Malware Analysis Report

2024-11-30 19:29

Sample ID 240927-b9vwpssapa
Target Silver Rat [Re Lab].7z
SHA256 a384bad25740a4b783eaadd6ade53d96e878e1313c34321ddfb23149fbf6366d
Tags
agilenet discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

a384bad25740a4b783eaadd6ade53d96e878e1313c34321ddfb23149fbf6366d

Threat Level: Shows suspicious behavior

The file Silver Rat [Re Lab].7z was found to be: Shows suspicious behavior.

Malicious Activity Summary

agilenet discovery

Executes dropped EXE

Checks computer location settings

Obfuscated with Agile.Net obfuscator

Drops file in System32 directory

Drops file in Windows directory

Unsigned PE

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Modifies registry class

Suspicious behavior: MapViewOfSection

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Uses Task Scheduler COM API

Modifies Internet Explorer settings

Modifies data under HKEY_USERS

Suspicious use of WriteProcessMemory

Checks processor information in registry

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-27 01:51

Signatures

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-27 01:51

Reported

2024-09-27 02:01

Platform

win10-20240404-en

Max time kernel

586s

Max time network

563s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab].7z"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat C:\Windows\system32\SearchProtocolHost.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\system32\SearchIndexer.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{97E467B4-98C6-4F19-9588-161B7773D6F6} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000571f84098010db01 C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\OpenWithList C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{80009818-F38F-4AF1-87B5-EADAB9433E58} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000f9b7df118010db01 C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.adts C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice\Hash = "nJKTzu54v6I=" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.jfif = "1" C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wdp\UserChoice C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice\ProgId = "AppX6eg8h5sxqq90pv53845wmnbewywdqq5h" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice\Hash = "B6gwmLtHtrw=" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-174 = "Microsoft PowerPoint Presentation" C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\OpenWithList C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WPL\UserChoice C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.ADTS = "1" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@windows.storage.dll,-34583 = "Saved Pictures" C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice\ProgId = "AppX6eg8h5sxqq90pv53845wmnbewywdqq5h" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-107 = "Microsoft Excel Comma Separated Values File" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9932 = "MP4 Video" C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2 C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.mp4 = "1" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-177 = "Microsoft PowerPoint Macro-Enabled Slide Show" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice\ProgId = "AppXqj98qxeaynz6dv4459ayz6bnqxbyaqcs" C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE C:\Windows\system32\SearchFilterHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SBE C:\Windows\system32\SearchFilterHost.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.3gp = "1" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.adts\UserChoice\ProgId = "AppXqj98qxeaynz6dv4459ayz6bnqxbyaqcs" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice\Hash = "iOHi24IdhyQ=" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.AAC = "1" C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\MPEG2Demultiplexer C:\Windows\system32\SearchFilterHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-120 = "Microsoft Word 97 - 2003 Document" C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice\ProgId = "AppX6eg8h5sxqq90pv53845wmnbewywdqq5h" C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9937 = "3GPP Audio/Video" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-182 = "Microsoft PowerPoint Template" C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-176 = "Microsoft PowerPoint Macro-Enabled Presentation" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Common Files\system\wab32res.dll,-10100 = "Contacts" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.raw = "1" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-115 = "Microsoft Excel 97-2003 Worksheet" C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions C:\Windows\system32\SearchFilterHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice\ProgId = "AppX6eg8h5sxqq90pv53845wmnbewywdqq5h" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice\Hash = "i9zJGGYUVeg=" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Windows\System32\Windows.UI.Immersive.dll,-38304 = "Public Account Pictures" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-140 = "Microsoft OneNote Section" C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{1E589E9D-8A8D-46D9-A2F9-E6D4F8161EE9} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000542af4018010db01 C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.adts\UserChoice C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.wma = "1" C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3 C:\Windows\system32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-125 = "Microsoft Word Template" C:\Windows\system32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithList C:\Windows\system32\SearchProtocolHost.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 8472a7528010db01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\msn.com\Total = "189" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 37d53b558010db01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = db88d5488010db01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 20f40c438010db01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.msn.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = 01000000571fe052bf5cdeed9100685d2801ae894f3be39ee3d81d311c1c0fe568fec7a87f53a7204460db0aff15f945b22d86cca75a4604bd27d57f3606 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "23" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "6826" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = f998cc4a8010db01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\OneBoxLoadAttempts = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B7216 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 4eafdc488010db01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "537" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{7E9F971E-B41D-4B3C-B7D2-6322A24EA186} = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\SearchIndexer.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2116 wrote to memory of 792 N/A C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\SearchProtocolHost.exe
PID 2116 wrote to memory of 792 N/A C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\SearchProtocolHost.exe
PID 2116 wrote to memory of 3932 N/A C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\SearchFilterHost.exe
PID 2116 wrote to memory of 3932 N/A C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\SearchFilterHost.exe
PID 3888 wrote to memory of 2628 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3888 wrote to memory of 2628 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3888 wrote to memory of 2628 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3888 wrote to memory of 2628 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2116 wrote to memory of 1428 N/A C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\SearchProtocolHost.exe
PID 2116 wrote to memory of 1428 N/A C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\SearchProtocolHost.exe
PID 3888 wrote to memory of 4528 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3888 wrote to memory of 4528 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3888 wrote to memory of 4528 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3888 wrote to memory of 4528 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2116 wrote to memory of 3396 N/A C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\SearchFilterHost.exe
PID 2116 wrote to memory of 3396 N/A C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\SearchFilterHost.exe
PID 3888 wrote to memory of 2316 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3888 wrote to memory of 2316 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3888 wrote to memory of 2316 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3888 wrote to memory of 2316 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3888 wrote to memory of 2316 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3888 wrote to memory of 2316 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3888 wrote to memory of 2316 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3888 wrote to memory of 2316 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3888 wrote to memory of 2316 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3888 wrote to memory of 2316 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3888 wrote to memory of 2316 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3888 wrote to memory of 2316 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3888 wrote to memory of 3720 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3888 wrote to memory of 3720 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3888 wrote to memory of 3720 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3888 wrote to memory of 3720 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 5888 wrote to memory of 5884 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5888 wrote to memory of 5884 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5888 wrote to memory of 5884 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5888 wrote to memory of 5884 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5888 wrote to memory of 5884 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5888 wrote to memory of 5884 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5888 wrote to memory of 5884 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5888 wrote to memory of 5884 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5888 wrote to memory of 5884 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5888 wrote to memory of 5884 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5888 wrote to memory of 5884 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5884 wrote to memory of 6092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5884 wrote to memory of 6092 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5884 wrote to memory of 6116 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5884 wrote to memory of 6116 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5884 wrote to memory of 6116 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5884 wrote to memory of 6116 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5884 wrote to memory of 6116 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5884 wrote to memory of 6116 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5884 wrote to memory of 6116 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5884 wrote to memory of 6116 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5884 wrote to memory of 6116 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5884 wrote to memory of 6116 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5884 wrote to memory of 6116 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5884 wrote to memory of 6116 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5884 wrote to memory of 6116 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5884 wrote to memory of 6116 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5884 wrote to memory of 6116 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5884 wrote to memory of 6116 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5884 wrote to memory of 6116 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5884 wrote to memory of 6116 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5884 wrote to memory of 6116 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab].7z"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\SearchIndexer.exe /Embedding

C:\Windows\system32\SearchProtocolHost.exe

"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"

C:\Windows\system32\SearchFilterHost.exe

"C:\Windows\system32\SearchFilterHost.exe" 0 684 688 696 8192 692

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Videos\" -an -ai#7zMap2907:92:7zEvent16325

C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe

"C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\system32\SearchProtocolHost.exe

"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-3699363923-1875576828-3287151903-10002_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-3699363923-1875576828-3287151903-10002 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\system32\SearchFilterHost.exe

"C:\Windows\system32\SearchFilterHost.exe" 0 684 688 696 8192 692

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.0.531824806\1998522649" -parentBuildID 20221007134813 -prefsHandle 1700 -prefMapHandle 1688 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7168f5e3-5623-487e-baea-30abc0471ad9} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 1792 247aa2f2858 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.1.1389252715\983044624" -parentBuildID 20221007134813 -prefsHandle 2120 -prefMapHandle 2116 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {66941f3e-db7f-4cdb-9791-f7c2f274402b} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 2148 247aa1f9b58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.2.1993190500\191469458" -childID 1 -isForBrowser -prefsHandle 2924 -prefMapHandle 2952 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c188247-26c8-4ea5-801a-7e97582bba04} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 2972 247ae49a858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.3.499805496\122171361" -childID 2 -isForBrowser -prefsHandle 3508 -prefMapHandle 3504 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d0f4824-df17-44a9-941b-040c392aca43} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 3520 247af364b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.4.949380999\960582095" -childID 3 -isForBrowser -prefsHandle 4208 -prefMapHandle 4192 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae21bcc0-bcb9-4f50-94f6-74c3fad1acc5} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 4220 247b0394658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.5.345997566\1711631085" -childID 4 -isForBrowser -prefsHandle 4584 -prefMapHandle 4596 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb4018bf-7af1-437a-89fb-3fe165c61a5a} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 4568 247acb80458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.6.613729753\2057319700" -childID 5 -isForBrowser -prefsHandle 5000 -prefMapHandle 5004 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c92a88b-210a-46b7-8b23-4fa953ee1ca7} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 4488 247acb81958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.7.221046777\1717277599" -childID 6 -isForBrowser -prefsHandle 5180 -prefMapHandle 5184 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {98bc79df-aa75-4cb8-97d3-2737cefd17cf} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 5172 247acb81058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.8.646747563\923936938" -childID 7 -isForBrowser -prefsHandle 5676 -prefMapHandle 5672 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc07f942-a4e9-450d-82f2-88ee3c25b699} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 5636 247b1b76e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.9.308737961\233726602" -childID 8 -isForBrowser -prefsHandle 5048 -prefMapHandle 2772 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6eafcde2-133f-4d6e-8c63-5efc3be73ee8} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 2580 247b1c8a858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.10.2030316331\780181336" -childID 9 -isForBrowser -prefsHandle 4240 -prefMapHandle 4312 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f58e335f-10b0-4e8d-90fe-8f37c7cacea2} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 3444 247b2660c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.11.971980314\1785392213" -childID 10 -isForBrowser -prefsHandle 5104 -prefMapHandle 5092 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {22351320-5bd5-4219-9b64-bec267097a02} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 5096 247b2661858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.12.805743399\264445475" -childID 11 -isForBrowser -prefsHandle 4500 -prefMapHandle 4732 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f303f94c-fd11-4702-9ecc-c5aae808211f} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 5096 247b3184e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.13.1452706913\1034648483" -childID 12 -isForBrowser -prefsHandle 5984 -prefMapHandle 5084 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {36ccab58-5be9-4b8c-ac5a-9cf9aac49dac} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 9776 247b2660c58 tab

C:\Windows\system32\SearchProtocolHost.exe

"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"

C:\Windows\system32\SearchFilterHost.exe

"C:\Windows\system32\SearchFilterHost.exe" 0 684 688 696 8192 692

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.14.2016959268\1011434104" -childID 13 -isForBrowser -prefsHandle 4980 -prefMapHandle 5196 -prefsLen 27459 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {149b7104-1b86-47a0-a0a5-1d9915b78772} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 3444 247b0547058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.15.1332394590\1683595877" -childID 14 -isForBrowser -prefsHandle 5080 -prefMapHandle 9164 -prefsLen 27459 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {00315766-dbec-4b32-9a8c-c65c277f51ab} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 5048 247b0623458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.16.814256288\304181660" -childID 15 -isForBrowser -prefsHandle 9088 -prefMapHandle 6168 -prefsLen 27468 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {63b94c79-1ff1-409d-9f71-1ae9e85abe76} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 9000 247aeae4258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.17.1147323742\599880594" -childID 16 -isForBrowser -prefsHandle 9172 -prefMapHandle 4220 -prefsLen 27468 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6229e105-3299-44c5-8d79-61b071597794} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 4316 247b0546158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.18.646189082\688046775" -childID 17 -isForBrowser -prefsHandle 5228 -prefMapHandle 9452 -prefsLen 27468 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {603f2ba4-7956-4b93-9872-63ea3a6a577c} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 1604 247aeae4258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.19.1781648664\1780520983" -childID 18 -isForBrowser -prefsHandle 9100 -prefMapHandle 9112 -prefsLen 27468 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e81a648c-2384-46a4-98f4-448c13ce2dd8} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 9156 247b0548858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.20.1196876306\1097513492" -childID 19 -isForBrowser -prefsHandle 9060 -prefMapHandle 9048 -prefsLen 27468 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e9593b0-a343-4e2f-8680-6c432d3d926b} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 5464 247aeae4258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.21.1967176870\934575212" -childID 20 -isForBrowser -prefsHandle 5228 -prefMapHandle 4452 -prefsLen 27468 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {379902ea-5cd1-44fa-a61b-8b599af3bed5} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 2680 247b0546458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.22.1301162555\357446255" -childID 21 -isForBrowser -prefsHandle 4352 -prefMapHandle 9080 -prefsLen 27468 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa29ee01-8fa8-447b-bed1-c6557c51eb24} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 1604 247aeae4258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.23.451165555\1603169111" -childID 22 -isForBrowser -prefsHandle 9708 -prefMapHandle 9324 -prefsLen 27468 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bedc5774-e12c-4492-9c4d-7c71cd33dc39} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 9376 247b0548858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.24.1846588849\1633957595" -childID 23 -isForBrowser -prefsHandle 4748 -prefMapHandle 5004 -prefsLen 27468 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {93482ed2-7675-4341-a574-4d25207b0aee} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 8944 247b1d27b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.25.972210813\268856497" -childID 24 -isForBrowser -prefsHandle 9064 -prefMapHandle 4760 -prefsLen 27468 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ac4eb5d-13d0-4833-9358-4704ea7246a7} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 6016 247b204c058 tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 174.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 dotnet.microsoft.com udp
US 13.107.246.64:443 dotnet.microsoft.com tcp
US 13.107.246.64:443 dotnet.microsoft.com tcp
US 13.107.246.64:443 dotnet.microsoft.com tcp
US 13.107.246.64:443 dotnet.microsoft.com tcp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 13.107.246.64:443 dotnet.microsoft.com tcp
US 13.107.246.64:443 dotnet.microsoft.com tcp
US 13.107.246.64:443 dotnet.microsoft.com tcp
US 13.107.246.64:443 dotnet.microsoft.com tcp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 www.msn.com udp
US 204.79.197.203:443 www.msn.com tcp
US 204.79.197.203:443 www.msn.com tcp
US 8.8.8.8:53 assets.msn.com udp
GB 92.123.128.29:443 assets.msn.com tcp
GB 92.123.128.29:443 assets.msn.com tcp
GB 92.123.128.29:443 assets.msn.com tcp
GB 92.123.128.29:443 assets.msn.com tcp
US 8.8.8.8:53 browser.events.data.msn.com udp
US 20.189.173.2:443 browser.events.data.msn.com tcp
US 20.189.173.2:443 browser.events.data.msn.com tcp
US 8.8.8.8:53 29.128.123.92.in-addr.arpa udp
US 204.79.197.203:443 www.msn.com tcp
US 204.79.197.203:443 www.msn.com tcp
US 8.8.8.8:53 2.173.189.20.in-addr.arpa udp
GB 92.123.128.167:443 www.bing.com tcp
GB 92.123.128.167:443 www.bing.com tcp
GB 92.123.128.167:443 www.bing.com tcp
GB 92.123.128.167:443 www.bing.com tcp
US 8.8.8.8:53 167.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
GB 92.123.128.181:443 r.bing.com tcp
GB 92.123.128.181:443 r.bing.com tcp
GB 92.123.128.181:443 r.bing.com tcp
GB 92.123.128.181:443 r.bing.com tcp
US 8.8.8.8:53 s.bingparachute.com udp
GB 92.123.128.167:443 r.bing.com tcp
GB 92.123.128.167:443 r.bing.com tcp
GB 23.204.237.191:443 s.bingparachute.com tcp
GB 23.204.237.191:443 s.bingparachute.com tcp
US 8.8.8.8:53 181.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 191.237.204.23.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
NL 40.126.32.134:443 login.microsoftonline.com tcp
NL 40.126.32.134:443 login.microsoftonline.com tcp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
GB 92.123.128.146:443 th.bing.com tcp
GB 92.123.128.146:443 th.bing.com tcp
GB 92.123.128.146:443 th.bing.com tcp
US 8.8.8.8:53 146.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
GB 92.123.128.167:443 th.bing.com tcp
GB 92.123.128.167:443 th.bing.com tcp
US 13.107.246.64:443 dotnet.microsoft.com tcp
US 13.107.246.64:443 dotnet.microsoft.com tcp
N/A 127.0.0.1:51757 tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 166.188.117.34.in-addr.arpa udp
US 8.8.8.8:53 86.84.165.35.in-addr.arpa udp
N/A 127.0.0.1:51764 tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 228.187.250.142.in-addr.arpa udp
GB 142.250.187.228:443 www.google.com udp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 csp.withgoogle.com udp
GB 216.58.213.17:443 csp.withgoogle.com tcp
US 8.8.8.8:53 csp.withgoogle.com udp
US 8.8.8.8:53 csp.withgoogle.com udp
GB 216.58.213.17:443 csp.withgoogle.com udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 17.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 142.250.178.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 216.58.201.106:443 ogads-pa.googleapis.com tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 216.58.201.106:443 ogads-pa.googleapis.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 216.58.201.106:443 ogads-pa.googleapis.com udp
GB 142.250.178.14:443 play.google.com udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 consent.google.com udp
GB 142.250.178.14:443 consent.google.com tcp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 consent.google.com udp
GB 142.250.178.14:443 consent.google.com udp
US 8.8.8.8:53 dotnet.microsoft.com udp
US 8.8.8.8:53 s-part-0036.t-0009.t-msedge.net udp
US 13.107.246.64:443 s-part-0036.t-0009.t-msedge.net tcp
US 8.8.8.8:53 s-part-0036.t-0009.t-msedge.net udp
US 13.107.246.64:443 s-part-0036.t-0009.t-msedge.net tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 support.microsoft.com udp
US 8.8.8.8:53 e3843.dscb.akamaiedge.net udp
GB 92.123.240.111:443 e3843.dscb.akamaiedge.net tcp
US 8.8.8.8:53 e3843.dscb.akamaiedge.net udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 mem.gfx.ms udp
US 8.8.8.8:53 111.240.123.92.in-addr.arpa udp
GB 92.123.241.137:443 www.microsoft.com tcp
US 8.8.8.8:53 e13678.dscb.akamaiedge.net udp
US 8.8.8.8:53 a1449.dscg2.akamai.net udp
US 13.107.246.64:443 mem.gfx.ms tcp
US 8.8.8.8:53 s-part-0036.t-0009.t-msedge.net udp
US 8.8.8.8:53 e13678.dscb.akamaiedge.net udp
US 8.8.8.8:53 a1449.dscg2.akamai.net udp
GB 92.123.241.137:443 e13678.dscb.akamaiedge.net tcp
US 8.8.8.8:53 js.monitor.azure.com udp
US 13.107.246.64:443 js.monitor.azure.com tcp
NL 40.126.32.134:443 login.microsoftonline.com tcp
US 8.8.8.8:53 www.tm.ak.prd.aadg.trafficmanager.net udp
US 8.8.8.8:53 www.tm.ak.prd.aadg.trafficmanager.net udp
US 13.107.246.64:443 js.monitor.azure.com tcp
US 8.8.8.8:53 aadcdn.msftauth.net udp
US 152.199.21.175:443 aadcdn.msftauth.net tcp
US 8.8.8.8:53 sni1gl.wpc.omegacdn.net udp
US 8.8.8.8:53 sni1gl.wpc.omegacdn.net udp
US 8.8.8.8:53 137.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 153.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 175.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 www.tm.v4.a.prd.aadg.trafficmanager.net udp
US 8.8.8.8:53 www.tm.v4.a.prd.aadg.trafficmanager.net udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
NL 52.178.17.233:443 browser.events.data.microsoft.com tcp
NL 52.178.17.233:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 onedscolprdweu08.westeurope.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdweu08.westeurope.cloudapp.azure.com udp
US 8.8.8.8:53 logincdn.msftauth.net udp
US 152.199.21.175:443 logincdn.msftauth.net tcp
US 8.8.8.8:53 sni1gl.wpc.alphacdn.net udp
US 8.8.8.8:53 sni1gl.wpc.alphacdn.net udp
US 8.8.8.8:53 233.17.178.52.in-addr.arpa udp
US 8.8.8.8:53 iris-de-prod-azsc-v2-frc-b.francecentral.cloudapp.azure.com udp
US 8.8.8.8:53 iris-de-prod-azsc-v2-frc-b.francecentral.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdweu08.westeurope.cloudapp.azure.com udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 8.8.8.8:53 onedscolprdeus02.eastus.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdeus02.eastus.cloudapp.azure.com udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 8.8.8.8:53 onedscolprdcus18.centralus.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdcus18.centralus.cloudapp.azure.com udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
DE 23.55.161.185:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.14:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 172.217.169.14:443 redirector.gvt1.com udp
US 8.8.8.8:53 r3---sn-5hneknek.gvt1.com udp
NL 74.125.8.136:443 r3---sn-5hneknek.gvt1.com tcp
US 8.8.8.8:53 r3.sn-5hneknek.gvt1.com udp
US 8.8.8.8:53 r3.sn-5hneknek.gvt1.com udp
US 8.8.8.8:53 185.161.55.23.in-addr.arpa udp
US 8.8.8.8:53 14.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 136.8.125.74.in-addr.arpa udp
NL 74.125.8.136:443 r3.sn-5hneknek.gvt1.com udp
US 8.8.8.8:53 support.microsoft.com udp
US 8.8.8.8:53 e3843.dscb.akamaiedge.net udp
US 8.8.8.8:53 e3843.dscb.akamaiedge.net udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 8.8.8.8:53 onedscolprdeus20.eastus.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdeus20.eastus.cloudapp.azure.com udp
US 8.8.8.8:53 support.microsoft.com udp
US 8.8.8.8:53 e3843.dscb.akamaiedge.net udp
US 8.8.8.8:53 e3843.dscb.akamaiedge.net udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 8.8.8.8:53 onedscolprdwus11.westus.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdwus11.westus.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdwus11.westus.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdwus11.westus.cloudapp.azure.com udp
GB 172.217.16.228:443 www.google.com udp

Files

memory/2116-2-0x000001F965F70000-0x000001F965F80000-memory.dmp

memory/2116-18-0x000001F966120000-0x000001F966130000-memory.dmp

memory/2116-34-0x000001F96A5D0000-0x000001F96A5D8000-memory.dmp

memory/3932-40-0x000001BA38260000-0x000001BA38270000-memory.dmp

memory/3932-42-0x000001BA38290000-0x000001BA382A0000-memory.dmp

memory/3932-43-0x000001BA38290000-0x000001BA382A0000-memory.dmp

memory/3932-45-0x000001BA38290000-0x000001BA382A0000-memory.dmp

memory/3932-46-0x000001BA38290000-0x000001BA382A0000-memory.dmp

memory/3932-47-0x000001BA38290000-0x000001BA382A0000-memory.dmp

memory/3932-48-0x000001BA38290000-0x000001BA382A0000-memory.dmp

memory/3932-51-0x000001BA38290000-0x000001BA382A0000-memory.dmp

memory/3932-53-0x000001BA38290000-0x000001BA382A0000-memory.dmp

memory/3932-56-0x000001BA38290000-0x000001BA382A0000-memory.dmp

memory/3932-55-0x000001BA38290000-0x000001BA382A0000-memory.dmp

memory/3932-60-0x000001BA38290000-0x000001BA382A0000-memory.dmp

memory/3932-62-0x000001BA38290000-0x000001BA382A0000-memory.dmp

memory/3932-61-0x000001BA38290000-0x000001BA382A0000-memory.dmp

memory/3932-59-0x000001BA38290000-0x000001BA382A0000-memory.dmp

memory/3932-54-0x000001BA38290000-0x000001BA382A0000-memory.dmp

memory/3932-52-0x000001BA38290000-0x000001BA382A0000-memory.dmp

memory/2116-63-0x000001F96C070000-0x000001F96C078000-memory.dmp

memory/2116-65-0x000001F96DA60000-0x000001F96DA68000-memory.dmp

memory/2116-67-0x000001F96DCE0000-0x000001F96DCE8000-memory.dmp

memory/2116-69-0x000001F96DF00000-0x000001F96DF08000-memory.dmp

memory/2116-70-0x000001F96DEF0000-0x000001F96DEF1000-memory.dmp

memory/2116-72-0x000001F96DEF0000-0x000001F96DEF8000-memory.dmp

memory/3932-74-0x000001BA38260000-0x000001BA38270000-memory.dmp

memory/3932-75-0x000001BA38290000-0x000001BA382A0000-memory.dmp

memory/3932-78-0x000001BA38290000-0x000001BA382A0000-memory.dmp

memory/3932-79-0x000001BA38290000-0x000001BA382A0000-memory.dmp

memory/3932-80-0x000001BA38290000-0x000001BA382A0000-memory.dmp

memory/3932-82-0x000001BA38290000-0x000001BA382A0000-memory.dmp

memory/3932-81-0x000001BA38290000-0x000001BA382A0000-memory.dmp

memory/3932-85-0x000001BA38290000-0x000001BA382A0000-memory.dmp

C:\Users\Admin\Videos\Silver Rat [Re Lab]\Profiles\SocketPort.xml

MD5 5f807862258a390b2e2f75abb6d2c865
SHA1 22abc144aa034c6490cbf143a8f1cdd42bd06d1b
SHA256 7b87c31f6d1163fc236651f5e1f3187cfa0c79d4a85d20c1c05f1dc3056c4823
SHA512 b831e4b2eeec23e39544961cef6619c8d57c50b53dc6bad8846682df6f5252041f50ce33cbe182488288d6d5e2e3e5194055ee4143ceb09f9601ed49d39dba39

C:\Users\Admin\Videos\Silver Rat [Re Lab]\stub.cs

MD5 255787b7316051d866d8a8a384102c9a
SHA1 5a9fe0570579b7fe3916ec51abaa6606cf44dd18
SHA256 1ffef5d31a2d6dbc01177fcf7835c9d9eeb4334bd39b20ec76eb2be1ba429f3f
SHA512 3016709d0ca83b58abadf1db647ff313105fa03e738f016cbb6364fa258c1824bfb692117ce325b1189a73242208fbcb58825c0abc022df06b771ed0937594db

C:\Users\Admin\Videos\Silver Rat [Re Lab]\Profiles\Builder.xml

MD5 3fcd4ac4720febae7ed0b81913daaf1c
SHA1 7d2ec4090023cc93a453c65782c78fe9bcf5afbd
SHA256 b4b7d0f7878a60e5d641443a7d4720e178568e6febbb38a243d3b9fb8a30842b
SHA512 c6a5c5c5d17d2e56fd2fde8705062a8916673ec5557ef9f30c9f62c67877c72f5b8e4528a3a8a8ec24f74e5c52ed385442483606b13972bcc645257a5826f2ca

C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe.config

MD5 d6f1152d647b57f64494c3e1d32ede94
SHA1 a35bd77be82c79a034660df07270467ee109f5ac
SHA256 a47f3f83cdb9816f03632833dc361ac5e7a4c5c923af1fdebfa16303f9d68a72
SHA512 699b5ad93d3497348f8aad8e15d54ddd789bbac43f11a7fb629f19cda3749bee0ae06dc83f4e6246df631488169fda5d15c48585581d3a96d2523b8b45e639bd

C:\Users\Admin\Videos\Silver Rat [Re Lab]\Plugins\OptionsForm.dll.config

MD5 a78fa19b73baa4b9bb1d29d22dfbea83
SHA1 f4a03e27396eb1a3f3e135dede8cae930f7cc3a5
SHA256 c53f33a5c3a7dfa005f62bc9d81ae8d6e5eb019463bd2986c32ca00ce9404f1a
SHA512 e6811ba76e7a0284413af12cbe06884fb9e2f94c09bbe42f9adc03cb506cfee7c081e1002a1d59fd6db910ed33f255de9f4c0236759bf8cd39ad8886f22e3e6b

C:\Users\Admin\Videos\Silver Rat [Re Lab]\System.Numerics.Vectors.dll

MD5 aaa2cbf14e06e9d3586d8a4ed455db33
SHA1 3d216458740ad5cb05bc5f7c3491cde44a1e5df0
SHA256 1d3ef8698281e7cf7371d1554afef5872b39f96c26da772210a33da041ba1183
SHA512 0b14a039ca67982794a2bb69974ef04a7fbee3686d7364f8f4db70ea6259d29640cbb83d5b544d92fa1d3676c7619cd580ff45671a2bb4753ed8b383597c6da8

C:\Users\Admin\Videos\Silver Rat [Re Lab]\System.Memory.dll

MD5 f09441a1ee47fb3e6571a3a448e05baf
SHA1 3c5c5df5f8f8db3f0a35c5ed8d357313a54e3cde
SHA256 bf3fb84664f4097f1a8a9bc71a51dcf8cf1a905d4080a4d290da1730866e856f
SHA512 0199ae0633bccfeaefbb5aed20832a4379c7ad73461d41a9da3d6dc044093cc319670e67c4efbf830308cbd9a48fb40d4a6c7e472dcc42eb745c6ba813e8e7c6

C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe

MD5 d6527f7d5f5152c3f5fff6786e5c1606
SHA1 e8da82b4a3d2b6bee04236162e5e46e636310ec6
SHA256 79a4605d24d32f992d8e144202e980bb6b52bf8c9925b1498a1da59e50ac51f9
SHA512 2b4eb9e66028d263c52b3da42fa3df256cf49cd7a7ebdf7c75da6a2dedfd2c22cb5f2071345b7016cd742539c74a801cad70c612330be79802fa19f860ea2d5f

C:\Users\Admin\Videos\Silver Rat [Re Lab]\System.Collections.Immutable.dll

MD5 8f55c22412f7d448d6e7b83102665368
SHA1 88df86ee0b137992af15a35825804274fa252e30
SHA256 67730917b4e856e37a9d78245527584087fac6b20a7377677b2f444cd15db918
SHA512 058431aa2280511b00a72ea55ded9bdaef55420f5bce10c9352d4f92736a11884d1e70706016b988cca560358b3b43ce1bad5c9bd726f11d8ad66e3c91f98ccb

C:\Users\Admin\Videos\Silver Rat [Re Lab]\System.Buffers.dll

MD5 ecdfe8ede869d2ccc6bf99981ea96400
SHA1 2f410a0396bc148ed533ad49b6415fb58dd4d641
SHA256 accccfbe45d9f08ffeed9916e37b33e98c65be012cfff6e7fa7b67210ce1fefb
SHA512 5fc7fee5c25cb2eee19737068968e00a00961c257271b420f594e5a0da0559502d04ee6ba2d8d2aad77f3769622f6743a5ee8dae23f8f993f33fb09ed8db2741

C:\Users\Admin\Videos\Silver Rat [Re Lab]\RestSharp.dll

MD5 09806e18f9f8e3f2351827be22e634e0
SHA1 54ec870ffb8ce10b3c8b05bbc7fb7ea45142a430
SHA256 0e7a0f3910741e81f9b4660501b30aab5eee71cfa4fa9dcc9b32acb64c865428
SHA512 45b5743bd3f50f51b6953bbfca9f8c5d1aca75aaed5cee0d6ef401034a05a09f27b928f539101801450b428ca7eac9ecc3ad0b41f2bc19258da52fbc7dc8ed09

C:\Users\Admin\Videos\Silver Rat [Re Lab]\protobuf-net.dll

MD5 02de5f3f2a4b2e15ab53212bc93dc2db
SHA1 e71e402ab28cd47d55eb997ad0e55ef1ac29d533
SHA256 c814d207eba7589cbb810b1625ac4091a5cb5cdc9be5e6691bddb2c4dde4619d
SHA512 7b1f09cdae30c2f1577a694c6ddbed6446997788f42167b4bb78f59c46154b43405639f0c9de7bc57aac598920fd4767cbfcc5ca01f803599d53820c3da4dcc1

C:\Users\Admin\Videos\Silver Rat [Re Lab]\protobuf-net.core.dll

MD5 7d5a891689dc097d641272a459da8ac8
SHA1 a5b6efdd77bb8dacafb4b3013ab81919ad0e407e
SHA256 8c80999a13b87b0449ce09ebb7d53344b5771876e5af2e426c8e80258f62dff1
SHA512 a618ddfd22fc1ead717c2d0ca98c98d81ac4888f4af0c5952c1404f1c36e8ea4796f57bbd026aef187b9575a8737bf02ec7d5c58079bb89678b09239f4f932a7

C:\Users\Admin\Videos\Silver Rat [Re Lab]\Plugins\ScanNET.dll

MD5 4a66cf2e8575107a677833dcbe7e1142
SHA1 59dea7c17ca242a5aeb6a5a9353f711bac1e0eeb
SHA256 389a2431ed1c413afb6c5361dde893cfe4374c56f5121151f91e9ed8723d0967
SHA512 005893f2ee4ae6375ab9464c002326f6c07d1a04fad8034adfcd3a9506358fda43ffeec6600acb20fe4bec25765dc4c3046343a1e51cd80a7d7f1164cdd4fa37

C:\Users\Admin\Videos\Silver Rat [Re Lab]\Plugins\ReverseProxy.dll

MD5 015e7bdd40eee884542840f551074710
SHA1 6d5d38182998f28129ad8f0f5801b89cee4e6498
SHA256 d5c47e21b22ddd9087ecda3c2bad283de7d3dd69906802f2023f86bbba92f06b
SHA512 a199f5be4a0a83a291ee19868428d147783e55c38067d10c0353fdfc363087c23f88b8b2d44d7fbf7b16c03427342d96fc0dcb52b6cb1064dd84d3f0f28d5afe

C:\Users\Admin\Videos\Silver Rat [Re Lab]\Plugins\RDP.dll

MD5 2bd24da470e3968fec572600d4637f37
SHA1 752a3ee7e92e6141c26338b327b5a060c0583030
SHA256 c5d5123886fc5e948693a2c1cf14b6b1262f2b98b2ccb6ee3b06bab0c32e6c00
SHA512 60df75c2362a991ce108ed2b52d47316b56b527eef67700b89a6aa8dc52cb0f223991fe6b9819d4c047c5445051078d55965209bbf8f7c1421fc0dbc12fbc393

C:\Users\Admin\Videos\Silver Rat [Re Lab]\Plugins\Passwords.dll

MD5 67df2a509df555bbbb04264d9177c4c9
SHA1 4afbe8e70698cc6cc7cb2091c1d7dd8b343e49b6
SHA256 31805c53dcd4df47675401e2f286026492a4d2c9ffb13bf5293e8955d5ec96d1
SHA512 0b10b268a5590aa4649decda9190df03673f55b09bf66660cab43f76e61cd9afd4e3ff285b6623377f883930f3221933c7abde1b795642ccd909ccb17154712e

C:\Users\Admin\Videos\Silver Rat [Re Lab]\Plugins\OptionsForm.dll

MD5 fdaa271259f3b58f88bcfce1da990af4
SHA1 ae2bb4c6725134e9f53f7d63d8920d5c7c4e54de
SHA256 b2a0dd7d7b92ec5b99e3b18fb0235b3b039373edf9a4ea51b36447ac7d0ad464
SHA512 469507660f15a9b72cf160da089b2b4e44625010ba15cdee3d6e08f467e1d724aa0d177adbd7af926a55b0dddd016d565804ab1b2fb071ee37b48487d553b8d9

C:\Users\Admin\Videos\Silver Rat [Re Lab]\Plugins\Options.dll

MD5 ff88d61dc7adc644d79b0f898059a7b1
SHA1 151557a014d6b177fd1ae1496f0719184df08c86
SHA256 3fd7b67e56b40caf53aa9b2df102967f7e2aab0bb4bf90ea769ea725c0498657
SHA512 ae06793d10c6c76a994db8cf3fe97a859df2a1e0dd2bc56fac042bba8a93a56e52b4edf28a30113e4cd547157bde07a77383f0295822d8e6ddea51dfcdc0b1f0

C:\Users\Admin\Videos\Silver Rat [Re Lab]\Plugins\Manager.dll

MD5 b17ddbfdf27aaedb6e26ed70783a6ae7
SHA1 08590ed55d9adc47c53a9dcf7dfafc60b877aa13
SHA256 da8c5ffb5d268e9aa5783bcb064502df8f78cba724a0f96793795fe97e62a6e1
SHA512 0079131280257413f43a01a0de2b3cf393745d2864ab521619888b3b25f7f0ec1f32f9d6f682250b73c92c1483d841f7ca3f8bf34e785e3fc93afae6d086693e

C:\Users\Admin\Videos\Silver Rat [Re Lab]\Plugins\Ransom.dll

MD5 47ced016511c0edca8af7e371ed50136
SHA1 83306913534c4a2ff234ce1dc399ac017978a476
SHA256 d47f10f19ff148464747bf7e38f7fb44c1d99569d4a9b31eee731abacd540a2f
SHA512 459333e1c3437b13db1988f901c97f16ab6e99269b3459001e898f661322b4ad034046b29561c0a6b366ff3d2c69a27334d49623744e3ee4f3341789b4bab37a

C:\Users\Admin\Videos\Silver Rat [Re Lab]\Plugins\RAPP.dll

MD5 3749325c46c36e83ea28ddd92aa60c9f
SHA1 a792b9eb154fcbd376660bca5bb1cac11e29cd17
SHA256 2e717bd5321a2ac65b38cc39238dafa7e34b7446031a6a6200aca86199a59ade
SHA512 876013df8c6736ac3bed7e8efb03cc783abe33936c2f8b7908b554b5584c42a8e81f953f7c4066576d8ef931026eb4af84618179cc0001519c493f6651ccd4be

C:\Users\Admin\Videos\Silver Rat [Re Lab]\Plugins\Keylogger.dll

MD5 8e2d761ccea68168d0b991b475155678
SHA1 2872d722bdaf496d520e643d114e712199ef00f1
SHA256 c3fd1d11641109c9033fa20af16c6b737008c137fd8a926bf0b4c6630d8ab9ac
SHA512 e179a1da9f2d00cd74352dc81305462dc928a6e2acace665d42e8a2d0999bc6c8669e5e290ebd17064c6166604f87de2c7e7f31b42b4ea82b23738792c68f68d

C:\Users\Admin\Videos\Silver Rat [Re Lab]\Plugins\HVNC.dll

MD5 3d07031e76978680240e80cc54451ad4
SHA1 255f32852fa97990ce16c8bdae766c79c7bcfe56
SHA256 44cb17f3b048ba2c7653409b0dec7c94eb86d2cf0322ac79ce6764d5b8df1549
SHA512 3595793d4b8e197a60d9c28060415489592da44e20e8f999d91e4c2f164e43ee00aaf94216a0daf4ade1cab8577dd34bb8e02c7ba12b3757b2c82c4e4bb91c7a

C:\Users\Admin\Videos\Silver Rat [Re Lab]\Plugins\HRDP.dll

MD5 b9c9ea357d04731bda8c8393ae5cd741
SHA1 8d462aafddd5f37513226523dd4b7a354be2f492
SHA256 a475f59f6a1b6b1fb4c6e78f1fbe7df2d38c4f743488ba7da128a5771bf6de86
SHA512 1876e27c5d224d4bac403f99bfff21cbdd35e3d4d91257ff7c2482552e9925d85c69eb092e590ca48251e8fbf19372c131d191caa0e2b8977a2ced36173515e2

C:\Users\Admin\Videos\Silver Rat [Re Lab]\Plugins\HBrowser.dll

MD5 ce1d9f8c498cd8c5ee38fa94df4b4907
SHA1 d3b811137776e4b1dc937d294ce0eff9a12594ff
SHA256 55b5efe0a09cb5cb79308874e2e5d25c895f995754bbf960ce9a403207ce3abd
SHA512 58c9e62bc32376773a9bb1f266aab617ad2098f2d12b13fba1bfcefdf3edd1f44682c791567cc67035550b80b735ae460111145fd1b9d733325cda9dfbe61849

C:\Users\Admin\Videos\Silver Rat [Re Lab]\Plugins\Chat.dll

MD5 736292dd81ad93bff84c28ce5de02385
SHA1 40d46e915d049966f023e8d8c1e059d9b6c22567
SHA256 0c83898f29762a4e3650fc5f5a8a3c3114d06da8f6a3fb2fa8b990a36716d6bd
SHA512 c126f17b9ed91994d52e61c7ab75536962a2c0f03cf90cba06fa423dd732379e7ccdf4050dada73267864feee8b677bd5c16ead8a485e3d8bd3f4bcc462015ed

C:\Users\Admin\Videos\Silver Rat [Re Lab]\Plugins\HApps.dll

MD5 a7c3b329ab9f4e20ed40c78b2ac36864
SHA1 fcb594e1a2a7c27e0208d413411e1ca30fdf4279
SHA256 d922c1762640f37a503eb116627a732290ae38b52f9b33437ffee608f7853a28
SHA512 870085fabe2ae4768b6ea9d2e7f13dad752f4c26ec6d61debd0b76c683771823b07338e1323e26c0c8e17f9ecf7f5d7fcd4b7d0b148501ef9e278b8b680925f9

C:\Users\Admin\Videos\Silver Rat [Re Lab]\Plugins\Camera.dll

MD5 e9e0b5fc7b1ed6f01d08d981d1cd761f
SHA1 011ac2fa1b9df6a4cb6d88c14316216bb64526bb
SHA256 2c82773466f72756d8152e4d5dc24d2ec954bfe5a6e7cae587d2e1d316ef43d0
SHA512 df75359dd9c1bcc6bccb17522186d710ae16054a496c3f75fa171dfe8f09e314fb28a7b1111193e64e37639c6d37de5c77cd99d795f72ab5338459886da6b964

C:\Users\Admin\Videos\Silver Rat [Re Lab]\Newtonsoft.Json.dll

MD5 4df6c8781e70c3a4912b5be796e6d337
SHA1 cbc510520fcd85dbc1c82b02e82040702aca9b79
SHA256 3598cccad5b535fea6f93662107a4183bfd6167bf1d0f80260436093edc2e3af
SHA512 964d9813e4d11e1e603e0a9627885c52034b088d0b0dfa5ac0043c27df204e621a2a654445f440ae318e15b1c5fea5c469da9e6a7350a787fef9edf6f0418e5c

C:\Users\Admin\Videos\Silver Rat [Re Lab]\guna.ui2.dll

MD5 acec68d05e0b9b6c34a24da530dc07b2
SHA1 015eb32aad6f5309296c3a88f0c5ab1ba451d41e
SHA256 bf72939922afa2cd17071f5170b4a82d05bceb1fc33ce29cdfbc68dbb97f0277
SHA512 d68d3ac62319178d3bc27a0f1e1762fc814a4da65156db90ae17284a99e5d9909e9e6348a4ff9ef0b92a46ba2033b838b75313307b46ab72dc0aab9641e4f700

C:\Users\Admin\Videos\Silver Rat [Re Lab]\cgeoip.dll

MD5 6d6e172e7965d1250a4a6f8a0513aa9f
SHA1 b0fd4f64e837f48682874251c93258ee2cbcad2b
SHA256 d1ddd15e9c727a5ecf78d3918c17aee0512f5b181ad44952686beb89146e6bd0
SHA512 35daa38ad009599145aa241102bcd1f69b4caa55ebc5bb11df0a06567056c0ec5fcd02a33576c54c670755a6384e0229fd2f96622f12304dec58f79e1e834155

C:\Users\Admin\Videos\Silver Rat [Re Lab]\bunifu.ui.winforms.dll

MD5 686833fccd95b4f5c8d7695a2d45955d
SHA1 882f60ea47f536c1f01da0f5767dfe5d569fc011
SHA256 578cbcfb7a01234907fb6314918efd23a502882c79d0ee3c2e7d4ae0cf63ebc2
SHA512 8bb3a8741b73ad7c280de31905dbfc449c2d6f538b8feca232201c7079f917c4291936211632bcdf17c95d6cf5d9b97df2cdd21c57af6cbff486ea7691ff3bc1

C:\Users\Admin\Videos\Silver Rat [Re Lab]\bunifu.ui.winforms.1.5.3.dll

MD5 c1d51a0e747c9d6156410cb3c5b97a60
SHA1 86312cba2eb3495cc6bec66d54d4ab88596275d8
SHA256 6937052b86bc251be510b110e08fc5089d3bd687ce2333a85ea6d5c2c09b437a
SHA512 a8d7b2e5555c01076e8dd744d21d8cd901aaffad052af0e8c22269e8c2f765019422ed245368a64d64157652a0e4fcab1a889086fde4e139b4ccf5f7bad08222

C:\Users\Admin\Videos\Silver Rat [Re Lab]\Bunifu.Licensing.dll

MD5 c18a9e44e200c7315a1868caab894293
SHA1 18f65508762d2492f41b22e4e6e5ad19a2226baa
SHA256 661a5be944dc9fb2e0eba01c3c0584feb3ecca44877d77f54d0f409ce801af22
SHA512 9a5e08bb6ed4535ac92ca446b630b29587cb5a4d7d695234a5d93267d2ac13d702b3738ba0e20606f10020e9642e8e315e7ddc92f1c321b68daf8524a3f5f2d1

C:\Users\Admin\Videos\Silver Rat [Re Lab]\bouncycastle.crypto.dll

MD5 f0b3e112ce4807a28e2b5d66a840ed7f
SHA1 54a6743781fd4ceb720331fce92f16186931192d
SHA256 333903c7d22a27098e45fc64b77a264aa220605cfbd3e329c200d7e4b42c881c
SHA512 dc8ec9754c5e86f7e54e75ff3e5859c1b057f90e9c41788037b944a5db2cb3b70060763d0efcbe55ec595bcc47a9c0ff847a4876821470ca1659c31afd5b0190

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

MD5 96445138d275e78ada27f81249cbae53
SHA1 5f5f4ff1d1573102eb26027449443f7495997333
SHA256 8d7085e17b8affef5bdd169c5e0ea3089bec212950cae30916670de8daf8f0b0
SHA512 6bc0437913477c8a4d9838e130c7a5f60020c55d0c2e8e28dfba7a270e86d37f7f1db86b5ca702cd6db3376c30751a78f2c6c894c14902b57af33cbaf101b40e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

MD5 96d65f8e752bd844d9a6f74c77c5860b
SHA1 296f9760a717ebf7f779e58cc09052d613db7d96
SHA256 27a7c1dbca57ffd2a0cdcbf66a784b5e9b33a911e3b517980e9d95c265d3d874
SHA512 8815fd2c989d503276dd7d2f31bf53fe3d7f94d8e159726713302f7de70eeda5f8eb7d70f2407a7500836762c0dc7188846b2fd6f1f66fcfe28cd5cc1aba6c8e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9

MD5 41f74379239ebf69e3698388567df93b
SHA1 6e1bb18c56e48e92226dfd6496375258d4b9c4e0
SHA256 6b6a4cad323fe9df0e4a7f85c33ff8e9f3a85ec7ce9a37dff9a7fb5a81ca8019
SHA512 1c192a7dea7ed726b58cf4773f1201fc3f0c36f61c6010d33b437f89b12ec07a2f13abef87a1af9e141b61f20905b1ea0c5da87d516b75d3b996a944a01dc77c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9

MD5 a8a5fa5af16b818c5f2ea9a115191552
SHA1 6c2235840a046b1c67411fdfc5f0646e08311e78
SHA256 7e76ee2b57d2f8cce4b063443e240ddc416cc18b393f957bb8589595e9485fc1
SHA512 56fb7f9cd4091ecca5053abfcb02c8af15edd186e647e6d95d9813d9dc0a31ce537cb14061865f3af96e165ff6245a7a376e6128f59eef764ef56f52da46da0e

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\K8171U3A\favicon[1].ico

MD5 84cc977d0eb148166481b01d8418e375
SHA1 00e2461bcd67d7ba511db230415000aefbd30d2d
SHA256 bbf8da37d92138cc08ffeec8e3379c334988d5ae99f4415579999bfbbb57a66c
SHA512 f47a507077f9173fb07ec200c2677ba5f783d645be100f12efe71f701a74272a98e853c4fab63740d685853935d545730992d0004c9d2fe8e1965445cab509c3

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\5ZDR2T79\www.bing[1].xml

MD5 9430830da576a2529680021ce09b51b6
SHA1 a1df1625d8a6c8242836041000bfe616abe3deab
SHA256 e5bb0f6c2eee14df2cd3195fc1a0193f153a3bf0eb10eb51d91b2b8b13ea16cc
SHA512 bb71c4f4bc7771fec0d55106d583c54765fa15497f440536cd13710fa4959a70c015b441667ec27f7e58be20e03c55b577f56b692bf2a76931310618f197ec56

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\5ZDR2T79\www.bing[1].xml

MD5 28482a865a48c6afeb4082a3700ea0e4
SHA1 ceeb52baf0730a2bcf24e5b10fdb92626d5935c4
SHA256 5d08041c5d92c8fc6d1cec2633d2e6651338392ce91aceb1033db316623b8d11
SHA512 f8fc8da3026fc3c478509226ee34b11e3b2ceb3861f0a9f26890c15812f18f3dfbc380946612d178010b50bff5dbbe1cbecbef2a2c1a2eb59fafbe812f48048b

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U2YUJLSD\xvEz2IbMlyghPZ3oNAHr9N-xMOA.br[1].js

MD5 dc221228e109f89b8b10c48f2678fb46
SHA1 1bfc85cba5c424136941ac1dfd779a563b5beed4
SHA256 f4fb7234959f48c2b2ca73fd6c35d36eaf65d8c431d982a1ba208f5cdc766419
SHA512 46f49e5ac18436251778d1f50c027729a2442ed6541c3162d878720703e37797b6028d96eb1568c23ec5006fb022c8e05855e250d6a1a590f41e890866529cd2

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\GFIKWQ4B\favicon-trans-bg-blue-mg[1].ico

MD5 30967b1b52cb6df18a8af8fcc04f83c9
SHA1 aaf67cd84fcd64fb2d8974d7135d6f1e4fc03588
SHA256 439b6089e45ef1e0c37ef88764d5c99a3b2752609c4e2af3376480d7ffcfaf2e
SHA512 7cb3c09a81fbd301741e7cf5296c406baf1c76685d354c54457c87f6471867390a1aeed9f95701eb9361d7dfacce31afd1d240841037fc1de4a120c66c1b088c

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XN6IH2Y6\fRSNKQanUHk53F1a1Bi8UA71Qt4.br[1].js

MD5 9085e17b6172d9fc7b7373762c3d6e74
SHA1 dab3ca26ec7a8426f034113afa2123edfaa32a76
SHA256 586d8f94486a8116af00c80a255cba96c5d994c5864e47deac5a7f1ae1e24b0d
SHA512 b27b776cb4947eef6d9e2a33b46e87796a6d4c427f4759c08cf5aa0ee410a5f12e89ca6ab9cddd86c8471037e3c505f43c8b7fc6d8417f97f9fe3c5c47216bc4

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XN6IH2Y6\tlifxqsNyCzxIJnRwtQKuZToQQw[1].js

MD5 cfcd208495d565ef66e7dff9f98764da
SHA1 b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
SHA256 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
SHA512 31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64PW6Y69\9MqrCXB0EVjVIRzDOArDGhu3yeM.br[1].js

MD5 56afa9b2c4ead188d1dd95650816419b
SHA1 c1e4d984c4f85b9c7fb60b66b039c541bf3d94f6
SHA256 e830aeb6bc4602a3d61e678b1c22a8c5e01b9fb9a66406051d56493cc3087b4b
SHA512 d97432e68afdaa2cfaeff497c2ff70208bd328713f169380d5afb5d5eecd29e183a79bec99664dbee13fd19fe21ebae7396315ac77a196bfb0ab855507f3dacf

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XN6IH2Y6\a224OTR91R7nhnUp3RpvwJI8dVU.br[1].js

MD5 5cd7e9ec89646c664e189ca7bb2a9841
SHA1 c662dd49f63a3a8c8d6f1ae4309fabb0965a9797
SHA256 ad87e00ca1f7a028f7f972199ce9b2b978306c5048ef90802f08bc17ea90a9ed
SHA512 dcf14925578a125109054b471a7006a41c98fef2843dcd4dbd9bd8ffdb4c0802488ed98cf0bd9863a7cff48c32c1be73c56097452ff4482d64d7e42b12a09e0f

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U2YUJLSD\K3hC1_cQXGFr6cxRJVWYpzZJaAM.br[1].js

MD5 02b0b245d09dc56bbe4f1a9f1425ac35
SHA1 868259c7dc5175a9cc1e2ec835f3d9b4bd3f5673
SHA256 62991181637343332d7b105a605ab69d70d1256092355cfc4359bee7bdbfb9c6
SHA512 cbb43000a142807ff1bb3bfac715cef1240233117c728f357c824ce65b06be493df2306c7b03598817f09b02e9e36ec52314f88467679c5bef3ee1504a10c7e6

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U2YUJLSD\lLk8XmbdNzzlnPRzVzDhaF9yjqw.br[1].js

MD5 3ff8eecb7a6996c1056bbe9d4dde50b4
SHA1 fdc4d52301d187042d0a2f136ceef2c005dcbb8b
SHA256 01b479f35b53d8078baca650bdd8b926638d8daaa6eb4a9059e232dbd984f163
SHA512 49e68aa570729cc96ed0fd2f5f406d84869772df67958272625cba9d521ca508955567e12573d7c73d7e7727260d746b535c2ce6a3ace4952edf8fd85f3db0dd

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U2YUJLSD\Gyuq2bqitqDJM0BeAkbKXGlQXNw.br[1].js

MD5 a969230a51dba5ab5adf5877bcc28cfa
SHA1 7c4cdc6b86ca3b8a51ba585594ea1ab7b78b8265
SHA256 8e572950cbda0558f7b9563ce4f5017e06bc9c262cf487e33927a948f8d78f7f
SHA512 f45b08818a54c5fd54712c28eb2ac3417eea971c653049108e8809d078f6dd0560c873ceb09c8816ecd08112a007c13d850e2791f62c01d68518b3c3d0accceb

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64PW6Y69\n21aGRCN5EKHB3qObygw029dyNU.br[1].js

MD5 cb027ba6eb6dd3f033c02183b9423995
SHA1 368e7121931587d29d988e1b8cb0fda785e5d18b
SHA256 04a007926a68bb33e36202eb27f53882af7fd009c1ec3ad7177fba380a5fb96f
SHA512 6a575205c83b1fc3bfac164828fbdb3a25ead355a6071b7d443c0f8ab5796fe2601c48946c2e4c9915e08ad14106b4a01d2fcd534d50ea51c4bc88879d8bec8d

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64PW6Y69\8CgcSSLayxEVUBf0swP_bQGMId8.br[1].js

MD5 a5363c37b617d36dfd6d25bfb89ca56b
SHA1 31682afce628850b8cb31faa8e9c4c5ec9ebb957
SHA256 8b4d85985e62c264c03c88b31e68dbabdcc9bd42f40032a43800902261ff373f
SHA512 e70f996b09e9fa94ba32f83b7aa348dc3a912146f21f9f7a7b5deea0f68cf81723ab4fedf1ba12b46aa4591758339f752a4eba11539beb16e0e34ad7ec946763

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64PW6Y69\Gw7eETSwe7GHmKwW1lRqGPQJXRo.br[1].js

MD5 17cdab99027114dbcbd9d573c5b7a8a9
SHA1 42d65caae34eba7a051342b24972665e61fa6ae2
SHA256 5ff6b0f0620aa14559d5d869dbeb96febc4014051fa7d5df20223b10b35312de
SHA512 1fe83b7ec455840a8ddb4eedbbcd017f4b6183772a9643d40117a96d5fff70e8083e424d64deba209e0ef2e54368acd58e16e47a6810d6595e1d89d90bca149a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XN6IH2Y6\psgXZvzYJMEW2ydikIk493Va1d4.br[1].js

MD5 f4da106e481b3e221792289864c2d02a
SHA1 d8ba5c1615a4a8ed8ee93c5c8e2ea0fb490a0994
SHA256 47cb84d180c1d6ba7578c379bdc396102043b31233544e25a5a6f738bb425ac9
SHA512 66518ee1b6c0df613074e500a393e973844529ca81437c4bafe6bf111cba4d697af4fe36b8d1b2aa9b25f3eb93cd76df63abfc3269ac7e9f87c5f28a3764008e

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7XVM1D5W\nt6a1ZR520utsLoZmSYgwxdOPgI[1].js

MD5 0c2672dc05a52fbfb8e3bc70271619c2
SHA1 9ede9ad59479db4badb0ba19992620c3174e3e02
SHA256 54722cf65ab74a85441a039480691610df079e6dd3316c452667efe4a94ffd39
SHA512 dd2b3e4438a9deaa6b306cbc0a50a035d9fe19c6180bc49d2a9d8cdbb2e25d9c6c8c5265c640ac362dc353169727f8c26503e11a8a061a2517a303f61d0ccd3c

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64PW6Y69\9cuwOQ_qE7qTGKohzrf_gIjTlPI.br[1].js

MD5 fabb77c7ae3fd2271f5909155fb490e5
SHA1 cde0b1304b558b6de7503d559c92014644736f88
SHA256 e482bf4baaa167335f326b9b4f4b83e806cc21fb428b988a4932c806d918771c
SHA512 cabb38f7961ab11449a6e895657d39c947d422f0b3e1da976494c53203e0e91adfc514b6100e632939c4335c119165d2330512caa7d836a6c863087775edaa9f

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64PW6Y69\gKwIRAF4fg7noG1zyeUz8x3Jdhc.br[1].js

MD5 47442e8d5838baaa640a856f98e40dc6
SHA1 54c60cad77926723975b92d09fe79d7beff58d99
SHA256 15ed1579bccf1571a7d8b888226e9fe455aca5628684419d1a18f7cda68af89e
SHA512 87c849283248baf779faab7bde1077a39274da88bea3a6f8e1513cb8dcd24a8c465bf431aee9d655b4e4802e62564d020f0bb1271fb331074d2ec62fc8d08f63

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XN6IH2Y6\_2I169N92jVtSc_VEsV0nma5sRY.br[1].js

MD5 3104955279e1bbbdb4ae5a0e077c5a74
SHA1 ba10a722fff1877c3379dee7b5f028d467ffd6cf
SHA256 a0a1cee602080757fbadb2d23ead2bbb8b0726b82fdb2ed654da4403f1e78ef1
SHA512 6937ed6194e4842ff5b4878b0d680e02caf3185baf65edc131260b56a87968b5d6c80f236c1de1a059d8158bc93b80b831fe679f38fc06dfb7c3413d1d5355aa

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64PW6Y69\9xGNA8UskvA9WHF58zbLOHZ5HvI.br[1].js

MD5 d6741608ba48e400a406aca7f3464765
SHA1 8961ca85ad82bb701436ffc64642833cfbaff303
SHA256 b1db1d8c0e5316d2c8a14e778b7220ac75adae5333a6d58ba7fd07f4e6eaa83c
SHA512 e85360dbbb0881792b86dcaf56789434152ed69e00a99202b880f19d551b8c78eeff38a5836024f5d61dbc36818a39a921957f13fbf592baafd06acb1aed244b

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64PW6Y69\V_fBQ_iVmAgE_Ta_T-6BNXc0ZY4.br[1].js

MD5 f5712e664873fde8ee9044f693cd2db7
SHA1 2a30817f3b99e3be735f4f85bb66dd5edf6a89f4
SHA256 1562669ad323019cda49a6cf3bddece1672282e7275f9d963031b30ea845ffb2
SHA512 ca0eb961e52d37caa75f0f22012c045876a8b1a69db583fe3232ea6a7787a85beabc282f104c9fd236da9a500ba15fdf7bd83c1639bfd73ef8eb6a910b75290d

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64PW6Y69\5L3iD467J3iJWEPwIjxlK0MMDpY.br[1].js

MD5 2ef3074238b080b648e9a10429d67405
SHA1 15d57873ff98195c57e34fc778accc41c21172e7
SHA256 e90558eb19208ad73f0de1cd9839d0317594bf23da0514f51272bf27183f01da
SHA512 c1d7074a0ebf5968b468f98fc4c0c7829999e402dd91c617e679eeb46c873dc04096cbf9277e115fc42c97516a6c11a9f16afa571e00f0d826beb463e2d1f7b0

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64PW6Y69\K_V1CARn2Q2lTs5njJKUvUkHyi4.br[1].js

MD5 6c2c6db3832d53062d303cdff5e2bd30
SHA1 b7a064a64ceae5c9009ef7d6d8f63b90d3933c9d
SHA256 06b77ee16a2cd34acd210b4f2b6e423762ea8874bb26ae5a37db9dd01a00ff70
SHA512 bc2d115b53035b700d727af9d7efaf32dd2a39a2344f3f5fa1a82586be849ec7803e8320661e66ab7dd2a17e64b7897e95bbd84502b91997fa46eba4e67e8c7d

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64PW6Y69\awRIKLY04rWw5wNlVL186SolQSo.br[1].js

MD5 e4fb9b839186660b1f729b8df8c994b4
SHA1 931792cd70ced4ad586f6329c30c294ebea1548e
SHA256 6838611c8ab6539005e11c84ca308158f89a51db57a62caf21faab48bf576177
SHA512 625436bb52cbd7df7ed03be05fea52c5d54b6cc15037d70c268d9598e648a22246db902b9c6f097ba8b18bd924f6ab17120736285d54dce13773237f1669853a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64PW6Y69\8LIV7VPMYjV_ya4Ggnu8LBWQIQQ.br[1].js

MD5 d81844c2ebcf5f3260a692e3e89dde7f
SHA1 5a3874fb9f597e42fdd94e5bc5da0a709b70d57a
SHA256 9905f086f3f40ac4b8ec2c9f0752a157ed637b2ffc2c87971e8306d6cb12fe9f
SHA512 8005f3ebd5bc8dc903917df581563595ea3e427f31992260aa4e6ed8bc30095442174ad153a83c378575ffb2de878338b0e87d8cdd57dfdc49e646ca9e4ada77

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64PW6Y69\jZjSh5AHStaNJxXQwyPphbnzJA4.br[1].js

MD5 bbec4d3dd1d2e299f11443924697315b
SHA1 d5dd4c447e0899c3dbc03508016f7d5fa461cc00
SHA256 e07f7ed9f842b6cab9cf84ce28e7e88c873439c7a117bf28680aa91a4465256d
SHA512 e41b2fdb37f7dca4eeddac429ce9a6b122ac59f1e790a1a937bc442e08c3507f57813447bdd4672c5ed33804059e66e1eb1e575905fed4ea1e4712d512bc4b66

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64PW6Y69\1rUTIFRcUHTZUBaDs_0q8KvUlR0.br[1].js

MD5 c63e610f6bfb2687ee044cee7d3e16c7
SHA1 b78022432ac754cc41335341a8e07f2676bad789
SHA256 c150d5e192ece8d69ba8029d87ecbc66674013b8418264cc86f0abcb0da0a38b
SHA512 11029009d8d0885d16a4b546816cc0f22f51ffd035fdd87d58eaf432017947460a1a78a543c0eb3875af49342a240ea606aced23654bc190ba6a4b7101e13a3a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64PW6Y69\910ptS3pcIDQ7a5acMaHuQliuN0.br[1].js

MD5 8898a2f705976d9be01f35a493f9a98f
SHA1 bc69bec33a98575d55fefae8883c8bb636061007
SHA256 5f30270aa2dc8a094d790e1e4a62b17c7d76a20b449d9b69af797a55fada9108
SHA512 c8575df93fbd1f65a285d484257adfe12733e47a6524a18d5910d33562eefd1d9da7197d16c7a3cad3bc5ad89546ff0fefe90e5c96e7850ecec9708c90334349

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64PW6Y69\NfTD8Ovh04Y_Ni14YxqYB8R_2_Q.br[1].js

MD5 f1cf1909716ce3da53172898bb780024
SHA1 d8d34904e511b1c9aae1565ba10ccd045c940333
SHA256 9abac0cbfa6f89106b66cd4f698ead5ccbf615ecf8cd7e9e88567a7c33cfec01
SHA512 8b641e93405565b4a57c051edefc8e02d6c929ddd4c52f9bfbd19c57896aa40426bf5ed6760dbd479719561c4f0a25bfc4102f0f49d3d308035c9ca90b1d0fce

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XN6IH2Y6\ID-70CBAEOXh6Nwxga-CxgpUq4k.br[1].js

MD5 fd88c51edb7fcfe4f8d0aa2763cebe4a
SHA1 18891af14c4c483baa6cb35c985c6debab2d9c8a
SHA256 51f58a23f7723b6cbd51b994cb784fbc2a4ab58442adaeda6c778f648073b699
SHA512 ffe417fa00113273fe7ac1b1bd83c98a3a9dc12d41c77b60c52cc5ffd461d9ca2020c2444ac43771d737c70c58eca40786a5c5762b60f30da523f709684510df

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XN6IH2Y6\eKvcHdnNwo1WcxoSioV4ztnfZk8.br[1].js

MD5 fb797698ef041dd693aee90fb9c13c7e
SHA1 394194f8dd058927314d41e065961b476084f724
SHA256 795e9290718eb62a1fb00646dc738f6a6b715b1171dd54a3d2defa013a74f3da
SHA512 e03c4ab727567be95b349b971e29cffb3890cfb1a1ddf997b34b9d69154294a00a5112f4ffca4df4e26bbf96afa75e5943e965edc8f8e21035ed2ef30b7688d8

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XN6IH2Y6\uiannz55FdT0j3p9jGwegfI5aIY.br[1].js

MD5 45345f7e8380393ca0c539ae4cfe32bd
SHA1 292d5f4b184b3ff7178489c01249f37f5ca395a7
SHA256 3a40a1ff034448d68d92a75ababa09ba5f2b71d130f5f6bdf160dcf8851529a9
SHA512 2bfd00bf303ad5a1e8413b5ee6a162167605511fefb8df61a8f40f80382f5520df690a53b1058365f1d81562b2668376886d0f829517a642fcd87412801fe987

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U2YUJLSD\ydDuUFvQrnTEDpvE14Ya7abrPGk.br[1].js

MD5 d807dbbb6ee3a78027dc7075e0b593ff
SHA1 27109cd41f6b1f2084c81b5d375ea811e51ac567
SHA256 0acdce370092c141b0c6617ed6e2163f04bb9b93d3213b62c2bc7a46fe0243c7
SHA512 e037dfc31d595b459660fe7d938eedb4f43d208d247174ee8d6fd0d125f211142cd73497e4601893cecb6f565b7e2e7815ce416d72bb95504d3f277e4e806d11

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7XVM1D5W\g2mFaePdYzQOubI8JEItbebrED8.gz[1].css

MD5 6d94f94bfb17721a8da8b53731eb0601
SHA1 ae540db8d146e17cfc3d09d46b31bd16b3308a6d
SHA256 21829c74fce2c9bbbb3099a7a487de71465ed712410c32bc6c69884db07a90dd
SHA512 bf33fb4858b56f888108bcd5c2691613b68715e260e59c1e37a050a709be04a8e0eaf5509667183a0d51f1201e58c02df4f744a0772242ee5b61595c44c072e7

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XN6IH2Y6\_ykiGO1K5rjAQeICdJheT3jfLeY.gz[1].css

MD5 7a903a859615d137e561051c006435c2
SHA1 7c2cbeb8b0e83e80954b14360b4c6e425550bc54
SHA256 281d6234fd292800c2a5dbd14e524c9cee0d4438188b0b7d873abf41515a7666
SHA512 aa47efab7ec689b838d1e5adfe26e035e8b93f2b806f1954214447cb2065fa5906f81a70b4c656b3ce1490d8ac2009c7e7b0f96491d6d4559c41fb25d08fe35c

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XN6IH2Y6\tPLNa5UcMaQEzzg0acZfPM45N6I.gz[1].css

MD5 9baa6773c6549250a3393e62c56eb395
SHA1 5bb4eead8609cd30b9b96b23ec4fd0082ae64c1d
SHA256 dadf403df8cfe888e59e6a051aee3783a2bf0bcc60dc1d09a7797daaee726ca2
SHA512 cf12319cf07897864828d9c950df4a98a0628d828a7fee75f1235fc5d3a57c90a40b5ded2743af2e62b1d13d3f6be0d302ada054e7c0d7164b8ba12054909b8d

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U2YUJLSD\Yb-MiHwFpZo4XYbuuNLKCnyhd1M.gz[1].css

MD5 aca7b62ef304e4e17941914622bf3a91
SHA1 0d66f41d9084a43dd339dfa584d0c44fc3c438e3
SHA256 a4579184b85367432ce944bc8652024345ba631b3e16bcf6330a9be1c45c1591
SHA512 7bf21542a5b092d32ed1bee229447baecdb9c2e9bdc4ec7f6cd7101f84ce67039e2142ac6413b9a231a77a427e8959b99edbd2445c293af54c0135c7c303c344

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XN6IH2Y6\x6CS8glKlDAxrUISUqfsWELwuk8.gz[1].js

MD5 a11c94339eeee97cb5970f1e67d968c8
SHA1 67ec6b6f0883da56cce10a9d704718a2e1879f81
SHA256 075448f2e460e6e3e64ef93c8aa1291710123c60bbaeeaa3677e9b5630a472ab
SHA512 6dbe79f332d83ad6edf5927ed8a1882d24903a1cf6afed53b1c313b2694faa247638f8e704f0ebabc89aaae61cb0d76cff43fd1803515fec8b36db8dd1f816ba

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7XVM1D5W\x12uI8Q-OP_G0YUbMcEKo8IIlH4.br[1].css

MD5 319f554ab214ed6702d5d2894dbab0f6
SHA1 85066a911732ea9aa94ea23d1422f17446e1f6a4
SHA256 68662add453f7d4ac4220d76deb9507c9635890e2323299fd659dc613af0934d
SHA512 6969b054dbdcca749acbb693e3c07007b43e4199134996a939e4b3084a9797355c599cf04d1f008aff23a784a0e888dcea1fe54456863da6f21f5a4aba524dbb

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V28C7N3J\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\26C212D9399727259664BDFCA073966E_F9F7D6A7ECE73106D2A8C63168CDA10D

MD5 1b2ea7933d9b109d668b86fe35f77fcd
SHA1 73f418d8be95d883b0415e201dec9262afb9d396
SHA256 803c6807e9e496ce2263107cfd344fbbd3fbc16395e1c031fe9daef383fcc151
SHA512 d2c285228cf87bbafba7fcc56f22b178f853c5926604bd89b4cc1d85bb430e93d6be7469bed8841fbc064308827713fa69a371985fba31cfc9339666d3bb4224

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\26C212D9399727259664BDFCA073966E_F9F7D6A7ECE73106D2A8C63168CDA10D

MD5 4f4fb6b56c580b5615ecd99f47101143
SHA1 abf1baa9134b571462fcbd71beb405ec2ee25f1e
SHA256 91c754b67089824ef338d45ce912625c719989d9ca1534215a78fc6a40086d13
SHA512 d642f8b2cd07e9873526b48b9357670cb2aae686ea2f5ce7930c491f6c45258c68ab607ebe64749066c0338a60fd7af60cdb7816e19f1cd7bb118e074f74f016

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\NH5NLFXP\favicon[1].ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\c157c97c-c3a3-47ce-82cb-a9d56f143dc9

MD5 832437e598280921906c94c2532daaaa
SHA1 553338fe0284645041ade02c83924ce88116105d
SHA256 123f4f06dbfd583efbb2918321f29fb5521d2812c10f7d8aa2c8e04ff91e72ef
SHA512 6b2e34aee1f89c14b1e0afd900c96485c02fe89ee8f82604bb691faf00ed517f28637632a86e48a8d10184364c0fe37cd5713d35c412ca8ff68a449ae10fe7c5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\db\data.safe.bin

MD5 557442def82304128ebe6e29c86e36da
SHA1 1758457fb95dddf5324bd8afbd7c20388abf75d3
SHA256 45c15d3f605784fa8ca1c3b5bf74dafb7990fe791b963b0b08c163e55c0617ab
SHA512 900cf518d8da044e2e76a5f6972a4400042588ac7426d36b638349c49dfcc2dc6f8d42fb960af5963cbb0282149e0120c88564a871defa5c46d4aed89f28aba4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs.js

MD5 fb02f38c7f4b321fa60438d727131843
SHA1 3c253185f65821f865cb2ffef59cfda285b41e4a
SHA256 66c4dc5ff06bd4c5c1aecb3385f429e505e82110e03c14b1f1260a374aaf5106
SHA512 6d9e78446d6357907b7d2304de86411bddb1cad4d69d900d0896702a9f5c9e8713518c46e1614914cd04bd37288cb753dde0796b262772b6df5efc1d6254fded

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs.js

MD5 16c946b4d1403dfa4dc63f45b4f9faf7
SHA1 97b0d1fdbbfe6a8adf55da6939126c0354b68527
SHA256 2893629a09c241396d77191b859fa1eb64363b5882e6f4c0c5dd538785ba6d43
SHA512 b38bdf57f6e6999d06ac378e1345ebd8285377b04b070129a9738018d4bfb3cfebe628472b493383e77e153cb011feb9c9c2abe6c3b86ac04b8c17638256b8ae

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DFC1B6A1223EC96113.TMP

MD5 d3cdb7663712ddb6ef5056c72fe69e86
SHA1 f08bf69934fb2b9ca0aba287c96abe145a69366c
SHA256 3e8c2095986b262ac8fccfabda2d021fc0d3504275e83cffe1f0a333f9efbe15
SHA512 c0acd65db7098a55dae0730eb1dcd8aa94e95a71f39dd40b087be0b06afc5d1bb310f555781853b5a78a8803dba0fb44df44bd2bb14baeca29c7c7410dffc812

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 40c96db4d49616f26b7a141cdc1e4c98
SHA1 70b708b39d0833c077cbcd74663f6106225e6f97
SHA256 c83a1c87d09b64ae12fad8614e7db99fe97c41a1e61326dcbe074b376d9862d8
SHA512 eaf15adfd8a8bbc4e259a48d1f9541f1b060e81a7f369df87aa91831a5be575aa5ee89ada8a06d5127cca18ab83d09f13c8204b6561bdf3cc0ff3ba6c3d12c46

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 731c0e733fe1e3123d366af7c8e578ae
SHA1 9756304ea773dd9cd96e5996dc79de2ed6a9ae9c
SHA256 8f426b4be5e3440fa14d37480f018b7dc3d1a547b0e91c2fbfc6e31d9054a359
SHA512 d29e0f2356a3226f64692b390c122d4d70f09f677d9f5d086f2babaeba6574d670171edb24ff52f928871ec489680f57910e21fac1ca8ec08783a07d21b1f427

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js

MD5 295ee6f4568b8663d689e494dec8e44b
SHA1 7aa098ca690abef493f91302483827f546bd48e1
SHA256 3142df3e0872473229e613dc44611f8725f96d34939cd0b1491486144d3d8635
SHA512 8fd78697b7e3a3ec2756326586e26417a40491164bd8634ad9b3ad82da2c9f6fceca59c72d6782ce75c00202300278d212f3fbb2db0344a7b916a9eb0f3d6170

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js

MD5 a30a03cfc6958e3f4337bb0f3fc93188
SHA1 9d0656f6a494ffd51a617d23900a54377fc3722f
SHA256 344eca42ba9c7bb296ecd6a13dbe90c7fa402178bf9473459440340c8f9a4630
SHA512 b66fe7c25b98d4ae2c89f558febae22a4976f602013e03df358bd1dd8b0e5010c21216166f89fd6c088f5ce8ee7c8eaffafd2b9bc843151796f3305adb18b430

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 04f94085aef31c091810abd90ffa4920
SHA1 be6c19f4ac8d6528f5289157878f19e20e5ee292
SHA256 220bc4d756ee509c52f93f6b71bc86f3b52e31bed11252c33331a7f78903096a
SHA512 9a58973541aa33f213b54bdc9d9b3fc253cd349947c7b71e68e7fb1852b7d91c6875b61df7f4dda5a41939c6430bbb884587f8e2394ef86537b83df62975d881

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\15893

MD5 5336028e60c42c08e52417e0a901cb94
SHA1 2c57dfab2a81dba4fcfb85362cf105a0e718222f
SHA256 87b969e90764c53632fcdfa3c940ce079afe42dbec640c15aee36724c96fb1a7
SHA512 3442b81008f97447dc1ee5e20800c57c121a4173d22483e6b3d837547ca2e901636c22edcc144ea6dfcdb8247f5af8c1130f5f1faab0d7b95ab97847dca92809

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 4afd55bdfbdd945857650e0f35f6d4ac
SHA1 0082f0bac1c5361e48aa51faafc279988e290636
SHA256 8c8b835cc5134e45d2f090aa386f96e71198c853f70e2afc3d8ac3c1824ccf24
SHA512 3ed468352dd9fdc375d5b786d32424823c0b756f3de71ebf672c72249100bed6ae7c6b99ffc360c35f9e3981355b3fed061e25dfa8ff66389f0d4c074528bb8b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 78c1dc123ef687f2b022c586bd111907
SHA1 616ccca207f3d7aba6846e74462d32eba07defcd
SHA256 9b6e10a67a4e204ebe3d616d3c4c68ce9704b4ea3cb7460e6b6b5b80ea1d6e61
SHA512 fb0099d40e82575cf494993318cdd5186359962b6d8b000d378a65cf9ba147d42268ec1b73b8096779e8e790382aeddc3b482f7c8f5bb19b13d7db5c3c9587bc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 e86038610806e52e2ea2720eeb454d7d
SHA1 ab6ee5740dc04d9d46296991aa16474360bbad2b
SHA256 95c476555e03c5d0a1c4cbdf7c4ddadd49058ce46f766069516b0bb91cfeac70
SHA512 34c5ea9a327ad7ee26cf3f7875d536df9cd084232d00a480fb3c68affe114897a025122c0dfaeaf6814dc4ea8f9c7ee7dd59c10967f68e6bd2a2355e0a318829

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 c868d1db1e13c449e70a5172b5d98162
SHA1 e92a5f3fc19ad08eb09179babce8830975735501
SHA256 7b9cfc0fa9e68f53eae0bf50e9f9d10797b9d5f8a0c21df7723faea320742dab
SHA512 3a69f1a4aca713db6012be2a7ebf3a4f05a1b1d096d4a39f550791ad39beca974ff3289390ea05ea0fe7b1914c0e35c58fbcd44c3ffe5357fdee9d566ae21167

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js

MD5 0e35165b63a1f1a5cffcdc4e7c996dd8
SHA1 5476475fc10440aaa9cb4d9f2f578f7e3222f064
SHA256 d4704bfb0a2e161629412f343fb33492079100ea41c78461b802266d2b492e4d
SHA512 8c3ea5ffa7a3a3b94dd22c2a53b1a97bcd2b52d7e254b762adfda7b06758d0c4c2c8a11e08d088281292652b18b6e0dd772be345810440a63f22b04ee42260d1

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 2540a0751f8176e0b62c6b712302da75
SHA1 ea183c649ce968dcb6787a2ea1d3f364a0874e6e
SHA256 4674a68808fda294ed2dadf20ac8bd5c918ecd2756dd03a50ad670d1c1c5d928
SHA512 465617f5fa039420af09ad4016f85823f843b1d8bfb703bf8ed4b3270663c5dfda31cb08cdbefcfd661ba81514ea10971b0d7de0d5f66e53047ed38f172dbe98

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\968B8C67693C57E8BEEC986AC813158289ED3283

MD5 dc537cb627529d6385e79e5f1ede7445
SHA1 869e82ba6f043f8e26566d4de61e02ea89df6c66
SHA256 f8903ab5cfad377cddbf822fdc5fcff813d3e4a28caccd2c02f049a4a724394a
SHA512 ec19f620121fe136f22dacd3d49a39f1997afb50749d4e8a05b368e3ebe545eb81f8199af0b890b591886a95ad4f6e91d1949773102ea57d78e53c88429606cf

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\371B5DB4C8056F470F167CC2F86D05B0D5196C91

MD5 205dda438139e3632a42e80373e207ca
SHA1 5e79d5ce6ea326afd426fdd82b1bcf3ada782ba1
SHA256 266f884a1b9458d087a62b8354484b7c662ce0b060b5c5d418ff1a2cd9c275cb
SHA512 be6ee0e59794f71b9a47e61265c9b37ce23622b38c6db83b2b0ede804807945f61f6cc9f4bce63eeb7f31415a4cfc84a27f2fac813d51f2b43d9a2fe40c6a7cd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\7F34D320F5B033BA8189CEC7C732CBF697D610DF

MD5 c10cdd865dddf91f11c1075dcf10163a
SHA1 8873fdc8ddae6743b9313f810205cca5e045b6d7
SHA256 26f608d3d19158269242a6b9b7725b1a429335143dfc75114a3cfcc18da4e96c
SHA512 0322f687ba76060813cab0661007e7565c2504a08d065031fa00646e0aa7f33d8d367e99f7c29ce4bb94a7b9d6b49744604b720f2bc56b7eb12b5dbe3fd1e951

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 06b6d2dc042997aa83eb12b08224b7d6
SHA1 920713b622bdcf8d912d5f576865377f0a22197e
SHA256 76532294de9a36096b455277000d138a27341d0dc0bb078f131d6c2b8cdd31e5
SHA512 bd7ae9e307e11a87d98966f0b30d368bd66ccbe6ee271e183d24ee6176749fd7d36e827ed3a75ec07817038c6bc7f5233643047fe5fbb2c55c10e491357b9d30

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 2d4509ab2152f5c3666d9108ea58b8bf
SHA1 9f44ecff005a60c9487bae5e7e244c855f0a5041
SHA256 a98bc56ecf7773655f2050f0f5b8282f138eedf592784430e842cfe4adb814b4
SHA512 4a0ef8d13c619b50ebb5949d268f14ada754f062888f5549909d52a68eb1a5258cb6b209aa4515657c3556431d22ced1ccf65276cfb2233cbd40f0e848809489

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 59bd8e8851ec919a808f0ca58830c899
SHA1 7e86f769bc28aedf2049b63460cfe190c48b8fe9
SHA256 78fee7ccddf2b267c9719d75c39dbe6812fad9c6cc61b925642e295e2c31730a
SHA512 862042b51fba9ec145b8a8647973ec022306c892e94a9a71c92bce1ce069b0ffd5e39127e93f0d3979e68498cf92bb40322a7c30c1a9a7694bd099791b9ae5e6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 d8e128e7318a0b47dcfcda456416fca6
SHA1 1bd034b66d297b4a7445d0629e832e1b1979745c
SHA256 05ede2f7db46443ca9c54dce165e653fd0b773fe6976c726ca68aa93b1bf096e
SHA512 a2e241f44ae3cb4c3abaab07c7a4eaf26d4438b9b5f592baaafb5f297e1132660e28eece549b7c8c990a5b09e1759259375d8b42a1cbcb0d1f35737c4ebbc6c4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\23851

MD5 b184050e9ba905daff39170fd2a54d28
SHA1 4b9ef22ec3574e145e3b8fd3f22939a2cf8ccbe9
SHA256 9ab944064dfaa9c32c49113d573fde3d3d395130f6329e951969f39c5f75e2f8
SHA512 71877f1f754d1217f0cde227afa5e956c11da9f4403c273b42b6e077136db9a35a8a42692a91010f464e560b68dfa380196f806e051b98b970bd370cc6279ee8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 401df777d6620bda7c47060a3033151b
SHA1 79013ad8f00a5a9edc0a83ba6b7ed3816f4931e1
SHA256 c1cff94ce0c338862bbf0c9a9a781d928ec88e02794171f85b5168ce76bc14b8
SHA512 2a285a7f12e57d0870f034257e923bbfc7ebe93970b70b431099e25ba756d70ab6de3a182b90dd78ef9607778985d5e366c223f3e3ffd888dcd448d3a24f12ec

Analysis: behavioral2

Detonation Overview

Submitted

2024-09-27 01:51

Reported

2024-09-27 02:02

Platform

win10-20240611-en

Max time kernel

601s

Max time network

381s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\SilverRat.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\SilverRat.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\SilverRat.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListInPrivateBrowsingAllowed = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\ C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = fb7148e37f10db01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 6d1b15f77f10db01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 0030bbe87f10db01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\NextPromptBuild = "15063" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "395205405" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 91bae6e27f10db01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 4 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3596 wrote to memory of 4080 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3596 wrote to memory of 4080 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3596 wrote to memory of 4080 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3596 wrote to memory of 4080 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3596 wrote to memory of 5096 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3596 wrote to memory of 5096 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3596 wrote to memory of 5096 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3596 wrote to memory of 5096 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\SilverRat.exe

"C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\SilverRat.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 dotnet.microsoft.com udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 13.107.246.64:443 dotnet.microsoft.com tcp
US 13.107.246.64:443 dotnet.microsoft.com tcp
US 13.107.246.64:443 dotnet.microsoft.com tcp
US 13.107.246.64:443 dotnet.microsoft.com tcp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 13.107.246.64:443 dotnet.microsoft.com tcp
US 13.107.246.64:443 dotnet.microsoft.com tcp
US 13.107.246.64:443 dotnet.microsoft.com tcp
US 13.107.246.64:443 dotnet.microsoft.com tcp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
GB 92.123.128.149:443 www.bing.com tcp
GB 92.123.128.149:443 www.bing.com tcp
US 8.8.8.8:53 137.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 149.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 89.16.208.104.in-addr.arpa udp

Files

memory/2332-0-0x0000019070520000-0x0000019070530000-memory.dmp

memory/2332-17-0x0000019070630000-0x0000019070640000-memory.dmp

memory/2332-35-0x000001906DB60000-0x000001906DB62000-memory.dmp

memory/4080-64-0x000001DCFB4F0000-0x000001DCFB4F2000-memory.dmp

memory/4080-71-0x000001DCFB6A0000-0x000001DCFB6A2000-memory.dmp

memory/4080-67-0x000001DCFB620000-0x000001DCFB622000-memory.dmp

memory/4080-69-0x000001DCFB680000-0x000001DCFB682000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

MD5 96d65f8e752bd844d9a6f74c77c5860b
SHA1 296f9760a717ebf7f779e58cc09052d613db7d96
SHA256 27a7c1dbca57ffd2a0cdcbf66a784b5e9b33a911e3b517980e9d95c265d3d874
SHA512 8815fd2c989d503276dd7d2f31bf53fe3d7f94d8e159726713302f7de70eeda5f8eb7d70f2407a7500836762c0dc7188846b2fd6f1f66fcfe28cd5cc1aba6c8e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

MD5 1b7a9ee8aa9588764be3da6c45e2889f
SHA1 90105a72f382a4543bf72a19ff2837784582fbc0
SHA256 febf2135ee3996cb1083eab61923e2eea35368de8c13fd50cf66795165d7fe97
SHA512 7ff9efe783088359406823046db199db995db77076390f65365f924b463f32baac1caedbfca646e28c171d2a4fe94691dcab66cb998294c45ff3b306e67396c5

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9

MD5 a8a5fa5af16b818c5f2ea9a115191552
SHA1 6c2235840a046b1c67411fdfc5f0646e08311e78
SHA256 7e76ee2b57d2f8cce4b063443e240ddc416cc18b393f957bb8589595e9485fc1
SHA512 56fb7f9cd4091ecca5053abfcb02c8af15edd186e647e6d95d9813d9dc0a31ce537cb14061865f3af96e165ff6245a7a376e6128f59eef764ef56f52da46da0e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9

MD5 1f35db5518ad727ec378aa2cbdb454cb
SHA1 436ebf1c65d3da2b1bf31e1ae860ef97034b3684
SHA256 b76655fbe206300cae6f21b2b2d67922e4a7e17884c56fa576126398b8973baa
SHA512 65f30ef738006d859d4fbaf413e294beeba7322f27f6f3a3a5f10388ff7575bb0481d71ff54d14626489f59b47b3a17e73ee14966124cb8bb117ffe927b73919

memory/5096-89-0x0000019FB7340000-0x0000019FB7440000-memory.dmp

memory/5096-90-0x0000019FB7340000-0x0000019FB7440000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZVQ9VIUB\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

memory/2332-119-0x0000019078990000-0x0000019078991000-memory.dmp

memory/2332-118-0x0000019078980000-0x0000019078981000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\GJWP86QK\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee