c88161c58bfec207c4a9da9598d24a6a4cdc83e81a123bf3c38c188f03bfad62

Resubmissions

28/08/2024, 00:19

240828-amfylaxhja 1

28/08/2024, 00:19

28/08/2024, 00:04

28/08/2024, 00:01

27/08/2024, 23:49

27/08/2024, 23:36

Analysis

max time kernel
668s
max time network
670s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
27/08/2024, 23:49

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

jsm_sas.rbxm
Size

592KB
MD5

8868b47dca5975929f896e93d0c7d52c
SHA1

65783e973c97fd74d9d4ae131a77edb5e69ab909
SHA256

c88161c58bfec207c4a9da9598d24a6a4cdc83e81a123bf3c38c188f03bfad62
SHA512

e8388afb220b48d9a6fa8d32cc652258307ddfb39fdfcf5e9d5a631f23ff6ab005c3be371d1d2e015e1db8a4fa1b5cf306e52f4f77c075da58316aaa245223f3
SSDEEP

12288:WLaIb4s0L6cI58hGQDcrPyavp7R1R0Fb7ptJLZilvQbp:WLaV1e0cPyE7R1wb7o8

Score

7^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
6196	Free YouTube Downloader.exe
4200	Box.exe
6612	Box.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Windows\CurrentVersion\Run\Free Youtube Downloader = "C:\\Windows\\Free Youtube Downloader\\Free Youtube Downloader\\Free YouTube Downloader.exe"	[email protected]

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
333	raw.githubusercontent.com
334	raw.githubusercontent.com
335	raw.githubusercontent.com
365	raw.githubusercontent.com
366	raw.githubusercontent.com
332	raw.githubusercontent.com

Drops file in Windows directory 18 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File opened for modification	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.exe	[email protected]
File created	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.ini	[email protected]
File opened for modification	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe	[email protected]
File created	C:\Windows\rescache\_merged\4183903823\2290032291.pri	taskmgr.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File opened for modification	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe	[email protected]
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	taskmgr.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File opened for modification	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe	[email protected]
File created	C:\Windows\rescache\_merged\1601268389\715946058.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Box.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Box.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 27 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003d1ebb87e545ec43bf2f6d6129b9097000000000020000000000106600000001000020000000f5c324f48ce82309d47a73ebed67b7c73c9fded1f937bbd42fc4b8ff0e78afc3000000000e80000000020000200000005ea40559e3b929450c4d748215001792ba031b03861cca1ad25a9bea7024cb10200000000b21530516f127f1c4812e7f849cea3b4d18efb4af46347ba56eaf7e08182675400000000f44b8e724673e30692f50af54eef8051b8b1858a98b1f0abdc53dd59dab744435a44e059427115597c0465ec89370fe2ee413e5a502909b0ba6108f30cc35ac	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003d1ebb87e545ec43bf2f6d6129b9097000000000020000000000106600000001000020000000a9e7ad72262a01dc0720056ad127e581376eacee4647a42e243a98f595e1c9d3000000000e80000000020000200000002e798df093f38c3eca374a6230715fc975d65a0c060f09ee4e9a4c27cc1973f220000000bb5ae3276b646e827b405201ec5bc952275856aa4976507347c8c302d8319224400000008874a69dc22cf76f5b58c2aa4ea89c290b3fb701d964b28673670d9a9dcff2d7f2870da8a22104107667c99b4abda429df7834a8c236b1e58ff2e857db9ea6a0	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0B062FFF-64CF-11EF-A2FF-D68C0A96CA30} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 2039dedfdbf8da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20aae0dfdbf8da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "1"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133692762070062539"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\bing.com\Total = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$blogger	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLsVisitCount\url5 = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 7544d553dcf8da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "268435456"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "650"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url5 = "https://login.live.com/"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "3582"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 3fa04b1adcf8da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 5f901e1bdcf8da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = f855114ddcf8da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\FileVersion = "2016061511"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "27722"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "957"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "856"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\www.bing.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "658"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "610"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpCleanupState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "23"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\FakeActivation.zip:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\Popup.zip:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
4548	mspaint.exe
4548	mspaint.exe
3992	chrome.exe
3992	chrome.exe
6768	taskmgr.exe
6768	taskmgr.exe
6768	taskmgr.exe
6768	taskmgr.exe
6768	taskmgr.exe
6768	taskmgr.exe
6768	taskmgr.exe
6768	taskmgr.exe
6768	taskmgr.exe
6768	taskmgr.exe
6768	taskmgr.exe
6768	taskmgr.exe
6768	taskmgr.exe
6768	taskmgr.exe
6768	taskmgr.exe
6768	taskmgr.exe
6768	taskmgr.exe
6768	taskmgr.exe

Suspicious behavior: MapViewOfSection 19 IoCs

pid	Process
1492	MicrosoftEdgeCP.exe
1492	MicrosoftEdgeCP.exe
1492	MicrosoftEdgeCP.exe
1492	MicrosoftEdgeCP.exe
1492	MicrosoftEdgeCP.exe
1492	MicrosoftEdgeCP.exe
1492	MicrosoftEdgeCP.exe
1492	MicrosoftEdgeCP.exe
1492	MicrosoftEdgeCP.exe
1492	MicrosoftEdgeCP.exe
1492	MicrosoftEdgeCP.exe
1492	MicrosoftEdgeCP.exe
1492	MicrosoftEdgeCP.exe
1492	MicrosoftEdgeCP.exe
1492	MicrosoftEdgeCP.exe
1492	MicrosoftEdgeCP.exe
1492	MicrosoftEdgeCP.exe
1492	MicrosoftEdgeCP.exe
1492	MicrosoftEdgeCP.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe

Suspicious use of AdjustPrivilegeToken 42 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeDebugPrivilege	4792	firefox.exe
Token: SeDebugPrivilege	4792	firefox.exe
Token: SeDebugPrivilege	5188	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	5188	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	5188	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	5188	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	5500	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	5500	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4792	firefox.exe
Token: SeDebugPrivilege	4792	firefox.exe
Token: SeDebugPrivilege	4792	firefox.exe
Token: SeDebugPrivilege	4792	firefox.exe
Token: SeDebugPrivilege	4792	firefox.exe
Token: SeDebugPrivilege	4792	firefox.exe
Token: SeDebugPrivilege	4792	firefox.exe
Token: SeDebugPrivilege	4792	firefox.exe
Token: SeDebugPrivilege	4792	firefox.exe
Token: SeDebugPrivilege	6768	taskmgr.exe
Token: SeSystemProfilePrivilege	6768	taskmgr.exe
Token: SeCreateGlobalPrivilege	6768	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4720	iexplore.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
6196	Free YouTube Downloader.exe
4200	Box.exe
4200	Box.exe
4200	Box.exe
4200	Box.exe
4200	Box.exe
4200	Box.exe
4200	Box.exe
4200	Box.exe
4200	Box.exe
4200	Box.exe
4200	Box.exe
4200	Box.exe
4200	Box.exe
4200	Box.exe
4200	Box.exe
4200	Box.exe
4200	Box.exe
4200	Box.exe
4200	Box.exe
4200	Box.exe
4200	Box.exe
4200	Box.exe
4200	Box.exe
4200	Box.exe
4200	Box.exe
4200	Box.exe
4200	Box.exe
4200	Box.exe
4200	Box.exe
4200	Box.exe
4200	Box.exe

Suspicious use of SendNotifyMessage 58 IoCs

pid	Process
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
6196	Free YouTube Downloader.exe
6768	taskmgr.exe
6768	taskmgr.exe
6768	taskmgr.exe
6768	taskmgr.exe
6768	taskmgr.exe
6768	taskmgr.exe
6768	taskmgr.exe
6768	taskmgr.exe
6768	taskmgr.exe
6768	taskmgr.exe
6768	taskmgr.exe
6768	taskmgr.exe
6768	taskmgr.exe
6768	taskmgr.exe
6768	taskmgr.exe
6768	taskmgr.exe
6768	taskmgr.exe
6768	taskmgr.exe
6768	taskmgr.exe
6768	taskmgr.exe
6768	taskmgr.exe
6768	taskmgr.exe
6768	taskmgr.exe
6768	taskmgr.exe
6768	taskmgr.exe
6768	taskmgr.exe
6768	taskmgr.exe
6768	taskmgr.exe
6768	taskmgr.exe
6768	taskmgr.exe

Suspicious use of SetWindowsHookEx 29 IoCs

pid	Process
1400	OpenWith.exe
4548	mspaint.exe
4548	mspaint.exe
4548	mspaint.exe
4548	mspaint.exe
4720	iexplore.exe
4720	iexplore.exe
3764	IEXPLORE.EXE
3764	IEXPLORE.EXE
3764	IEXPLORE.EXE
3764	IEXPLORE.EXE
4792	firefox.exe
612	MicrosoftEdge.exe
1492	MicrosoftEdgeCP.exe
5188	MicrosoftEdgeCP.exe
5612	MicrosoftEdgeCP.exe
1492	MicrosoftEdgeCP.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
7832	[email protected]
8136	[email protected]
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
6920	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4720 wrote to memory of 3764	4720	iexplore.exe	81
PID 4720 wrote to memory of 3764	4720	iexplore.exe	81
PID 4720 wrote to memory of 3764	4720	iexplore.exe	81
PID 3992 wrote to memory of 4700	3992	chrome.exe	84
PID 3992 wrote to memory of 4700	3992	chrome.exe	84
PID 3992 wrote to memory of 4724	3992	chrome.exe	86
PID 3992 wrote to memory of 4724	3992	chrome.exe	86
PID 3992 wrote to memory of 4724	3992	chrome.exe	86
PID 3992 wrote to memory of 4724	3992	chrome.exe	86
PID 3992 wrote to memory of 4724	3992	chrome.exe	86
PID 3992 wrote to memory of 4724	3992	chrome.exe	86
PID 3992 wrote to memory of 4724	3992	chrome.exe	86
PID 3992 wrote to memory of 4724	3992	chrome.exe	86
PID 3992 wrote to memory of 4724	3992	chrome.exe	86
PID 3992 wrote to memory of 4724	3992	chrome.exe	86
PID 3992 wrote to memory of 4724	3992	chrome.exe	86
PID 3992 wrote to memory of 4724	3992	chrome.exe	86
PID 3992 wrote to memory of 4724	3992	chrome.exe	86
PID 3992 wrote to memory of 4724	3992	chrome.exe	86
PID 3992 wrote to memory of 4724	3992	chrome.exe	86
PID 3992 wrote to memory of 4724	3992	chrome.exe	86
PID 3992 wrote to memory of 4724	3992	chrome.exe	86
PID 3992 wrote to memory of 4724	3992	chrome.exe	86
PID 3992 wrote to memory of 4724	3992	chrome.exe	86
PID 3992 wrote to memory of 4724	3992	chrome.exe	86
PID 3992 wrote to memory of 4724	3992	chrome.exe	86
PID 3992 wrote to memory of 4724	3992	chrome.exe	86
PID 3992 wrote to memory of 4724	3992	chrome.exe	86
PID 3992 wrote to memory of 4724	3992	chrome.exe	86
PID 3992 wrote to memory of 4724	3992	chrome.exe	86
PID 3992 wrote to memory of 4724	3992	chrome.exe	86
PID 3992 wrote to memory of 4724	3992	chrome.exe	86
PID 3992 wrote to memory of 4724	3992	chrome.exe	86
PID 3992 wrote to memory of 4724	3992	chrome.exe	86
PID 3992 wrote to memory of 4724	3992	chrome.exe	86
PID 3992 wrote to memory of 4724	3992	chrome.exe	86
PID 3992 wrote to memory of 4724	3992	chrome.exe	86
PID 3992 wrote to memory of 4724	3992	chrome.exe	86
PID 3992 wrote to memory of 4724	3992	chrome.exe	86
PID 3992 wrote to memory of 4724	3992	chrome.exe	86
PID 3992 wrote to memory of 4724	3992	chrome.exe	86
PID 3992 wrote to memory of 4724	3992	chrome.exe	86
PID 3992 wrote to memory of 4724	3992	chrome.exe	86
PID 3992 wrote to memory of 2688	3992	chrome.exe	87
PID 3992 wrote to memory of 2688	3992	chrome.exe	87
PID 3992 wrote to memory of 1284	3992	chrome.exe	88
PID 3992 wrote to memory of 1284	3992	chrome.exe	88
PID 3992 wrote to memory of 1284	3992	chrome.exe	88
PID 3992 wrote to memory of 1284	3992	chrome.exe	88
PID 3992 wrote to memory of 1284	3992	chrome.exe	88
PID 3992 wrote to memory of 1284	3992	chrome.exe	88
PID 3992 wrote to memory of 1284	3992	chrome.exe	88
PID 3992 wrote to memory of 1284	3992	chrome.exe	88
PID 3992 wrote to memory of 1284	3992	chrome.exe	88
PID 3992 wrote to memory of 1284	3992	chrome.exe	88
PID 3992 wrote to memory of 1284	3992	chrome.exe	88
PID 3992 wrote to memory of 1284	3992	chrome.exe	88
PID 3992 wrote to memory of 1284	3992	chrome.exe	88
PID 3992 wrote to memory of 1284	3992	chrome.exe	88
PID 3992 wrote to memory of 1284	3992	chrome.exe	88
PID 3992 wrote to memory of 1284	3992	chrome.exe	88
PID 3992 wrote to memory of 1284	3992	chrome.exe	88
PID 3992 wrote to memory of 1284	3992	chrome.exe	88
PID 3992 wrote to memory of 1284	3992	chrome.exe	88

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\jsm_sas.rbxm
1⤵
PID:1788

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:1400

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\ExportTrace.ico"
1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4548

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService
1⤵
PID:2800

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\SubmitUnpublish.mht
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4720
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4720 CREDAT:82945 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc27509758,0x7ffc27509768,0x7ffc27509778
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1528 --field-trial-handle=2076,i,12167570915839775870,7890606879584383369,131072 /prefetch:2
  2⤵
  PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1808 --field-trial-handle=2076,i,12167570915839775870,7890606879584383369,131072 /prefetch:8
  2⤵
  PID:2688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1832 --field-trial-handle=2076,i,12167570915839775870,7890606879584383369,131072 /prefetch:8
  2⤵
  PID:1284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2976 --field-trial-handle=2076,i,12167570915839775870,7890606879584383369,131072 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3016 --field-trial-handle=2076,i,12167570915839775870,7890606879584383369,131072 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3976 --field-trial-handle=2076,i,12167570915839775870,7890606879584383369,131072 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 --field-trial-handle=2076,i,12167570915839775870,7890606879584383369,131072 /prefetch:8
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4876 --field-trial-handle=2076,i,12167570915839775870,7890606879584383369,131072 /prefetch:8
  2⤵
  PID:1988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5040 --field-trial-handle=2076,i,12167570915839775870,7890606879584383369,131072 /prefetch:8
  2⤵
  PID:4192

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2484

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:204
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4792
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4792.0.383755070\1686990615" -parentBuildID 20221007134813 -prefsHandle 1700 -prefMapHandle 1660 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8fc0ff0d-21d8-4b55-9348-c8a554414662} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" 1780 2adff7da458 gpu
    3⤵
    PID:2528
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4792.1.1584727115\714053921" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {93b37a0e-737d-4ebd-b38e-e0b23f28557d} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" 2136 2adff330858 socket
    3⤵
    PID:2840
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4792.2.1175294271\607543658" -childID 1 -isForBrowser -prefsHandle 2968 -prefMapHandle 2712 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {11b9ef4e-7ef8-47c8-bd7d-f060c2297aea} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" 2996 2ad8b39c958 tab
    3⤵
    PID:4132
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4792.3.1094513718\708269981" -childID 2 -isForBrowser -prefsHandle 3472 -prefMapHandle 3468 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {55285b05-2919-45bf-aab3-29e14bfd94cc} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" 3492 2ad8b9c6a58 tab
    3⤵
    PID:2460
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4792.4.691856240\389142717" -childID 3 -isForBrowser -prefsHandle 4136 -prefMapHandle 4132 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {db3c6d51-0780-4835-a88c-2b6f5284ece6} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" 4148 2ad8d193e58 tab
    3⤵
    PID:3008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4792.5.1985199623\1765269912" -childID 4 -isForBrowser -prefsHandle 4844 -prefMapHandle 4840 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a0941a21-aedf-4a7b-adff-4ba4435bd3a8} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" 4852 2ad8d7fb858 tab
    3⤵
    PID:2844
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4792.6.1521097620\118997745" -childID 5 -isForBrowser -prefsHandle 4988 -prefMapHandle 4992 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {84473353-71b6-4d3d-80e9-2ac76b4098c1} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" 4980 2ad8da68558 tab
    3⤵
    PID:2484
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4792.7.645163869\1214515429" -childID 6 -isForBrowser -prefsHandle 5268 -prefMapHandle 5264 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a33871e-9366-43f6-ac2f-089765905f47} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" 5276 2ad8da65b58 tab
    3⤵
    PID:880
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4792.8.1795870375\1789444123" -childID 7 -isForBrowser -prefsHandle 5576 -prefMapHandle 5508 -prefsLen 26593 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b66d59ec-4ca3-4b8f-a185-a2cf674c6380} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" 5564 2adfc166558 tab
    3⤵
    PID:4224
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4792.9.1817643307\448428871" -childID 8 -isForBrowser -prefsHandle 4920 -prefMapHandle 4756 -prefsLen 26777 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd0736dd-96b9-4058-a0f1-3f3aa943d575} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" 4952 2ad8d1e0458 tab
    3⤵
    PID:8580

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:612

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:2408

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:1492

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5188

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:5412

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:5500

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5612

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5720

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5804

C:\Windows\System32\DataExchangeHost.exe
C:\Windows\System32\DataExchangeHost.exe -Embedding
1⤵
PID:5292

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:5380

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:9092

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:7864

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:8420

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:8688

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4912

C:\Users\Admin\Downloads\FakeActivation\[email protected]
"C:\Users\Admin\Downloads\FakeActivation\[email protected]"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:7832
- C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
  "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:6196
- - C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
    "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of FindShellTrayWindow
    PID:4200
- - C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
    "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:6612

C:\Users\Admin\Downloads\FakeActivation\[email protected]
"C:\Users\Admin\Downloads\FakeActivation\[email protected]"
1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:8136

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:6768

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0 /state0:0xa3a5d855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:6920

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
PID:4720

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
PID:3900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
1f501b98f37973f7d033d2b606483f75

SHA1
63df5bdf900250920dc621d48089f1e77d19035b

SHA256
069740a6c2ce681b09083cd169407786d40e372d68f4b4753438ee631e34410f

SHA512
47633aedc5786c5641773d2a510786e5d47dc73729e62067b3967545cbdd9aa039b9877b5541f874952c0874f767d03278afee309c5eebc77a26b33e536855ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
404B

MD5
cf63cb2099ec2ddc9a38852cab21b98b

SHA1
dfacda6232a10018034cd5d1fd7fa2322f711be1

SHA256
7f30d6a3f4269edde69659ffc1dbd376f307a17b973382690e911b5d6dce5f0a

SHA512
def9e84362354fd4013981b65218fae06f7ab4b3041e21b7218ccf993aac488db7374ccd884d56ca46ce4e9339d09b93184a22c454698c22c6f42c296a8c37f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
751B

MD5
d1ec56b4299962c33106cb2550a15f17

SHA1
3bc5f21f5ba95a009c61d5fd2a9c5c67e269e8d1

SHA256
e67f1e1bb59bf2558c9ca18ea0a34f5bdd2d0ad06a08a369a8b403ff1f764f94

SHA512
8b90d4d45031da536a657fe5ffa50fa2c956fd3db0ce8991baa5839446f92df33e034698d2e27f72b12991245d4ac2af52dc9b13bdcc4617c7341d5ec90606cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
030043799434942b8821bda33a1707b8

SHA1
5d97e9fd65ac9d7505f58f63f832b414f0e3cfc4

SHA256
ce195158b8af3d5eb659a6d05df1404bc79f12083253ac81d092967c5d20b77b

SHA512
1f67554f0266c7f1f8d077e73c3be73c313982daa770980c2c9fe3af19be24f84048f0918c7cf514858c58bcbce6e60d3ec1a47763d3033fd40918a7aec557d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
96e7073b34bce3e78020fa72772fa8fb

SHA1
06f7f18c644438bd7fc72f22c2f060e559d61d8e

SHA256
89dbe88b2ef171750f4b6ecf106a32e5404f51a52f0cda8109ff559a6f0da97f

SHA512
a445c0534e409bbe48ce4af819dae2a0851e6af3690a2528eed6d81fb9df8e50529334c05339be58c154ee1938767bda40dcb64fcb0fafa01cdb087230c33463

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
5447d11b0acbe8f1a97173c14da3cbb6

SHA1
9c4ca5d39ab50bcca3139be6acd7575e774e0a99

SHA256
67aada5fb45257886b28f8c6a86b5859aee51ea66578cdf53db66f4bd6115394

SHA512
d94915f2b1674f3a6dac73c295f548e5075dc4c66402814ca56db08851e5b29a73568503b2b61a3baaca9b35681d315104724c81de31b632f2ed57a31b8202a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
0bf6e3bee1de288be2e24f4b8cedf6aa

SHA1
c554f733afb224f6c6b47567736e643557c180ee

SHA256
bfdc27e924f4b807efa939838e3ee359910362535a64a982f71e8d4ce416df2f

SHA512
0a492a64ebddc48c61370df7db11ca1c73c98632fb105c333787eab37bc42a58892d222dd7b5407a9fd194e366a58792b5db8b43a23582ad938e5241a329f100

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
296KB

MD5
926852381cc10587a495cf067aaf73e1

SHA1
00a43271037b13297026f4f809239a5fcac84976

SHA256
b108d8fb2a876a648572cd8a923f04619aa5c57f18e7c57d677adac6ec9ae019

SHA512
359018522c3a51b9534d6da175aac8cda603ecc87c2c59ca304b628078d60e9bd9ac00f88ebff0cdfd8584c93689147fcd3bbdbd50f62354c988f0ccb52ce553

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
296KB

MD5
1c137f70e2ff41d994e6bd9fa948e2cd

SHA1
cc6e0b1fe9f8d7a1f8f3f1914be5e6170eeccb54

SHA256
b45d65ed8b41e2a10b3a2f2ac3dbaaeedadfe7f6d45bb4d9b9ad1112af51bb7d

SHA512
219eb31ca143b973d3740212ebcaf08d1cbe237459323b4d3744bdeb226f72abed8e57b8cbe0d05663c487df68a8c37c511d9a0e0336c9ee117d3478243609f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\OHP8MVFQ\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\087F96B189611952C6B30E20692EACCCD08B35EE

Filesize
87KB

MD5
8a6a94330e3b86fe8ee3c590936c670b

SHA1
c0db3023a9a41ce0d96ea9b516df21b01cb47d20

SHA256
b16ab8a3ed4659ad42cd06007afc7cd2ee4be0b7be58008447212e2633193279

SHA512
7e574ea7eb3e111134abd64749e10abbf7002a73ca4f8f44578af6d91752d891fe0ca6885a53d1aa652fc5f72fa33a890c73dc63117cef3dab7a1e58cb5e831e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
15KB

MD5
c7f3d9a042401945d8285a7955cd78f2

SHA1
11fde6480dc739db65523b8b23545a2f5567c42e

SHA256
9f1e425d98d113fada98d5c4b5635bc3e8db0d86c84567f066c7287c3376cfc3

SHA512
52bbdbf6741fdca0dbf4b14c6356d34fff2d7e9aa3158b7841f3e466394c08e846d93db432e2c930ceb38dd21aaa003d9e45a4c8b368c0893e34e5951743afa2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\A18246B61C8E4C36C72806D7717A9856D0ADA529

Filesize
66KB

MD5
7659ecd27e38b6f6be9d063ab68e5bf9

SHA1
326f7c906ea1b826ed23c1a56f23a24458588c8d

SHA256
c180b342c39ad998a169d6557ab3d38d8ccc44be41d7e4c9a72f2f8fd1352215

SHA512
4e7985e439999a7eca1eda8c47f1794a8b1cfc531e75dcf97215b8aee2af866aa537c313b768ff5941e608b9413c3f6a58ef556ef12df8140886961ffb7e1ab0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\AF6E7B7DB9908D7B867517AC33D094ABD56E38F7

Filesize
14KB

MD5
9edba3bf60544e3ad4d4373a725ae601

SHA1
9754d14507eba8e47d682c6d587d2d3d395e27e7

SHA256
39119a533acc1a519616997ace7aff932d4051abc98e58c9cc179bb60948ca53

SHA512
e2f1e3afff85339dbb641c50d6aa17e047cfb2efdc8de741c2bcf6927b0e21b0cfdd1e2f34205e2a63e20fea7b10f87bf540ac9c78be26094ea7fb041d61cdf6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\E6C22A3DFCD18E3C6145370266896FF76AE3F7EC

Filesize
39KB

MD5
93ea696b02b8a4d1c9a6730bee1c210e

SHA1
893f5037f720abfaf53f26e0227592d7d0047907

SHA256
cc53ab606956c7089b261375bb488dd135fde9b4dc05404b7c56b5e3eff41a59

SHA512
a0f35561f330b1d09b15218ef111067171efad38a2cb3f45069dc2bb749afc0c4c231c830e3c5144a9571c335257af0b5a1c4a299b8b14d8fc65226415e94313

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\jumpListCache\T89gwXiUtu2g3TL0YoBWcw==.ico

Filesize
25KB

MD5
6b120367fa9e50d6f91f30601ee58bb3

SHA1
9a32726e2496f78ef54f91954836b31b9a0faa50

SHA256
92c62d192e956e966fd01a0c1f721d241b9b6f256b308a2be06187a7b925f9e0

SHA512
c8d55a2c10a2ef484dedded911b8f3c2f5ecb996be6f6f425c5bd4b4f53eb620a2baccd48bac1915a81da9a792971d95ff36c3f216075d93e5fd7a462ecd784f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0HCWH0YM\8isfXtPJuVPUNZHxvUIhcbzKWiY.gz[1].js

Filesize
19KB

MD5
2227a244ca78dc817e80e78e42e231d7

SHA1
56caeba318e983c74838795fb3c4d9ac0fb4b336

SHA256
e9d7b93bae57eebd7019ac0f5f82bac734b7ac3534d1fa9bdba6b1fc2f093a24

SHA512
624cc23d4a18185ae96941cf8a35d342e048476b0384f0595ec1f273e19163ca49b17b14760628eb9da9a5f5519d4671544669fb08985c4945faf663faf92e12

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0HCWH0YM\kzHfYwAwahpHm-ZU7kDOHkFbADU.gz[1].js

Filesize
3KB

MD5
fabb77c7ae3fd2271f5909155fb490e5

SHA1
cde0b1304b558b6de7503d559c92014644736f88

SHA256
e482bf4baaa167335f326b9b4f4b83e806cc21fb428b988a4932c806d918771c

SHA512
cabb38f7961ab11449a6e895657d39c947d422f0b3e1da976494c53203e0e91adfc514b6100e632939c4335c119165d2330512caa7d836a6c863087775edaa9f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0HCWH0YM\nt6a1ZR520utsLoZmSYgwxdOPgI[1].js

Filesize
606B

MD5
0c2672dc05a52fbfb8e3bc70271619c2

SHA1
9ede9ad59479db4badb0ba19992620c3174e3e02

SHA256
54722cf65ab74a85441a039480691610df079e6dd3316c452667efe4a94ffd39

SHA512
dd2b3e4438a9deaa6b306cbc0a50a035d9fe19c6180bc49d2a9d8cdbb2e25d9c6c8c5265c640ac362dc353169727f8c26503e11a8a061a2517a303f61d0ccd3c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0HCWH0YM\pXVzgohStRjQefcwyp3z6bhIArA.gz[1].js

Filesize
924B

MD5
47442e8d5838baaa640a856f98e40dc6

SHA1
54c60cad77926723975b92d09fe79d7beff58d99

SHA256
15ed1579bccf1571a7d8b888226e9fe455aca5628684419d1a18f7cda68af89e

SHA512
87c849283248baf779faab7bde1077a39274da88bea3a6f8e1513cb8dcd24a8c465bf431aee9d655b4e4802e62564d020f0bb1271fb331074d2ec62fc8d08f63

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0HCWH0YM\recaptcha__en[1].js

Filesize
537KB

MD5
70306d36ce9dbcbd8e5d1c9913a5210f

SHA1
04949ad636f8cd09bf91059bc4aaf1973c92a15f

SHA256
1425b3dc4e809e5488aae10e2eb2511f652c6a9c3845c98c3fe69f07fe0c9e2b

SHA512
a7f00ba83fee80e7f2006c9e1f0121e2e515f4956182924e67c95a8c5522f30735f7bf4a6f7dcf3cbd29a685e967b1c4ddfd72d7f1f4cefbe55326becdacb275

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\137FI8KS\KFOlCnqEu92Fr1MmEU9fBBc4[1].woff2

Filesize
15KB

MD5
285467176f7fe6bb6a9c6873b3dad2cc

SHA1
ea04e4ff5142ddd69307c183def721a160e0a64e

SHA256
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

SHA512
5f9bb763406ea8ce978ec675bd51a0263e9547021ea71188dbd62f0212eb00c1421b750d3b94550b50425bebff5f881c41299f6a33bbfa12fb1ff18c12bc7ff1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\137FI8KS\OIgm6ct-G6hNh5i9U8xy5lNjsT6YVTG9uZdpykbdxBU[1].js

Filesize
18KB

MD5
95a86af37436d1bf7e1d0e753181bcf1

SHA1
5cdd53f41d37d31186ab7155226ed4c2acbea06e

SHA256
388826e9cb7e1ba84d8798bd53cc72e65363b13e985531bdb99769ca46ddc415

SHA512
2c263e3a48a94393efd14d71d4804aab3b799e22b8b6d405d79b9250b539bb28501ad83058db796264d1d10272335bfcbbbacc5c580272fc865fb5a443d1ebe3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\137FI8KS\WAAHGo-kP0xCDM16LGm9-alzHb8.gz[1].js

Filesize
289B

MD5
9085e17b6172d9fc7b7373762c3d6e74

SHA1
dab3ca26ec7a8426f034113afa2123edfaa32a76

SHA256
586d8f94486a8116af00c80a255cba96c5d994c5864e47deac5a7f1ae1e24b0d

SHA512
b27b776cb4947eef6d9e2a33b46e87796a6d4c427f4759c08cf5aa0ee410a5f12e89ca6ab9cddd86c8471037e3c505f43c8b7fc6d8417f97f9fe3c5c47216bc4

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NE15Z24U\5g-N9K-X1ykUl3QHEadPjpOM0Tc.gz[1].js

Filesize
1KB

MD5
f4da106e481b3e221792289864c2d02a

SHA1
d8ba5c1615a4a8ed8ee93c5c8e2ea0fb490a0994

SHA256
47cb84d180c1d6ba7578c379bdc396102043b31233544e25a5a6f738bb425ac9

SHA512
66518ee1b6c0df613074e500a393e973844529ca81437c4bafe6bf111cba4d697af4fe36b8d1b2aa9b25f3eb93cd76df63abfc3269ac7e9f87c5f28a3764008e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NE15Z24U\KFOlCnqEu92Fr1MmYUtfBBc4[1].woff2

Filesize
14KB

MD5
19b7a0adfdd4f808b53af7e2ce2ad4e5

SHA1
81d5d4c7b5035ad10cce63cf7100295e0c51fdda

SHA256
c912a9ce0c3122d4b2b29ad26bfe06b0390d1a5bdaa5d6128692c0befd1dfbbd

SHA512
49da16000687ac81fc4ca9e9112bdca850bb9f32e0af2fe751abc57a8e9c3382451b50998ceb9de56fc4196f1dc7ef46bba47933fc47eb4538124870b7630036

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NE15Z24U\KFOmCnqEu92Fr1Mu4mxK[1].woff2

Filesize
14KB

MD5
5d4aeb4e5f5ef754e307d7ffaef688bd

SHA1
06db651cdf354c64a7383ea9c77024ef4fb4cef8

SHA256
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

SHA512
7eb7c301df79d35a6a521fae9d3dccc0a695d3480b4d34c7d262dd0c67abec8437ed40e2920625e98aaeafba1d908dec69c3b07494ec7c29307de49e91c2ef48

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NE15Z24U\PgVOrYqTvqK49IEnVEVlZVYfA1U.gz[1].js

Filesize
576B

MD5
f5712e664873fde8ee9044f693cd2db7

SHA1
2a30817f3b99e3be735f4f85bb66dd5edf6a89f4

SHA256
1562669ad323019cda49a6cf3bddece1672282e7275f9d963031b30ea845ffb2

SHA512
ca0eb961e52d37caa75f0f22012c045876a8b1a69db583fe3232ea6a7787a85beabc282f104c9fd236da9a500ba15fdf7bd83c1639bfd73ef8eb6a910b75290d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NE15Z24U\SO02eTikN8ZV7bCSXFKur4CKSoQ.gz[1].js

Filesize
242B

MD5
6c2c6db3832d53062d303cdff5e2bd30

SHA1
b7a064a64ceae5c9009ef7d6d8f63b90d3933c9d

SHA256
06b77ee16a2cd34acd210b4f2b6e423762ea8874bb26ae5a37db9dd01a00ff70

SHA512
bc2d115b53035b700d727af9d7efaf32dd2a39a2344f3f5fa1a82586be849ec7803e8320661e66ab7dd2a17e64b7897e95bbd84502b91997fa46eba4e67e8c7d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NE15Z24U\fDgf7Oh5R8mPygWLQcaNRoJGj5Q.gz[1].js

Filesize
622B

MD5
3104955279e1bbbdb4ae5a0e077c5a74

SHA1
ba10a722fff1877c3379dee7b5f028d467ffd6cf

SHA256
a0a1cee602080757fbadb2d23ead2bbb8b0726b82fdb2ed654da4403f1e78ef1

SHA512
6937ed6194e4842ff5b4878b0d680e02caf3185baf65edc131260b56a87968b5d6c80f236c1de1a059d8158bc93b80b831fe679f38fc06dfb7c3413d1d5355aa

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NE15Z24U\warmup[1].gif

Filesize
43B

MD5
325472601571f31e1bf00674c368d335

SHA1
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a

SHA256
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

SHA512
717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NE15Z24U\yjXVFOxf6UdoTA2BOwEH6n4ClfI.gz[1].js

Filesize
1KB

MD5
a969230a51dba5ab5adf5877bcc28cfa

SHA1
7c4cdc6b86ca3b8a51ba585594ea1ab7b78b8265

SHA256
8e572950cbda0558f7b9563ce4f5017e06bc9c262cf487e33927a948f8d78f7f

SHA512
f45b08818a54c5fd54712c28eb2ac3417eea971c653049108e8809d078f6dd0560c873ceb09c8816ecd08112a007c13d850e2791f62c01d68518b3c3d0accceb

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Z6L1MDA7\3AuqmR1rGd-9n8jGdRiAunNFAZA.gz[1].js

Filesize
6KB

MD5
dc221228e109f89b8b10c48f2678fb46

SHA1
1bfc85cba5c424136941ac1dfd779a563b5beed4

SHA256
f4fb7234959f48c2b2ca73fd6c35d36eaf65d8c431d982a1ba208f5cdc766419

SHA512
46f49e5ac18436251778d1f50c027729a2442ed6541c3162d878720703e37797b6028d96eb1568c23ec5006fb022c8e05855e250d6a1a590f41e890866529cd2

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Z6L1MDA7\GK9SuRKiu0QbKYnVgoAlgmuWrNU.gz[1].js

Filesize
2KB

MD5
17cdab99027114dbcbd9d573c5b7a8a9

SHA1
42d65caae34eba7a051342b24972665e61fa6ae2

SHA256
5ff6b0f0620aa14559d5d869dbeb96febc4014051fa7d5df20223b10b35312de

SHA512
1fe83b7ec455840a8ddb4eedbbcd017f4b6183772a9643d40117a96d5fff70e8083e424d64deba209e0ef2e54368acd58e16e47a6810d6595e1d89d90bca149a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Z6L1MDA7\byLmVJQA1UzOFcrs9Jrvys4jXhM.gz[1].js

Filesize
1KB

MD5
2ef3074238b080b648e9a10429d67405

SHA1
15d57873ff98195c57e34fc778accc41c21172e7

SHA256
e90558eb19208ad73f0de1cd9839d0317594bf23da0514f51272bf27183f01da

SHA512
c1d7074a0ebf5968b468f98fc4c0c7829999e402dd91c617e679eeb46c873dc04096cbf9277e115fc42c97516a6c11a9f16afa571e00f0d826beb463e2d1f7b0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Z6L1MDA7\cJksCHwhB_Z32I0ytWPMUDsybak.gz[1].js

Filesize
226B

MD5
a5363c37b617d36dfd6d25bfb89ca56b

SHA1
31682afce628850b8cb31faa8e9c4c5ec9ebb957

SHA256
8b4d85985e62c264c03c88b31e68dbabdcc9bd42f40032a43800902261ff373f

SHA512
e70f996b09e9fa94ba32f83b7aa348dc3a912146f21f9f7a7b5deea0f68cf81723ab4fedf1ba12b46aa4591758339f752a4eba11539beb16e0e34ad7ec946763

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Z6L1MDA7\ihC7RhTVhw2ULO_1rMUWydIu_rA.gz[1].js

Filesize
1KB

MD5
cb027ba6eb6dd3f033c02183b9423995

SHA1
368e7121931587d29d988e1b8cb0fda785e5d18b

SHA256
04a007926a68bb33e36202eb27f53882af7fd009c1ec3ad7177fba380a5fb96f

SHA512
6a575205c83b1fc3bfac164828fbdb3a25ead355a6071b7d443c0f8ab5796fe2601c48946c2e4c9915e08ad14106b4a01d2fcd534d50ea51c4bc88879d8bec8d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Z6L1MDA7\styles__ltr[1].css

Filesize
55KB

MD5
4adccf70587477c74e2fcd636e4ec895

SHA1
af63034901c98e2d93faa7737f9c8f52e302d88b

SHA256
0e04cd9eec042868e190cbdabf2f8f0c7172dcc54ab87eb616eca14258307b4d

SHA512
d3f071c0a0aa7f2d3b8e584c67d4a1adf1a9a99595cffc204bf43b99f5b19c4b98cec8b31e65a46c01509fc7af8787bd7839299a683d028e388fdc4ded678cb3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\2VOP4GUV\www.google[1].xml

Filesize
94B

MD5
de2c9a40275338e9dad911350f6b0837

SHA1
d34d5e316428cc0b8d33d73d46801f413c4160d0

SHA256
1eea53397e05b3af43149155689935386dd8d90d6b4f3d5b7cc680d339647e56

SHA512
1c9434a5ce193662594008b9edbc45ce47b90fddc5cf30d6f7bd7070ede7052544e13c9c8fcb11f55aa0ca1c55a448be660b7f132000308ac372d0f8a5757355

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\WCS4F3AH\www.bing[1].xml

Filesize
16KB

MD5
3b41f24b31d17d4ff3e318a2e3677fb7

SHA1
d9ed2581de3e78961d447ecec252260862990505

SHA256
692df85eb01d432748b6cc42c444588d16f4360073c53f879465b018a115f7a3

SHA512
21523400401d7bad0cc8009fcfd720d69efb6f92b0776b0bd7828ad71ae07748bfa86e20dac52d26472ed55d4dc9687bbeb21d76d14f1f402dae4ef598856b5f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\EZE51PTH\favicon-trans-bg-blue-mg-png[1].png

Filesize
531B

MD5
c7a1030c2b55d7d8a514b120dd855cc0

SHA1
d07abbcf44b932732e4c0b0bf31e4283ae0f4b5b

SHA256
7c5bb9ca2fa67fe7851d145305e17a8370c4aec9d09f54e0920d32f6148f12fa

SHA512
1b51972a1ae1be2e85b9b125d7e2443c1b47abbbba9492d4ad52bdf0f9cf82513eca3ce436f9beedb7463a6f7b39ddd87245daf790226255a2b0d478dc380b81

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\KF7LLIVQ\favicon[1].ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\KPONWYMZ\favicon[1].ico

Filesize
5KB

MD5
f3418a443e7d841097c714d69ec4bcb8

SHA1
49263695f6b0cdd72f45cf1b775e660fdc36c606

SHA256
6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

SHA512
82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\KPONWYMZ\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\RGAYC15K\favicon-trans-bg-blue-mg[1].ico

Filesize
4KB

MD5
30967b1b52cb6df18a8af8fcc04f83c9

SHA1
aaf67cd84fcd64fb2d8974d7135d6f1e4fc03588

SHA256
439b6089e45ef1e0c37ef88764d5c99a3b2752609c4e2af3376480d7ffcfaf2e

SHA512
7cb3c09a81fbd301741e7cf5296c406baf1c76685d354c54457c87f6471867390a1aeed9f95701eb9361d7dfacce31afd1d240841037fc1de4a120c66c1b088c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\5elttjp\imagestore.dat

Filesize
23KB

MD5
64b4895d0b9d9cd7229dfc16a1d45d50

SHA1
4660ef96f9e5ad9aa86953da898b8f3c819cccca

SHA256
18a3b0626af30d2d69c35248a4937e5ca5d9461ccbdc79e74ae6cfe51d5a97b8

SHA512
ac25b2ad93ca3127bc2f3ad3abf660715d3db5ba264912a7ba824302db322981547d81899da03ce8dfd36f14f1e27c736b16a7ed9b3e5cbfe7ab4e6c2ec8fc30

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0HCWH0YM\app_assets_modules_github_onfocus_ts-ui_packages_trusted-types-policies_policy_ts-ui_packages-6fe316-9d50d6f10c3d[1].js

Filesize
8KB

MD5
68bf738bbe44db97fd2a1d1938b71130

SHA1
d9974d77d8e043244205080d6edbee1d203fed50

SHA256
99c010c6044b291ba2433e143e654cf95f625092f1744d8f2ba47a7fc5e0f24f

SHA512
9d50d6f10c3df9a1649a6b61f25d8d648e4beac1edd8e04512815376fc70ce24c7cad38b5901e9ca9806cb2bc3b365cae134281b7290a31f6d0e53bf287caf42

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0HCWH0YM\element-registry-a007f881064c[1].js

Filesize
48KB

MD5
3379be59b93246e0eca5caf45d863588

SHA1
09f0ba455927a6c55302dbed1e22c7b1b212f1a6

SHA256
a117d5910b779683af914f85762b606e8cc5e70c00885a6012517cee6262ff9f

SHA512
a007f881064c90a4948479471c548fdc5eec3bd6c4f76fa3cc3f46dc10749d6ab7791162788a21a532de4aaa424a18411262a408d531ea85979f032f849c458d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0HCWH0YM\github-elements-221b0e7d77a3[1].js

Filesize
36KB

MD5
476a42098b39c0ea93e994a64c1cfbe3

SHA1
93e9469f3ae3a436b11207f350a3c572056ada3b

SHA256
20093d9042cfa465ee0955b2493bdacf2e9c254006d411a6523474be1f4db6d3

SHA512
221b0e7d77a36b8b766cd63775b3a02b9f14635c72de63a9251bdf5dfd31704651c691d896916301cfe45e5273117744f408fc5360a667aa4e413e461631979e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0HCWH0YM\vendors-node_modules_braintree_browser-detection_dist_browser-detection_js-node_modules_stack-68835d-a18220f1db8d[1].js

Filesize
22KB

MD5
0cb967b7b9603edacb27a261ba59bb63

SHA1
ff39f99d51916d3bea1fd5ae853abf93ffe35b2b

SHA256
f4ceffa8ba23288e7d15bdde1bb227559443380c041d0febf6bcd525946bec41

SHA512
a18220f1db8d086f2cae618e9196599eff46935aa7bcbc601276acf10bfa09b700b37122aa00d227e61c1b1257b7304ec064221d8926c330789b2ad3ca0f2824

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0HCWH0YM\vendors-node_modules_color-convert_index_js-0e07cc183eed[1].js

Filesize
12KB

MD5
b36809a997ce5e5ad8b0b4f661ce60d1

SHA1
fff11cfd01b744a770de926e13dde8f546e565e7

SHA256
687890a8b37083fcbd85fe5fcd960a6d80378b01a5f86287f207bb7c807b5ee8

SHA512
0e07cc183eed2b6d1302e51254f6b4f204a920873dadd83581483d52bf9a2e6537ebbb0417eb04567411dac64232653a0d046abf2c31c4809bc72fc6603b0749

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0HCWH0YM\vendors-node_modules_github_auto-complete-element_dist_index_js-node_modules_github_details-d-ed9a97-841122a1e9d4[1].js

Filesize
17KB

MD5
d50f30bd48bf15a39fb0de84d338b063

SHA1
c974701a469b2ae91195cc57a42c3157c0210646

SHA256
21c5e70f201ea5ebcaff6f1244e6a7fbfca84d1878cd41d4400696bbbe09af5a

SHA512
841122a1e9d49b8484e68dc82869b7835e54a9d632909ec4f0c386ba843d2eaf20416c75c19c4a250a8cf22de8ef43f1fff6d77d29630132266c6f533c487e2f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0HCWH0YM\vendors-node_modules_github_catalyst_lib_index_js-node_modules_github_clipboard-copy-element_-782ca5-54763cd55b96[1].js

Filesize
8KB

MD5
80708c39dbd42e80616bc4a61b51c1bb

SHA1
a87eb08671b07a1c2689a6caca2486727af9ae3e

SHA256
10e085fffc04da9cbf0a46c8a6e120d34947c4ed859f05e26cb0abaae312e094

SHA512
54763cd55b96117e15652c12e9ca5e8ec71e58eabbd9537a7e6c833ec124199eae23091ef59275513f2cacf055e9ae69d7683474fc31f81ef823578118c462ba

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0HCWH0YM\vendors-node_modules_github_catalyst_lib_index_js-node_modules_github_hydro-analytics-client_-7901e7-dc88587c14ed[1].js

Filesize
15KB

MD5
b247dd2cc69bbd255b535a6793786c59

SHA1
6433c5ebe6bcb68416a388c9f6aa19e57f32421c

SHA256
a50da36863a10de8b274419938a69586cb071c4e557b70c72ee3801dd2cb2d1c

SHA512
dc88587c14ed4956f03adfd5f928d5f7b869a9e9fb45ec01cedc6675c711efb2219e129177323f28b4008433ecdd3c4ef5ae09799935e8f164c9d8db03e9c6f4

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0HCWH0YM\vendors-node_modules_github_filter-input-element_dist_index_js-node_modules_github_remote-inp-2e8678-34feeec9c894[1].js

Filesize
17KB

MD5
3da8f54401dee42f64704d3b0757b790

SHA1
c6d76cf669c85eec10065fb8d10d4f62078957df

SHA256
1e07175839890a819b17ec7ecd2ad34eed67352630c8e91c19ae12e8f59e9f24

SHA512
34feeec9c894b71f2001925534b378e1700f0522f3747079e4ef830854f7c69c240198f4f0a59bf00f3815658fca2e03f79709603ef00d704bc2ebe625063a5f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0HCWH0YM\vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_delegated-events_dist_in-3efda3-701acb69193f[1].js

Filesize
22KB

MD5
a693601ad5e308513903deba2de13192

SHA1
67798204da9fa7579572048e4082f4a661081f10

SHA256
1b9356bc6a944ef62aded9240620165198d67511e7ca1d83141a497887ea5c99

SHA512
701acb69193fb70e56de2b560c510e72690a4e3c93407f1823a812dce3f82641606fb82781bf9423017e5ecdb04866d9833111ed3137fdef978298b329b054e3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0HCWH0YM\vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_morphdom_dist_morphdom-e-7c534c-f8a5485c982a[1].js

Filesize
5KB

MD5
e87764e4b54806bd9528e9413f05201a

SHA1
5d1c284dc8e2d047de24f8380f71ea9989d732bb

SHA256
a38e79c76a05e2473cefde9829cb125563e2bb06965aa3d0a41b314816bd1097

SHA512
f8a5485c982a797682c4138b024f83ea2669b7b7458c2d9eeb2c18526260e2dde0b3bc68d98415f8513e4ce099e46783a9ef8ad08b58929ca66972630953822e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0HCWH0YM\vendors-node_modules_github_relative-time-element_dist_index_js-7b95699705bc[1].js

Filesize
15KB

MD5
1e46f5b98f72f9e68214a13a26687cd1

SHA1
9022f9490f5b41fb5bcd75376287d8cf0a6d8da7

SHA256
b4b53373c5d173b6cd0af866167766c7480a466fa8dbcfe04dca9b75ed9f82e3

SHA512
7b95699705bcf67d34c74c41c43b5a19a01852b98b5fe6018745e942f53839c8836e9a6cfe83be185f22ea36eddcb80198284ee3559ed99c6b4da842e3b760fd

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0HCWH0YM\vendors-node_modules_github_remote-form_dist_index_js-node_modules_delegated-events_dist_inde-893f9f-6cf3320416b8[1].js

Filesize
9KB

MD5
fbbd4bcc22313de76bcd2b3e4bb12e0b

SHA1
1422fbb0c4a416eb66e429d2cf797ed29a70dca5

SHA256
8060d4de1a065854c98adcc50f292dcab8f424a9edbdd4aabb7409cc4c6eab99

SHA512
6cf3320416b89fca281c439927ac3d76da74f9463345a891c4904c8e50b476e21d11ed06aa2316ce770c36f18337aa4e2619bd3fd28a4cc8454d649110060726

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0HCWH0YM\vendors-node_modules_github_text-expander-element_dist_index_js-cd48220d74d5[1].js

Filesize
14KB

MD5
69f387b852329683c3f4856ccb905f60

SHA1
a58ffa40abbb4c6f5ef0545c1ffb932c21d73cc1

SHA256
d9cdb2e9f9c648237f22c43f8f12e85d8944c75ab325352059c3e53516635167

SHA512
cd48220d74d52b956312b2c59ec764d2d559e73c51789f9d649e108925f79ae3c910744161904b2840894bfcff64507971d5a19f921e5190a710bda4eceb63e2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0HCWH0YM\vendors-node_modules_lit-html_lit-html_js-ce7225a304c5[1].js

Filesize
15KB

MD5
b4de96241178473d9f682dea5a92e41b

SHA1
e274c147c9bcb636b3bf4f9df1acfbada27d8a90

SHA256
c823056c4e37d95cdee809f535000bb37b9c8d956ab0410c98a6f4a8fab4f47f

SHA512
ce7225a304c5935fa3fdab2e736d9738651ed0fa6f4503bb65deaee022bc03c3033170d53adc2c1a77c88904ea14a9603519b87990f04e47885209a53c893056

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0HCWH0YM\vendors-node_modules_primer_behaviors_dist_esm_anchored-position_js-node_modules_fzy_js_index-05960a-797b1227c4b8[1].js

Filesize
23KB

MD5
84645696994a44b9a487a86e579d57e4

SHA1
ad0cd59b0d9b1182e1ee9d3e07a68a9e9df74bab

SHA256
6adef556a80a604cafd2dd03f9c46b3be39779aea8973db9b67fdd9987862dd4

SHA512
797b1227c4b88f54b80e95d2ce2e920da001284f7ede11dbabacb1831d6fddbeab834274e325325903bf507ece6501b6f21ec89d53fb5d678556744e6dd56f6d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0HCWH0YM\vendors-node_modules_primer_behaviors_dist_esm_focus-zone_js-c9086a4fb62b[1].js

Filesize
8KB

MD5
19e28fe2dcffe5582e6352b53d0b22ce

SHA1
1e656d3443915c4e4bc9782f4366b4eebcf45720

SHA256
345e3daa928a64bc11b3778cfb36228d0025c260defa0b78e4c0ebe66c419737

SHA512
c9086a4fb62b90cd43e0a47621528a23582de79c4bdb1b2eac386f8e331c5ac891aa69975fdfb487a4cf508852c1c3ebc2df24e00ffca5443fb6e22f3b3ee99c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0HCWH0YM\vendors-node_modules_scroll-anchoring_dist_scroll-anchoring_esm_js-node_modules_github_hotkey-1a1d91-fa9f29a8514b[1].js

Filesize
12KB

MD5
3c0abe787f5d954832b6c7e4f53980a8

SHA1
1f9439165c4fb8e21c008ed0f1e8bfa72b85c33b

SHA256
05c8f1a4059c21735d401df0d102a50aba011941b6158e5b52d4773f1b829d79

SHA512
fa9f29a8514b6189ec5e5caa134d9b511c65b8643af85652126d52554a1c1d8464bab5400b70d8ec54319d133517bc1e9d974b31e31fcb0e6811b76f0ad7aaca

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\137FI8KS\github-9b61c4eeea0e[1].css

Filesize
125KB

MD5
9fe293c06a6da6a5f5488eddcd2bc00f

SHA1
fe9cd837e74eb7dad0d6933546bd4a950c8f786a

SHA256
5612890ebb2abe6842631fa1089cb4de877676a2e637e92d28960d7706334648

SHA512
9b61c4eeea0e18a508504b06aae91ec33176e1ab711b823e8b2bc4ad12dbd81fff406aa1f4677b93a099f9b9da17fac012c688448af20c63ca68cc754862e47a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\137FI8KS\global-9df818901729[1].css

Filesize
285KB

MD5
0a7a05a1c6450ce734c99541ec77c2f7

SHA1
a40dc3f32e58ad00189b0d89a7519b4033b027ac

SHA256
3a77953ab15e7b037021b64908507afd8250014cceae37f92731c8dbae53131a

SHA512
9df818901729b3333f3fa49e18a075f5fd2acb6927ff83e162f80ed6df1ea7e5f8e57c01a51a9c875f84ad4a5e7aa88cf0c13b31d24c5c71d4678b432f8f1352

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\137FI8KS\primer-3f55af1462e6[1].css

Filesize
332KB

MD5
2bbf2a0c0f35c3a0424c2f2b2f008bb9

SHA1
3f21e145b1554a3e8ee2afbe75ee10cf4be08c47

SHA256
15a5a9c65ac5a9105bfe17f8e6cace6e24232ec9b058f3ab51a1fd7e6385c7f5

SHA512
3f55af1462e6431f427e4e259b290fa87130c420fea0b6f92d328bed7766b4b9b26e93b1fdb0eefa198d89d7fb313e0dd7ff37b85a7dbeb1756499e14ecd722f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NE15Z24U\code-7e14c25064d5[1].css

Filesize
31KB

MD5
d98f45c6b7beced34012085836632c09

SHA1
e967584f5f989d6970dd1f95a5f285288b738641

SHA256
0250eb265867a7702c5ccc6ae2d2e3a7ba71d7b23dfc5e2206c604d378efdb19

SHA512
7e14c25064d595df9205b8847030f7df262d4bf4b70776a12b04944b6c21642b5ca5d0724b8c47e3baa4f668979e9ce47586fa2fe16f01e20c86e42b7cda466a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NE15Z24U\dark-e8b003732d38[1].css

Filesize
48KB

MD5
e1c705c6962e5bd75d5f59586c8b81f7

SHA1
327854eed6e6dd3cd7b4934ecd776574dc431dd7

SHA256
6872460ccebbc6f94d9342be7103edd07812b11dbeffb8b0b1bf52b91d6d7a52

SHA512
e8b003732d3828f4169ab379c679a1e832a790b0547190d09eb3b13e3229a90262364917fbe22e3fda2c3715dc4e356c928ce892a2ec040dd74d4ab9210f39f2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NE15Z24U\light-fec97922b76c[1].css

Filesize
48KB

MD5
f36df060a5e095fc664e909fa4396347

SHA1
1c7e018908adfcbd060f20aab51d7241cb51b97b

SHA256
692084a20243eb5d6481abd974665c8a8ac017018dff6df8fa057965e32bcd5f

SHA512
fec97922b76cba114296432a3e0e631c021d3666da7e090d22e65fe0a3a8c7d70964bf993c9fcca41b65ccdc115a94e0e0857673975bf4ac8b4266517495e638

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NE15Z24U\primer-primitives-ebd37ecbf27d[1].css

Filesize
8KB

MD5
d70b7195cb1d3ef5e19a78935007dfdb

SHA1
a60db33e2be04d83c6894e30e197c425e5dfaef4

SHA256
54c3c8359e671a8e92cbc9efdfb8d119d21c9cd588c06706dbd047bf93d6e8e1

SHA512
ebd37ecbf27dc52033b264545268c81d8323282f6f8c2a19877914602e7d9860c2b3eb5cb5e0ff698365f743001a5cceaa664ab084c4626617eb70d40935fd23

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NE15Z24U\vendors-node_modules_oddbird_popover-polyfill_dist_popover_js-56729c905fe2[1].js

Filesize
9KB

MD5
2eb9961e08f81bdca617ddb67c2fb708

SHA1
15cb6d7ffe93324b38bb62bcc4ff14d1a57f94bb

SHA256
0f2cd40ad364711db1fee03cf9f6ca04fc56f5c3ba497dc476c5879e129d968b

SHA512
56729c905fe263a6b7978bc67c09b8dab69592e21aa9addba78866790bdb2dbd85e41e6a6663d511e73a8edeb75933b549b3c393a465748790a6fd50b337cee9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Z6L1MDA7\MalwareDatabase[1].htm

Filesize
332KB

MD5
47185f6d354c5a2640f0111af0c60b20

SHA1
3b7a526f0810918485f3b195d5a179000be53fa9

SHA256
51dba7c5d724cd3be9126bb0bb0504b1be898ef72cb619bd32573cbf4aeea7ba

SHA512
bb1659991b84892d99fc043cb5cc0afcfeaa6366896975fd0269f25d4c83b0021d464d5dc92f40b8754b79b64b0a89e908803be784748c16405fac8df5df0f72

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Z6L1MDA7\app_assets_modules_github_behaviors_ajax-error_ts-app_assets_modules_github_behaviors_include-467754-5f8784803937[1].js

Filesize
17KB

MD5
53d18b1fa561169a588f413a667319e1

SHA1
bff797f771ade9256da9097a3921ca3009464a6c

SHA256
d627d9554b9cf3f0fe59db16f794e2b8173a91f194684825ea1e7ecdb01151df

SHA512
5f8784803937de24ddb80b54c31b210652e90d6a23d649d980863867677d4afb73a8dc1341e3d56d6cfcf713669cbb97152320dedda94394daa5f7605cbbbd52

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Z6L1MDA7\app_assets_modules_github_behaviors_commenting_edit_ts-app_assets_modules_github_behaviors_ht-83c235-4accd4baf37d[1].js

Filesize
11KB

MD5
5b27fcc84711ee36b7b90576d0598ac6

SHA1
fb22904671151c2b25a6bf3ab0e7fa1ef3919359

SHA256
6dc1ad67f07770d2e1b42219747385780792a1b1c946a0e3528be9b931122bc2

SHA512
4accd4baf37d8dc11972f9b19f9c1b4f4eb8eafff9fd8d9060262f91d863ea14283a40f5f156b85be91979ed8386efbd263a840e9acfa2c8cb25c96f25ea5595

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Z6L1MDA7\app_assets_modules_github_behaviors_task-list_ts-app_assets_modules_github_onfocus_ts-app_ass-421cec-f0e1d31bff9a[1].js

Filesize
14KB

MD5
0c9091a78596599074e081d8c5a17b29

SHA1
3c35d92a91178fce4b9ce1425d26a6f65b0ba7e0

SHA256
dc3f2974fc930351f3609612126deb119510e61958d6312389fb9e652e705d87

SHA512
f0e1d31bff9a742a0770f212ae664a740de66c61476f72db576371a1fae2484689f4dacab1f46013b22d65ddfbbbda94017048d4804a13dd2096ffd1a8ea6a11

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Z6L1MDA7\app_assets_modules_github_blob-anchor_ts-app_assets_modules_github_filter-sort_ts-app_assets_-6deafe-fc95155e233a[1].js

Filesize
5KB

MD5
17abc8d90591f888daf78c74c52baccb

SHA1
7f2fda8ae1149f607e55059bd2a412548c64bc6b

SHA256
5219720cb4e9780ef2f19ec8b20c2ce212280fd41970ce6bffe336a24144a685

SHA512
fc95155e233a93681e2d509cf6eb5f3e378b5045646cb1f130ae45a27d335e4abe6aa15583e900678d345725c248999700bc6318c1c59d1f416a3063dca33bf8

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Z6L1MDA7\app_assets_modules_github_sticky-scroll-into-view_ts-112600808cf9[1].js

Filesize
10KB

MD5
df07a1b760a955a9549078fd16f19934

SHA1
ff64f8bae2c22502111201422afb4f64aac7ebaa

SHA256
3cb902578dbcc1d6a3b67aecd7ee7f6dd086a3093655a292f78a8e3c6974212e

SHA512
112600808cf97132db023097b068afb0b49f7019b4333ec71f7fdb4070d69f6027541eb9437e3091c2910d47dea3a4be4a9aba67dcbce3d738897e6871592f21

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Z6L1MDA7\environment-924e60bca7d2[1].js

Filesize
13KB

MD5
4a2369de0e86a0223c7c628431044722

SHA1
5da8427ff5c92fa98c7a45a80114ca2727044557

SHA256
5c43b409d6cd6d852908ed6a346056895f01fffe33a0f4cca5ab09a2516db136

SHA512
924e60bca7d23ea4fc251b5e2b8936d40eed86827bb00209cf9722e778842b0bdc4301b3dbcc8f56818474efb2d568a67d1f32ff2537cac0c5ca1ef90e8d9975

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Z6L1MDA7\repository-0f7cf89e325a[1].css

Filesize
29KB

MD5
1680289ab5dba7c7d2f122630b9c820b

SHA1
d24856e6233eb9a45e9b60e822c6dd92f32efa40

SHA256
81488a04cf8146db85d91c58695d5147a7a02d6ac61210d83decf90fe5ac9247

SHA512
0f7cf89e325a36d5dad6762760cd27d42e2b00c2adde6c5916a1872e536ad2eb02ddc58b4e5e67fdcde705677429cc8c353a8669bf0c4cb678b9053530716b0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Z6L1MDA7\ui_packages_updatable-content_updatable-content_ts-a2009221d154[1].js

Filesize
20KB

MD5
4e9f7979b68d6c1c0a78549650584b99

SHA1
7ff065b658887795e1b05a836fb020dde7e75739

SHA256
61cb1f56095ff469b42c371ba3a77dd6c6bc0b7eb3dc16fa21269f81e20907da

SHA512
a2009221d15440328d68088e565d5269e2315ab4e7676d4b757abcbd73eb39393f69f80b6b65a6d3febac440a3ba84e7859bf4c5b8655c9ad6402677becc5a1a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Z6L1MDA7\vendors-node_modules_delegated-events_dist_index_js-node_modules_github_catalyst_lib_index_js-06ff531-bf7e5a3732fd[1].js

Filesize
11KB

MD5
57ade457a2db48ce3827acaca61735c3

SHA1
fa201f97596c327ac68bf39600e91f3edced1368

SHA256
6e2d6a3eff85e0161488a91b33ec517d2aa727580a74be88666b47a0b4459a71

SHA512
bf7e5a3732fd2f07f6b274beb43d15397f077fc66beede98f59a295819dfd2814c935729244fd1eaa99a6788810b64cc00e57c846f3b0c02fa6ac514ffd2a3b6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Z6L1MDA7\vendors-node_modules_github_arianotify-polyfill_ariaNotify-polyfill_js-node_modules_github_mi-247092-627b030d3acc[1].js

Filesize
17KB

MD5
1c111fe76101ce227b6eafdb3e069426

SHA1
e9f11026ef0d49748329aafd0305357160c51ef5

SHA256
ca496e8815afb708406a5c9bcbf5bc99f4ac9d447be66955289fc68616699be7

SHA512
627b030d3accda760855f3c5cbcfb7dd9f2168e707a38cc0753e5c5f9abfc89dedc3259969c0f8979e881d280eff5a8ddc598124eeadc640221e39a8d6c8f1d4

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Z6L1MDA7\vendors-node_modules_github_quote-selection_dist_index_js-node_modules_github_textarea-autosi-9e0349-ab4976fc78a6[1].js

Filesize
31KB

MD5
670eff1e936ed44151e90903e0f286cd

SHA1
86ad48dcdc65bb33515e3ba82eedc77142b717ef

SHA256
764026cd8e6b740eab68b749c84d253e2e6231afacc5bbeb2fb7f0e0dbdc1205

SHA512
ab4976fc78a683e43f4b77302356b760c16e53b329caec3ad519a39003fafe805d32c8222348cd8e5ac944caf1313283b1535b8749860d1deabc3b096e637bb9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Z6L1MDA7\vendors-node_modules_github_selector-observer_dist_index_esm_js-f690fd9ae3d5[1].js

Filesize
9KB

MD5
e131f8c9b77918aeb94fd82199a423d6

SHA1
71eaae086cd44a8904f39d27fb5387bb957976f0

SHA256
01f9a0ec0bb24312ae0395b6aa238f8d910dc35c08ef5a25a1e9cd8feac83c32

SHA512
f690fd9ae3d5a240e479fea97ac82940f136f3f2e0262cac840345f2b956123117ca94424dc354d90d13f1c0169c24b19526505bb2fad70c8c364899474a9495

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Z6L1MDA7\vendors-node_modules_primer_behaviors_dist_esm_dimensions_js-node_modules_github_jtml_lib_index_js-53b423ede32a[1].js

Filesize
8KB

MD5
7609e9c9e92849341074061d54840414

SHA1
bca7f250abb5a00b6881125f9bc47ac8b7bcaf1f

SHA256
51665dff0fc071b5d207f500140620da814fe6de21c864d0c3ce5103d4e967f8

SHA512
53b423ede32a8836b0fb116823c89e93246a97f955eb137f095cc52761600f7a209534f85fec66325170b4a24a1235d4e5e4abe4033e095d3665ab379ea70a74

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\26C212D9399727259664BDFCA073966E_F9F7D6A7ECE73106D2A8C63168CDA10D

Filesize
312B

MD5
3dd90ba8457ab68cc759a74edd8a4a63

SHA1
754eb78f55c8346057ab2349236672f85f7a4be3

SHA256
8851dfae1648319c6a351ed3b1d3217529dc0b564db5079c7fa3af00cfca53e3

SHA512
6e51696999015739ec35c4c38daf9a2c52dd9ae9bd62664496043f36ef6860738b3050cebeb611e2b094ec2d685f33ccc5ac66a4b4e7f6711c7140028b9be0a6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A66A8DB907BADC9D16AD67B2FBFFDD5C

Filesize
280B

MD5
c34522f9247c0e36b88c24491a21fc74

SHA1
807e82bf1087138a70184f4593bc84ea8fae953a

SHA256
25e4b0c99888af816a4764b88f608ca98a9d904faa0f785490c348900ff1ddb9

SHA512
1f6fdccb88a1860f132ceaf14506331a591764379c9a262d4eab023475b1fbb6230e1ca66d95c6698d16930cee4ef9191e41f72d4f797090d039d3099cb8a4fd

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

Filesize
1KB

MD5
83bb76ab67bcef4df2b317b81006c4bb

SHA1
8f3e879f08edf0757be8ac4b1404ab4a61d4d86f

SHA256
35875644aa998c69faed15fe5180f41094799d7e2ae82c16b150f0d7eeebac48

SHA512
c741dea2cc28cc7ffa1f7c9017033eeb661f4ed90a9d43f4f82de601cb3fc5989220bf85863e85961058f369cde15987f61849ba152ef55c2be12f8f6b8a10cc

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

Filesize
979B

MD5
d5e8f7a9bc4388bd5d1117dd21f824ff

SHA1
2bae050693a200852b2127f688b50d777b9b5b6a

SHA256
9b554201d8e85d682184283e37fd1cc0d334429f29b7ff44d0d4e7bae38e251a

SHA512
4676f9eb0435c6685df530d019840b490c85a83ad79ee00f2fae0a6b721e009fb387d0f1c2710dd4676f23005835c6b87377b7484a794b72b8a43ad88b3dcb41

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\26C212D9399727259664BDFCA073966E_F9F7D6A7ECE73106D2A8C63168CDA10D

Filesize
400B

MD5
dc018b698ed6c8b23b6ee6fa73e696e1

SHA1
7a7261417d19e0439a244778f942b75af4a520a9

SHA256
8e2f3b76bf5779a7f6a7f20fce856440e6c7f4a7c2e5093af15c91ad503803e1

SHA512
2e230cc5b57386eced94e4da65908bd28a2dcad052cdc45984f893dcbb26ae7e89c4ef120d19f4907e12975885e24400e5fcff8cb7ceadbf91adb859415f72c9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A66A8DB907BADC9D16AD67B2FBFFDD5C

Filesize
480B

MD5
c3d56fc09bd308655fc8c07cd1b85d1a

SHA1
54e2dc995eb1ba46aed298f82023679c36fc7929

SHA256
2f2ca60724f0a8c781939f8216d0af91bb17672c9405afb9278922d9cdb93c6d

SHA512
53d36912a14760a74c9a0f0ae0a8ee20180fa3beb5b42b544e6997eddcad3e06634dcaabe8e87365297b335c5c2cc2d6ca6ebfc5b1a065ff2705cd1d77f6caac

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

Filesize
482B

MD5
5bad346fd5b02f86a72b82ce288416a8

SHA1
f56ebeec365f8ee79c7ebf7e94c453c8125263b7

SHA256
5a02c73e18b6043666306a3ddce649bd6be8422d31ab9aad2e194d4b0cec57e0

SHA512
86665b375342b7bc958827ee26e38f17d4581c1f972a934a5b59e70b828bd9a561cc8d78558e65d3db03f4cfbb04496b03b0ecb1e0ab9504268b0963b6f4a15a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

Filesize
480B

MD5
498ba274ea815d38dbab7d1d92d7081e

SHA1
e7667990ae905824a6b44d6f0c2dbd76973aed10

SHA256
d0ad311658e7bb90b26414c4beaf8071a64b02450cad147947a9fdb042825bf1

SHA512
8d182b0db4117d09ef067964f861b0c37c9369027430600fc6c557c006cec7f185e065cd20ec5c46b7fb40cc08e3a1bda573d2036679490838c3ed42b25138f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\2.tmp

Filesize
36B

MD5
8708699d2c73bed30a0a08d80f96d6d7

SHA1
684cb9d317146553e8c5269c8afb1539565f4f78

SHA256
a32e0a83001d2c5d41649063217923dac167809cab50ec5784078e41c9ec0f0f

SHA512
38ece3e441cc5d8e97781801d5b19bdede6065a0a50f7f87337039edeeb4a22ad0348e9f5b5542b26236037dd35d0563f62d7f4c4f991c51020552cfae03b264

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DFEF90FE6D15411042.TMP

Filesize
16KB

MD5
fd7302e4acacefca9c34e4508f369e3d

SHA1
a4d07a3adf34492ca33a21ea9d488d28d19ff122

SHA256
63f3d0c4c0757fcff754d8438f960f7f5bac31c32b3808ded41ae1fcb9103c52

SHA512
81d0ea744821dbae9545717ed08eb5bbbcdb072247299b66052838702318c40309a0a052e2703a6e65077f6047bc483c862f846c7488c96757673caf6bd4d6ea

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
ddc76f963014bfcfc314191f539062b4

SHA1
f9fc63f018927c033a45cc1093c0d62389ca7a4c

SHA256
6e6723a98b899921599435eaf00289c0eb49139cf91bacc688be376b1ea37064

SHA512
5a239e53e2e1e287e03502ccf59742e87a901770f5a0bc72adbeed77d8c3aa577ab17baaf2de22c998d864dc95f5caf3242a7e716e2c0b64030a368aaa5626dd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
3382570aa9c8566e02ff44e615232091

SHA1
32aadac44e03acdb18d65793e3674c43763ac071

SHA256
f65db3776184679e82d331615f61d07f67a2569cea07b92e712625f3cc7d8ea1

SHA512
1ee2ada7b223e93b65be846a8377618b1c937a0d11d77149f233cdf65144525d4d62f64331543e316ef307c43f8fc4f96f79fb471c6af8eb2592cc4cfe9b4446

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\6923da61-b462-4f8c-943a-d30296bad00f

Filesize
11KB

MD5
2eb1c74c3059c92d2fc329e5e61ec191

SHA1
48213a0948808e7ea1356ddb7ffaf6fe662f7a14

SHA256
164d9d22a12709f1ddfa0df2b5222f5f1af3876a97eac1d512f32794277d58f6

SHA512
8996a1ebb2b23dda58c585f6ad37a33aa13dd1c9e24acedc98a8d367bf7fef781c6fb5c9bfd70fe2dbe68a6467960bc81a12a6be7d7e27d335a535496dd4df8b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\fc4a459a-57bc-4766-8e32-d1e61928c859

Filesize
746B

MD5
9e5400e03b42fa7ba8b6caba9cc556c6

SHA1
682ec52baf9641d04a06a2bf9f5694ad7a17c4f8

SHA256
aae968e8bd86da090c82404f72ea6daadde929dbc042a8c7210acb663e919283

SHA512
99283a0b205a1b21fe6b1fc27657132519fb201c3b502f3313b3514198322401737c3e5a029418359e23bbd2e731a66873396adcccd6d4e3a93fbfe181e693ea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs-1.js

Filesize
6KB

MD5
e515ad3cfc45e84dcefb565dee4bfd99

SHA1
98f106540458ae0d789bc56f55730ee5deea961f

SHA256
75f161f7161de00c04520b6978a21501fdd5fdd568adb911fe7aafc5adcaba78

SHA512
01faf7cd8b0201aed496e3e2719b2d6727671eee1c252845c1bc02569c9ce3c7f10a112c1ecba5bd9d7761735a515013da5cd1c2bb1fe8479000e315d2601b6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs-1.js

Filesize
7KB

MD5
9bb34a8b2a0aa3efc9e14e422fc6d35c

SHA1
d8956b9571fb240fcc35f07025a31b1e1f78ce73

SHA256
dce03d063af41838dcdebbbdaa683bc38d3761d193dbeafd3d22e65596d04d63

SHA512
33c60c23ee21eee7f94fc4e60633eebe91b196c299164bf0fa75f6b38d99d6e0e103b770cae3876a59c19b88719dcc0a9b17295ef39a47d370f3286e5d2c8a4f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs-1.js

Filesize
6KB

MD5
7dcd45ebdb8e318537f944ac2e34ad7e

SHA1
6adf3b25f113d51395d8c86085c0890d16fa1902

SHA256
d6498fefde5b1beae02f4424a011c4316415a10981139b8c3f81c9932a0f27c6

SHA512
3ae7bbf284c9c8174f69604947e37b0d30e7787397153580994ed13591c577a9667b37706aa94b59b7c9332aae1bb9a5b8814828bdd762194f83bbf199e0c7ab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs.js

Filesize
6KB

MD5
1e865e3f42acf1290babac781c2687ee

SHA1
0aa1da6c6c7d547b4f57539aa2da3efa27e70ab4

SHA256
fdf29e37117419a31ee356cec7afc2b790edcbfb2528fbbd2638b4fccdac4b13

SHA512
6fd74bf7268c269c841f0d8284549aa1c835d0210a20e0b8a4dce888f70e4367b0e67aebd7899c4895ab1d32f8d05aeb812349a84ba695f79cd3c559d43a87f8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs.js

Filesize
7KB

MD5
db59e3714a32860d17a852da58d5fd55

SHA1
44e460f2e37a945157842cd960ba621b78c51fbb

SHA256
92f8faa49f33d869e56d37b9bb755f838310cfd6ecadaf9d1823f5a3719be3a1

SHA512
fcfde35bec3aa2f07d54b65d618968c913d171e675cfe7808d813681e0f3dd99e195b62e110f2729fc31237d3187291be037332ae1396464a06c65cb0f0b8cd4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs.js

Filesize
6KB

MD5
b1de5b6a099560eb7ef2dbd3f5f1f064

SHA1
64191dd66e412243fe9b2e9d545a38a84cd9af23

SHA256
32dd7685cc5ffaa7bdedf05aeaca6d14025b462d2bf7f888544d12811a6dc19c

SHA512
a22ba849f60b395119d16646b1cebdc229cc3dd84bf6086417c1abfef9ad0661cad17f4b55e2b5dbf939e25377e1f1cbaa9095a770dbf84bd9049b5eebbfdd47

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs.js

Filesize
6KB

MD5
961cf9997184875befbd5ee6abf49575

SHA1
2ac4c743d720a9007cbb8675e27130dd8ce2c26d

SHA256
105a97e21732978023df7ce103d4787ddf086398f0379ccb405b68cabd0b2d8a

SHA512
102d060670405c03d4597c06e3c51aa0e85a57588ccfe157adf2f65a238ea807ff3028838f26c6a2984bd79b2b1b42950229c4c19ab98b31c648da29ce3fc606

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs.js

Filesize
6KB

MD5
44ace21556820e94a2e7a304e779c674

SHA1
c8f409c16faae5eb492f7ad842d3c1f04dcb33db

SHA256
b47fb70923d64d6e3563b38acebb24acec71aa1ea7f34b7f6554c889356bc386

SHA512
f377cbac775eb98d49abb1eff54509c86512dae3442c72c6004e901945d688333e71889bf9cd6b9bf79a4a311384a7c81b85e1c8c84fb5abea5af56ad42af6f4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionCheckpoints.json.tmp

Filesize
259B

MD5
c8dc58eff0c029d381a67f5dca34a913

SHA1
3576807e793473bcbd3cf7d664b83948e3ec8f2d

SHA256
4c22e8a42797f14510228f9f4de8eea45c526228a869837bd43c0540092e5f17

SHA512
b8f7c4150326f617b63d6bc72953160804a3749f6dec0492779f6c72b3b09c8d1bd58f47d499205c9a0e716f55fe5f1503d7676a4c85d31d1c1e456898af77b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
f692725f054743da4e35d62885590d99

SHA1
ae797effe953c6974187581f106f06d15c296474

SHA256
31cddcf4fc08f8c86bfccb2ab952bd040b79fb8db0a8a34313cb12fdd96c23e1

SHA512
7b26521cbe9cc3fbd8388feedac4c2acb41faad532afdb5fe27e412ed35ed7c5030dba5908a859f627f94327c7050453486ce3217123125be8e37335945719a6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
0a8ea98ebc0c10590eb585a5b4e70405

SHA1
052c815f12f55ab3c61688d2c115f0be615cca71

SHA256
294dd646bdd20b715c25f24634e74092bc3cb0659224ed035182c45e886a8a4f

SHA512
bce765e452edba58ab579d321415b4c546074f80c455c136f2762235823b3ab3d739c3fc76e47c702515f43887c39408b2216192264f58ec6f4cdc2e0405d8fb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
2440e01479b8dcbde8ecb03ce8f30820

SHA1
d2e5459b5c03bf171e18397b979208198498c983

SHA256
2d77c801907c72eaec85ba67fe517ff55c4a1711b6fe5a7608cdd39446c2e629

SHA512
565adb88fe6ff369234e7045227f10b03ee094d31dfc96507d251dd8811f195dad737956d8f1abf79aa15a49c0a4cb5f144518c90b9577377ceb40c9b4fbe5b2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
d477138bc797c9d7ba5ebb7d99cb4b9e

SHA1
0578e0dad825ae42c329e9793ea3a3d9c16d4598

SHA256
0b6f4b5c280b45ffaa1d41ef5907247298d625914a7618aececf79d3a48897bd

SHA512
b683365f09ad410c378fff39bede066be226b07b0c56831d11bb85dc6fedaf2445f8b46ea86da866f7c758e35ce23f3d38cb03fe29939392809e167ba0ca7758

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
43dcb5ac9ed3fdfe152a1cfcbae06384

SHA1
a8592e33ace7dcab499e9bb4eb04e680b28d69df

SHA256
1ad0a56c87b2c7239286d238cfe73807b81c2465ad0898250735a35ceb5001cf

SHA512
bc30963c190f667e90dccd0ec22f42e3fa26cf84d6a0238a21ed84f3717a4e00c0ca076eaae4ad8088ea16fddd4cb01fb278e13ff7eda82041fa8dddbb866e3e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
0dc9b8ea008d5f9033bac1950994aee9

SHA1
97db907fd797c5e26a3e48aa03a5cac2f3af18a6

SHA256
b544ec9b89e0427fc1361a2feecf3ad0a5222578f0e34eb2485a9ef5400b563b

SHA512
c3160980b040247f6da4990f4320b8695345efdc6ad43cccccebabec00cf1553e824156c73c82880f28ddbb80ff2e424767a163ada6eb4328537d6a2cce3b6e4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
e99cad27e643b652eb7ec8f026bd3d63

SHA1
45b5eed217f3f7c61138c98079293b8e4d4e7770

SHA256
3962382bd2a58884f38712147abf619ea15ab14f237b74eb79d156e85133de87

SHA512
38ca5f292c3932b276a61118552ac228bab9157a0355a06d88185b8b4e5bf6b706031c4e0189017e62e07c0a2d8881b2a01faa58f57990ed98f4eddb8f5be7cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
319f10f48ac130e3b228859eb2381d80

SHA1
6b589281597ca6b0b7b4e94a4b05854d339aab7d

SHA256
4c6ba2d849221ca356b596a9a6931ed66bed3d2d7c5a423e0a997b055416117b

SHA512
378a2f39a23e78e693d697ddef06667fd9bd496601c12db546e026938adf5ae32de9a56b64acb68d534b3e9411bdcdb2494b4dc860eccf2b5336e4f0d7a3aa06

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
51ed63b2b53373f8ff888d7ed521580d

SHA1
1a78ae8a21f36e0b1edf9789cf8c5f9347349ff9

SHA256
d3b784c645acb55a9da2a400074d857d9e32c62d035ee46f07721d2fda7bc074

SHA512
6aa97472d7ccf5488d9b7b505dff7424b106775337a371c5c8e4573c9de6aa6a38ad8c81c83838d5865edda3f7f633fc02b87ab366dfc84f7255ca577ce493b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
98cb71645e9191831c868360ead31f49

SHA1
a1f6fa0b861b063cb33702bb64211041a9044ba2

SHA256
4f1b4759090737114eb0de5e6881a856d57203d8747bc557c0fbd3ce1e152a5f

SHA512
a9b29a164c7270f202736b36f1ba8b2ad3f2a3e24448d0042d746cb3c9f2599667b63ea4a53412eb13fae4790b3e4dadbd8851eb188e3ce269f9a083efbc52b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
72bbea60d2f738e6cdeca9454355d85f

SHA1
7637317fbd662808c495a0fd8cefd4c5895cf319

SHA256
47ca0a86d61f3af2ce08a812d2b3cfc5e9e2ff6ea60d46375289b1aa3c5d2c4c

SHA512
53f08b339cf010c9d25cee55b88a70b6fed4b8b1145ff8327d84c20bd8f1a023e8cd605593bd338cd5e06edf96ea879f4e797f0503aa0182b67399af7aa71636

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore.jsonlz4

Filesize
5KB

MD5
d886bc04a031bd8e04466656cc090acc

SHA1
732a3987bd384fd80e08cc8934fcf1d7f876727f

SHA256
9088bab19d37de6e6131cb06b0904874154116fa6a5c0540135b21f49ac9e9b9

SHA512
ae3a0d62243d6c9ccead52cc6135679e0802e8af9ac53e8e41b0f4b66e021673786994b4d86f185e90bfb10203eb3a88a497e82105becf2f61d7dacd03acdefe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
3018d1aad8385b734068dbad441e344e

SHA1
2a3925bc92ec843db64b6db2cd6fe18ccf084a86

SHA256
f33415b0b1fc8c7e52356318d44aef1ae6bd9c64a89afa012d43a01a79954f88

SHA512
7ab1a1115a4f7ac61ba41bfe5875792cfa84d81f14f71239e43848de5940bfa07e2e34ea4be85a61c091d0b4b7742f3f55961fd26734b528cdb2c0b4d169c5e0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
192KB

MD5
5cc689a8a19cac65bff1c528466f2a94

SHA1
6ea24bea8fae25fb53b65e3f7fe29b32fa6b3743

SHA256
127b2bd20b7b1593f783facdd63f8d97458d9b51ba4a1313475ff923729d69cc

SHA512
136e3f664907a3d5cac7bcfa883aea8d8264420a9f5642cdcf07c0c2c4410532d2219733bd09cef9fedd10e29665ade5ef9946865bce3482816435d17a13b85e

Download Submit
C:\Users\Admin\Downloads\0G1dyXoA.zip.part

Filesize
275KB

MD5
6db8a7da4e8dc527d445b7a37d02d5d6

SHA1
4fcc7cff8b49a834858d8c6016c3c6f109c9c794

SHA256
7cc43d4259f9dbe6806e1c067ebd1784eaaf56a026047d9380be944b71e5b984

SHA512
b1b4269da8a0648747c4eee7a26619b29d8d1182fe12446c780091fef205a7b5e6fb93c9b74c710cca5d2e69600579b9d470e31a32689ecc570d0c4bbe4fe718

Download Submit
C:\Users\Admin\Downloads\Slr8g7ov.zip.part

Filesize
364KB

MD5
fceafeb5366fde06752d7249463fbdef

SHA1
4a4663496aa3a84ed23df76cd1ad6b6582c7130c

SHA256
dbe313c710acfb75149045d93887aaae8b62cf8932951baa82b2a995fcf6fefa

SHA512
de03e23d7594730b42897c0afaacaddaa181334efad4a35fb7df21fa0d25e834b391b20ab4e612a4a17a1b0c54a1e33d9be3d1efed4170a86de81eb67ff98f93

Download Submit
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe

Filesize
153KB

MD5
f33a4e991a11baf336a2324f700d874d

SHA1
9da1891a164f2fc0a88d0de1ba397585b455b0f4

SHA256
a87524035509ff7aa277788e1a9485618665b7da35044d70c41ec0f118f3dfd7

SHA512
edf066968f31451e21c7c21d3f54b03fd5827a8526940c1e449aad7f99624577cbc6432deba49bb86e96ac275f5900dcef8d7623855eb3c808e084601ee1df20

Download Submit
memory/612-676-0x000001309CAD0000-0x000001309CAD1000-memory.dmp

Filesize
4KB

Download
memory/612-333-0x0000013094120000-0x0000013094130000-memory.dmp

Filesize
64KB

Download
memory/612-368-0x00000130932F0000-0x00000130932F2000-memory.dmp

Filesize
8KB

Download
memory/612-677-0x000001309CAE0000-0x000001309CAE1000-memory.dmp

Filesize
4KB

Download
memory/612-349-0x0000013094220000-0x0000013094230000-memory.dmp

Filesize
64KB

Download
memory/4200-4648-0x0000000000EE0000-0x0000000000F54000-memory.dmp

Filesize
464KB

Download
memory/4200-4649-0x0000000005E30000-0x000000000632E000-memory.dmp

Filesize
5.0MB

Download
memory/4200-4650-0x0000000005930000-0x00000000059C2000-memory.dmp

Filesize
584KB

Download
memory/4200-4651-0x00000000058E0000-0x00000000058EA000-memory.dmp

Filesize
40KB

Download
memory/5188-377-0x0000023AEE4C0000-0x0000023AEE5C0000-memory.dmp

Filesize
1024KB

Download
memory/5612-406-0x000001FCBFC00000-0x000001FCBFD00000-memory.dmp

Filesize
1024KB

Download
memory/5612-454-0x000001FCD08F0000-0x000001FCD0910000-memory.dmp

Filesize
128KB

Download
memory/5612-449-0x000001FCD0660000-0x000001FCD0680000-memory.dmp

Filesize
128KB

Download
memory/5720-512-0x000001F2BBDE0000-0x000001F2BBDE2000-memory.dmp

Filesize
8KB

Download
memory/5720-574-0x000001F2CD4E0000-0x000001F2CD4E2000-memory.dmp

Filesize
8KB

Download
memory/5720-518-0x000001F2BC9D0000-0x000001F2BC9D2000-memory.dmp

Filesize
8KB

Download
memory/5720-522-0x000001F2BCBB0000-0x000001F2BCBB2000-memory.dmp

Filesize
8KB

Download
memory/5720-520-0x000001F2BC9F0000-0x000001F2BC9F2000-memory.dmp

Filesize
8KB

Download
memory/5720-514-0x000001F2BC1C0000-0x000001F2BC1C2000-memory.dmp

Filesize
8KB

Download
memory/5720-794-0x000001F2BBD10000-0x000001F2BBD20000-memory.dmp

Filesize
64KB

Download
memory/5720-538-0x000001F2CD610000-0x000001F2CD630000-memory.dmp

Filesize
128KB

Download
memory/5720-553-0x000001F2CD910000-0x000001F2CD930000-memory.dmp

Filesize
128KB

Download
memory/5720-516-0x000001F2BC1E0000-0x000001F2BC1E2000-memory.dmp

Filesize
8KB

Download
memory/5720-576-0x000001F2CD670000-0x000001F2CD770000-memory.dmp

Filesize
1024KB

Download
memory/5720-797-0x000001F2BBD10000-0x000001F2BBD20000-memory.dmp

Filesize
64KB

Download
memory/5720-626-0x000001F2CD7C0000-0x000001F2CD7C2000-memory.dmp

Filesize
8KB

Download
memory/5720-721-0x000001F2DF960000-0x000001F2DF980000-memory.dmp

Filesize
128KB

Download
memory/5720-796-0x000001F2BBD10000-0x000001F2BBD20000-memory.dmp

Filesize
64KB

Download
memory/5720-799-0x000001F2BBD10000-0x000001F2BBD20000-memory.dmp

Filesize
64KB

Download
memory/6196-4535-0x000001904A060000-0x000001904A08E000-memory.dmp

Filesize
184KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads