66a0b708e4a03e7fa715364a6028b9f25d2d3b8cfbee139a85bde394
-
Filesize
7KB
MD5d5e6e1abd9f7c7584e2a81fd8b96b54e
SHA17a2ce81073713a6c14114c43607c2d3596deb489
SHA256b1057bb8c43b23bdda7761a44bd9a4b567e8d811948603432880ac3892420abe
SHA512f182b54d88d9cbdf382c86cad627bef57b386a9f657601bf2feae67c3b1b37a0726f4547242185055ae4534eb1d8493743397d1d6d78ee402e87c106189f9f79
-
Filesize
15KB
MD5e8257bc3b9eba511c083aac78aac1b1e
SHA1b2cbe594721e83364cd9991c59ea1495d3b6dfde
SHA256129a7f957fc342d1eb1bbb494475753733a504b00e9eef71093a7046f8a7a3b0
SHA512bf69e85061dcc9f1e9c644c1dba9268259ac293d8c9644f82d73d8839c91f684d9a588e5ca16e3cd0105f19905d0a77ccd564e0772838742822c364272109418
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize112B
MD588344acaa2cbee1ccce47593fb77c9a4
SHA142bb49166db69ddc3d39349f7e4caeeb5acca4a5
SHA256d9a197c49302e72786739bc94b2d89b978805e6f7835e62249814e9baa482e11
SHA512a2fe903ac11cd40817dd87fa2b1eb5b3fb396129766b773b39b740c773ce653b916cf36833cf09e0367bb0f359b13fcf36de7755605553805993e69a7f25c26a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize176B
MD57676dadb1752629fdf0b72301eb843af
SHA1af07ed2915874ef002716d919d9705aa99f448b9
SHA256ad7a6b344a9044e17f3c6dc1ffb9def17f3e865cc0f7167da84c6e2e223e44f8
SHA51234af8e156416f27b509a000a909bcc3351d0ef7a5293c953a8b127c7dc7290c8d2dad91fc8ec2aaf1103a7870e255e9e3fbb283cd9b45c693a6f8a8845af5049
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57ff4f.TMP
Filesize119B
MD5b1fdadf799e20a64b067ad0508a9ed89
SHA1ec2719d141d88cfdbe3cdfe20c109f06080b621b
SHA256455dea11e4211d32d708fd0cb78ec65624697414819c147a9eab3866fd47f499
SHA512fa6592d7e89110e58e52948570da2af9660d335e2f894c708acb0dee3c7b4c772d359e780719b4ac7fa332b2c040965202eac5b40e22bc9a779eacef3b1ecf02
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD5ad64bb93f4b58b935066a8c17e582ae3
SHA1ad1ab7fe2809b999ff9e5c8d1e1bd1e1e28e3f86
SHA2560a3b54da13bdb3ecf58f72112a089a9ed98f0c5d845945b8b0f53880e0745c10
SHA51221bb82698aeef8328d925d033f5ee9c9cc91ff291dc4ebba82c71e1411b721380198bcbc6bedf93f59ba78087b45ec151c6fe73b0f1f67394987d29f7315a833
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5851c5.TMP
Filesize48B
MD5418112ae7241e68a05c6bdbc5dbee802
SHA17179f94290234cf7e0c10838d786557ffc90d263
SHA256a3439e0d3eaabc283497f9e2a2ca51bc9ddddf6ed5c8e964c00ef083f42cdc64
SHA5123c651a3f8ab83f3ff25d7eb8f44a6ca2dbac0377f4e2a864a93dae9c846f1ef3ac59b48c94c2496a1ada1227de1644d76ae9ea9d3f72f3b7fb5739824141e553
-
Filesize
114KB
MD5fd999f0f5596f9fb358af4a4c2e641cb
SHA18e2539a36b20ed352bdabf92b33ba4ef3d96a400
SHA2562f7eb74a1b68deb6101e30285a3a0d83f5c3a1f7ec35ac5c0f0bb15158dce440
SHA512ef7ad04965be94a6ec03c071a80d42c098386d18e5ed03ef0e4e7341d3795eb22696a292205ee912ae58d0a33e3830c4d5e7dd6b25cf5d9aab63af3c4a497981
-
Filesize
234KB
MD5f5ccf1652f3df5820ef0f081f981bcc0
SHA1525f2345fab9b7602b744f19274b8284cb1b9f4a
SHA256ea68dd3e47bf076d80851316b4231f9f7c7cff4dadc6b2fde3146764626b1eab
SHA512c15c23ef7eb98d52924d8f90a10700334891c3484db4b63cc06117aee4b627a5071d4580859b043a354ab1ab4243593de5be763727b28f12f2c9e6828e792d45
-
Filesize
114KB
MD5f79dba1f1f3b583e2199884fc125e9ea
SHA1b85101a3df7321852c1a614e9b15088caa115555
SHA256d6512e9880fdf56c7a2b327bb84c8bc8e65a5686b2fbd02955866642642f0b91
SHA512c7ecad1370278a64f9cdbf38740ca254b9b78e4b71dc8cc5836e49dbbda116c0ddfd99ca57283f53a698d80e26a18be672efb0853f881511e53acc6c72a54dae
-
Filesize
86B
MD5f732dbed9289177d15e236d0f8f2ddd3
SHA153f822af51b014bc3d4b575865d9c3ef0e4debde
SHA2562741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4
-
Filesize
86B
MD516b7586b9eba5296ea04b791fc3d675e
SHA18890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA51258668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771
-
Filesize
85B
MD58549c255650427d618ef18b14dfd2b56
SHA18272585186777b344db3960df62b00f570d247f6
SHA25640395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13
SHA512e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
74KB
MD5d4fc49dc14f63895d997fa4940f24378
SHA13efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sx470w5j.default-release\cache2\entries\2BB62A5F508187291BB477E79601AC81B652604E
Filesize30KB
MD5f062fb89b658a9a64e3bce84bc7bbf69
SHA1527e5949c31acbf55f69faacf39e447ac0b30fa2
SHA25650061392c5291950cd657253fae33793e66543cc47bfa6393593765ecb08997f
SHA512c751018885ad9a610ace5787df62716a97107e2124be37d0e760d4541e3b72f93d4d0536ad05ec6c61a9b096556e90ee92f542672aca91630214a631de0aa532
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sx470w5j.default-release\cache2\entries\F96A1A8368D3C3DD1FA81D170326E6C1C65D342F
Filesize30KB
MD58a5185434f01f0787e83bbbbf8679c03
SHA186d58ca5afcb539ef8ea067dcc22be1b94aad5d6
SHA25647134ca1f60097c290b268a7646e6e5616d3abc3cf0cabad425ec1e8522327fb
SHA512884d80e98f2f5361e3fcfb73f623f180024d3e2c916a7d15c7efde61342c7ca9069b5d437cd72eee4f1f9764f2901e06804508b47a933f6c0527e799851a9e6a
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\SM5WF5P6\accounts.google[1].xml
Filesize13B
MD5c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA135e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA5126be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\I5VHUTG1\suggestions[1].en-US
Filesize17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\QHNQER8U\gB76kJXPYJV[1].png
Filesize6KB
MD5389dfa18be34d8cf767e06fd5cde4ec6
SHA147b751cffab47d076816c63ce08d3e84600376ee
SHA2563c45ce612f41b1e7936e7cf5b235047344fd3146d1630e342f186d1d1e8e00d5
SHA512c4db18f636ad85e87f93a208fb4b02b528659ba367e51cfa6d7826ac1159f445a85fbca8d12ac67556e8fb5208dae24ae309e783d50feb088ef0e9f47ac19430
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\UM50CO7Y\9lb1g1kp916tat669q9r5g2kz[1].ico
Filesize32KB
MD53d0e5c05903cec0bc8e3fe0cda552745
SHA11b513503c65572f0787a14cc71018bd34f11b661
SHA25642a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023
SHA5123d95663ac130116961f53cdca380ffc34e4814c52f801df59629ec999db79661b1d1f8b2e35d90f1a5f68ce22cc07e03f8069bd6e593c7614f7a8b0b0c09fa9e
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\Z4XNOTR7\favicon[1].ico
Filesize5KB
MD5f3418a443e7d841097c714d69ec4bcb8
SHA149263695f6b0cdd72f45cf1b775e660fdc36c606
SHA2566da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA51282d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\wr34dpo\imagestore.dat
Filesize38KB
MD5925013edf3d00dfd9ca0e9c437c20bdc
SHA137b104a9e019b66c0fd6caa3992f5a529193baf1
SHA2568efd050cb962d2a5f37bf25e84dfd920de373240dabddbcb737a4e66af5fe794
SHA512b9b18647a2a4fc5f71b1e1dc689a19edc9c8ac039902ff093f7174b1c2f0bfe0cf02ab89bcb405acb97217a5417f027e9a8951e02db3a667b15ff9d434728e0f
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
Filesize4KB
MD51bfe591a4fe3d91b03cdf26eaacd8f89
SHA1719c37c320f518ac168c86723724891950911cea
SHA2569cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA51202f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\414QCT4Q\desktop_polymer[1].js
Filesize8.1MB
MD576e69c295f1223d67cc1abe176ee7da3
SHA10ecd6cea1cd9ba2502d6f935f35835aec7c75341
SHA256d071195f19ec8b8f5810b31c8eb34a95038e0880fb9d351e8abdf1f25759b343
SHA5123fe2427438f1272e0a31cd85e59107b70b8811120738fcf6eee4ff005f1f54f5869463e6e39b35a5b8c1548d3ff57f8dccef3b2a172111e114d87a67666cc7dd
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\414QCT4Q\network[1].js
Filesize16KB
MD5ad6aa3451e397522b056e0b8efb6cc27
SHA12b491439bddfd73418cde3ef59b309259c58928e
SHA256b6ecc4abde3468769ff07bc6f76f694f1e738aef7ef71572bf2d20f5b9d69eb4
SHA5126c113602e65e3ab2615e9c5ba744f03d57eca5e2b164dc62d2057b7a6b72ec85796ab26736f5fc14d9cd61dbd15ffd911f6cc38988e0934341327ed8f33bcf6f
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\414QCT4Q\rs=AGKMywGeiBUuq5vqE4SKSRdxHIEuINw48A[1].css
Filesize2.5MB
MD5d9a08749fec08ab760d54e41f553bb4a
SHA10076985a68f45ed9e99e9bfafc49de4207f65d4a
SHA256a4bb91f252030cb86f73a3fbfbd05244dbf231629c4433359048c60c4b746dee
SHA51258a49918b18aabe9fe99bad13010c97ed8b19809e416147a87a791191bd90c64fbc06fc54fecaaf82116043d576c24d278e729f3429d3901228877e8c1d71187
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\414QCT4Q\scheduler[1].js
Filesize9KB
MD5dac3d45d4ce59d457459a8dbfcd30232
SHA1946dd6b08eb3cf2d063410f9ef2636d648ddb747
SHA25658ae013b8e95b7667124263f632b49a10acf7da2889547f2d9e4b279708a29f0
SHA5124f190ce27669725dac9cf944eafed150e16b5f9c1e16a0bbf715de67b9b5a44369c4835da36e37b2786aaf38103fdc1f7de3f60d0dc50163f2528d514ebe2243
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\414QCT4Q\spf[1].js
Filesize39KB
MD5f46c2d926d8f3366a9f85e6995d53a92
SHA14b019b5f749359e6253d742f388a63144b4a7a5f
SHA25685dbe993fc00b8066bd14bc72a4c65ede501739fecbae38a38e3e5871a8c1b42
SHA5124eaecdd438ec9db8fb4e8daa935ec83f8438884585647e519bc0fccda0329dbdbcba0cb3e4eb7ad44c58f29a20d07de451368430166c5b65f66581d6024df3d6
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\414QCT4Q\www-i18n-constants[1].js
Filesize5KB
MD5f3356b556175318cf67ab48f11f2421b
SHA1ace644324f1ce43e3968401ecf7f6c02ce78f8b7
SHA256263c24ac72cb26ab60b4b2911da2b45fef9b1fe69bbb7df59191bb4c1e9969cd
SHA512a2e5b90b1944a9d8096ae767d73db0ec5f12691cf1aebd870ad8e55902ceb81b27a3c099d924c17d3d51f7dbc4c3dd71d1b63eb9d3048e37f71b2f323681b0ad
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\414QCT4Q\www-main-desktop-home-page-skeleton[1].css
Filesize4KB
MD59deae13c40798dfca19bd14ed7039d60
SHA14ba302a1435b094031e4f2e1bce1b6198f0cf825
SHA256cdac5527dc3c1a9f38c6b00086b2a10b9e7eaa1e062314e548c1fa602d17bbbd
SHA51295b093d926535fa9454e3776a3e219b61502ce67aa2e659175ae879133dd35a6efa1bfdbe5b6d3e3dd8ba1f0663892b44fd6f21be17fefa9725a234dff3c5d0c
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\414QCT4Q\www-main-desktop-watch-page-skeleton[1].css
Filesize5KB
MD581b422570a4d648c0517811dfeb3273d
SHA1c150029bf8cebfc30e3698ae2631a6796a77ecf1
SHA2563c8b38d9b8a3301c106230e05beeedbcd28b12681f22fd9b09af9e52dc08635d
SHA5121d4966a88d7cf6be31b8f53547a12db92cabb4c05176abe995c75c8889765ec68b7210c3be75f60954ceb2938412fbdeb94d4d25ddc927f3a89eca76a84a9ebc
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\414QCT4Q\www-onepick[1].css
Filesize1011B
MD55306f13dfcf04955ed3e79ff5a92581e
SHA14a8927d91617923f9c9f6bcc1976bf43665cb553
SHA2566305c2a6825af37f17057fd4dcb3a70790cc90d0d8f51128430883829385f7cc
SHA512e91ecd1f7e14ff13035dd6e76dfa4fa58af69d98e007e2a0d52bff80d669d33beb5fafefe06254cbc6dd6713b4c7f79c824f641cb704142e031c68eccb3efed3
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\414QCT4Q\www-tampering[1].js
Filesize10KB
MD5e2b71f92d13ffb96c2387e583ecf4f53
SHA108d6a00e00fea89db40f7ba6120913ffbe29ad4d
SHA25641f09dd845bd7d700be0517f8fa0ab45f67da98fd20c8986578419d6125a5fad
SHA5122720062fd56a7605d49c9fa3d18151dd4d38b9d007e7464511017fe9be90c54b11af5506b876ff5ede0ca263b357312196c360a11fbaf9da6c3ca3364d11eabf
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\L2B0CIFM\KFOlCnqEu92Fr1MmSU5vBg[1].woff2
Filesize49KB
MD58a62a215526d45866385d53ed7509ae8
SHA15f22bfd8ff7dab62ac11b76dee4ef04b419d59b5
SHA25634ccd21cf8cc2a2bdcd7dbe6bef05246067ff849bf71308e207bf525f581763d
SHA512845f721e564e03955c34607c9c9cf4000db46788313ebf27c1d12473c7948cf2609b08b24093c5d01f6c97acc79456e7aa838c291462bfb19700bbfd07ee243f
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\L2B0CIFM\KFOmCnqEu92Fr1Me4A[1].woff2
Filesize49KB
MD5ee26c64c3b9b936cc1636071584d1181
SHA18efbc8a10d568444120cc0adf001b2d74c3a2910
SHA256d4d175f498b00516c629ce8af152cbe745d73932fa58cc9fdfc8e4b49c0da368
SHA512981a0d065c999eea3c61a2ba522cb64a0c11f0d0f0fe7529c917f956bce71e1622654d50d7d9f03f37774d8eee0370cfb8a86a0606723923b0e0061e1049cbc6
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\L2B0CIFM\web-animations-next-lite.min[1].js
Filesize49KB
MD544ca3d8fd5ff91ed90d1a2ab099ef91e
SHA179b76340ca0781fd98aa5b8fdca9496665810195
SHA256c12e3ac9660ae5de2d775a8c52e22610fff7a651fa069cfa8f64675a7b0a6415
SHA512a5ce9d846fb4c43a078d364974b22c18a504cdbf2da3d36c689d450a5dc7d0be156a29e11df301ff7e187b831e14a6e5b037aad22f00c03280ee1ad1e829dac8
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\TZJNVZZ9\KFOlCnqEu92Fr1MmEU9vBg[1].woff2
Filesize49KB
MD508c655068d5dd3674b4f2eaacb470c03
SHA19430880adc2841ca12c163de1c1b3bf9f18c4375
SHA2564fc8591cc545b7b4f70d80b085bf6577fad41d5d30ddd4f0d0c8ab792084c35e
SHA512b2fce4bc018fa18de66095cc33d95455a4d544e93d512b02bcb8af06aadb550cd0f4aecbceaa013857196c91b6e3c4565a199835cfb37c682cb7bddb69420198
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\TZJNVZZ9\css2[1].css
Filesize2KB
MD531aac18e149a751facc1eab7954dfb7b
SHA136d367dcc77416a166aecabb5f6fb5c6c29f3632
SHA25642706c41583de3f0028f16bad17197dde81807d148ba848ea3924aff4bb8b532
SHA512df83002d751e6e73377b15966fa5ffacc7f6e2318821c691209fac9b6991d1113b385ca1fbf21e02455a5e5702d4247716c6d03d1938506e6ca740cdeffce351
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\TZJNVZZ9\webcomponents-ce-sd[1].js
Filesize95KB
MD5c1d7b8b36bf9bd97dcb514a4212c8ea5
SHA1e3957af856710e15404788a87c98fdbb85d3e52e
SHA2562fed236a295c611b4be5b9bc8608978e148c893e0c51944486982583b210668a
SHA5120d44065c534313572d90232eb3f88eb308590304c879e38a09d6f2891f92385dc7495aabd776433f7d493d004001b714c7f89855aa6f6bec61c77d50e3a4b8e6
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UMQIWV35\intersection-observer.min[1].js
Filesize5KB
MD5936a7c8159737df8dce532f9ea4d38b4
SHA18834ea22eff1bdfd35d2ef3f76d0e552e75e83c5
SHA2563ea95af77e18116ed0e8b52bb2c0794d1259150671e02994ac2a8845bd1ad5b9
SHA51254471260a278d5e740782524392249427366c56b288c302c73d643a24c96d99a487507fbe1c47e050a52144713dfeb64cd37bc6359f443ce5f8feb1a2856a70a
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\0SXCWG0I.cookie
Filesize132B
MD509b2f258a52753ea147da4d0cd0e4858
SHA1ca733b0d20467d455badc0c26b00ed62862a6286
SHA2566c3f771d66f6092c81612e31ea4b09306511d96e7d96877c2676421448a386d2
SHA51279dc1c6c26468ce53acaad679ea18446df97c0fb5aa9d9c5342c7b0457f610557a3b5bef6ed4fbf98c7fad016d85ce6fc2ae9e42d8b2a442a7be2175de3dcf55
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\1JQ0KTTN.cookie
Filesize314B
MD5a57fbf8d8fa1c870fa96a83c9d0a58c1
SHA1b980657e96612b4a8b8496b1e1d0f6389148b9b9
SHA256f2a8b108e7ea6026aace8f419056b7fef2409bc2dcb86b5c061240928462a89a
SHA512765513237c81555838c895b07c71f9678eebcfb00e68a9603f94312038b43d9a6ee2d3901ffe993fe4f1a618e5474c8f2384778adbcb55d300c0ba9219a0dabf
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\CZE7PS9D.cookie
Filesize314B
MD585486be0270ed74a468af22d9ac8f6c7
SHA1707fe4e264a2683045a069b221719409502eeedd
SHA2560a65dbf0c729f2f897a6804ee186419e034d96a4e024d61700bee7c3daf3c55e
SHA5125787fbecdebc713510fbaeef07bc7a0074a43c303d43f1e5a94186ba5cb872b1dd3a6452a4b99767bbbef94fd9ae8af455d7d41716236de7283f45411e246741
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\NA1KX3PW.cookie
Filesize432B
MD5873b105a4852c830053ae8c97f6e99e8
SHA1abec660376ff1f5a89fa81560081ba757eb8ae12
SHA2566b6126e3c0d0773c59d9799c655f8328e4cbd906d74a3a961403a81d6d5efa61
SHA51232bd7a82e8c9abda9eebe230928f89748e413323ceb15073dec7b3b2ea0becdc46ae16f7e9f57b2171f2b593657a0e381ed634f175313964c166f18c536244d0
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\UPLJH2NV.cookie
Filesize441B
MD5d07f52935aec2f67838047758701976b
SHA16c07b3bc402c14875e835a20feb17e8bea442156
SHA2566a8e417f80f563e4aa04d1dbd4fcf89ff5793d5c059d09677719fc00860455aa
SHA5122ca612299eb269528fa5a26776f44b80848f24123f8012a0e708efcc75d673eb5ebc9d0ecad3b0182e2cf33c53d68f5ad631480849c2239e72828dd50f8f161b
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\YIIWY7B1.cookie
Filesize359B
MD57d0a8df8db22e6e5fb53fbb52ad97eb5
SHA186d3b4112d6d86c479ac7036b5cfe6e81f0fb820
SHA256036a28111a03291620ad4eedd3e5cbac8ff8e8f38f33d2df774ebc8e07372612
SHA51246cdbb4947a96039f5e7dc5356d28dfd86d9041b26617ea0aec05f0fa4a3e71dad8ea4ea15d904443f76e735b288be7a674e68e3249528520baf26eb4f671b4a
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize1KB
MD5267f3fbb231876ea1b3de1b8aaea1917
SHA1df0843fb7137e7e81e449ba3c05168fe892ffa78
SHA2565157427e4c6e429f14a19cec39e30d37b17040ca86886879c0315d157e7b90d5
SHA512dec882dbb4505cce10525f935a90c2a87552ddc08701e3faa8de7561dea23f4c029142154b6818e0a50599a2e3341fb12b5c4554d06a0ee5f2ab07941eeecc61
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4
Filesize472B
MD5cad81fad2ab96418942ccf7a83132c26
SHA1c97d85bfdc74d42801b06f07cb49abe262d2f549
SHA256343a22ce1c80b7675588c481445158ef298b35eba0c69ad47ef95ef77fbe9969
SHA512a50c96f39626de958c7216425f52293cdd0af6635044346445d26e1f4e4985aa83c4f31f83e447ec9bc388c254755cfec083e71bfd28c4a04bbd70a82007a717
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486
Filesize472B
MD5b079bb55d22cefcee13770880c1432cb
SHA18507ef101cc4471652dd88512990a9c1360559c3
SHA256f80de1f9b8ab5a10a275a21389b2dcfe166b01fc8a560f276aaf024d34799ee9
SHA512ac9619242d028c168de40146f054a78c0dbe4c7ea98c0c9c8b8d3b1674fc5b4fbf79ed86aecaa76deb0f3377edbd129b0ee351ff335226a74e6d6aca0b3de845
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize724B
MD5ac89a852c2aaa3d389b2d2dd312ad367
SHA18f421dd6493c61dbda6b839e2debb7b50a20c930
SHA2560b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752
Filesize472B
MD5bc0cd685752afe0c38084fbb5292ee98
SHA135194d4343252fe2c6947d62fd67457efb79d7ac
SHA2567fdc7579c3b8cbd6bd686d660635eadf254e8fd1ee3e95fd8a2f5ac422dcde77
SHA51234cc441012ae1fa71d1e9178021c308988b5ff2e4ae4a9c6a6f17c78ca0bb1c38e70c4fd67bf7cd84c84f20eaf12f702beb30127788fecc2f75d07c9e93ed397
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_F6E3C65FD23342E50616493134DC9A7D
Filesize471B
MD5ffbb0836709f77fe01dd7b0d01dd2f76
SHA18e737ec46d21aee1b031d4d228960d4835d5bd31
SHA256204e10064d400db8fde93e883a96472ceff283fe9c9f8211a4ef91719e8b7529
SHA512f19718088f702fdd51df0c5a1daed5b7c883dfd08a2d337f552421572157f41d86d0f3680c2dc9bc48f449c3829493007e099aa0a24f9dc9268363640a6486b6
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize410B
MD55b9f2ecb4d58798a54376c5409c32a09
SHA102dca1b82304de898a909b048eccc06defd7990a
SHA256c32fbefecf1546569b5dae9b5c9aed73944cf4055c2a476241c0c098e36f47cc
SHA512c03f0256717514ce2d65488ab23aa2ac943fcc89f1d9d5916111d79304759160bc62d4c2b340cb7de01a83da38b472d2ee5f48cb332740b31a52061fd0539c52
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4
Filesize410B
MD5f80a1fa2de1ad819d926ede1c83a1d50
SHA13615691d50bd175bdc6e6e8d50bd5ee4338f8b0d
SHA2567423d830dc701431e4327e3b305d9f1df96c320fac0b281b98b87fb86bd46226
SHA51267ef2ca5f933b3a96aff44e43b936bbf3e59a59962c2c54960af3a03d690f4de3f0bee5ac4afdd9ad15e797fd9e3aefd03bd6b0a0b339602940139b6e4a8984e
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486
Filesize406B
MD597956eb1c814d593280bca87ab2cbd71
SHA17621747c7ed422c1212d460a745c48f95ec2a9ef
SHA2565e6a5a0b40e1a846f29745f6d403015fee65d8f9965a4ee951dbb87644fd27b6
SHA512fe3fb3eb12bd177d0ee34ae31bf782c0ca77b46a9deedba141d9f9830c7fba5a7d5f6091325f072cd1959f094af4988ac1f5c8bc9eb225da3f8e4d08cf9affc3
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize392B
MD5c22db0f1f3e7c5556c647265f11755a0
SHA1616b1eed99f1f1c851f44ca834d5d3ceb800d4fe
SHA25684d6c995bc2e3bea2e6aa8f09dd2c240620e85dbec896ad435401548f7eac999
SHA512ad118ee7d3ef23f8a1403d39be45eeae108d752d24266b407e31f4a3ad7323d6c35bc385bc34c3ea6ebb28c5a48be49d23206205b97fd76dfa186928280abd2b
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752
Filesize406B
MD546a5c2fe6c07b0f5bc68b91d16005dff
SHA1ba6b7a0866b44259dd08c26f24fd7cdb0dc30d24
SHA25682249aabd3059034898d6f9a9f179b9eaeaf26e9cec40d79f2e10520fede1a8d
SHA512c77b64254ef17e80725f9f28f295f67a192c74a95bc63e4be49850cedbb98a5dcfa7b73cbcca720aa706d3353a3b80f3ed18b084149a1efa702fc4015fd01ac1
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_F6E3C65FD23342E50616493134DC9A7D
Filesize406B
MD5f873c7b128123869dc8edebe886796c0
SHA1976f3d7f9d80a5d2ef3a4514c68b4c429619d6bb
SHA256ecc3b3a0cc5b4dd7cde4bcfd4808222b37dc0243f9485c898426fde31258d43d
SHA51253f98bcce3e82414dbf9f81b9fb950702433afb816536131c4c0296943123750f294421ad91c74ff359e1d4a5a2e5258d1d4e248af92c32ef7343e272eea3215
-
Filesize
442KB
MD585430baed3398695717b0263807cf97c
SHA1fffbee923cea216f50fce5d54219a188a5100f41
SHA256a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA51206511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1
-
Filesize
1.6MB
MD5e341e1081e0cc91bf1efde3e4a479e96
SHA169ffa0fae89d69215a494af2cfbd8a25629a99a3
SHA256c46692791b6d899f52c31f0fffa6a45af154129afa90c0822139b981ffeeea5c
SHA51249b8f72810255e143cb561027cc58bf9d4601f4a5fdfedef7dbb39930c45dda099b63152b3da215e67ff67b26312ddaf3301ea0bf213b98892f8b2947d82f86d
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize11KB
MD5cf679c6e7f140e97a7015618aaa5e1f9
SHA1549e49e51c109847c3f209d6e9ea3f55bcd078fe
SHA256556e1419096fb0cfcb0409dd3d125eb5828b9eb87facbe9a0f4b96c28ee20495
SHA512149da842b48c35accec528f109ad4904d190ad9062e3d59f09b7e070c90561c3122fa2cc2c4e7ebd40fd3cef2d422c7728533db6cfe52c240ba5243513073418
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\datareporting\glean\db\data.safe.bin
Filesize2KB
MD57ac2b2d3ae59972031d43440ad7b761e
SHA1bfdfd0e5771739d8bb179e53866985ab55f17e18
SHA256687353b3b96fdaa913f250d99ede0d9b9defba9807685eb76c0af88d6196bdad
SHA512c3f86e0ec7538c845223ef25eaf879136851eb01fe792994f0b6c7ba2e9359ae216de288771422513166478141d1d6bba38954500f5b3811f2a3783ecc6f3e61
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\datareporting\glean\pending_pings\136edb35-b2f8-4a9f-beee-26bd2e37c3c1
Filesize10KB
MD58b99bf687fa40d6087da4cc1cb3dffca
SHA14428ea1b6a07d8c23ed0148e2ea36b1d62942ef8
SHA256e12d87f44b478f32e8873c4141b58c9916db2118cef2296b8cdd1a516e851524
SHA5120b30f2cd4219792c0694b5245dc37f957f14504a6d796f3b1420523cf93777e4ddc6a15c263623af5dc495a5578549d84fbd16160fba13e4b9040456678cee71
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\datareporting\glean\pending_pings\586b7e07-7b4a-41ba-9b4b-95c43374cf2c
Filesize746B
MD52cc228a0bc53c07d0aafbe295437eca0
SHA10bb44a70a1a5c34ad4bb2c4b08fd6e92d1629931
SHA2567fda25371ea6b9fc59e357b6b999567721af9752a523c2844a5fab75582778d2
SHA5126b6bc21b2a19fcb16b59b884394ee73dbac71479b14b996bcdd2075222950cb012116644217b45d41bda1521f2c0f305106d8500b35d938bcf4315b2a93739f0
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
Filesize997KB
MD5fe3355639648c417e8307c6d051e3e37
SHA1f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA2561ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA5128f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize116B
MD53d33cdc0b3d281e67dd52e14435dd04f
SHA14db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize479B
MD549ddb419d96dceb9069018535fb2e2fc
SHA162aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA2562af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA51248386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize372B
MD58be33af717bb1b67fbd61c3f4b807e9e
SHA17cf17656d174d951957ff36810e874a134dd49e0
SHA256e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA5126125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize960KB
MD5d8cad43686e332c25199f92acf67ca4f
SHA12aadf4d709c071c7be7ecac6986de671d15b4639
SHA2566cae1fc39fec79f8ff1b6117f75e177f315372b3b983239ea2bbd9c3dbbfc829
SHA5122343da6152e0fb0269807ef46506ea900e78f7d5644bf0f3f774568c4a682f34e6f918025af6dbbc5788d976bd33ee0613914ecfb395ebe0ecd5e529fa25bce3
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize1KB
MD5688bed3676d2104e7f17ae1cd2c59404
SHA1952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA25633899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA5127a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize1KB
MD5937326fead5fd401f6cca9118bd9ade9
SHA14526a57d4ae14ed29b37632c72aef3c408189d91
SHA25668a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2
-
Filesize
6KB
MD5f100c8bf97ee2568d8fe2ce2fe353622
SHA1d2032b464f4d82c38167e036ab5e8c7c074fc3fa
SHA2563111e00794f0c0ddd51a592d6ad0f9d9e92f95b290f52136126c5775e60e6564
SHA512c42a9bd3cb7fd2b749b359c5b855fe05bdcfac9799ae1c1683437b37b51d28ec7baf643142881a1a3c8fd7f0eeca163dafbfb3ecdcaa25b66da5b904c8ee2c08
-
Filesize
6KB
MD5bce5641adadeb6453045e6292150de56
SHA14398f872347e32b04fe23cf34f3865827d4ab1fd
SHA2569b9b12145824179425fe3a7dbbf2b2f2a067fbabff7951fa0706fd3a9a49e404
SHA512875023012c18f4fdcb8ff4759569cd6f9c76c3f35be4ebec69807712ec759ee7bb075258ea675f4885d2904338740a28cf19ec12c632754f4e7282f23392b65a
-
Filesize
6KB
MD5a4943d19a83ded22da601d7b03ea0e0f
SHA192be6543e5648e31ada7b906e466607c1bb5f8d9
SHA25632d6e012417e5ae1d9a7f5edbcd0f7822d9e62a69c9c7a77a5a0eadba0c41fd8
SHA512d97649e2a20d2c1addf014a2fc1bd3c8956ed610f4852bee0e31497b6a191169f819f6790ff3153aa95fc3f7e0f4047a1307d2fcc9882b231732080433368949
-
Filesize
7KB
MD5712db7dfb10839695d5ed1de9b9e945a
SHA11290ec417c2ad4fee9957d09c733fe5680899677
SHA25672bf7c454f4c294e14b75fd43b36a810e2875e0f19ee9fa4932f1800f6d66fef
SHA5121c9cf21f2da1caeefa388d3671e33b263465226a5cf7f3778ae025406d52c9699ee546c1798e009d5e22f723fa0cb80fffaf28a2dea0d4b8f5aac79323effa93
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4
Filesize8KB
MD52c1863c69524c6ab386a59139ac9eaa1
SHA1fd7ad5cc2bac94babfd21b9a0b346ae34c079924
SHA256e473168b86fe8ffcbc312e7274bb3095855129e476ce9b9d908f6f127170e2eb
SHA512c0f507292ff85b0a8ce0597ea41b0e02f5cb17cc15080d6555045a35f59a425751ca5bb32a6721cb75678d09bc9f716d736d2e1d089966e978050e4b97c93781
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4
Filesize2KB
MD59dc40ec752b87de53a8bcb5fbad4bd6d
SHA13f212906251cd09dff6eb47681b407b2cb0660b7
SHA2567234edabfb9d1dee40637ddcc710290badb707487efd08d773b89df957f321d3
SHA512ee08ae9d46060ace41c059fd895fcc916c09a2c3bfdb897245e61e510def0d28872896c4d060eab25f0eb3eff81bb056b7acfe990e3a7649d4b9d1c895a32bce
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4
Filesize8KB
MD526fe048232b11f7e195ee0259362f5a0
SHA1f4d53a43859ab2019144eb67923f99164dd7b821
SHA2564bccd15c70b6dd6056fd613109b42197c4cdbdcc9f34210bdc97c921997b6c24
SHA512ff2090350b4c4f6b8978439c9652b79d56e37b980aee12ca5a6956e8abc97c6ed6103f71bb6084cc83a1011b588ac5e5dab463ee6957398ef1175e6727e3b6b8
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\sessionstore-backups\recovery.jsonlz4
Filesize8KB
MD579136825c62980a88b09eb95a820d751
SHA1390b008b50cd60673b8728b35a205833433499db
SHA256abfec1e24fdeb18a38394cba904e1db9b49577f87a9d3b7ff92788e4420be337
SHA5128c2f599dd71c00da732d162e5855cb4ce1dcf9df7094f0aa3b6c815ad7b6cb6f197fef947ab0d076493718177457391dbd7e60f9ad5be5a25bb32a53d41377f0
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\storage\default\https+++www.youtube.com\cache\morgue\186\{e8df6cdd-1796-47f8-8245-fdb9049969ba}.final
Filesize3KB
MD55b0f165bbdb71faa1bb5b26c4f022e96
SHA1704bbe81e0d8370e675246e1cbb347bf8599aa45
SHA256b95a445bd9d295276e8423f1ad3fc50c740512a634f2115364217544bc87d44f
SHA5126c521b2c55135ec98f79193bf9c62b73cfb1801cdeed03a9871878f677aacea46cae165a4290682768ca1c1192dff2e87b63c39228164d72d2c7abbe732f8d20
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\storage\default\https+++www.youtube.com\cache\morgue\208\{798e03ed-a234-4a92-b6e4-9bfec95eb3d0}.final
Filesize168B
MD551bb0fe00991a2ae6707b3aefc583918
SHA121ec201ebf41ad57faaab02f7961ce5a746e6dbb
SHA25697dc140355b2b45b54c3dab1ac66b951afae0bc742402cbc342be117f4424e0a
SHA51241863cc0f1252366a5514dd62a06f4bba493029b8c7a35e19173b6d7f9114e7098fa35d284623b6641d28f7d7bee1ce99064987afc985dbf0354368f71f9a39b
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\storage\default\https+++www.youtube.com\cache\morgue\238\{fe4185a2-2bb9-4f06-a585-d5a688d5eeee}.final
Filesize192B
MD52a252393b98be6348c4ba18003cc3471
SHA140f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA25604cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA51207af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\storage\default\https+++www.youtube.com\cache\morgue\239\{835dc27a-471d-40d8-b5fc-17fef82ee8ef}.final
Filesize231B
MD545e25bb134343fe4a559478cd56f0971
SHA179f18ad0b7e3935c3231ced0edd8ea3c7997ca93
SHA256dae4dd8e56ccc952312b3b238a1db294d4d7ad4f532c31cd1c2e5f9dee881678
SHA5129b32b125c4183fe992630bc6ce9a511157959556fdce53f8264aba2aa8fb7b0e53b408b505da2cc96cdec771470927e74cba3bbd6eb71a5077e9f933cdc85292
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\storage\default\https+++www.youtube.com\idb\3488426338yCt7-%iCt7-%rceesdp1o.sqlite
Filesize48KB
MD59f56f16522ed521b04f62ece2aa09065
SHA17ef56d2bfdae97fd28f94fe6ce50130eaa68ed3b
SHA256706e51d1b86cffabe5749c3fc2dbbbeb9c9de89d73bfa44f1b9b6cba6b8f1cde
SHA512ab86b0ebc60425e5ecedb8f278d07feb1bac5c92f83c0a6ed437175a17a424da99d944b88a71e1142833ad7d5f53acbc1b1aae453dba2c459b6fca09951ef41b
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sx470w5j.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize184KB
MD5898e6ef32c15794796a778c26b4506b1
SHA1eb3cc3cfbb7b6a66d4a87f576ce64a818f1ae210
SHA256f5d66f84e75f2c35a54365d8bc724f4d8fe325acb6d9dae0a56f9cf913500cdf
SHA5125d8980bc75138093d097413957de0fae8e48869da218e63640555a0ad23d6ac9b664cad2c65a53100549c05a36431af305940e90b1163007b065350ec8ff9bf3
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e