Analysis
-
max time kernel
207s -
max time network
211s -
platform
windows10-1703_x64 -
resource
win10-20240221-en -
resource tags
arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system -
submitted
13/03/2024, 21:10
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://launcher.erafn.org/Era%20Setup%201.0.60.exe
Resource
win10-20240221-en
General
-
Target
https://launcher.erafn.org/Era%20Setup%201.0.60.exe
Malware Config
Signatures
-
Downloads MZ/PE file
-
Drops file in Windows directory 8 IoCs
description ioc Process File created C:\Windows\rescache\_merged\3720402701\2219095117.pri MicrosoftEdgeCP.exe File created C:\Windows\rescache\_merged\3720402701\2219095117.pri MicrosoftEdgeCP.exe File created C:\Windows\rescache\_merged\3720402701\2219095117.pri MicrosoftEdgeCP.exe File created C:\Windows\rescache\_merged\3720402701\2219095117.pri MicrosoftEdgeCP.exe File created C:\Windows\rescache\_merged\3720402701\2219095117.pri MicrosoftEdgeCP.exe File created C:\Windows\rescache\_merged\3720402701\2219095117.pri MicrosoftEdge.exe File opened for modification C:\Windows\Debug\ESE.TXT MicrosoftEdge.exe File created C:\Windows\rescache\_merged\3720402701\2219095117.pri MicrosoftEdgeCP.exe -
Checks processor information in registry 2 TTPs 11 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000\Software\Microsoft\Internet Explorer\Main MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000\Software\Microsoft\Internet Explorer\Main browser_broker.exe -
Modifies registry class 64 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total MicrosoftEdgeCP.exe Set value (data) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 8a49bd548b75da01 MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content MicrosoftEdgeCP.exe Set value (str) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "5262" MicrosoftEdgeCP.exe Set value (str) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\FileVersion = "2016061511" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\ACGStatus\DynamicCodePolicy = 05000000 MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\bing.com MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "0" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8" MicrosoftEdgeCP.exe Set value (data) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "1420" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CRLs MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\ACGStatus MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "395205405" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\Certificates MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\www.msn.com MicrosoftEdgeCP.exe Set value (data) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = 80c0ba548b75da01 MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3 MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000 MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000" MicrosoftEdgeCP.exe Set value (data) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$blogger MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\www.bing.com MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\ = "0" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\NextUpdateDate = "417189238" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DomStorageState MicrosoftEdgeCP.exe Set value (data) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000 MicrosoftEdgeCP.exe Set value (data) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 766d6c3e8b75da01 MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = 01000000a38ac8f4db4a89062da6fa4424c0fbb753eea8f7bfef7fc388478f802c2c14644bba1cb4e05b2db41393ac031ddcbbdf2cf4fc631ca1f2fdc2d8 MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$MediaWiki MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Telligent MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.msn.com\ = "101" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" MicrosoftEdgeCP.exe Set value (data) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Next Rating Prompt = 702e7b1ff185da01 MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" MicrosoftEdge.exe Set value (str) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" MicrosoftEdgeCP.exe Set value (data) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\CIStatus\SignaturePolicy = 06000000 MicrosoftEdgeCP.exe Set value (data) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 MicrosoftEdgeCP.exe Set value (data) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = fee6ba548b75da01 MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "1372" MicrosoftEdgeCP.exe Set value (data) \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$WordPress MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\Certificates MicrosoftEdge.exe -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
pid Process 5180 WINWORD.EXE 5180 WINWORD.EXE -
Suspicious behavior: MapViewOfSection 14 IoCs
pid Process 424 MicrosoftEdgeCP.exe 424 MicrosoftEdgeCP.exe 424 MicrosoftEdgeCP.exe 424 MicrosoftEdgeCP.exe 424 MicrosoftEdgeCP.exe 424 MicrosoftEdgeCP.exe 424 MicrosoftEdgeCP.exe 424 MicrosoftEdgeCP.exe 424 MicrosoftEdgeCP.exe 424 MicrosoftEdgeCP.exe 424 MicrosoftEdgeCP.exe 424 MicrosoftEdgeCP.exe 424 MicrosoftEdgeCP.exe 424 MicrosoftEdgeCP.exe -
Suspicious use of AdjustPrivilegeToken 9 IoCs
description pid Process Token: SeDebugPrivilege 3124 MicrosoftEdgeCP.exe Token: SeDebugPrivilege 3124 MicrosoftEdgeCP.exe Token: SeDebugPrivilege 3124 MicrosoftEdgeCP.exe Token: SeDebugPrivilege 3124 MicrosoftEdgeCP.exe Token: SeDebugPrivilege 3688 firefox.exe Token: SeDebugPrivilege 3688 firefox.exe Token: SeDebugPrivilege 3688 firefox.exe Token: SeDebugPrivilege 3688 firefox.exe Token: SeDebugPrivilege 3688 firefox.exe -
Suspicious use of FindShellTrayWindow 63 IoCs
pid Process 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe -
Suspicious use of SendNotifyMessage 61 IoCs
pid Process 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe 3688 firefox.exe -
Suspicious use of SetWindowsHookEx 15 IoCs
pid Process 1472 MicrosoftEdge.exe 424 MicrosoftEdgeCP.exe 3124 MicrosoftEdgeCP.exe 424 MicrosoftEdgeCP.exe 3688 firefox.exe 1536 MicrosoftEdgeCP.exe 5180 WINWORD.EXE 5180 WINWORD.EXE 5180 WINWORD.EXE 5180 WINWORD.EXE 5180 WINWORD.EXE 5180 WINWORD.EXE 5180 WINWORD.EXE 3536 MicrosoftEdgeCP.exe 1536 MicrosoftEdgeCP.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 424 wrote to memory of 4072 424 MicrosoftEdgeCP.exe 79 PID 424 wrote to memory of 4072 424 MicrosoftEdgeCP.exe 79 PID 424 wrote to memory of 4072 424 MicrosoftEdgeCP.exe 79 PID 424 wrote to memory of 2648 424 MicrosoftEdgeCP.exe 80 PID 424 wrote to memory of 2648 424 MicrosoftEdgeCP.exe 80 PID 424 wrote to memory of 2648 424 MicrosoftEdgeCP.exe 80 PID 3048 wrote to memory of 3688 3048 firefox.exe 83 PID 3048 wrote to memory of 3688 3048 firefox.exe 83 PID 3048 wrote to memory of 3688 3048 firefox.exe 83 PID 3048 wrote to memory of 3688 3048 firefox.exe 83 PID 3048 wrote to memory of 3688 3048 firefox.exe 83 PID 3048 wrote to memory of 3688 3048 firefox.exe 83 PID 3048 wrote to memory of 3688 3048 firefox.exe 83 PID 3048 wrote to memory of 3688 3048 firefox.exe 83 PID 3048 wrote to memory of 3688 3048 firefox.exe 83 PID 3048 wrote to memory of 3688 3048 firefox.exe 83 PID 3048 wrote to memory of 3688 3048 firefox.exe 83 PID 3688 wrote to memory of 3984 3688 firefox.exe 84 PID 3688 wrote to memory of 3984 3688 firefox.exe 84 PID 3688 wrote to memory of 4756 3688 firefox.exe 85 PID 3688 wrote to memory of 4756 3688 firefox.exe 85 PID 3688 wrote to memory of 4756 3688 firefox.exe 85 PID 3688 wrote to memory of 4756 3688 firefox.exe 85 PID 3688 wrote to memory of 4756 3688 firefox.exe 85 PID 3688 wrote to memory of 4756 3688 firefox.exe 85 PID 3688 wrote to memory of 4756 3688 firefox.exe 85 PID 3688 wrote to memory of 4756 3688 firefox.exe 85 PID 3688 wrote to memory of 4756 3688 firefox.exe 85 PID 3688 wrote to memory of 4756 3688 firefox.exe 85 PID 3688 wrote to memory of 4756 3688 firefox.exe 85 PID 3688 wrote to memory of 4756 3688 firefox.exe 85 PID 3688 wrote to memory of 4756 3688 firefox.exe 85 PID 3688 wrote to memory of 4756 3688 firefox.exe 85 PID 3688 wrote to memory of 4756 3688 firefox.exe 85 PID 3688 wrote to memory of 4756 3688 firefox.exe 85 PID 3688 wrote to memory of 4756 3688 firefox.exe 85 PID 3688 wrote to memory of 4756 3688 firefox.exe 85 PID 3688 wrote to memory of 4756 3688 firefox.exe 85 PID 3688 wrote to memory of 4756 3688 firefox.exe 85 PID 3688 wrote to memory of 4756 3688 firefox.exe 85 PID 3688 wrote to memory of 4756 3688 firefox.exe 85 PID 3688 wrote to memory of 4756 3688 firefox.exe 85 PID 3688 wrote to memory of 4756 3688 firefox.exe 85 PID 3688 wrote to memory of 4756 3688 firefox.exe 85 PID 3688 wrote to memory of 4756 3688 firefox.exe 85 PID 3688 wrote to memory of 4756 3688 firefox.exe 85 PID 3688 wrote to memory of 4756 3688 firefox.exe 85 PID 3688 wrote to memory of 4756 3688 firefox.exe 85 PID 3688 wrote to memory of 4756 3688 firefox.exe 85 PID 3688 wrote to memory of 4756 3688 firefox.exe 85 PID 3688 wrote to memory of 4756 3688 firefox.exe 85 PID 3688 wrote to memory of 4756 3688 firefox.exe 85 PID 3688 wrote to memory of 4756 3688 firefox.exe 85 PID 3688 wrote to memory of 4756 3688 firefox.exe 85 PID 3688 wrote to memory of 4756 3688 firefox.exe 85 PID 3688 wrote to memory of 4756 3688 firefox.exe 85 PID 3688 wrote to memory of 4756 3688 firefox.exe 85 PID 3688 wrote to memory of 4756 3688 firefox.exe 85 PID 3688 wrote to memory of 4756 3688 firefox.exe 85 PID 3688 wrote to memory of 4756 3688 firefox.exe 85 PID 3688 wrote to memory of 4756 3688 firefox.exe 85 PID 3688 wrote to memory of 4756 3688 firefox.exe 85 PID 3688 wrote to memory of 4756 3688 firefox.exe 85 PID 3688 wrote to memory of 4756 3688 firefox.exe 85 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\LaunchWinApp.exe"C:\Windows\system32\LaunchWinApp.exe" "https://launcher.erafn.org/Era%20Setup%201.0.60.exe"1⤵PID:916
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1472
-
C:\Windows\system32\browser_broker.exeC:\Windows\system32\browser_broker.exe -Embedding1⤵
- Modifies Internet Explorer settings
PID:5116
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:424
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3124
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4072
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2648
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3048 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3688 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3688.0.1194543511\2009278722" -parentBuildID 20221007134813 -prefsHandle 1684 -prefMapHandle 1652 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d6419e4-04ec-495e-b9c2-f3f3514e385e} 3688 "\\.\pipe\gecko-crash-server-pipe.3688" 1764 16904ad9458 gpu3⤵PID:3984
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3688.1.769241576\1198825132" -parentBuildID 20221007134813 -prefsHandle 2092 -prefMapHandle 2088 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef0d3af4-40b2-4356-aa91-7865db63f0a8} 3688 "\\.\pipe\gecko-crash-server-pipe.3688" 2120 169049f9558 socket3⤵
- Checks processor information in registry
PID:4756
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3688.2.643172599\1698720007" -childID 1 -isForBrowser -prefsHandle 2804 -prefMapHandle 2820 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1c20042-749f-4243-aab6-73da5ab16052} 3688 "\\.\pipe\gecko-crash-server-pipe.3688" 2832 16904a5a458 tab3⤵PID:3392
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3688.3.1480931294\1119261489" -childID 2 -isForBrowser -prefsHandle 3472 -prefMapHandle 3468 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {70176562-bb52-42ad-99dd-57133e369d6f} 3688 "\\.\pipe\gecko-crash-server-pipe.3688" 3480 169074a5458 tab3⤵PID:352
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3688.4.2131319750\2057244639" -childID 3 -isForBrowser -prefsHandle 4152 -prefMapHandle 4068 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {31fa4d90-5791-498b-ad90-9834e033b919} 3688 "\\.\pipe\gecko-crash-server-pipe.3688" 4164 1690a0cd758 tab3⤵PID:5308
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3688.5.675363895\26253040" -childID 4 -isForBrowser -prefsHandle 4920 -prefMapHandle 4916 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bef0ca2d-1e6d-4534-b71b-3bc532dbc6e1} 3688 "\\.\pipe\gecko-crash-server-pipe.3688" 4928 169093c2758 tab3⤵PID:5764
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3688.6.1932514136\1706431678" -childID 5 -isForBrowser -prefsHandle 4864 -prefMapHandle 4852 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e57c7743-3c5f-4d6e-aa9d-28c4c6ef2104} 3688 "\\.\pipe\gecko-crash-server-pipe.3688" 4840 1690aecb258 tab3⤵PID:5772
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3688.7.1751842126\901480648" -childID 6 -isForBrowser -prefsHandle 5152 -prefMapHandle 5156 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d162f27-a494-4ecd-a644-0c3afc6d3e6b} 3688 "\\.\pipe\gecko-crash-server-pipe.3688" 5144 1690aecbb58 tab3⤵PID:5780
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3688.8.944022295\305326936" -childID 7 -isForBrowser -prefsHandle 5596 -prefMapHandle 5592 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c94927a3-fc39-4220-beae-419aacab4c2e} 3688 "\\.\pipe\gecko-crash-server-pipe.3688" 4876 1690ce52e58 tab3⤵PID:5172
-
-
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1536
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5056
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:5580
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Documents\These.docx" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:5180
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3536
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
PID:6112
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
PID:5316
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
PID:5916
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
74KB
MD5d4fc49dc14f63895d997fa4940f24378
SHA13efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\cswg9rdm.default-release\cache2\entries\16B86C1965EC3363A01A5EAD675BE76E6DED9A57
Filesize59KB
MD50d596abce928533c3fde246f21df3786
SHA1326d01209fd751f1a142ef2beb52578db4074192
SHA256e57a061d369edaa8181cac1dfa34ddb8fa9522ea2cd6cacaea4c9e32259f8428
SHA5126f4118a362e61ee6086e1ed789b70170d660524b6d493539fe92e1179687ef5337c286bf5318cc6c58a5c603fc1aa93dd8a70cfb0c758e56dd807acd329591b4
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\C5IGVFPC\9MqrCXB0EVjVIRzDOArDGhu3yeM.br[1].js
Filesize1KB
MD556afa9b2c4ead188d1dd95650816419b
SHA1c1e4d984c4f85b9c7fb60b66b039c541bf3d94f6
SHA256e830aeb6bc4602a3d61e678b1c22a8c5e01b9fb9a66406051d56493cc3087b4b
SHA512d97432e68afdaa2cfaeff497c2ff70208bd328713f169380d5afb5d5eecd29e183a79bec99664dbee13fd19fe21ebae7396315ac77a196bfb0ab855507f3dacf
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\C5IGVFPC\fRSNKQanUHk53F1a1Bi8UA71Qt4.br[1].js
Filesize289B
MD59085e17b6172d9fc7b7373762c3d6e74
SHA1dab3ca26ec7a8426f034113afa2123edfaa32a76
SHA256586d8f94486a8116af00c80a255cba96c5d994c5864e47deac5a7f1ae1e24b0d
SHA512b27b776cb4947eef6d9e2a33b46e87796a6d4c427f4759c08cf5aa0ee410a5f12e89ca6ab9cddd86c8471037e3c505f43c8b7fc6d8417f97f9fe3c5c47216bc4
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\P1VV82OS\tlifxqsNyCzxIJnRwtQKuZToQQw[1].js
Filesize1B
MD5cfcd208495d565ef66e7dff9f98764da
SHA1b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
SHA2565feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
SHA51231bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\RRM5UPGU\Y26LIcmRz0EdnBtSjtN2P4pbrp4.br[1].js
Filesize7KB
MD5b3ca28114670633e5b171b5360bb1696
SHA1683f2fb3d4b386753c1f1a96ede3ca08547f0e02
SHA256a8b7da1f71211278c07582aef2f3f2335b7de5076e5708db6e868ee6cd850490
SHA512bf71ac8f59653b8035c1fb8555b53371610ae96c1a31e7bee02b75deb8e46c68b46a29dae360c579bcf9ab051f5218edbd075567b99a9fb894e7c50251676677
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\4VJCJQP9\www.bing[1].xml
Filesize97B
MD53df79986b763dd08d02f868415f88e78
SHA14a2f46163a887299abc5aa7ca7c3536ae5d4c51b
SHA25612d6f3a730aa91d26c024970fcfca03e0bf69791ff83d2916969946725bd2bac
SHA51210bb83161de108d68b6fef91b5f5be9eb6b46c4b4e182145c60adb4606169e1e47cd4cfae488d9b7c0c65bb8bc01ea6d024e6a490db3c898e390008d6b553a94
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\G2WQRY1G\suggestions[1].en-US
Filesize17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\WL8BR2GA\favicon-trans-bg-blue-mg[1].ico
Filesize4KB
MD530967b1b52cb6df18a8af8fcc04f83c9
SHA1aaf67cd84fcd64fb2d8974d7135d6f1e4fc03588
SHA256439b6089e45ef1e0c37ef88764d5c99a3b2752609c4e2af3376480d7ffcfaf2e
SHA5127cb3c09a81fbd301741e7cf5296c406baf1c76685d354c54457c87f6471867390a1aeed9f95701eb9361d7dfacce31afd1d240841037fc1de4a120c66c1b088c
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\C5IGVFPC\Era%20Setup%201.0.60[1].exe
Filesize335KB
MD5f5d107e79cfd63671f178b4dfe445522
SHA1092b2bcbc145b6deb5ef9e9e2315ee720cc861a6
SHA256b4f9f036edf2d3be5c60d8578333912a9efdffc05ebefaab8a3ef3cf74488a9d
SHA5125e2a4e254da10f9769f6511a33a528da04804d659335c0f1ccbacd0f120e84e0b37c51a181b3df3126aa8cf319fa5ac03d6f93e27d830b6ee296d101b14d0316
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\DLGQTMD4\55a804ab-e5c6-4b97-9319-86263d365d28[1].json
Filesize5KB
MD546ee78c94150df13398d0517a789cf5e
SHA18d827947d19e920d1b6058baf7d641c5ba0b70de
SHA256d8b70c9603b72404d8436aa9e4528f01e1dc45aef7834046d321b1f0a543dd08
SHA512cc499b8e50e008530e67c8d8c06cc8c9b8facf71eb851f63855d2a180a00e6773b666efced032f93e68be048563c5d0d575274254583310c89a9e7a11f46c1f4
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\HDF0UTNK\en-gb[1].json
Filesize105KB
MD56771959b1d2641b851d0f78f3671ba4d
SHA10e2645a2126060a1c51bc79467e7b9de72d60026
SHA256dafd9a3e05dc008436eb905af646f09515f79ec85def28b06516ac3d783a13dd
SHA512b1e8c041310f62d3f24304193ba3969f53e12299b49859abe072b8a4232d5eda2690ec6d848f06c2e80d902e53f499b6370e394830b1d676e61cb43c0a1cb7af
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\HDF0UTNK\iab2V2Data[1].json
Filesize513KB
MD5881ec6225d5d7d580dfeb205090a18be
SHA1029dfe5644f15aa579ee1c2d13be96d53bcfdf67
SHA2562d7455ab0cff7db7ab52eccb124284603dd0e86e77569d9daf94fe8b6a17b75a
SHA5123e45df2392828dc4632026f257fde24e4eb703bf64083733bb4f50d70ffb4ea0e186c0f6dc6957e783471719bebcded0da962b96515e410aa6dcd961fd7354e5
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\HDF0UTNK\otBannerSdk[2].js
Filesize426KB
MD59407efa17b9fa09288ff833eeb111cc7
SHA14fba1d46d43eeaeff48b8493245e5cda953285c8
SHA2569cfaaf4e24c9a20159123c632711d2cbb98854a66ab659a5c24373633f180d4a
SHA512f864566e20f37099463b4bb39665a52293402d293f9bdbccdac3b6cda7db41f91ce79c34786129f84c822f2c35a7a0976060fcd97271dd27685e4f6255f70b0a
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\MH7TW64X\otSDKStub[1].js
Filesize23KB
MD504a736599abd9d35460f225bdd4d2c6b
SHA1f3a6c5e12a6862451d6a457230a506ce0dbd4007
SHA2568dab3ce341beacb7483049495e317f00aad8ec7d960f98f2619536fb8f2f75f1
SHA512a30d77969ff900e42f743bbbc44ff76a7c6abfba0641ebba1e8e93df72e8b232b774daa105252ecf52042bc6a995bbce17f9e91b2343f844776adc40967adccc
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\V19XC5R6\otTCF[1].js
Filesize38KB
MD5ccc7bdfd4fec43bb4e2ee254705af6f9
SHA19a2a188ff810fd0f025266d2b65f448a5ca84181
SHA2560881d43075354250e7ca66af2628b7f894bca339f73be5add8c16e166d253708
SHA51293e7b2cf7c54dda5bacede673dee2829335642aca27eb36afc4a117ee38e00bbc2ee801d751c7af5cbd1c31d0fb92643a862ca710f243e4e9fe64027fa0e39b0
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\AUG1ZHXV.cookie
Filesize448B
MD56a90fbb84c3962c3ccd3b563b9c3b567
SHA16f6d66b84b5859481d4a285e11361c45e59de6be
SHA2569d0c5dff26bb1b09a5c0dc0b124e84846f441762a2de5990853da52deb7a3882
SHA512b1b27de26dae9ed8e44541e7892862640464d1c86fd5d66149c32399ba06b9f52636e6a4ae23ab5247261515159bf8f4bde9119470db6a98454f0b57e74c293c
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\L4CGQ6TQ.cookie
Filesize521B
MD53c0ec5e3b8f6d38b64acaa95640684b2
SHA142c0ac2429bb878bc56ab2aedaed8886a88d4744
SHA256725ad3aca49348912b179d7401fbcc16fdc9a556faefd417b13a59b4836e2d20
SHA5120e0169acabd516077055f52558268a3d5447c1ce4432e942926e5c319e75048bd87faf23b6639e05a812a4dbaef9a8023c8669f3d26e820f44fc74176214de6d
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\RVW2GAOQ.cookie
Filesize439B
MD598ab6cd74e394ca00d330f505fd16bf3
SHA17d3134997248fdb23ddfed3afef2f3b22c594729
SHA256bb01b8a66c36741ff5e02eb87226c6f6dcb67f9826101f129158de2641b23786
SHA512b1294ca61b7861695d39c34dced2377fe287bb24dd58d50a8eb36d8c2384a4d59c867236bb5fb4b49145ae62a56d2d81287dc3b960ecac603625a0332991a847
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\Y05IXII8.cookie
Filesize448B
MD55c1a964a031a58e641698d5cc9e045c6
SHA14036515aecbc05da6457d229fed65e3ac99cf985
SHA256a70ba4e0c369350ac0d210570c8d15815381594bc2883f0a22f54eff0d239b62
SHA5127beeb8062c62774bb15f4dcfa635e48988060c51f0459953b6baba495290b89732176973cd6a40eeaea5de1ee07ab5806b36a16227b5f2ac78ae437ebeb65072
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\YFPZ1S3A.cookie
Filesize448B
MD57db78f6fad892b50cf36af213cecdf03
SHA112cc045e2381ce9f1d84b21385cf40403783eabb
SHA25620069711946d6d2f998a90979733ab712485e8382ddfc683ab6f09d6db965307
SHA512ec8d079cea1b953632d7c5853337ba1f9c34cd004cdb0b660a93c9aa954361f7ab6024d746550e6b155e2c804b994c94956aa37e5801e755d4bfe06016876011
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\ZQCXM0CZ.cookie
Filesize555B
MD5d9662fe9d6b43b03dd58e56cc9db787b
SHA1df393f6cb0a987a05824d111423fc43e1eb01c2f
SHA256b9638f3896b1c79b4054a2bd8a3f8b6d33d0e261143545e6f872c712a397193c
SHA5127410465194e51ee54af24f7c3b4d1f005909f45319d286e7e35ef930276dd5793dc825e7f950aa63ad6d5d9d312784a021ca072a9c7c0e87132c61f4b5515816
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\34I1T0U6\www.msn[1].xml
Filesize285B
MD56167fb517bc280f4ce3ae0619b892fc9
SHA1b37eb32f91169db741bbd18aebcd6835e4d12851
SHA256ce5e283a2785663188466dd71c863bab88410817f8653713547a2dad013f29ee
SHA512822ba16f311b5f9887a0d29de508fd4730eb9b95b6cd24c40b042f8805684e7fd3ab5e2aa7f79f042e8ac1f323e44528a4314c6eeff11eb08c55194e56189ff6
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\34I1T0U6\www.msn[1].xml
Filesize485B
MD5d8f4fd00e4d824d49dd413c33c6a6c4c
SHA148f934d680e0866463ae9822f3019f9dae8ffd6b
SHA25644b67364bc4865ab9a771691f27792a1e21372d77c4f569504e3002b6d8bcc92
SHA5121041071a3a46424654f53ec773db25d41389208b8b95d4faf5df79dcbc10776b9b541c728f3ff4412180a5850d2d0e8fd033cfff2177497c9d641816b6fcf7ab
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
Filesize471B
MD5157cbfd1f273fe6a0866d8849188bfb2
SHA1d01401b44a43abd5b1f45774b1de478cb1fbacf3
SHA25618e29ce8d8fd37be968726ee4cf2945b4fe417b0e5bb9135f518b2cc10a7058d
SHA5128bcd3f9f889a9f54089c8f806b09fee97b954fa9db224b5384dd103216e63aee65d3573b087806d344f9cb2efee9e4133263777614e5a278d3b705f851b81a14
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A
Filesize471B
MD5c9697cd23866882247170285e455c133
SHA18edd9988deb80c6f249b05a2c8ebbf990ca4c686
SHA25646ec47c20b3fe355b28a640aa0898677d8d05c1f0ab5054e7eba8b7ebf5a6ef2
SHA512442f50f092b36e9a28b30710fe83b7e8d3e35c998b114311caf7d7f37467caa7bd251e04fe9f2e77ee91f0419d9856f5d5d28f01ef61b6cf15a1f4edce3ed679
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
Filesize412B
MD59084dad88089a02538c5be14995099ba
SHA1dee8c285f6e32ad4cbc71a8109c611329bb239dd
SHA256ccb91be3f7b4d2ae9e2a6403766b16cd9153d5cfed333a83776d5745183033c0
SHA5124bf3b2d2b6838d52d85d5adfe7ca658b382d9338075946ded956ef4decb98c06022bacd8845493598993eb15a692237dfbf8bff407bedb03ab2b3e5c3c48f583
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A
Filesize412B
MD5aa28d14a1522c8ff3ea5a17746c80e59
SHA1a547c1c7913288e0a301b5f6640cbc3b0086a883
SHA25610567649120777b47ff8dfad044de8c2eadec307887b7cb2ab7132cac18c1439
SHA512b09525cec575f69dc5ca11bc6b2b474a00100b2b617837b28c35a694179781a40fc18fbd6f13bba71b0e2dff0b3ad16c942f01eacbcd3801621767cbe2b210ee
-
Filesize
224B
MD5e66d36cbcfd69fdf8db6e5c649137ef1
SHA1c1ce08cca33347fe58f95f78f61c31ac6501f511
SHA25615376656ff62df570727bcac73caf451fbe0599729bb4bf648b5e65b3e97f5f4
SHA51278a8c44885ce2f1a035a3075a50027d6eff5c1adbc4d4d134880b1aced5e5d0f70fb6ca8cb037327ec4890a392b3be84eb85c72f38d4cfac985afab64b7c81bc
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\datareporting\glean\db\data.safe.bin
Filesize2KB
MD5c0a991d6ff5bf4cdd80efa0b89380d85
SHA1cc23f1b7a7cf5b9c3c653ce26dee241cea211314
SHA25621d4f0365009e8da8df0cf1202ddd60560fbece93aa6d34d6bc92a734faf05c6
SHA512a0c065e2525eddf53b91173cc71813e2d3168635e488c0f19b39c908fa29e9b32848cb093c94099ae1d38d74bcdacaab53db6f88080479f8e1c4bb510ca7529c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\datareporting\glean\pending_pings\81c393df-3469-4280-a021-aaae18ff2ef1
Filesize746B
MD5d9c2dbc4d3cf1c108a6f1be9ae942b55
SHA1fe812e846c6b388e0cfc72331ad1d21e92996374
SHA2560fe474742aa688af691061703bca0fb7df514869798c25b72143c50b8e8b885b
SHA512fc4ff79e385cba745229f93b9cac9eaa26140c3c91700b7af81a5eb00a5474f57bc84f39ca4067c1fc754307fa301a4347b13f5d79cdf7bd984f35f2e5030e73
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\datareporting\glean\pending_pings\cd87b071-a622-4aae-8ac9-ae8a7fe58c4a
Filesize11KB
MD5faf4a27e90d2439ba9d6d044d5f5ff83
SHA1cc5194c12cd569b99630d01d36e20b6f7dff9316
SHA256aa20e09f968d178859f432a6e2b650b32fad25a11b4afc8e586e5ead8a3a746e
SHA51283b999ed7ac29d2b3bf0d65d80e698d5cdd4d0e45a1636c3fe7ea9ce24f48689705f8e7746e79304565ab29626736e2cb39717ef52d7e604cd67f26b9e0eb7af
-
Filesize
6KB
MD5caafe69a9b88bdd42427d13c9465113e
SHA1dbe8c5cc6973641afc7594e1133a688239c6c668
SHA256f2f1190ea84650906e2a09c33b0549b10fa05605b1a0c32383a84287a3304812
SHA5120bde88938d77634385cbafbb68c89a2781afb58121e22b74242b74e8a54ab9ebc9f2b41b6531f7cf44cbc0f2ce69b05f8d555efbe2ecfb8914f5c9a79c58b1f7
-
Filesize
6KB
MD5cdbcaae2450918f2419b36acc6e6fb96
SHA1825e5bc520e12130375ff6f9fd80b83a0b855aac
SHA256373c7cc238aa3c3f39564277b73e83e0c900e593b1ecd09c5d7367749ecabfba
SHA5120d652a691140367426f3ec63778a990b8b14c6d865a4924e14ebcc82ba90889d388d5226af435b540c9d8593a0dc53e1cf4c0c2ed2c6983b16d2365c18ca6878
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\sessionstore-backups\recovery.jsonlz4
Filesize3KB
MD53c1e332907f453b17435b3267b632425
SHA152b4b2905d0fe42e49f55323dfeed3c1b69a7e48
SHA256d1fbf22805339bcb91f290b60eb8961c827a150d294a43db5030638a563d0893
SHA51271b89469b0dcd8e3652939a209455f16ad28c444c1b46191ecdb73b5851ee413cf29e61886da65c1cfdf8225970a5c136607e9d2584d7a9c703f38567d4d3100
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\sessionstore-backups\recovery.jsonlz4
Filesize4KB
MD5229c1a0b26519ed2bd78175fd507f423
SHA15808730737c6b785ec7ef0e4cb473986b73f7cc2
SHA256311b7d4daebd6930ea8d75d1ea71ed4c990eae7510e966d792df3b1de5f54c33
SHA5127a72c61c48d131a2b82855d11d3994c01d5f49344d9bce86213200da3da6e35b0cca868d314bbcd0c9f6b64f10563b9212be3ca141477fef6f46f3ad418d1ed8
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\sessionstore-backups\recovery.jsonlz4
Filesize4KB
MD5878f09accdd424c9d6c11e174f90e17a
SHA1765447ce52984896cb42b99fcc5265278afe314a
SHA256cce8374820308f07c7924542acb3490ac21fabceecd82c5c6c2ddd793f2336dd
SHA512ec2a89046ecc9f5a8b79d9ef6a14b9a12deff71ef55c8489fb78efdcf28081c8d1a64db6351323d8c74ada318b2f018a6df8234c719520ed717418f9907225ce
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\sessionstore-backups\recovery.jsonlz4
Filesize4KB
MD57b09ba1e7ec697cbce9694aedc6ac35f
SHA1d89ee24996f9319d591b560c361c21ae228bb6a7
SHA256af2c426f36d9c7abcc671a145e41d64370c60cedd0b09e187c9f749810805682
SHA512387e92d8e8874521cae53b477bb6427722aba9f477c21da68f1637840687fd089596bcb88a62ef906387facf77c2e2799155362084243a655b026f3e6f64690a
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\sessionstore-backups\recovery.jsonlz4
Filesize4KB
MD563194759f348d7c047ed8bbf1474bb5e
SHA1c0c5ff6377562d4dec979d19e64054ea8b5340b7
SHA25677c3a6d94f29a1ad533d13f87e1a857b852f1a9aed1e05db615a83050922d003
SHA512e7d7ae62b23c8a1cac1ef12229b888b1d963dd08f5d33ad49dca411854d3d1737c4871296937840d5c5a32a2aa1a2d09b1642333b493ef8a141ee7712ea18881
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\sessionstore-backups\recovery.jsonlz4
Filesize4KB
MD521578dbf0fd53b5a129c40334bdd0744
SHA10484fbb58b1018b1deaa604058f1758f0a95e437
SHA25673145cdaae3c28ca01e9230cf3685b781a703a145100c6a781175e4e231b11e4
SHA51280a9ef1d2c083ab9e249714c18bfbf8bcdd45a32239f49f82be9cdb3bad7859675ea47606438aef33fd73b2b89952ffbdbecc451ff62f8b0cedd34ae2a157aa3
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\sessionstore.jsonlz4
Filesize4KB
MD5d7986e4c76c512d4d36d767417129865
SHA170b680b0b17a8dd0bb20c7d32a1465f765499c31
SHA256385d86120ae6062e092c5e10832765a57b0a7247c8b9df2ea3f554d1f225889f
SHA5126979244dddc90e089b15bf94728d408fcc302983a7ff4ef6d65f9b9940b93fdc66f6343af659a646741f22928e17bb37ca0f156158615ed570c3ccfbe9f15156