Analysis
-
max time kernel
300s -
max time network
303s -
platform
windows10-1703_x64 -
resource
win10-20231215-en -
resource tags
arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system -
submitted
08-02-2024 04:51
Static task
static1
Behavioral task
behavioral1
Sample
bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe
Resource
win7-20231215-en
General
-
Target
bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe
-
Size
896KB
-
MD5
3b8a21945d48477a4ce122e78f6382b9
-
SHA1
37a2ba869bd6ee16c7c7d59cb1fc8270dbbb1454
-
SHA256
bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283
-
SHA512
fef430bbf2002141c1e3d6e6d61cd592191e7c2c083d42f45ebc84496c63a64a3437c8196717dbc4023c21cba266e77463523b33db218ab7ba1c8869b0d3b012
-
SSDEEP
24576:AqDEvCTbMWu7rQYlBQcBiT6rprG8aDdY:ATvC/MTQYxsWR7aD
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000\Control Panel\International\Geo\Nation bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe -
Drops file in Windows directory 9 IoCs
Processes:
MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exedescription ioc process File opened for modification C:\Windows\Debug\ESE.TXT MicrosoftEdge.exe File created C:\Windows\rescache\_merged\3720402701\2219095117.pri MicrosoftEdgeCP.exe File created C:\Windows\rescache\_merged\3720402701\2219095117.pri MicrosoftEdgeCP.exe File created C:\Windows\rescache\_merged\3720402701\2219095117.pri MicrosoftEdgeCP.exe File created C:\Windows\rescache\_merged\3720402701\2219095117.pri MicrosoftEdge.exe File created C:\Windows\rescache\_merged\3720402701\2219095117.pri MicrosoftEdgeCP.exe File created C:\Windows\rescache\_merged\3720402701\2219095117.pri MicrosoftEdgeCP.exe File created C:\Windows\rescache\_merged\3720402701\2219095117.pri MicrosoftEdgeCP.exe File created C:\Windows\rescache\_merged\3720402701\2219095117.pri MicrosoftEdgeCP.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 15 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
firefox.exefirefox.exefirefox.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe -
Enumerates system info in registry 2 TTPs 7 IoCs
Processes:
chrome.exechrome.exechrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Processes:
browser_broker.exeMicrosoftEdgeCP.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000\Software\Microsoft\Internet Explorer\Main browser_broker.exe Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000\Software\Microsoft\Internet Explorer\Main MicrosoftEdgeCP.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133518417187039242" chrome.exe -
Modifies registry class 64 IoCs
Processes:
MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\facebook.com\NumberOfSubdoma = "1" MicrosoftEdgeCP.exe Set value (str) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" MicrosoftEdgeCP.exe Set value (data) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$http://www.typepad.com/ MicrosoftEdge.exe Set value (str) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main MicrosoftEdgeCP.exe Set value (str) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CTLs MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\linkedin.com MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\accounts.google.com\ = "0" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\m.facebook.com MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = "1" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.linkedin.com\ = "0" MicrosoftEdgeCP.exe Set value (str) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CTLs MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\facebook.com\Total = "0" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\google.com\ = "0" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CRLs MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Telligent MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\linkedin.com\NumberOfSubdoma = "1" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CTLs MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0" MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\linkedin.com MicrosoftEdgeCP.exe Set value (data) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = f08414a04a5ada01 MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus MicrosoftEdgeCP.exe Set value (str) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState MicrosoftEdgeCP.exe Set value (data) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CRLs MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CTLs MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus MicrosoftEdgeCP.exe Set value (str) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix MicrosoftEdgeCP.exe Set value (str) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 4 MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" MicrosoftEdge.exe Set value (str) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" MicrosoftEdgeCP.exe Set value (data) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\NextBrowserDataLogTime = f060fcef7c5ada01 MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3 MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1526633464-1149972181-4216821683-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache MicrosoftEdgeCP.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
chrome.exechrome.exepid process 5732 chrome.exe 5732 chrome.exe 1840 chrome.exe 1840 chrome.exe -
Suspicious behavior: MapViewOfSection 14 IoCs
Processes:
MicrosoftEdgeCP.exepid process 3976 MicrosoftEdgeCP.exe 3976 MicrosoftEdgeCP.exe 3976 MicrosoftEdgeCP.exe 3976 MicrosoftEdgeCP.exe 3976 MicrosoftEdgeCP.exe 3976 MicrosoftEdgeCP.exe 3976 MicrosoftEdgeCP.exe 3976 MicrosoftEdgeCP.exe 3976 MicrosoftEdgeCP.exe 3976 MicrosoftEdgeCP.exe 3976 MicrosoftEdgeCP.exe 3976 MicrosoftEdgeCP.exe 3976 MicrosoftEdgeCP.exe 3976 MicrosoftEdgeCP.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
chrome.exepid process 5732 chrome.exe 5732 chrome.exe 5732 chrome.exe 5732 chrome.exe 5732 chrome.exe 5732 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
MicrosoftEdgeCP.exechrome.exedescription pid process Token: SeDebugPrivilege 2748 MicrosoftEdgeCP.exe Token: SeDebugPrivilege 2748 MicrosoftEdgeCP.exe Token: SeDebugPrivilege 2748 MicrosoftEdgeCP.exe Token: SeDebugPrivilege 2748 MicrosoftEdgeCP.exe Token: SeShutdownPrivilege 5732 chrome.exe Token: SeCreatePagefilePrivilege 5732 chrome.exe Token: SeShutdownPrivilege 5732 chrome.exe Token: SeCreatePagefilePrivilege 5732 chrome.exe Token: SeShutdownPrivilege 5732 chrome.exe Token: SeCreatePagefilePrivilege 5732 chrome.exe Token: SeShutdownPrivilege 5732 chrome.exe Token: SeCreatePagefilePrivilege 5732 chrome.exe Token: SeShutdownPrivilege 5732 chrome.exe Token: SeCreatePagefilePrivilege 5732 chrome.exe Token: SeShutdownPrivilege 5732 chrome.exe Token: SeCreatePagefilePrivilege 5732 chrome.exe Token: SeShutdownPrivilege 5732 chrome.exe Token: SeCreatePagefilePrivilege 5732 chrome.exe Token: SeShutdownPrivilege 5732 chrome.exe Token: SeCreatePagefilePrivilege 5732 chrome.exe Token: SeShutdownPrivilege 5732 chrome.exe Token: SeCreatePagefilePrivilege 5732 chrome.exe Token: SeShutdownPrivilege 5732 chrome.exe Token: SeCreatePagefilePrivilege 5732 chrome.exe Token: SeShutdownPrivilege 5732 chrome.exe Token: SeCreatePagefilePrivilege 5732 chrome.exe Token: SeShutdownPrivilege 5732 chrome.exe Token: SeCreatePagefilePrivilege 5732 chrome.exe Token: SeShutdownPrivilege 5732 chrome.exe Token: SeCreatePagefilePrivilege 5732 chrome.exe Token: SeShutdownPrivilege 5732 chrome.exe Token: SeCreatePagefilePrivilege 5732 chrome.exe Token: SeShutdownPrivilege 5732 chrome.exe Token: SeCreatePagefilePrivilege 5732 chrome.exe Token: SeShutdownPrivilege 5732 chrome.exe Token: SeCreatePagefilePrivilege 5732 chrome.exe Token: SeShutdownPrivilege 5732 chrome.exe Token: SeCreatePagefilePrivilege 5732 chrome.exe Token: SeShutdownPrivilege 5732 chrome.exe Token: SeCreatePagefilePrivilege 5732 chrome.exe Token: SeShutdownPrivilege 5732 chrome.exe Token: SeCreatePagefilePrivilege 5732 chrome.exe Token: SeShutdownPrivilege 5732 chrome.exe Token: SeCreatePagefilePrivilege 5732 chrome.exe Token: SeShutdownPrivilege 5732 chrome.exe Token: SeCreatePagefilePrivilege 5732 chrome.exe Token: SeShutdownPrivilege 5732 chrome.exe Token: SeCreatePagefilePrivilege 5732 chrome.exe Token: SeShutdownPrivilege 5732 chrome.exe Token: SeCreatePagefilePrivilege 5732 chrome.exe Token: SeShutdownPrivilege 5732 chrome.exe Token: SeCreatePagefilePrivilege 5732 chrome.exe Token: SeShutdownPrivilege 5732 chrome.exe Token: SeCreatePagefilePrivilege 5732 chrome.exe Token: SeShutdownPrivilege 5732 chrome.exe Token: SeCreatePagefilePrivilege 5732 chrome.exe Token: SeShutdownPrivilege 5732 chrome.exe Token: SeCreatePagefilePrivilege 5732 chrome.exe Token: SeShutdownPrivilege 5732 chrome.exe Token: SeCreatePagefilePrivilege 5732 chrome.exe Token: SeShutdownPrivilege 5732 chrome.exe Token: SeCreatePagefilePrivilege 5732 chrome.exe Token: SeShutdownPrivilege 5732 chrome.exe Token: SeCreatePagefilePrivilege 5732 chrome.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exechrome.exefirefox.exepid process 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 5732 chrome.exe 5732 chrome.exe 5732 chrome.exe 5732 chrome.exe 5732 chrome.exe 5732 chrome.exe 5732 chrome.exe 5732 chrome.exe 5732 chrome.exe 5732 chrome.exe 5732 chrome.exe 5732 chrome.exe 5732 chrome.exe 5732 chrome.exe 5732 chrome.exe 5732 chrome.exe 5732 chrome.exe 5732 chrome.exe 5732 chrome.exe 5732 chrome.exe 5732 chrome.exe 5732 chrome.exe 5732 chrome.exe 5732 chrome.exe 5732 chrome.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 5880 firefox.exe 5880 firefox.exe 5880 firefox.exe 5880 firefox.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe -
Suspicious use of SendNotifyMessage 64 IoCs
Processes:
bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exechrome.exefirefox.exepid process 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 5732 chrome.exe 5732 chrome.exe 5732 chrome.exe 5732 chrome.exe 5732 chrome.exe 5732 chrome.exe 5732 chrome.exe 5732 chrome.exe 5732 chrome.exe 5732 chrome.exe 5732 chrome.exe 5732 chrome.exe 5732 chrome.exe 5732 chrome.exe 5732 chrome.exe 5732 chrome.exe 5732 chrome.exe 5732 chrome.exe 5732 chrome.exe 5732 chrome.exe 5732 chrome.exe 5732 chrome.exe 5732 chrome.exe 5732 chrome.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 5880 firefox.exe 5880 firefox.exe 5880 firefox.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe -
Suspicious use of SetWindowsHookEx 5 IoCs
Processes:
MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exefirefox.exepid process 916 MicrosoftEdge.exe 3976 MicrosoftEdgeCP.exe 2748 MicrosoftEdgeCP.exe 3976 MicrosoftEdgeCP.exe 5880 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
MicrosoftEdgeCP.exebf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exechrome.exechrome.exechrome.exefirefox.exefirefox.exedescription pid process target process PID 3976 wrote to memory of 5088 3976 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 3976 wrote to memory of 5088 3976 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 3976 wrote to memory of 5088 3976 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 3976 wrote to memory of 5088 3976 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 3976 wrote to memory of 5088 3976 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 3976 wrote to memory of 5088 3976 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 3976 wrote to memory of 5088 3976 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 3976 wrote to memory of 5088 3976 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 3976 wrote to memory of 5088 3976 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 3976 wrote to memory of 3208 3976 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 3976 wrote to memory of 3208 3976 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 3976 wrote to memory of 3208 3976 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 3976 wrote to memory of 3208 3976 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 3976 wrote to memory of 3208 3976 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 3976 wrote to memory of 3208 3976 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 3976 wrote to memory of 1340 3976 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 3976 wrote to memory of 1340 3976 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 3976 wrote to memory of 1340 3976 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 3976 wrote to memory of 1340 3976 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 3976 wrote to memory of 1340 3976 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 3976 wrote to memory of 1340 3976 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 3976 wrote to memory of 1340 3976 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 3976 wrote to memory of 1340 3976 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 3976 wrote to memory of 1340 3976 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 3976 wrote to memory of 1340 3976 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 3976 wrote to memory of 1340 3976 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 3976 wrote to memory of 1340 3976 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 3976 wrote to memory of 1340 3976 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 3976 wrote to memory of 1340 3976 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 3976 wrote to memory of 1340 3976 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 3976 wrote to memory of 504 3976 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 3976 wrote to memory of 504 3976 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 4988 wrote to memory of 5524 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe chrome.exe PID 4988 wrote to memory of 5524 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe chrome.exe PID 4988 wrote to memory of 5564 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe chrome.exe PID 4988 wrote to memory of 5564 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe chrome.exe PID 5564 wrote to memory of 5704 5564 chrome.exe chrome.exe PID 5564 wrote to memory of 5704 5564 chrome.exe chrome.exe PID 5524 wrote to memory of 5692 5524 chrome.exe chrome.exe PID 5524 wrote to memory of 5692 5524 chrome.exe chrome.exe PID 4988 wrote to memory of 5732 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe chrome.exe PID 4988 wrote to memory of 5732 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe chrome.exe PID 5732 wrote to memory of 5804 5732 chrome.exe chrome.exe PID 5732 wrote to memory of 5804 5732 chrome.exe chrome.exe PID 4988 wrote to memory of 5812 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe firefox.exe PID 4988 wrote to memory of 5812 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe firefox.exe PID 4988 wrote to memory of 5880 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe firefox.exe PID 4988 wrote to memory of 5880 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe firefox.exe PID 5812 wrote to memory of 5888 5812 firefox.exe firefox.exe PID 5812 wrote to memory of 5888 5812 firefox.exe firefox.exe PID 5812 wrote to memory of 5888 5812 firefox.exe firefox.exe PID 5812 wrote to memory of 5888 5812 firefox.exe firefox.exe PID 5812 wrote to memory of 5888 5812 firefox.exe firefox.exe PID 5812 wrote to memory of 5888 5812 firefox.exe firefox.exe PID 5812 wrote to memory of 5888 5812 firefox.exe firefox.exe PID 5812 wrote to memory of 5888 5812 firefox.exe firefox.exe PID 5812 wrote to memory of 5888 5812 firefox.exe firefox.exe PID 5812 wrote to memory of 5888 5812 firefox.exe firefox.exe PID 5812 wrote to memory of 5888 5812 firefox.exe firefox.exe PID 4988 wrote to memory of 3308 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe firefox.exe PID 4988 wrote to memory of 3308 4988 bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe firefox.exe PID 3308 wrote to memory of 6016 3308 firefox.exe firefox.exe PID 3308 wrote to memory of 6016 3308 firefox.exe firefox.exe PID 3308 wrote to memory of 6016 3308 firefox.exe firefox.exe -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe"C:\Users\Admin\AppData\Local\Temp\bf9253dc5ce7242ed441db07cea28663f65cb44e5207f36196e3137387e0a283.exe"1⤵
- Checks computer location settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4988 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com2⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:5524 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff8780d9758,0x7ff8780d9768,0x7ff8780d97783⤵PID:5692
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1688 --field-trial-handle=1848,i,943455763856711584,3503816093365886890,131072 /prefetch:83⤵PID:6784
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1848,i,943455763856711584,3503816093365886890,131072 /prefetch:23⤵PID:6764
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com2⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5732 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ff8780d9758,0x7ff8780d9768,0x7ff8780d97783⤵PID:5804
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2684 --field-trial-handle=2156,i,5567929942979346145,16118596022060391055,131072 /prefetch:13⤵PID:6388
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3860 --field-trial-handle=2156,i,5567929942979346145,16118596022060391055,131072 /prefetch:13⤵PID:6692
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3092 --field-trial-handle=2156,i,5567929942979346145,16118596022060391055,131072 /prefetch:13⤵PID:3632
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2956 --field-trial-handle=2156,i,5567929942979346145,16118596022060391055,131072 /prefetch:13⤵PID:780
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1844 --field-trial-handle=2156,i,5567929942979346145,16118596022060391055,131072 /prefetch:83⤵PID:2940
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1764 --field-trial-handle=2156,i,5567929942979346145,16118596022060391055,131072 /prefetch:83⤵PID:5132
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=2156,i,5567929942979346145,16118596022060391055,131072 /prefetch:23⤵PID:6000
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4644 --field-trial-handle=2156,i,5567929942979346145,16118596022060391055,131072 /prefetch:13⤵PID:6740
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3644 --field-trial-handle=2156,i,5567929942979346145,16118596022060391055,131072 /prefetch:13⤵PID:6684
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 --field-trial-handle=2156,i,5567929942979346145,16118596022060391055,131072 /prefetch:83⤵PID:7116
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5016 --field-trial-handle=2156,i,5567929942979346145,16118596022060391055,131072 /prefetch:83⤵PID:7096
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5288 --field-trial-handle=2156,i,5567929942979346145,16118596022060391055,131072 /prefetch:83⤵PID:7884
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2508 --field-trial-handle=2156,i,5567929942979346145,16118596022060391055,131072 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
PID:1840
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 --field-trial-handle=2156,i,5567929942979346145,16118596022060391055,131072 /prefetch:83⤵PID:8080
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 --field-trial-handle=2156,i,5567929942979346145,16118596022060391055,131072 /prefetch:83⤵PID:7836
-
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com2⤵
- Suspicious use of WriteProcessMemory
PID:3308 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com3⤵
- Checks processor information in registry
PID:6016
-
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video2⤵
- Checks processor information in registry
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:5880 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5880.0.1000573550\153993970" -parentBuildID 20221007134813 -prefsHandle 1556 -prefMapHandle 1544 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd86ce3f-e34a-4f2b-a03f-9524069ee7d7} 5880 "\\.\pipe\gecko-crash-server-pipe.5880" 1648 27146bd7758 gpu3⤵PID:1464
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5880.1.962410476\949389754" -parentBuildID 20221007134813 -prefsHandle 2112 -prefMapHandle 2108 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e767e2f-666d-4074-ae3d-d6a7e56cf895} 5880 "\\.\pipe\gecko-crash-server-pipe.5880" 2124 271466e5058 socket3⤵PID:5904
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5880.2.1254462212\1741894539" -childID 1 -isForBrowser -prefsHandle 3252 -prefMapHandle 3248 -prefsLen 21646 -prefMapSize 233444 -jsInitHandle 896 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {824bff88-448e-4dac-82ba-bbdeb7b9bdc2} 5880 "\\.\pipe\gecko-crash-server-pipe.5880" 3264 2714a22f158 tab3⤵PID:6920
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5880.3.406128885\1362258160" -childID 2 -isForBrowser -prefsHandle 2704 -prefMapHandle 2588 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 896 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dacfd22c-de8d-474a-a033-65560d966a88} 5880 "\\.\pipe\gecko-crash-server-pipe.5880" 2608 2713c564458 tab3⤵PID:5384
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5880.6.373935053\1433908084" -childID 5 -isForBrowser -prefsHandle 4936 -prefMapHandle 4940 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 896 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {924ae68b-bcc0-4b66-8716-dfab928ef7bc} 5880 "\\.\pipe\gecko-crash-server-pipe.5880" 4928 2714d7f1558 tab3⤵PID:7432
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5880.5.1322359280\1401183401" -childID 4 -isForBrowser -prefsHandle 4740 -prefMapHandle 4744 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 896 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a33d768-37c0-40fe-a13d-b594b3672500} 5880 "\\.\pipe\gecko-crash-server-pipe.5880" 4732 2714d7f0958 tab3⤵PID:7424
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5880.4.1345251933\547646003" -childID 3 -isForBrowser -prefsHandle 4616 -prefMapHandle 4588 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 896 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0790142-bea9-4907-88df-3cb82a21bfbe} 5880 "\\.\pipe\gecko-crash-server-pipe.5880" 4628 2714d798558 tab3⤵PID:7416
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5880.8.1586479411\289187981" -childID 7 -isForBrowser -prefsHandle 5568 -prefMapHandle 5572 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 896 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {420c4dc6-9867-4b72-9e10-045fa8bbc76d} 5880 "\\.\pipe\gecko-crash-server-pipe.5880" 5560 2714f2db558 tab3⤵PID:6700
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5880.7.2138808597\354877715" -childID 6 -isForBrowser -prefsHandle 5176 -prefMapHandle 5160 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 896 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {58195197-2e8c-4b01-b15a-b44dadddfe42} 5880 "\\.\pipe\gecko-crash-server-pipe.5880" 5384 2714ee36858 tab3⤵PID:6712
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5880.9.1031677212\1431834607" -parentBuildID 20221007134813 -prefsHandle 5928 -prefMapHandle 5932 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a63d5805-423e-4ca2-bc82-2f46a3f1fae4} 5880 "\\.\pipe\gecko-crash-server-pipe.5880" 5940 2713c56ca58 rdd3⤵PID:312
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5880.10.1330377346\614475042" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5960 -prefMapHandle 5972 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3bb66f81-e7d1-4363-8dd8-4635aa680d86} 5880 "\\.\pipe\gecko-crash-server-pipe.5880" 6068 2714b7a8558 utility3⤵PID:7812
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5880.11.986414508\476378444" -childID 8 -isForBrowser -prefsHandle 6292 -prefMapHandle 6316 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 896 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c26ed1e9-da1a-479d-8cee-d74ebf0e6a58} 5880 "\\.\pipe\gecko-crash-server-pipe.5880" 2560 2713c565c58 tab3⤵PID:5176
-
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com2⤵
- Suspicious use of WriteProcessMemory
PID:5812
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video2⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:5564 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1796 --field-trial-handle=1848,i,12353812782079427191,9295690121794367507,131072 /prefetch:83⤵PID:5444
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1848,i,12353812782079427191,9295690121794367507,131072 /prefetch:23⤵PID:5152
-
-
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:916
-
C:\Windows\system32\browser_broker.exeC:\Windows\system32\browser_broker.exe -Embedding1⤵
- Modifies Internet Explorer settings
PID:684
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3976
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2748
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies registry class
PID:592
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies registry class
PID:3208
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies registry class
PID:1340
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5088
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵PID:5488
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5532
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
PID:504
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com1⤵
- Checks processor information in registry
PID:5888
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ff8780d9758,0x7ff8780d9768,0x7ff8780d97781⤵PID:5704
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:7156
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
40B
MD5ce5d2510556c8ad0cb39c8d4569592cf
SHA1caf92d96271359b752e07b632d0886aca9161a85
SHA256d3576457eb09ec0d539a6337da44f773ac25ae2bc80f038b6cf99813b86dd92d
SHA5126755d263b60573cf813845be095cba5f1d6367c18dc969247fcf3be6362ce610717072f4d578339ae35a260268294228d139cd34f3659fdd50e0684bfed495fa
-
Filesize
20KB
MD5923a543cc619ea568f91b723d9fb1ef0
SHA16f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555
-
Filesize
21KB
MD57d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA168f598c84936c9720c5ffd6685294f5c94000dff
SHA2566c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f
-
Filesize
70KB
MD57611185685bd3d51f1f6a5a2c01b1767
SHA111aa48a6137c11356546bba4d3de8d395be52866
SHA25610273a73d9c28cb0f4a148124da57d6094b0cbf33496449042502cb1253c10dd
SHA51238366263905421d8bfae7e29db06ab74e307e2c7ef5330492f999d0a61956a7083465f4ef389ab0ffbdbd6e0fc84351eab6d593456f5b4999250960be3a39e5c
-
Filesize
21KB
MD53669e98b2ae9734d101d572190d0c90d
SHA15e36898bebc6b11d8e985173fd8b401dc1820852
SHA2567061caa61b21e5e5c1419ae0dc8299142ba89c8169a2bd968b6de34a564f888a
SHA5120c5f0190b0df4939c2555ec7053a24f5dae388a0936140d68ed720a70542b40aaf65c882f43eb1878704bea3bd18934de4b1aac57a92f89bbb4c67a51b983ae3
-
Filesize
20KB
MD5c1164ab65ff7e42adb16975e59216b06
SHA1ac7204effb50d0b350b1e362778460515f113ecc
SHA256d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb
SHA5121f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509
-
Filesize
34KB
MD5b63bcace3731e74f6c45002db72b2683
SHA199898168473775a18170adad4d313082da090976
SHA256ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085
SHA512d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140
-
Filesize
16KB
MD59978db669e49523b7adb3af80d561b1b
SHA17eb15d01e2afd057188741fad9ea1719bccc01ea
SHA2564e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c
SHA51204b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a
-
Filesize
1KB
MD5a6d0606f459159b836102d7ce54db5d4
SHA187b513ce99155b545186d67874c52d0bc5990737
SHA2563c232904248ad0b719e20dd689d4c7d7de6935d312fdee1bf4ee59c84149a73a
SHA5126be9a03675200ab477cd67384f8e274645cd597c161dcf85474a146d541743627457973274b75625c48711c23c86895055e813fe23c1d8175ff26821d21e2659
-
Filesize
1KB
MD5ce8e794b0ab264f1205b643ef7f86a82
SHA1071e323ef6bd1968fd95938cc5213da6d6ce804d
SHA2560c439f4a15769562c21f63f77c82732d2d6513f702a5983d60ae52e2b6444932
SHA51255e7d19d56d56f8e71887047d08461fe8d9b9e756c4b505c4d782d5a5afa71b8d39ebb27541b2bcd0b0080e4fe066950d61d6640b2801b5455c24d1be9481182
-
Filesize
1KB
MD5013c3db324574d481c3084ff85514b08
SHA1f86567c5cccc3ef7b3b871a003ef4b2d2e1ee748
SHA2568facc68638bf586cd646f27c6e3c7daa24cc35ab16275b0df5a4a2146b08a43e
SHA512181b99ce6431f7558f7a7a959e305b7117d052816c6de2343f2ff630db6acb122d75df9e2fdb71a50e5217ff1a26f9b2f786d2fff7527ed125dd549feee9b66b
-
Filesize
4KB
MD5a25e4f8f934ca15489765899ecddbf9f
SHA1b96b69f62da9f2b0ac77ea398b52c169772f332b
SHA2563c3ca0793c4795bf8ae08a6ba5b821d5f4b9bc725379ec77f3eff0acb828d5e1
SHA5126a5f0ffe9e96c1cdc1eeaed501f3885debd2f67a1264b6a5ef95316f0725311aa82aa50d31e6dbc546a9b8915a35bc179e8cc1f8e639136bf0f2b50b87a30d8e
-
Filesize
4KB
MD55f93b9c1fe1241a0eec7c1a7fea6e56e
SHA13ec1cb3887c04ef220186785499ef9f66ea2a167
SHA2569f9671ca3353562143131030b8033ef3f0989dfdcfb14db6681c39913ef41132
SHA5124c1909841e9e73ef1c160dbcdbd19ca8971f16f916eac509c4ebd4a105b532d8e1215f89bd46579221af9098fbe9f9bbacc9c0ecef99423c87a01f8456c4d9cc
-
Filesize
4KB
MD50e21165a1f4902147f6851bea09d939e
SHA18ca58233e625b76336fb9555ca39f5b6df04f47b
SHA25600fe8f70118ef243c6d55ac3814fe85430a0030ee7183edf901702780326b72e
SHA5120bf2ed4a9ca1999ac764cd103942c50b2c6d62ca1eb5d90a5e9545984e3ea922c72fc58be5d7aed30e6e141ace564505adc889a53a8bf0c0b84a95007d6edc9c
-
Filesize
4KB
MD5e8782cfed5b5098d795c8d789fda5cb2
SHA12c77522758af87b3ffb5132450002dd03e12d862
SHA256729003d1b6350510d8841ab88f554716be2fdf1242d09bbfea7027bf0f6c4097
SHA51241d631ccc1d01078d1a77b6aa82d405fe708f95442fd8b0c9b7335164a69ef827979fccb7b378b860617d468d4551541a35b5743978c3616615f7812fb8477ce
-
Filesize
1KB
MD57e481bce0b3afeaed2f123c5ecc6212c
SHA1c36abc1804ceab9e781ddd6b034d18174d27d3b9
SHA256b5b417d5a744200eff0dec4454f257afb188ffb1676665d3b462a8e73a047bd8
SHA512fbb4d338ef77567cb928b299a1a7063439352cacf496aa0d17a2d1ebfc6a76cfdeb396ab17d7140e30c240b33cec6e75dfe6b85f090a640cd4c120efe372a873
-
Filesize
873B
MD5856756b96bc26979d23213b111786dfd
SHA11dccbde5b679dcd6fc6478e75e5dcf8eb2ca6b91
SHA25625a32364d4a5cbf3ab4fa4acf764d49c08c49f45ae591706ba96f333534266e3
SHA512c57d1ff0d4dc8c30d8c6afdccc680fca3fc4f5f7173d16f814bbf5c8a904edfa6831f60b2d2830c24207db8d99b3c6de41eac4762af9314d54fb59d9070ad0ec
-
Filesize
1KB
MD50a93726ab3e70c6562fe4a3e68651af7
SHA11cf869c9172a95aeeaabb3d24f8a61a30c01a771
SHA256ca0ec6bf73dbd9568ffd4ca109f89ac0f1b088307a7d8715a0d57580c7bb4ece
SHA512117fd4e11b163077a3aecf2814f4d39690429238b499a943a13ff83595d94b994fa63c83d3f5f3a159f65a5f18c916786c6a29498f9fef186d111a271f1651be
-
Filesize
873B
MD567b9439e76e68666db64af5a9e966e1d
SHA15e3dd1317657f9301bfd87ced377e4043381ca3d
SHA2568c06836e5c0bce3c44835e16994c086b56e5c6107b4c1f9129e9ccfb0957d1de
SHA5125bc32838a5a044d9ca8516cdfb814f7268dc7f3ffafbd20dccc029b646df7d69fcdc27f97d444616ff13ac9a1609403d932828cf4a6dab1c108d36b16ff3bacc
-
Filesize
1KB
MD5f4b14f5c254f6606f3e296d018087dc0
SHA1100dc0255a6c857d1a0d18398f1437e8bc78a9ed
SHA2567dc4eae969ffb94cfcdd84e2c3517035c82341f9926b520e6bc689ba7a693f47
SHA512b2cd5c32a6faf15bddea2f0606f62d1db5fd827b4b62c20fd68f584f9185b8920191b402a27b315f64d56bd00c589b3e055879f0de1c10f93d782719ad2e9805
-
Filesize
705B
MD5f59965585b70bf8d9ed991874009bb01
SHA1ec35c8d1d572c1ad0f88261094802b2aea34532f
SHA25694b1ef99830b18d8a94551dd7c1148a0abae6b58ed2966059d7c615f9d1f36fb
SHA512a5c07b8ed415a5bde8965ffda8c84d2602018ec095da0ef7ebaf838ff7aa4ea93074aefad0e9c2475511d05f01713789aebffbe8005128ac2c7375b4155fe3ee
-
Filesize
873B
MD5cdfb637eaf91be32e79ae801977ddc6b
SHA1661373a7145ca5e4e4ad04c68d69980848885df7
SHA2568e223a1936f590dd3a89478921b1006504e933176d740af05e4294f616650e91
SHA5128e40398791aa23ff19b7d23070c33040089384d8d67b1511f12c1e4c9187384bfebecae888d9e9a06ad1286c151dea143b1e680d01d64b201350c918d139e4d0
-
Filesize
6KB
MD55e3a62000fc9e705114f219c9d341459
SHA1ebdcb91dcdaf3377fee142e609eb725d2911d479
SHA2566ac5e872a9776a2a29c051fb4f3d1656c8d6de85ab541c8ab94edbb1b77cc9ef
SHA51205c26081aa7e72cb930cae955f708bca358ae0982e7dd0fdcb6efa97b249c0c5738f4a0227b8a4151e44c898bd3cca9d1f63037fcd2543eaabc99d1bcfdea382
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize176B
MD535e9d3af09d966dc80e2b22973edd2c9
SHA1681e61316038e864392a637041321ffe2ccfb9e4
SHA256c61d658546bf8d889e3fb26dc03584e9f89dc3084e1c6e79c148c779782d738c
SHA512f94d7a3ebbc558b99be92344b5fcaeb032238fd46d8ad20e1c093656575f8d4e91ecad5342e32c7d3ec1664849f220052417e42f1fcc792019e348933e86281d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize112B
MD56f27dbaf19e8e4779a667ef309ea9c0f
SHA1a0e8793e9d1df9f461a4eb853dc09c16d9e41d5a
SHA25672b6ef25c092e472dad4335396b8182b958b7dba728c9d16fc830fffe8545b3f
SHA512e6e30affbff64eb01b9d39b9390d1386f55c36ab9e079aadb61011a6e986b324dda8e0b57b1d05a34f562a2e380441b0301a6866821fe45362d2842272df2be4
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58459f.TMP
Filesize119B
MD580c44df44292659ee6d5842c3c37027d
SHA1478579c976d17e8e74e1e468b744d4608b4e2614
SHA256f1c76cd24b2fb555801c7110279221d715ab6063bec5284a6e69d93adf71ab02
SHA512097083b19868afa47b0be21b1bb1161f92d508eace730e2d275258311ffb38a16f5f5f6e0482c5db4e5750123837b70d53e6459d40839f1f06b0d3283f3a16f6
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD5e7a833b2497323bb1466d5a9c981779b
SHA189270aaf7413fa4bd53460f5dfb0139da1c59c1f
SHA2569d9112ae9b68980f478164f632d30f99d34cd3805fbb86003fe74f20da03de15
SHA512e809299a8765e7282b1df4bc0f5fd72b8482b1725981894e65a81069a0c1c9eec9763f909840e19c061350c15a37e51bb602494c34df5f9aac4ea1a44dcc1201
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe589fc5.TMP
Filesize48B
MD56fa1e39aeef8c146de22abb731b4464f
SHA11f90c653300eb728e245dcd93a3f35d7c7e0614b
SHA2561b10c4575f4c8a34fc3bb9466fa8786055da995461cb3ee021042961c4c2f4f3
SHA51273ea4f5895cbcfae6266dd6caa0b29a157691287bb94ebd92201a333b1bee8ea66b3e52d260286118000704df00399d647bd7b967e547f2ac7c167befe7c4960
-
Filesize
234KB
MD5f5fe256962b26bd5eea0b0404a582737
SHA151ce2c7388c18bc5b607f3902f1d1661a0532668
SHA256cfa090c2306f7e3889f7eca48813c8b3d6410bb40dab9f0abdfa59db1f0a2676
SHA51269b6a2c06ed636dbe0ed9300c0750490b8a704a74209a1e1fb801df1128832d5621e65384f11349a38d81115e5879894e19cde37bb8109201c6f1804122d8ce4
-
Filesize
114KB
MD5579c26d74db7a315adb5fa10b335b013
SHA1bcf6b5b7b807c9c5f789c0018931bfe60c9c786c
SHA25685a80a23d883a4026d5e279e779a6e8fbc24db78023ae66b6692def38cee9937
SHA512369db03d3a66a6a6d9b272d46f43cd222535ed9419c8cc1da1107d330ae5c9e0a357315c115d671c3fd4d678aa3f2922013cd3fd55376397b7b8087ee651fc68
-
Filesize
114KB
MD5523b3cc78a242e37005530557a977bfd
SHA165f2b9a4e05a19b06c18a60835792508378b3e30
SHA2569447ef33c46ec1db99fae48742e2b5945aac20db330f9dd788ce13794791e2ef
SHA51291fc8c25194a808f7ed4ffe2d4f85d221693ea74582fe6140ae8c74a29509c7551156c256b7d3b89c04bc55f604cdbe9283a1985dca4562bced84b1de1ef62d8
-
Filesize
86B
MD5f732dbed9289177d15e236d0f8f2ddd3
SHA153f822af51b014bc3d4b575865d9c3ef0e4debde
SHA2562741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4
-
Filesize
86B
MD516b7586b9eba5296ea04b791fc3d675e
SHA18890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA51258668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771
-
Filesize
85B
MD58549c255650427d618ef18b14dfd2b56
SHA18272585186777b344db3960df62b00f570d247f6
SHA25640395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13
SHA512e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
74KB
MD5d4fc49dc14f63895d997fa4940f24378
SHA13efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\7FLOE565\accounts.google[1].xml
Filesize13B
MD5c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA135e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA5126be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\0RE9NZRR\suggestions[1].en-US
Filesize17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\117E2SX2\gB76kJXPYJV[1].png
Filesize6KB
MD5389dfa18be34d8cf767e06fd5cde4ec6
SHA147b751cffab47d076816c63ce08d3e84600376ee
SHA2563c45ce612f41b1e7936e7cf5b235047344fd3146d1630e342f186d1d1e8e00d5
SHA512c4db18f636ad85e87f93a208fb4b02b528659ba367e51cfa6d7826ac1159f445a85fbca8d12ac67556e8fb5208dae24ae309e783d50feb088ef0e9f47ac19430
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\34H89WFJ\favicon[1].ico
Filesize5KB
MD5f3418a443e7d841097c714d69ec4bcb8
SHA149263695f6b0cdd72f45cf1b775e660fdc36c606
SHA2566da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA51282d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\GN78M8W0\9lb1g1kp916tat669q9r5g2kz[1].ico
Filesize32KB
MD53d0e5c05903cec0bc8e3fe0cda552745
SHA11b513503c65572f0787a14cc71018bd34f11b661
SHA25642a498dc5f62d81801f8e753fc9a50af5bc1aabda8ab8b2960dce48211d7c023
SHA5123d95663ac130116961f53cdca380ffc34e4814c52f801df59629ec999db79661b1d1f8b2e35d90f1a5f68ce22cc07e03f8069bd6e593c7614f7a8b0b0c09fa9e
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\wv4osx5\imagestore.dat
Filesize38KB
MD5f9f24e9ec96c7321297042628f07b980
SHA1c89df3de6d0f83f6f9ef5e9d7baa2a10f16bd3b9
SHA2564821f8ac9c013b646ed4ced60c0475724379795f85bc55fa3e3f2bfe26806f8b
SHA51231679ea9409fd10d07a03ec52dbbbf475fd8d7234f37f35c99c9b04740bba681ed342cff82b9a5fc052e8a51eb596ea8b12bc1366d0c2c441739bca789a7c4ca
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9PMDWTGP\network[1].js
Filesize16KB
MD5ad6aa3451e397522b056e0b8efb6cc27
SHA12b491439bddfd73418cde3ef59b309259c58928e
SHA256b6ecc4abde3468769ff07bc6f76f694f1e738aef7ef71572bf2d20f5b9d69eb4
SHA5126c113602e65e3ab2615e9c5ba744f03d57eca5e2b164dc62d2057b7a6b72ec85796ab26736f5fc14d9cd61dbd15ffd911f6cc38988e0934341327ed8f33bcf6f
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9PMDWTGP\spf[1].js
Filesize39KB
MD5f46c2d926d8f3366a9f85e6995d53a92
SHA14b019b5f749359e6253d742f388a63144b4a7a5f
SHA25685dbe993fc00b8066bd14bc72a4c65ede501739fecbae38a38e3e5871a8c1b42
SHA5124eaecdd438ec9db8fb4e8daa935ec83f8438884585647e519bc0fccda0329dbdbcba0cb3e4eb7ad44c58f29a20d07de451368430166c5b65f66581d6024df3d6
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9PMDWTGP\www-tampering[1].js
Filesize10KB
MD5e2b71f92d13ffb96c2387e583ecf4f53
SHA108d6a00e00fea89db40f7ba6120913ffbe29ad4d
SHA25641f09dd845bd7d700be0517f8fa0ab45f67da98fd20c8986578419d6125a5fad
SHA5122720062fd56a7605d49c9fa3d18151dd4d38b9d007e7464511017fe9be90c54b11af5506b876ff5ede0ca263b357312196c360a11fbaf9da6c3ca3364d11eabf
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\A5X26GBX\css2[1].css
Filesize2KB
MD531aac18e149a751facc1eab7954dfb7b
SHA136d367dcc77416a166aecabb5f6fb5c6c29f3632
SHA25642706c41583de3f0028f16bad17197dde81807d148ba848ea3924aff4bb8b532
SHA512df83002d751e6e73377b15966fa5ffacc7f6e2318821c691209fac9b6991d1113b385ca1fbf21e02455a5e5702d4247716c6d03d1938506e6ca740cdeffce351
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\A5X26GBX\www-i18n-constants[1].js
Filesize5KB
MD5f3356b556175318cf67ab48f11f2421b
SHA1ace644324f1ce43e3968401ecf7f6c02ce78f8b7
SHA256263c24ac72cb26ab60b4b2911da2b45fef9b1fe69bbb7df59191bb4c1e9969cd
SHA512a2e5b90b1944a9d8096ae767d73db0ec5f12691cf1aebd870ad8e55902ceb81b27a3c099d924c17d3d51f7dbc4c3dd71d1b63eb9d3048e37f71b2f323681b0ad
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\A5X26GBX\www-main-desktop-watch-page-skeleton[1].css
Filesize5KB
MD581b422570a4d648c0517811dfeb3273d
SHA1c150029bf8cebfc30e3698ae2631a6796a77ecf1
SHA2563c8b38d9b8a3301c106230e05beeedbcd28b12681f22fd9b09af9e52dc08635d
SHA5121d4966a88d7cf6be31b8f53547a12db92cabb4c05176abe995c75c8889765ec68b7210c3be75f60954ceb2938412fbdeb94d4d25ddc927f3a89eca76a84a9ebc
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\A5X26GBX\www-onepick[1].css
Filesize1011B
MD55306f13dfcf04955ed3e79ff5a92581e
SHA14a8927d91617923f9c9f6bcc1976bf43665cb553
SHA2566305c2a6825af37f17057fd4dcb3a70790cc90d0d8f51128430883829385f7cc
SHA512e91ecd1f7e14ff13035dd6e76dfa4fa58af69d98e007e2a0d52bff80d669d33beb5fafefe06254cbc6dd6713b4c7f79c824f641cb704142e031c68eccb3efed3
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\EGX5NL7V\desktop_polymer[1].js
Filesize8.1MB
MD576e69c295f1223d67cc1abe176ee7da3
SHA10ecd6cea1cd9ba2502d6f935f35835aec7c75341
SHA256d071195f19ec8b8f5810b31c8eb34a95038e0880fb9d351e8abdf1f25759b343
SHA5123fe2427438f1272e0a31cd85e59107b70b8811120738fcf6eee4ff005f1f54f5869463e6e39b35a5b8c1548d3ff57f8dccef3b2a172111e114d87a67666cc7dd
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\EGX5NL7V\rs=AGKMywGeiBUuq5vqE4SKSRdxHIEuINw48A[1].css
Filesize2.5MB
MD5d9a08749fec08ab760d54e41f553bb4a
SHA10076985a68f45ed9e99e9bfafc49de4207f65d4a
SHA256a4bb91f252030cb86f73a3fbfbd05244dbf231629c4433359048c60c4b746dee
SHA51258a49918b18aabe9fe99bad13010c97ed8b19809e416147a87a791191bd90c64fbc06fc54fecaaf82116043d576c24d278e729f3429d3901228877e8c1d71187
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\EGX5NL7V\www-main-desktop-home-page-skeleton[1].css
Filesize4KB
MD59deae13c40798dfca19bd14ed7039d60
SHA14ba302a1435b094031e4f2e1bce1b6198f0cf825
SHA256cdac5527dc3c1a9f38c6b00086b2a10b9e7eaa1e062314e548c1fa602d17bbbd
SHA51295b093d926535fa9454e3776a3e219b61502ce67aa2e659175ae879133dd35a6efa1bfdbe5b6d3e3dd8ba1f0663892b44fd6f21be17fefa9725a234dff3c5d0c
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WHXTXXRF\intersection-observer.min[1].js
Filesize5KB
MD5936a7c8159737df8dce532f9ea4d38b4
SHA18834ea22eff1bdfd35d2ef3f76d0e552e75e83c5
SHA2563ea95af77e18116ed0e8b52bb2c0794d1259150671e02994ac2a8845bd1ad5b9
SHA51254471260a278d5e740782524392249427366c56b288c302c73d643a24c96d99a487507fbe1c47e050a52144713dfeb64cd37bc6359f443ce5f8feb1a2856a70a
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WHXTXXRF\scheduler[1].js
Filesize9KB
MD5dac3d45d4ce59d457459a8dbfcd30232
SHA1946dd6b08eb3cf2d063410f9ef2636d648ddb747
SHA25658ae013b8e95b7667124263f632b49a10acf7da2889547f2d9e4b279708a29f0
SHA5124f190ce27669725dac9cf944eafed150e16b5f9c1e16a0bbf715de67b9b5a44369c4835da36e37b2786aaf38103fdc1f7de3f60d0dc50163f2528d514ebe2243
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WHXTXXRF\web-animations-next-lite.min[1].js
Filesize49KB
MD544ca3d8fd5ff91ed90d1a2ab099ef91e
SHA179b76340ca0781fd98aa5b8fdca9496665810195
SHA256c12e3ac9660ae5de2d775a8c52e22610fff7a651fa069cfa8f64675a7b0a6415
SHA512a5ce9d846fb4c43a078d364974b22c18a504cdbf2da3d36c689d450a5dc7d0be156a29e11df301ff7e187b831e14a6e5b037aad22f00c03280ee1ad1e829dac8
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WHXTXXRF\webcomponents-ce-sd[1].js
Filesize95KB
MD5c1d7b8b36bf9bd97dcb514a4212c8ea5
SHA1e3957af856710e15404788a87c98fdbb85d3e52e
SHA2562fed236a295c611b4be5b9bc8608978e148c893e0c51944486982583b210668a
SHA5120d44065c534313572d90232eb3f88eb308590304c879e38a09d6f2891f92385dc7495aabd776433f7d493d004001b714c7f89855aa6f6bec61c77d50e3a4b8e6
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\2JN406AR.cookie
Filesize314B
MD5fb13b2eeb81f4ceaa407f1d9bd670e3e
SHA1b349e47731533aef3f1b9d0bcb5f80c8844e7ed7
SHA25674908f27ba743c515538d1b46df17b33492990aee96fe4624bf732fb3ec257ab
SHA512da63e000b6d5ac01b33f8108095df717edee264233f22607ddfe08670a8eae35aff907258cc98b30b42050352eb7b290393425ccc6aefe9cf2e5adf4de314514
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\3T4H6DWM.cookie
Filesize355B
MD57d81c5ddba7b3240bf4a989c92ff204b
SHA112c05bd722c5c7c83ff6720aaadb537f7d3d2871
SHA2567e9d13f5bb3ceeed05237575b2a3d6648766cc27c2773714f8780488300a2c7e
SHA5121c34a1bedede97c7e7f2bb0d2fc95407604ccae46085dfda8ad0b6deb860a751946aed59984e76edcc73bea9ac6925cb1da33b30d2c480947e3d313519a904e1
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\87YVB6A3.cookie
Filesize132B
MD5c529a065624db232a11fed0a091c7bea
SHA1f490988e14805ed979a52538ecbcc70c9d2a1812
SHA256ad3e3652dce5c28261f8677112384e537e553157009f5b6521fa98cf8e8e2e92
SHA5126934600d721cf9ea7efb93fcf3a91cbcd7e1eea279e66e0e4da0f778cd6a9849f0615500d8ac50e57e6cb47ec80d702cf7c1b212bbd778c6dbbc81197211dd09
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\AA6QX34H.cookie
Filesize313B
MD5e2672ba508fce40d52227ad5206b18f9
SHA1c07325929a331da5f434ef784e8edee67e1ebca7
SHA25668478d91fd9117cfc4d4d43483df9ebbceccff2f34799500a89b155d30b6164a
SHA512fede41423d020d4f64b029109ac78aa700b80b0937bbbe5c84121baf6c8f6d83160f11db6a84782e5207d2f6a9bd6331648c9eea6c045ec8a3985b761c2aaa99
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\OU6VCJBZ.cookie
Filesize431B
MD508fd029ef2755226548443bd2853c9e2
SHA1d6c3931519f21fbb57ed818b27c1dec69a93286d
SHA256f8963cc41eeb6fca3fad3a7c340e12368243cffe138d12a2ca30398ce5613e03
SHA5122a4f3fe442f0a6a5b19c06a88367f00ba1166779663f20e25273934dbd52ac34ec52db6b3bb43dfe91c8d7e3b9ec1b4ba93c10f158aa1ab449571e8d6fb49bd8
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\WKNALI40.cookie
Filesize436B
MD5ef85d3f96b41d61bf3960c5021f930af
SHA12efc2eb84439ea60a6ef093c8cb3a1a4ea8306cc
SHA25615e5388fdf46d4c3745ace4632d6d8b578dfbeeda04a6894b03dcfee96181ada
SHA512fa06d29861bcdb39623d21ce105829e578436b691e1c8e6ae6b210c2315683895ef2e262371a0c0f2cd15cbf3dd81daa347859faa3d834b6321d804ce36b5dc1
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize1KB
MD5267f3fbb231876ea1b3de1b8aaea1917
SHA1df0843fb7137e7e81e449ba3c05168fe892ffa78
SHA2565157427e4c6e429f14a19cec39e30d37b17040ca86886879c0315d157e7b90d5
SHA512dec882dbb4505cce10525f935a90c2a87552ddc08701e3faa8de7561dea23f4c029142154b6818e0a50599a2e3341fb12b5c4554d06a0ee5f2ab07941eeecc61
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4
Filesize472B
MD5cad81fad2ab96418942ccf7a83132c26
SHA1c97d85bfdc74d42801b06f07cb49abe262d2f549
SHA256343a22ce1c80b7675588c481445158ef298b35eba0c69ad47ef95ef77fbe9969
SHA512a50c96f39626de958c7216425f52293cdd0af6635044346445d26e1f4e4985aa83c4f31f83e447ec9bc388c254755cfec083e71bfd28c4a04bbd70a82007a717
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486
Filesize472B
MD5b079bb55d22cefcee13770880c1432cb
SHA18507ef101cc4471652dd88512990a9c1360559c3
SHA256f80de1f9b8ab5a10a275a21389b2dcfe166b01fc8a560f276aaf024d34799ee9
SHA512ac9619242d028c168de40146f054a78c0dbe4c7ea98c0c9c8b8d3b1674fc5b4fbf79ed86aecaa76deb0f3377edbd129b0ee351ff335226a74e6d6aca0b3de845
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize724B
MD5ac89a852c2aaa3d389b2d2dd312ad367
SHA18f421dd6493c61dbda6b839e2debb7b50a20c930
SHA2560b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752
Filesize472B
MD5bc0cd685752afe0c38084fbb5292ee98
SHA135194d4343252fe2c6947d62fd67457efb79d7ac
SHA2567fdc7579c3b8cbd6bd686d660635eadf254e8fd1ee3e95fd8a2f5ac422dcde77
SHA51234cc441012ae1fa71d1e9178021c308988b5ff2e4ae4a9c6a6f17c78ca0bb1c38e70c4fd67bf7cd84c84f20eaf12f702beb30127788fecc2f75d07c9e93ed397
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_F6E3C65FD23342E50616493134DC9A7D
Filesize471B
MD5ffbb0836709f77fe01dd7b0d01dd2f76
SHA18e737ec46d21aee1b031d4d228960d4835d5bd31
SHA256204e10064d400db8fde93e883a96472ceff283fe9c9f8211a4ef91719e8b7529
SHA512f19718088f702fdd51df0c5a1daed5b7c883dfd08a2d337f552421572157f41d86d0f3680c2dc9bc48f449c3829493007e099aa0a24f9dc9268363640a6486b6
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize410B
MD5b497cb83136a8923cd28a9b5a7c2e4f2
SHA18e0d043c8486c3e8a5b84d6bf1078034e5b2b598
SHA256cb1f153bca1a6eee8f300b0a260736926a3a876cc46e94a745ad91850498fd5d
SHA512e3b74905a3783fb3c3ce31bfc49ecbbf277e545653b52ca75422e82a49a25541ac5500d2d442b58a698242206581d4577227476b3c0c0602876424dfc84ceb7c
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4
Filesize410B
MD531e1bdfadcfe23c052030158571ca127
SHA1024f396c8d2e8a3a7c2ca3a55f21232298e7055d
SHA256b85f9866d1124f703c6af46613e89be88e411ba2486b6426b2c59e72fb228feb
SHA5124c62a6baadb6153f5e7d694a739cc04675303de45363ca857e0a416bce4c2688433346ed62d3042a9181c6afa0e78ecc5e9ce27fae13c00cbfcbbcf45882af57
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4FF70BED6E50B22FE9799AB821C4C486
Filesize406B
MD55954229f49e63d0c1fd96e7dfe2b208c
SHA11d41613bd7712cf613caab1a0a3ff7f2de7a4271
SHA25684fce55e420948b2802aec21020038f8a0f892ef1e33c9124535a11a9514dfbf
SHA512157ca28113212b98241086a80b1abe58f98b8d44625079fd796f911abfa031f993d857174e66c5e23313a97a486ed5476fb953b2f1e4ad81306e489087e2862e
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize392B
MD5d61676671c35eb06e6b6d3bd418375a8
SHA1e30d29d206d1ee4c4ee926707e2e66a2fd7ef77f
SHA2568f8db436848e5a485120edacbae62370cf221c51c640b82f40493a093b6a320d
SHA512a46e366d35320ba7bf23e60d5d392c5ca3ccb87e1d7abbe798925c9be86d03764d7dbb13ef29d57deacddfee59ce8c6a1a94f1613218cad47c25c277b06db98c
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_D50E9269859FFB5A738F673D82E63752
Filesize406B
MD5d08d706473161d868fb14bb5c3d11593
SHA1f9d1a1ea0b4eeae951600ffdf982249bbb19d018
SHA2561747a40c4f63ddfe9aca0173738b63e514e7e8be7ac5ef9fd3e701c888c38ce4
SHA5127bde40f50fb3d4383394423e142061f30f0a42370828e9da4dba03e0a40103afa080c92440ddefc12acec21fbf94267457cc507e6628b0229b15f675d8a7051a
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_F6E3C65FD23342E50616493134DC9A7D
Filesize406B
MD5ff0a448f24ad3e44cee8edbc34e16e50
SHA123ce90558c96108abe00ef9125f598f0127263c7
SHA25643290e32887148288645d4d58b2576ffb456e2b37ed32f5ff23cd0a0422cfe0c
SHA5124abb1f94f34f49b672520a0fd1d7e9c6e603537b5ac0044fde264dce06cd285f64a3b7f9202e3f15897620eb617f3d0d40525fc99f086004b749472a4a4a9193
-
Filesize
442KB
MD585430baed3398695717b0263807cf97c
SHA1fffbee923cea216f50fce5d54219a188a5100f41
SHA256a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA51206511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1
-
Filesize
2.1MB
MD581364d87706217bc328fd159211f7ffb
SHA166d89ab7a15a982519832a78d64dae6518f07978
SHA256d7548616df33fcfe531e2ddec95715cda52577699427222dd21eb659e9ae79b6
SHA512387ac4a4d7699879b3b000991af83047926182da06d48c39234a9a3c087f553db1979034f43930c5c6c995c18e825c1670ca7055ae3775af7f4d969ea11643ec
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize11KB
MD597f9785308319b83ad869c85a2215c42
SHA1fbb19d9937b3c132858eb1747de35c656f1b5dfc
SHA256926c1aa46bb9e3e9e91b56f0ec4a63527826ae97683670cb285df40b3f2daf63
SHA5124271defc120e9e869251155c655afad655ecf56f49ef587e98840d4602a0ffdb44cf887bec58ad1a61fcd9028eaab9717d2f1f6505c466bf974814baf0a021d1
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n69gspjk.default-release\datareporting\glean\db\data.safe.bin
Filesize2KB
MD501c58da030ae5cb4b1a8c8fa07e6c222
SHA16b375f84de18e9ad704d1919d0939f697a2edfeb
SHA2565edddc67366f922b55655dd889e921468e31b70586314a85e9a2b69a5f44d832
SHA512e74c80cfc13aae3a9794d9944f63d73538e64b4d31e2fda10c05795ad150619424c818a4062102d0ec77146283cae31a2c02dfbad48de5b542390e2c701444fa
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n69gspjk.default-release\datareporting\glean\pending_pings\cf2dbb31-87df-47e6-986a-bf27a13dfdac
Filesize10KB
MD5f690599060450c8eadbb577f231af157
SHA146579a192a995ed046dccfa90e70e808763a3775
SHA256bfbc6c87753f6e8f756e045d137a7d5ce445425e469900c73ba78e27aaeacf44
SHA512c7f71b73b477d0e14ea096704ff40c2ccd93ac80c076af00b377e65eb7a1fd78a4933f4e0c432ed727d407a81b3672728216f846f4fc16ebf183ee87c1267893
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n69gspjk.default-release\datareporting\glean\pending_pings\e03cd357-3e6b-4772-92ce-73081ac5d4ed
Filesize746B
MD51e8fad49ea461ab7253bc95dfbe90401
SHA1156e66bd0a0fb001e8add88d4ca643ebb6ffdd28
SHA256941a296b357c39af955ca32c1f1ee8179a0404fc8a43b02dfe4615052feaf90a
SHA512fc541463fa1eda9e6e094f1a27aaf210d0237653c8d99d99bd267a076d137badf58f9552ba4849a9a463638bfdef783f69fc4972a21421580ad2990ce736bfc2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n69gspjk.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
Filesize997KB
MD5fe3355639648c417e8307c6d051e3e37
SHA1f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA2561ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA5128f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n69gspjk.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize116B
MD53d33cdc0b3d281e67dd52e14435dd04f
SHA14db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n69gspjk.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize479B
MD549ddb419d96dceb9069018535fb2e2fc
SHA162aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA2562af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA51248386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n69gspjk.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize372B
MD58be33af717bb1b67fbd61c3f4b807e9e
SHA17cf17656d174d951957ff36810e874a134dd49e0
SHA256e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA5126125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n69gspjk.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize2.2MB
MD5d6383a52d658f6c8f703aedd6001cfc9
SHA115bf543cbec2969be7cf37718d54a3ac55384210
SHA2562df5174c34539c5728aedbcd3e9865d55a51b8db4b354f6ac5decdbb25c1a9e1
SHA5127b5986a7b0ad38a7c644ac0b2bfa92af1c5d6d0b6f6b0dab647af9b39583dbb809b2bb90b2f4ef4ea7e4f238d4bc97bf8fb5c05585e8f799b1a1bd3e654971b4
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n69gspjk.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize1KB
MD5688bed3676d2104e7f17ae1cd2c59404
SHA1952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA25633899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA5127a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n69gspjk.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize1KB
MD5937326fead5fd401f6cca9118bd9ade9
SHA14526a57d4ae14ed29b37632c72aef3c408189d91
SHA25668a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2
-
Filesize
6KB
MD53af8f8ef82fda87b9c0a3a7f680e0d04
SHA11eb9c65c2647a0a34fcfbba8ace69e3733ec47d8
SHA256484099f025d85dd1f88dcfd2d130cbb2940d8d2ad76154a8e3b3a8b97c527b46
SHA512e7e5df2bd58c8392e5381bac9e4be01c5bc25b640a7b323fdac828f3d545c633892a4836cf5ce14916bdbbe479fce88826a18edb57cf781a4b6a77493dbbc8b6
-
Filesize
7KB
MD5fe9dbedaf4f723711fd59a2f6ddef44c
SHA10a3589a19e8ab0a9bb3153ce5adbae33e70f1bac
SHA256b773b408b6241041ddffcff394a2f1bfdc015f2c42b0b7b8adc81dcdf3139f30
SHA512158e87c3496c090a8135b8f5c4dd6ec88242fd4a2da3c1016e08d281e17f5fa1f1005f7b0a7c4f7322fdb41b309074f94ded0dfe8a7b71570e9ca079086410c5
-
Filesize
6KB
MD5999a7a65c44a4392394596051b8ef89f
SHA10749fae3ace476cae8ecc5f3a208049a4a6c28f3
SHA2563c42b72323dfc25db3ecf9d03ec66fa0ab48dad1e5fc2d3032c057ae2f7261d4
SHA5125886b1cee56f5fe80a31d2b8345b7f4ab520d65b573ca4268717cf5d7d1eed7549e9ffaf68338f1fc15367a647576564a43e78a59308bc0ab62f4df2ef4676c6
-
Filesize
6KB
MD5e5d9f65224f64137183c49b34590cca4
SHA1bcdd9d705ebd5cc41cb317c02952ed6b82bdf7fa
SHA256ac8eaa9fcd77bd4a0f5253c6ed2d86a67fae7dea0595dbaf7d49dc07a11f2c47
SHA51207ee26e5bad79582802f98f4f8b08549f438d1a810302378d8a0db462c20e42c8c5797d89e7abbf29f88b29343a82fde12ab70bf17cf69a627d719ffc9423778
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n69gspjk.default-release\sessionstore-backups\recovery.jsonlz4
Filesize1KB
MD5d2af04ed65a5ed88fd1e791438fb2d7c
SHA173b14ff405b2a22f1bce8e38cee623769de9b4c8
SHA256c8c880472b2b0359bacad7bbaec2f5e2fbc90af218d434c1160174fa4d5d5de0
SHA5126a74f45910201ee463ab56d36ad4b16b6fdc2bb3598d9b6dca37410403b1029d3a16e06bdef227f68f5d8348702eeb030b36f237d0a86c9c94cc428c771b83f3
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n69gspjk.default-release\sessionstore-backups\recovery.jsonlz4
Filesize8KB
MD5c3fbf624a309665f2f99cd264c02017e
SHA17664a1a54638b7f8d0f3f6c1d923a8f4aa2da34a
SHA2565ea4a5a39e48713ae546099293ef9f412ed772bdb3c9fe71ecf6f5698f4fa929
SHA512d44ac36a1fa97d57147f2053e0aa2857b1455b19e9c4330507fd6f7b9732741adb5b4d881f68609eccc6746bb3aa20fb07acd41eaa73fb5dc66580acb7d6f916
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n69gspjk.default-release\sessionstore-backups\recovery.jsonlz4
Filesize8KB
MD57e8b5c3df076ddb94861ca973255d17e
SHA1b6df3d492f7077eda6ceccafba4606a39e24736d
SHA2569acc63b83bfc017f62c69257d86b07047bbcb9cfbe4b4dff82205c368472defa
SHA512a4f9889ff55148ed44f4d6796b076386e24014edd5f8368f529530d7dba585a9e2ec9a5d902c909be682c57be6afd6ae20a4b86eb5df3fcd1b78b17944e74caa
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n69gspjk.default-release\storage\default\https+++www.youtube.com\cache\morgue\63\{e5fdd3aa-d6b4-4823-859d-3455bd0b373f}.final
Filesize192B
MD52a252393b98be6348c4ba18003cc3471
SHA140f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA25604cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA51207af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n69gspjk.default-release\storage\default\https+++www.youtube.com\idb\2384382011yCt7-%iCt7-%rde6sdp0o.sqlite
Filesize48KB
MD505a64885256dd27901b409641af2291d
SHA1040b3ec743c0ac4d3baa64a83ac65acff0a84d50
SHA25630ccf91b7e794b91219a304635d92041332db0a867f158d31f7cd35313cf7ff1
SHA512706500da9fa9553cfb0d128c022acb132e15e5f0bc0c9d3b0679d0d152b13a5362bc2a74011160fd11f3cbb4da5e754eea7785a8586277de86ea9278dbf135fe
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n69gspjk.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize184KB
MD5590fae3b076707d35940ee5a857fce36
SHA14c77ca04be9bd4f6605de0d90ed095fc498f2557
SHA25694d8de1f75872cffea65cf2a216119af89f6c08e84aab766e30bd5b96c152093
SHA5124591b8a954ac7fb6e9a1b5f885d320b9d6988b78af0cefe1e2269df5359127bd51031b24ec235a2ab54dc5ba2bbd049347553fcefdb9cc075650d6470de17986
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e