Analysis Overview
SHA256
a384bad25740a4b783eaadd6ade53d96e878e1313c34321ddfb23149fbf6366d
Threat Level: Shows suspicious behavior
The file Silver Rat [Re Lab].7z was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
Checks computer location settings
Obfuscated with Agile.Net obfuscator
Drops file in System32 directory
Drops file in Windows directory
Unsigned PE
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Suspicious use of AdjustPrivilegeToken
Modifies registry class
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Uses Task Scheduler COM API
Modifies Internet Explorer settings
Modifies data under HKEY_USERS
Suspicious use of WriteProcessMemory
Checks processor information in registry
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-09-27 01:51
Signatures
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-27 01:51
Reported
2024-09-27 02:01
Platform
win10-20240404-en
Max time kernel
586s
Max time network
563s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe | N/A |
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat | C:\Windows\system32\SearchProtocolHost.exe | N/A |
Drops file in Windows directory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{97E467B4-98C6-4F19-9588-161B7773D6F6} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000571f84098010db01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{80009818-F38F-4AF1-87B5-EADAB9433E58} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000f9b7df118010db01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.adts | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice\Hash = "nJKTzu54v6I=" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.jfif = "1" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wdp\UserChoice | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice\ProgId = "AppX6eg8h5sxqq90pv53845wmnbewywdqq5h" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice\Hash = "B6gwmLtHtrw=" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-174 = "Microsoft PowerPoint Presentation" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WPL\UserChoice | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.ADTS = "1" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@windows.storage.dll,-34583 = "Saved Pictures" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice\ProgId = "AppX6eg8h5sxqq90pv53845wmnbewywdqq5h" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-107 = "Microsoft Excel Comma Separated Values File" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9932 = "MP4 Video" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.mp4 = "1" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-177 = "Microsoft PowerPoint Macro-Enabled Slide Show" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice\ProgId = "AppXqj98qxeaynz6dv4459ayz6bnqxbyaqcs" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SBE | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.3gp = "1" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.adts\UserChoice\ProgId = "AppXqj98qxeaynz6dv4459ayz6bnqxbyaqcs" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice\Hash = "iOHi24IdhyQ=" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.AAC = "1" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\MPEG2Demultiplexer | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-120 = "Microsoft Word 97 - 2003 Document" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice\ProgId = "AppX6eg8h5sxqq90pv53845wmnbewywdqq5h" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9937 = "3GPP Audio/Video" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-182 = "Microsoft PowerPoint Template" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-176 = "Microsoft PowerPoint Macro-Enabled Presentation" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Common Files\system\wab32res.dll,-10100 = "Contacts" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.raw = "1" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-115 = "Microsoft Excel 97-2003 Worksheet" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice\ProgId = "AppX6eg8h5sxqq90pv53845wmnbewywdqq5h" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice\Hash = "i9zJGGYUVeg=" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Windows\System32\Windows.UI.Immersive.dll,-38304 = "Public Account Pictures" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-140 = "Microsoft OneNote Section" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{1E589E9D-8A8D-46D9-A2F9-E6D4F8161EE9} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000542af4018010db01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.adts\UserChoice | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.wma = "1" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-125 = "Microsoft Word Template" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithList | C:\Windows\system32\SearchProtocolHost.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 8472a7528010db01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\msn.com\Total = "189" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 37d53b558010db01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = db88d5488010db01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 20f40c438010db01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.msn.com | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = 01000000571fe052bf5cdeed9100685d2801ae894f3be39ee3d81d311c1c0fe568fec7a87f53a7204460db0aff15f945b22d86cca75a4604bd27d57f3606 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "23" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "6826" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = f998cc4a8010db01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\OneBoxLoadAttempts = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\Total | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B7216 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 4eafdc488010db01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\CIStatus\SignaturePolicy = 06000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "537" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{7E9F971E-B41D-4B3C-B7D2-6322A24EA186} = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab].7z"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\SearchProtocolHost.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\Windows\system32\SearchFilterHost.exe
"C:\Windows\system32\SearchFilterHost.exe" 0 684 688 696 8192 692
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Videos\" -an -ai#7zMap2907:92:7zEvent16325
C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe
"C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe"
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\system32\SearchProtocolHost.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-3699363923-1875576828-3287151903-10002_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-3699363923-1875576828-3287151903-10002 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\system32\SearchFilterHost.exe
"C:\Windows\system32\SearchFilterHost.exe" 0 684 688 696 8192 692
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.0.531824806\1998522649" -parentBuildID 20221007134813 -prefsHandle 1700 -prefMapHandle 1688 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7168f5e3-5623-487e-baea-30abc0471ad9} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 1792 247aa2f2858 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.1.1389252715\983044624" -parentBuildID 20221007134813 -prefsHandle 2120 -prefMapHandle 2116 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {66941f3e-db7f-4cdb-9791-f7c2f274402b} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 2148 247aa1f9b58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.2.1993190500\191469458" -childID 1 -isForBrowser -prefsHandle 2924 -prefMapHandle 2952 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c188247-26c8-4ea5-801a-7e97582bba04} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 2972 247ae49a858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.3.499805496\122171361" -childID 2 -isForBrowser -prefsHandle 3508 -prefMapHandle 3504 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d0f4824-df17-44a9-941b-040c392aca43} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 3520 247af364b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.4.949380999\960582095" -childID 3 -isForBrowser -prefsHandle 4208 -prefMapHandle 4192 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae21bcc0-bcb9-4f50-94f6-74c3fad1acc5} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 4220 247b0394658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.5.345997566\1711631085" -childID 4 -isForBrowser -prefsHandle 4584 -prefMapHandle 4596 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb4018bf-7af1-437a-89fb-3fe165c61a5a} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 4568 247acb80458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.6.613729753\2057319700" -childID 5 -isForBrowser -prefsHandle 5000 -prefMapHandle 5004 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c92a88b-210a-46b7-8b23-4fa953ee1ca7} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 4488 247acb81958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.7.221046777\1717277599" -childID 6 -isForBrowser -prefsHandle 5180 -prefMapHandle 5184 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {98bc79df-aa75-4cb8-97d3-2737cefd17cf} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 5172 247acb81058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.8.646747563\923936938" -childID 7 -isForBrowser -prefsHandle 5676 -prefMapHandle 5672 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc07f942-a4e9-450d-82f2-88ee3c25b699} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 5636 247b1b76e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.9.308737961\233726602" -childID 8 -isForBrowser -prefsHandle 5048 -prefMapHandle 2772 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6eafcde2-133f-4d6e-8c63-5efc3be73ee8} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 2580 247b1c8a858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.10.2030316331\780181336" -childID 9 -isForBrowser -prefsHandle 4240 -prefMapHandle 4312 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f58e335f-10b0-4e8d-90fe-8f37c7cacea2} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 3444 247b2660c58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.11.971980314\1785392213" -childID 10 -isForBrowser -prefsHandle 5104 -prefMapHandle 5092 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {22351320-5bd5-4219-9b64-bec267097a02} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 5096 247b2661858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.12.805743399\264445475" -childID 11 -isForBrowser -prefsHandle 4500 -prefMapHandle 4732 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f303f94c-fd11-4702-9ecc-c5aae808211f} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 5096 247b3184e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.13.1452706913\1034648483" -childID 12 -isForBrowser -prefsHandle 5984 -prefMapHandle 5084 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {36ccab58-5be9-4b8c-ac5a-9cf9aac49dac} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 9776 247b2660c58 tab
C:\Windows\system32\SearchProtocolHost.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\Windows\system32\SearchFilterHost.exe
"C:\Windows\system32\SearchFilterHost.exe" 0 684 688 696 8192 692
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.14.2016959268\1011434104" -childID 13 -isForBrowser -prefsHandle 4980 -prefMapHandle 5196 -prefsLen 27459 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {149b7104-1b86-47a0-a0a5-1d9915b78772} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 3444 247b0547058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.15.1332394590\1683595877" -childID 14 -isForBrowser -prefsHandle 5080 -prefMapHandle 9164 -prefsLen 27459 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {00315766-dbec-4b32-9a8c-c65c277f51ab} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 5048 247b0623458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.16.814256288\304181660" -childID 15 -isForBrowser -prefsHandle 9088 -prefMapHandle 6168 -prefsLen 27468 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {63b94c79-1ff1-409d-9f71-1ae9e85abe76} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 9000 247aeae4258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.17.1147323742\599880594" -childID 16 -isForBrowser -prefsHandle 9172 -prefMapHandle 4220 -prefsLen 27468 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6229e105-3299-44c5-8d79-61b071597794} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 4316 247b0546158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.18.646189082\688046775" -childID 17 -isForBrowser -prefsHandle 5228 -prefMapHandle 9452 -prefsLen 27468 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {603f2ba4-7956-4b93-9872-63ea3a6a577c} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 1604 247aeae4258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.19.1781648664\1780520983" -childID 18 -isForBrowser -prefsHandle 9100 -prefMapHandle 9112 -prefsLen 27468 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e81a648c-2384-46a4-98f4-448c13ce2dd8} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 9156 247b0548858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.20.1196876306\1097513492" -childID 19 -isForBrowser -prefsHandle 9060 -prefMapHandle 9048 -prefsLen 27468 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e9593b0-a343-4e2f-8680-6c432d3d926b} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 5464 247aeae4258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.21.1967176870\934575212" -childID 20 -isForBrowser -prefsHandle 5228 -prefMapHandle 4452 -prefsLen 27468 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {379902ea-5cd1-44fa-a61b-8b599af3bed5} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 2680 247b0546458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.22.1301162555\357446255" -childID 21 -isForBrowser -prefsHandle 4352 -prefMapHandle 9080 -prefsLen 27468 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa29ee01-8fa8-447b-bed1-c6557c51eb24} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 1604 247aeae4258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.23.451165555\1603169111" -childID 22 -isForBrowser -prefsHandle 9708 -prefMapHandle 9324 -prefsLen 27468 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bedc5774-e12c-4492-9c4d-7c71cd33dc39} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 9376 247b0548858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.24.1846588849\1633957595" -childID 23 -isForBrowser -prefsHandle 4748 -prefMapHandle 5004 -prefsLen 27468 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {93482ed2-7675-4341-a574-4d25207b0aee} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 8944 247b1d27b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5884.25.972210813\268856497" -childID 24 -isForBrowser -prefsHandle 9064 -prefMapHandle 4760 -prefsLen 27468 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ac4eb5d-13d0-4833-9358-4704ea7246a7} 5884 "\\.\pipe\gecko-crash-server-pipe.5884" 6016 247b204c058 tab
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dotnet.microsoft.com | udp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.msn.com | udp |
| US | 204.79.197.203:443 | www.msn.com | tcp |
| US | 204.79.197.203:443 | www.msn.com | tcp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| GB | 92.123.128.29:443 | assets.msn.com | tcp |
| GB | 92.123.128.29:443 | assets.msn.com | tcp |
| GB | 92.123.128.29:443 | assets.msn.com | tcp |
| GB | 92.123.128.29:443 | assets.msn.com | tcp |
| US | 8.8.8.8:53 | browser.events.data.msn.com | udp |
| US | 20.189.173.2:443 | browser.events.data.msn.com | tcp |
| US | 20.189.173.2:443 | browser.events.data.msn.com | tcp |
| US | 8.8.8.8:53 | 29.128.123.92.in-addr.arpa | udp |
| US | 204.79.197.203:443 | www.msn.com | tcp |
| US | 204.79.197.203:443 | www.msn.com | tcp |
| US | 8.8.8.8:53 | 2.173.189.20.in-addr.arpa | udp |
| GB | 92.123.128.167:443 | www.bing.com | tcp |
| GB | 92.123.128.167:443 | www.bing.com | tcp |
| GB | 92.123.128.167:443 | www.bing.com | tcp |
| GB | 92.123.128.167:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 167.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 92.123.128.181:443 | r.bing.com | tcp |
| GB | 92.123.128.181:443 | r.bing.com | tcp |
| GB | 92.123.128.181:443 | r.bing.com | tcp |
| GB | 92.123.128.181:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | s.bingparachute.com | udp |
| GB | 92.123.128.167:443 | r.bing.com | tcp |
| GB | 92.123.128.167:443 | r.bing.com | tcp |
| GB | 23.204.237.191:443 | s.bingparachute.com | tcp |
| GB | 23.204.237.191:443 | s.bingparachute.com | tcp |
| US | 8.8.8.8:53 | 181.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.237.204.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 40.126.32.134:443 | login.microsoftonline.com | tcp |
| NL | 40.126.32.134:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 92.123.128.146:443 | th.bing.com | tcp |
| GB | 92.123.128.146:443 | th.bing.com | tcp |
| GB | 92.123.128.146:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 146.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| GB | 92.123.128.167:443 | th.bing.com | tcp |
| GB | 92.123.128.167:443 | th.bing.com | tcp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| N/A | 127.0.0.1:51757 | tcp | |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 166.188.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.84.165.35.in-addr.arpa | udp |
| N/A | 127.0.0.1:51764 | tcp | |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 228.187.250.142.in-addr.arpa | udp |
| GB | 142.250.187.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| GB | 216.58.213.17:443 | csp.withgoogle.com | tcp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| GB | 216.58.213.17:443 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| GB | 142.250.178.14:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 216.58.201.106:443 | ogads-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| GB | 216.58.201.106:443 | ogads-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| GB | 216.58.201.106:443 | ogads-pa.googleapis.com | udp |
| GB | 142.250.178.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.178.14:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.178.14:443 | consent.google.com | udp |
| US | 8.8.8.8:53 | dotnet.microsoft.com | udp |
| US | 8.8.8.8:53 | s-part-0036.t-0009.t-msedge.net | udp |
| US | 13.107.246.64:443 | s-part-0036.t-0009.t-msedge.net | tcp |
| US | 8.8.8.8:53 | s-part-0036.t-0009.t-msedge.net | udp |
| US | 13.107.246.64:443 | s-part-0036.t-0009.t-msedge.net | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | support.microsoft.com | udp |
| US | 8.8.8.8:53 | e3843.dscb.akamaiedge.net | udp |
| GB | 92.123.240.111:443 | e3843.dscb.akamaiedge.net | tcp |
| US | 8.8.8.8:53 | e3843.dscb.akamaiedge.net | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | mem.gfx.ms | udp |
| US | 8.8.8.8:53 | 111.240.123.92.in-addr.arpa | udp |
| GB | 92.123.241.137:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | e13678.dscb.akamaiedge.net | udp |
| US | 8.8.8.8:53 | a1449.dscg2.akamai.net | udp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 8.8.8.8:53 | s-part-0036.t-0009.t-msedge.net | udp |
| US | 8.8.8.8:53 | e13678.dscb.akamaiedge.net | udp |
| US | 8.8.8.8:53 | a1449.dscg2.akamai.net | udp |
| GB | 92.123.241.137:443 | e13678.dscb.akamaiedge.net | tcp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| NL | 40.126.32.134:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | www.tm.ak.prd.aadg.trafficmanager.net | udp |
| US | 8.8.8.8:53 | www.tm.ak.prd.aadg.trafficmanager.net | udp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 8.8.8.8:53 | aadcdn.msftauth.net | udp |
| US | 152.199.21.175:443 | aadcdn.msftauth.net | tcp |
| US | 8.8.8.8:53 | sni1gl.wpc.omegacdn.net | udp |
| US | 8.8.8.8:53 | sni1gl.wpc.omegacdn.net | udp |
| US | 8.8.8.8:53 | 137.241.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.tm.v4.a.prd.aadg.trafficmanager.net | udp |
| US | 8.8.8.8:53 | www.tm.v4.a.prd.aadg.trafficmanager.net | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| NL | 52.178.17.233:443 | browser.events.data.microsoft.com | tcp |
| NL | 52.178.17.233:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | onedscolprdweu08.westeurope.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | onedscolprdweu08.westeurope.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | logincdn.msftauth.net | udp |
| US | 152.199.21.175:443 | logincdn.msftauth.net | tcp |
| US | 8.8.8.8:53 | sni1gl.wpc.alphacdn.net | udp |
| US | 8.8.8.8:53 | sni1gl.wpc.alphacdn.net | udp |
| US | 8.8.8.8:53 | 233.17.178.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | iris-de-prod-azsc-v2-frc-b.francecentral.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | iris-de-prod-azsc-v2-frc-b.francecentral.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | onedscolprdweu08.westeurope.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 8.8.8.8:53 | onedscolprdeus02.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | onedscolprdeus02.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 8.8.8.8:53 | onedscolprdcus18.centralus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | onedscolprdcus18.centralus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| DE | 23.55.161.185:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 172.217.169.14:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 172.217.169.14:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r3---sn-5hneknek.gvt1.com | udp |
| NL | 74.125.8.136:443 | r3---sn-5hneknek.gvt1.com | tcp |
| US | 8.8.8.8:53 | r3.sn-5hneknek.gvt1.com | udp |
| US | 8.8.8.8:53 | r3.sn-5hneknek.gvt1.com | udp |
| US | 8.8.8.8:53 | 185.161.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.8.125.74.in-addr.arpa | udp |
| NL | 74.125.8.136:443 | r3.sn-5hneknek.gvt1.com | udp |
| US | 8.8.8.8:53 | support.microsoft.com | udp |
| US | 8.8.8.8:53 | e3843.dscb.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e3843.dscb.akamaiedge.net | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 8.8.8.8:53 | onedscolprdeus20.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | onedscolprdeus20.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | support.microsoft.com | udp |
| US | 8.8.8.8:53 | e3843.dscb.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e3843.dscb.akamaiedge.net | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 8.8.8.8:53 | onedscolprdwus11.westus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | onedscolprdwus11.westus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | onedscolprdwus11.westus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | onedscolprdwus11.westus.cloudapp.azure.com | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
Files
memory/2116-2-0x000001F965F70000-0x000001F965F80000-memory.dmp
memory/2116-18-0x000001F966120000-0x000001F966130000-memory.dmp
memory/2116-34-0x000001F96A5D0000-0x000001F96A5D8000-memory.dmp
memory/3932-40-0x000001BA38260000-0x000001BA38270000-memory.dmp
memory/3932-42-0x000001BA38290000-0x000001BA382A0000-memory.dmp
memory/3932-43-0x000001BA38290000-0x000001BA382A0000-memory.dmp
memory/3932-45-0x000001BA38290000-0x000001BA382A0000-memory.dmp
memory/3932-46-0x000001BA38290000-0x000001BA382A0000-memory.dmp
memory/3932-47-0x000001BA38290000-0x000001BA382A0000-memory.dmp
memory/3932-48-0x000001BA38290000-0x000001BA382A0000-memory.dmp
memory/3932-51-0x000001BA38290000-0x000001BA382A0000-memory.dmp
memory/3932-53-0x000001BA38290000-0x000001BA382A0000-memory.dmp
memory/3932-56-0x000001BA38290000-0x000001BA382A0000-memory.dmp
memory/3932-55-0x000001BA38290000-0x000001BA382A0000-memory.dmp
memory/3932-60-0x000001BA38290000-0x000001BA382A0000-memory.dmp
memory/3932-62-0x000001BA38290000-0x000001BA382A0000-memory.dmp
memory/3932-61-0x000001BA38290000-0x000001BA382A0000-memory.dmp
memory/3932-59-0x000001BA38290000-0x000001BA382A0000-memory.dmp
memory/3932-54-0x000001BA38290000-0x000001BA382A0000-memory.dmp
memory/3932-52-0x000001BA38290000-0x000001BA382A0000-memory.dmp
memory/2116-63-0x000001F96C070000-0x000001F96C078000-memory.dmp
memory/2116-65-0x000001F96DA60000-0x000001F96DA68000-memory.dmp
memory/2116-67-0x000001F96DCE0000-0x000001F96DCE8000-memory.dmp
memory/2116-69-0x000001F96DF00000-0x000001F96DF08000-memory.dmp
memory/2116-70-0x000001F96DEF0000-0x000001F96DEF1000-memory.dmp
memory/2116-72-0x000001F96DEF0000-0x000001F96DEF8000-memory.dmp
memory/3932-74-0x000001BA38260000-0x000001BA38270000-memory.dmp
memory/3932-75-0x000001BA38290000-0x000001BA382A0000-memory.dmp
memory/3932-78-0x000001BA38290000-0x000001BA382A0000-memory.dmp
memory/3932-79-0x000001BA38290000-0x000001BA382A0000-memory.dmp
memory/3932-80-0x000001BA38290000-0x000001BA382A0000-memory.dmp
memory/3932-82-0x000001BA38290000-0x000001BA382A0000-memory.dmp
memory/3932-81-0x000001BA38290000-0x000001BA382A0000-memory.dmp
memory/3932-85-0x000001BA38290000-0x000001BA382A0000-memory.dmp
C:\Users\Admin\Videos\Silver Rat [Re Lab]\Profiles\SocketPort.xml
| MD5 | 5f807862258a390b2e2f75abb6d2c865 |
| SHA1 | 22abc144aa034c6490cbf143a8f1cdd42bd06d1b |
| SHA256 | 7b87c31f6d1163fc236651f5e1f3187cfa0c79d4a85d20c1c05f1dc3056c4823 |
| SHA512 | b831e4b2eeec23e39544961cef6619c8d57c50b53dc6bad8846682df6f5252041f50ce33cbe182488288d6d5e2e3e5194055ee4143ceb09f9601ed49d39dba39 |
C:\Users\Admin\Videos\Silver Rat [Re Lab]\stub.cs
| MD5 | 255787b7316051d866d8a8a384102c9a |
| SHA1 | 5a9fe0570579b7fe3916ec51abaa6606cf44dd18 |
| SHA256 | 1ffef5d31a2d6dbc01177fcf7835c9d9eeb4334bd39b20ec76eb2be1ba429f3f |
| SHA512 | 3016709d0ca83b58abadf1db647ff313105fa03e738f016cbb6364fa258c1824bfb692117ce325b1189a73242208fbcb58825c0abc022df06b771ed0937594db |
C:\Users\Admin\Videos\Silver Rat [Re Lab]\Profiles\Builder.xml
| MD5 | 3fcd4ac4720febae7ed0b81913daaf1c |
| SHA1 | 7d2ec4090023cc93a453c65782c78fe9bcf5afbd |
| SHA256 | b4b7d0f7878a60e5d641443a7d4720e178568e6febbb38a243d3b9fb8a30842b |
| SHA512 | c6a5c5c5d17d2e56fd2fde8705062a8916673ec5557ef9f30c9f62c67877c72f5b8e4528a3a8a8ec24f74e5c52ed385442483606b13972bcc645257a5826f2ca |
C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe.config
| MD5 | d6f1152d647b57f64494c3e1d32ede94 |
| SHA1 | a35bd77be82c79a034660df07270467ee109f5ac |
| SHA256 | a47f3f83cdb9816f03632833dc361ac5e7a4c5c923af1fdebfa16303f9d68a72 |
| SHA512 | 699b5ad93d3497348f8aad8e15d54ddd789bbac43f11a7fb629f19cda3749bee0ae06dc83f4e6246df631488169fda5d15c48585581d3a96d2523b8b45e639bd |
C:\Users\Admin\Videos\Silver Rat [Re Lab]\Plugins\OptionsForm.dll.config
| MD5 | a78fa19b73baa4b9bb1d29d22dfbea83 |
| SHA1 | f4a03e27396eb1a3f3e135dede8cae930f7cc3a5 |
| SHA256 | c53f33a5c3a7dfa005f62bc9d81ae8d6e5eb019463bd2986c32ca00ce9404f1a |
| SHA512 | e6811ba76e7a0284413af12cbe06884fb9e2f94c09bbe42f9adc03cb506cfee7c081e1002a1d59fd6db910ed33f255de9f4c0236759bf8cd39ad8886f22e3e6b |
C:\Users\Admin\Videos\Silver Rat [Re Lab]\System.Numerics.Vectors.dll
| MD5 | aaa2cbf14e06e9d3586d8a4ed455db33 |
| SHA1 | 3d216458740ad5cb05bc5f7c3491cde44a1e5df0 |
| SHA256 | 1d3ef8698281e7cf7371d1554afef5872b39f96c26da772210a33da041ba1183 |
| SHA512 | 0b14a039ca67982794a2bb69974ef04a7fbee3686d7364f8f4db70ea6259d29640cbb83d5b544d92fa1d3676c7619cd580ff45671a2bb4753ed8b383597c6da8 |
C:\Users\Admin\Videos\Silver Rat [Re Lab]\System.Memory.dll
| MD5 | f09441a1ee47fb3e6571a3a448e05baf |
| SHA1 | 3c5c5df5f8f8db3f0a35c5ed8d357313a54e3cde |
| SHA256 | bf3fb84664f4097f1a8a9bc71a51dcf8cf1a905d4080a4d290da1730866e856f |
| SHA512 | 0199ae0633bccfeaefbb5aed20832a4379c7ad73461d41a9da3d6dc044093cc319670e67c4efbf830308cbd9a48fb40d4a6c7e472dcc42eb745c6ba813e8e7c6 |
C:\Users\Admin\Videos\Silver Rat [Re Lab]\SilverRat.exe
| MD5 | d6527f7d5f5152c3f5fff6786e5c1606 |
| SHA1 | e8da82b4a3d2b6bee04236162e5e46e636310ec6 |
| SHA256 | 79a4605d24d32f992d8e144202e980bb6b52bf8c9925b1498a1da59e50ac51f9 |
| SHA512 | 2b4eb9e66028d263c52b3da42fa3df256cf49cd7a7ebdf7c75da6a2dedfd2c22cb5f2071345b7016cd742539c74a801cad70c612330be79802fa19f860ea2d5f |
C:\Users\Admin\Videos\Silver Rat [Re Lab]\System.Collections.Immutable.dll
| MD5 | 8f55c22412f7d448d6e7b83102665368 |
| SHA1 | 88df86ee0b137992af15a35825804274fa252e30 |
| SHA256 | 67730917b4e856e37a9d78245527584087fac6b20a7377677b2f444cd15db918 |
| SHA512 | 058431aa2280511b00a72ea55ded9bdaef55420f5bce10c9352d4f92736a11884d1e70706016b988cca560358b3b43ce1bad5c9bd726f11d8ad66e3c91f98ccb |
C:\Users\Admin\Videos\Silver Rat [Re Lab]\System.Buffers.dll
| MD5 | ecdfe8ede869d2ccc6bf99981ea96400 |
| SHA1 | 2f410a0396bc148ed533ad49b6415fb58dd4d641 |
| SHA256 | accccfbe45d9f08ffeed9916e37b33e98c65be012cfff6e7fa7b67210ce1fefb |
| SHA512 | 5fc7fee5c25cb2eee19737068968e00a00961c257271b420f594e5a0da0559502d04ee6ba2d8d2aad77f3769622f6743a5ee8dae23f8f993f33fb09ed8db2741 |
C:\Users\Admin\Videos\Silver Rat [Re Lab]\RestSharp.dll
| MD5 | 09806e18f9f8e3f2351827be22e634e0 |
| SHA1 | 54ec870ffb8ce10b3c8b05bbc7fb7ea45142a430 |
| SHA256 | 0e7a0f3910741e81f9b4660501b30aab5eee71cfa4fa9dcc9b32acb64c865428 |
| SHA512 | 45b5743bd3f50f51b6953bbfca9f8c5d1aca75aaed5cee0d6ef401034a05a09f27b928f539101801450b428ca7eac9ecc3ad0b41f2bc19258da52fbc7dc8ed09 |
C:\Users\Admin\Videos\Silver Rat [Re Lab]\protobuf-net.dll
| MD5 | 02de5f3f2a4b2e15ab53212bc93dc2db |
| SHA1 | e71e402ab28cd47d55eb997ad0e55ef1ac29d533 |
| SHA256 | c814d207eba7589cbb810b1625ac4091a5cb5cdc9be5e6691bddb2c4dde4619d |
| SHA512 | 7b1f09cdae30c2f1577a694c6ddbed6446997788f42167b4bb78f59c46154b43405639f0c9de7bc57aac598920fd4767cbfcc5ca01f803599d53820c3da4dcc1 |
C:\Users\Admin\Videos\Silver Rat [Re Lab]\protobuf-net.core.dll
| MD5 | 7d5a891689dc097d641272a459da8ac8 |
| SHA1 | a5b6efdd77bb8dacafb4b3013ab81919ad0e407e |
| SHA256 | 8c80999a13b87b0449ce09ebb7d53344b5771876e5af2e426c8e80258f62dff1 |
| SHA512 | a618ddfd22fc1ead717c2d0ca98c98d81ac4888f4af0c5952c1404f1c36e8ea4796f57bbd026aef187b9575a8737bf02ec7d5c58079bb89678b09239f4f932a7 |
C:\Users\Admin\Videos\Silver Rat [Re Lab]\Plugins\ScanNET.dll
| MD5 | 4a66cf2e8575107a677833dcbe7e1142 |
| SHA1 | 59dea7c17ca242a5aeb6a5a9353f711bac1e0eeb |
| SHA256 | 389a2431ed1c413afb6c5361dde893cfe4374c56f5121151f91e9ed8723d0967 |
| SHA512 | 005893f2ee4ae6375ab9464c002326f6c07d1a04fad8034adfcd3a9506358fda43ffeec6600acb20fe4bec25765dc4c3046343a1e51cd80a7d7f1164cdd4fa37 |
C:\Users\Admin\Videos\Silver Rat [Re Lab]\Plugins\ReverseProxy.dll
| MD5 | 015e7bdd40eee884542840f551074710 |
| SHA1 | 6d5d38182998f28129ad8f0f5801b89cee4e6498 |
| SHA256 | d5c47e21b22ddd9087ecda3c2bad283de7d3dd69906802f2023f86bbba92f06b |
| SHA512 | a199f5be4a0a83a291ee19868428d147783e55c38067d10c0353fdfc363087c23f88b8b2d44d7fbf7b16c03427342d96fc0dcb52b6cb1064dd84d3f0f28d5afe |
C:\Users\Admin\Videos\Silver Rat [Re Lab]\Plugins\RDP.dll
| MD5 | 2bd24da470e3968fec572600d4637f37 |
| SHA1 | 752a3ee7e92e6141c26338b327b5a060c0583030 |
| SHA256 | c5d5123886fc5e948693a2c1cf14b6b1262f2b98b2ccb6ee3b06bab0c32e6c00 |
| SHA512 | 60df75c2362a991ce108ed2b52d47316b56b527eef67700b89a6aa8dc52cb0f223991fe6b9819d4c047c5445051078d55965209bbf8f7c1421fc0dbc12fbc393 |
C:\Users\Admin\Videos\Silver Rat [Re Lab]\Plugins\Passwords.dll
| MD5 | 67df2a509df555bbbb04264d9177c4c9 |
| SHA1 | 4afbe8e70698cc6cc7cb2091c1d7dd8b343e49b6 |
| SHA256 | 31805c53dcd4df47675401e2f286026492a4d2c9ffb13bf5293e8955d5ec96d1 |
| SHA512 | 0b10b268a5590aa4649decda9190df03673f55b09bf66660cab43f76e61cd9afd4e3ff285b6623377f883930f3221933c7abde1b795642ccd909ccb17154712e |
C:\Users\Admin\Videos\Silver Rat [Re Lab]\Plugins\OptionsForm.dll
| MD5 | fdaa271259f3b58f88bcfce1da990af4 |
| SHA1 | ae2bb4c6725134e9f53f7d63d8920d5c7c4e54de |
| SHA256 | b2a0dd7d7b92ec5b99e3b18fb0235b3b039373edf9a4ea51b36447ac7d0ad464 |
| SHA512 | 469507660f15a9b72cf160da089b2b4e44625010ba15cdee3d6e08f467e1d724aa0d177adbd7af926a55b0dddd016d565804ab1b2fb071ee37b48487d553b8d9 |
C:\Users\Admin\Videos\Silver Rat [Re Lab]\Plugins\Options.dll
| MD5 | ff88d61dc7adc644d79b0f898059a7b1 |
| SHA1 | 151557a014d6b177fd1ae1496f0719184df08c86 |
| SHA256 | 3fd7b67e56b40caf53aa9b2df102967f7e2aab0bb4bf90ea769ea725c0498657 |
| SHA512 | ae06793d10c6c76a994db8cf3fe97a859df2a1e0dd2bc56fac042bba8a93a56e52b4edf28a30113e4cd547157bde07a77383f0295822d8e6ddea51dfcdc0b1f0 |
C:\Users\Admin\Videos\Silver Rat [Re Lab]\Plugins\Manager.dll
| MD5 | b17ddbfdf27aaedb6e26ed70783a6ae7 |
| SHA1 | 08590ed55d9adc47c53a9dcf7dfafc60b877aa13 |
| SHA256 | da8c5ffb5d268e9aa5783bcb064502df8f78cba724a0f96793795fe97e62a6e1 |
| SHA512 | 0079131280257413f43a01a0de2b3cf393745d2864ab521619888b3b25f7f0ec1f32f9d6f682250b73c92c1483d841f7ca3f8bf34e785e3fc93afae6d086693e |
C:\Users\Admin\Videos\Silver Rat [Re Lab]\Plugins\Ransom.dll
| MD5 | 47ced016511c0edca8af7e371ed50136 |
| SHA1 | 83306913534c4a2ff234ce1dc399ac017978a476 |
| SHA256 | d47f10f19ff148464747bf7e38f7fb44c1d99569d4a9b31eee731abacd540a2f |
| SHA512 | 459333e1c3437b13db1988f901c97f16ab6e99269b3459001e898f661322b4ad034046b29561c0a6b366ff3d2c69a27334d49623744e3ee4f3341789b4bab37a |
C:\Users\Admin\Videos\Silver Rat [Re Lab]\Plugins\RAPP.dll
| MD5 | 3749325c46c36e83ea28ddd92aa60c9f |
| SHA1 | a792b9eb154fcbd376660bca5bb1cac11e29cd17 |
| SHA256 | 2e717bd5321a2ac65b38cc39238dafa7e34b7446031a6a6200aca86199a59ade |
| SHA512 | 876013df8c6736ac3bed7e8efb03cc783abe33936c2f8b7908b554b5584c42a8e81f953f7c4066576d8ef931026eb4af84618179cc0001519c493f6651ccd4be |
C:\Users\Admin\Videos\Silver Rat [Re Lab]\Plugins\Keylogger.dll
| MD5 | 8e2d761ccea68168d0b991b475155678 |
| SHA1 | 2872d722bdaf496d520e643d114e712199ef00f1 |
| SHA256 | c3fd1d11641109c9033fa20af16c6b737008c137fd8a926bf0b4c6630d8ab9ac |
| SHA512 | e179a1da9f2d00cd74352dc81305462dc928a6e2acace665d42e8a2d0999bc6c8669e5e290ebd17064c6166604f87de2c7e7f31b42b4ea82b23738792c68f68d |
C:\Users\Admin\Videos\Silver Rat [Re Lab]\Plugins\HVNC.dll
| MD5 | 3d07031e76978680240e80cc54451ad4 |
| SHA1 | 255f32852fa97990ce16c8bdae766c79c7bcfe56 |
| SHA256 | 44cb17f3b048ba2c7653409b0dec7c94eb86d2cf0322ac79ce6764d5b8df1549 |
| SHA512 | 3595793d4b8e197a60d9c28060415489592da44e20e8f999d91e4c2f164e43ee00aaf94216a0daf4ade1cab8577dd34bb8e02c7ba12b3757b2c82c4e4bb91c7a |
C:\Users\Admin\Videos\Silver Rat [Re Lab]\Plugins\HRDP.dll
| MD5 | b9c9ea357d04731bda8c8393ae5cd741 |
| SHA1 | 8d462aafddd5f37513226523dd4b7a354be2f492 |
| SHA256 | a475f59f6a1b6b1fb4c6e78f1fbe7df2d38c4f743488ba7da128a5771bf6de86 |
| SHA512 | 1876e27c5d224d4bac403f99bfff21cbdd35e3d4d91257ff7c2482552e9925d85c69eb092e590ca48251e8fbf19372c131d191caa0e2b8977a2ced36173515e2 |
C:\Users\Admin\Videos\Silver Rat [Re Lab]\Plugins\HBrowser.dll
| MD5 | ce1d9f8c498cd8c5ee38fa94df4b4907 |
| SHA1 | d3b811137776e4b1dc937d294ce0eff9a12594ff |
| SHA256 | 55b5efe0a09cb5cb79308874e2e5d25c895f995754bbf960ce9a403207ce3abd |
| SHA512 | 58c9e62bc32376773a9bb1f266aab617ad2098f2d12b13fba1bfcefdf3edd1f44682c791567cc67035550b80b735ae460111145fd1b9d733325cda9dfbe61849 |
C:\Users\Admin\Videos\Silver Rat [Re Lab]\Plugins\Chat.dll
| MD5 | 736292dd81ad93bff84c28ce5de02385 |
| SHA1 | 40d46e915d049966f023e8d8c1e059d9b6c22567 |
| SHA256 | 0c83898f29762a4e3650fc5f5a8a3c3114d06da8f6a3fb2fa8b990a36716d6bd |
| SHA512 | c126f17b9ed91994d52e61c7ab75536962a2c0f03cf90cba06fa423dd732379e7ccdf4050dada73267864feee8b677bd5c16ead8a485e3d8bd3f4bcc462015ed |
C:\Users\Admin\Videos\Silver Rat [Re Lab]\Plugins\HApps.dll
| MD5 | a7c3b329ab9f4e20ed40c78b2ac36864 |
| SHA1 | fcb594e1a2a7c27e0208d413411e1ca30fdf4279 |
| SHA256 | d922c1762640f37a503eb116627a732290ae38b52f9b33437ffee608f7853a28 |
| SHA512 | 870085fabe2ae4768b6ea9d2e7f13dad752f4c26ec6d61debd0b76c683771823b07338e1323e26c0c8e17f9ecf7f5d7fcd4b7d0b148501ef9e278b8b680925f9 |
C:\Users\Admin\Videos\Silver Rat [Re Lab]\Plugins\Camera.dll
| MD5 | e9e0b5fc7b1ed6f01d08d981d1cd761f |
| SHA1 | 011ac2fa1b9df6a4cb6d88c14316216bb64526bb |
| SHA256 | 2c82773466f72756d8152e4d5dc24d2ec954bfe5a6e7cae587d2e1d316ef43d0 |
| SHA512 | df75359dd9c1bcc6bccb17522186d710ae16054a496c3f75fa171dfe8f09e314fb28a7b1111193e64e37639c6d37de5c77cd99d795f72ab5338459886da6b964 |
C:\Users\Admin\Videos\Silver Rat [Re Lab]\Newtonsoft.Json.dll
| MD5 | 4df6c8781e70c3a4912b5be796e6d337 |
| SHA1 | cbc510520fcd85dbc1c82b02e82040702aca9b79 |
| SHA256 | 3598cccad5b535fea6f93662107a4183bfd6167bf1d0f80260436093edc2e3af |
| SHA512 | 964d9813e4d11e1e603e0a9627885c52034b088d0b0dfa5ac0043c27df204e621a2a654445f440ae318e15b1c5fea5c469da9e6a7350a787fef9edf6f0418e5c |
C:\Users\Admin\Videos\Silver Rat [Re Lab]\guna.ui2.dll
| MD5 | acec68d05e0b9b6c34a24da530dc07b2 |
| SHA1 | 015eb32aad6f5309296c3a88f0c5ab1ba451d41e |
| SHA256 | bf72939922afa2cd17071f5170b4a82d05bceb1fc33ce29cdfbc68dbb97f0277 |
| SHA512 | d68d3ac62319178d3bc27a0f1e1762fc814a4da65156db90ae17284a99e5d9909e9e6348a4ff9ef0b92a46ba2033b838b75313307b46ab72dc0aab9641e4f700 |
C:\Users\Admin\Videos\Silver Rat [Re Lab]\cgeoip.dll
| MD5 | 6d6e172e7965d1250a4a6f8a0513aa9f |
| SHA1 | b0fd4f64e837f48682874251c93258ee2cbcad2b |
| SHA256 | d1ddd15e9c727a5ecf78d3918c17aee0512f5b181ad44952686beb89146e6bd0 |
| SHA512 | 35daa38ad009599145aa241102bcd1f69b4caa55ebc5bb11df0a06567056c0ec5fcd02a33576c54c670755a6384e0229fd2f96622f12304dec58f79e1e834155 |
C:\Users\Admin\Videos\Silver Rat [Re Lab]\bunifu.ui.winforms.dll
| MD5 | 686833fccd95b4f5c8d7695a2d45955d |
| SHA1 | 882f60ea47f536c1f01da0f5767dfe5d569fc011 |
| SHA256 | 578cbcfb7a01234907fb6314918efd23a502882c79d0ee3c2e7d4ae0cf63ebc2 |
| SHA512 | 8bb3a8741b73ad7c280de31905dbfc449c2d6f538b8feca232201c7079f917c4291936211632bcdf17c95d6cf5d9b97df2cdd21c57af6cbff486ea7691ff3bc1 |
C:\Users\Admin\Videos\Silver Rat [Re Lab]\bunifu.ui.winforms.1.5.3.dll
| MD5 | c1d51a0e747c9d6156410cb3c5b97a60 |
| SHA1 | 86312cba2eb3495cc6bec66d54d4ab88596275d8 |
| SHA256 | 6937052b86bc251be510b110e08fc5089d3bd687ce2333a85ea6d5c2c09b437a |
| SHA512 | a8d7b2e5555c01076e8dd744d21d8cd901aaffad052af0e8c22269e8c2f765019422ed245368a64d64157652a0e4fcab1a889086fde4e139b4ccf5f7bad08222 |
C:\Users\Admin\Videos\Silver Rat [Re Lab]\Bunifu.Licensing.dll
| MD5 | c18a9e44e200c7315a1868caab894293 |
| SHA1 | 18f65508762d2492f41b22e4e6e5ad19a2226baa |
| SHA256 | 661a5be944dc9fb2e0eba01c3c0584feb3ecca44877d77f54d0f409ce801af22 |
| SHA512 | 9a5e08bb6ed4535ac92ca446b630b29587cb5a4d7d695234a5d93267d2ac13d702b3738ba0e20606f10020e9642e8e315e7ddc92f1c321b68daf8524a3f5f2d1 |
C:\Users\Admin\Videos\Silver Rat [Re Lab]\bouncycastle.crypto.dll
| MD5 | f0b3e112ce4807a28e2b5d66a840ed7f |
| SHA1 | 54a6743781fd4ceb720331fce92f16186931192d |
| SHA256 | 333903c7d22a27098e45fc64b77a264aa220605cfbd3e329c200d7e4b42c881c |
| SHA512 | dc8ec9754c5e86f7e54e75ff3e5859c1b057f90e9c41788037b944a5db2cb3b70060763d0efcbe55ec595bcc47a9c0ff847a4876821470ca1659c31afd5b0190 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
| MD5 | 96445138d275e78ada27f81249cbae53 |
| SHA1 | 5f5f4ff1d1573102eb26027449443f7495997333 |
| SHA256 | 8d7085e17b8affef5bdd169c5e0ea3089bec212950cae30916670de8daf8f0b0 |
| SHA512 | 6bc0437913477c8a4d9838e130c7a5f60020c55d0c2e8e28dfba7a270e86d37f7f1db86b5ca702cd6db3376c30751a78f2c6c894c14902b57af33cbaf101b40e |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
| MD5 | 96d65f8e752bd844d9a6f74c77c5860b |
| SHA1 | 296f9760a717ebf7f779e58cc09052d613db7d96 |
| SHA256 | 27a7c1dbca57ffd2a0cdcbf66a784b5e9b33a911e3b517980e9d95c265d3d874 |
| SHA512 | 8815fd2c989d503276dd7d2f31bf53fe3d7f94d8e159726713302f7de70eeda5f8eb7d70f2407a7500836762c0dc7188846b2fd6f1f66fcfe28cd5cc1aba6c8e |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9
| MD5 | 41f74379239ebf69e3698388567df93b |
| SHA1 | 6e1bb18c56e48e92226dfd6496375258d4b9c4e0 |
| SHA256 | 6b6a4cad323fe9df0e4a7f85c33ff8e9f3a85ec7ce9a37dff9a7fb5a81ca8019 |
| SHA512 | 1c192a7dea7ed726b58cf4773f1201fc3f0c36f61c6010d33b437f89b12ec07a2f13abef87a1af9e141b61f20905b1ea0c5da87d516b75d3b996a944a01dc77c |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9
| MD5 | a8a5fa5af16b818c5f2ea9a115191552 |
| SHA1 | 6c2235840a046b1c67411fdfc5f0646e08311e78 |
| SHA256 | 7e76ee2b57d2f8cce4b063443e240ddc416cc18b393f957bb8589595e9485fc1 |
| SHA512 | 56fb7f9cd4091ecca5053abfcb02c8af15edd186e647e6d95d9813d9dc0a31ce537cb14061865f3af96e165ff6245a7a376e6128f59eef764ef56f52da46da0e |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\K8171U3A\favicon[1].ico
| MD5 | 84cc977d0eb148166481b01d8418e375 |
| SHA1 | 00e2461bcd67d7ba511db230415000aefbd30d2d |
| SHA256 | bbf8da37d92138cc08ffeec8e3379c334988d5ae99f4415579999bfbbb57a66c |
| SHA512 | f47a507077f9173fb07ec200c2677ba5f783d645be100f12efe71f701a74272a98e853c4fab63740d685853935d545730992d0004c9d2fe8e1965445cab509c3 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\5ZDR2T79\www.bing[1].xml
| MD5 | 9430830da576a2529680021ce09b51b6 |
| SHA1 | a1df1625d8a6c8242836041000bfe616abe3deab |
| SHA256 | e5bb0f6c2eee14df2cd3195fc1a0193f153a3bf0eb10eb51d91b2b8b13ea16cc |
| SHA512 | bb71c4f4bc7771fec0d55106d583c54765fa15497f440536cd13710fa4959a70c015b441667ec27f7e58be20e03c55b577f56b692bf2a76931310618f197ec56 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\5ZDR2T79\www.bing[1].xml
| MD5 | 28482a865a48c6afeb4082a3700ea0e4 |
| SHA1 | ceeb52baf0730a2bcf24e5b10fdb92626d5935c4 |
| SHA256 | 5d08041c5d92c8fc6d1cec2633d2e6651338392ce91aceb1033db316623b8d11 |
| SHA512 | f8fc8da3026fc3c478509226ee34b11e3b2ceb3861f0a9f26890c15812f18f3dfbc380946612d178010b50bff5dbbe1cbecbef2a2c1a2eb59fafbe812f48048b |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U2YUJLSD\xvEz2IbMlyghPZ3oNAHr9N-xMOA.br[1].js
| MD5 | dc221228e109f89b8b10c48f2678fb46 |
| SHA1 | 1bfc85cba5c424136941ac1dfd779a563b5beed4 |
| SHA256 | f4fb7234959f48c2b2ca73fd6c35d36eaf65d8c431d982a1ba208f5cdc766419 |
| SHA512 | 46f49e5ac18436251778d1f50c027729a2442ed6541c3162d878720703e37797b6028d96eb1568c23ec5006fb022c8e05855e250d6a1a590f41e890866529cd2 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\GFIKWQ4B\favicon-trans-bg-blue-mg[1].ico
| MD5 | 30967b1b52cb6df18a8af8fcc04f83c9 |
| SHA1 | aaf67cd84fcd64fb2d8974d7135d6f1e4fc03588 |
| SHA256 | 439b6089e45ef1e0c37ef88764d5c99a3b2752609c4e2af3376480d7ffcfaf2e |
| SHA512 | 7cb3c09a81fbd301741e7cf5296c406baf1c76685d354c54457c87f6471867390a1aeed9f95701eb9361d7dfacce31afd1d240841037fc1de4a120c66c1b088c |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XN6IH2Y6\fRSNKQanUHk53F1a1Bi8UA71Qt4.br[1].js
| MD5 | 9085e17b6172d9fc7b7373762c3d6e74 |
| SHA1 | dab3ca26ec7a8426f034113afa2123edfaa32a76 |
| SHA256 | 586d8f94486a8116af00c80a255cba96c5d994c5864e47deac5a7f1ae1e24b0d |
| SHA512 | b27b776cb4947eef6d9e2a33b46e87796a6d4c427f4759c08cf5aa0ee410a5f12e89ca6ab9cddd86c8471037e3c505f43c8b7fc6d8417f97f9fe3c5c47216bc4 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XN6IH2Y6\tlifxqsNyCzxIJnRwtQKuZToQQw[1].js
| MD5 | cfcd208495d565ef66e7dff9f98764da |
| SHA1 | b6589fc6ab0dc82cf12099d1c2d40ab994e8410c |
| SHA256 | 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9 |
| SHA512 | 31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64PW6Y69\9MqrCXB0EVjVIRzDOArDGhu3yeM.br[1].js
| MD5 | 56afa9b2c4ead188d1dd95650816419b |
| SHA1 | c1e4d984c4f85b9c7fb60b66b039c541bf3d94f6 |
| SHA256 | e830aeb6bc4602a3d61e678b1c22a8c5e01b9fb9a66406051d56493cc3087b4b |
| SHA512 | d97432e68afdaa2cfaeff497c2ff70208bd328713f169380d5afb5d5eecd29e183a79bec99664dbee13fd19fe21ebae7396315ac77a196bfb0ab855507f3dacf |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XN6IH2Y6\a224OTR91R7nhnUp3RpvwJI8dVU.br[1].js
| MD5 | 5cd7e9ec89646c664e189ca7bb2a9841 |
| SHA1 | c662dd49f63a3a8c8d6f1ae4309fabb0965a9797 |
| SHA256 | ad87e00ca1f7a028f7f972199ce9b2b978306c5048ef90802f08bc17ea90a9ed |
| SHA512 | dcf14925578a125109054b471a7006a41c98fef2843dcd4dbd9bd8ffdb4c0802488ed98cf0bd9863a7cff48c32c1be73c56097452ff4482d64d7e42b12a09e0f |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U2YUJLSD\K3hC1_cQXGFr6cxRJVWYpzZJaAM.br[1].js
| MD5 | 02b0b245d09dc56bbe4f1a9f1425ac35 |
| SHA1 | 868259c7dc5175a9cc1e2ec835f3d9b4bd3f5673 |
| SHA256 | 62991181637343332d7b105a605ab69d70d1256092355cfc4359bee7bdbfb9c6 |
| SHA512 | cbb43000a142807ff1bb3bfac715cef1240233117c728f357c824ce65b06be493df2306c7b03598817f09b02e9e36ec52314f88467679c5bef3ee1504a10c7e6 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U2YUJLSD\lLk8XmbdNzzlnPRzVzDhaF9yjqw.br[1].js
| MD5 | 3ff8eecb7a6996c1056bbe9d4dde50b4 |
| SHA1 | fdc4d52301d187042d0a2f136ceef2c005dcbb8b |
| SHA256 | 01b479f35b53d8078baca650bdd8b926638d8daaa6eb4a9059e232dbd984f163 |
| SHA512 | 49e68aa570729cc96ed0fd2f5f406d84869772df67958272625cba9d521ca508955567e12573d7c73d7e7727260d746b535c2ce6a3ace4952edf8fd85f3db0dd |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U2YUJLSD\Gyuq2bqitqDJM0BeAkbKXGlQXNw.br[1].js
| MD5 | a969230a51dba5ab5adf5877bcc28cfa |
| SHA1 | 7c4cdc6b86ca3b8a51ba585594ea1ab7b78b8265 |
| SHA256 | 8e572950cbda0558f7b9563ce4f5017e06bc9c262cf487e33927a948f8d78f7f |
| SHA512 | f45b08818a54c5fd54712c28eb2ac3417eea971c653049108e8809d078f6dd0560c873ceb09c8816ecd08112a007c13d850e2791f62c01d68518b3c3d0accceb |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64PW6Y69\n21aGRCN5EKHB3qObygw029dyNU.br[1].js
| MD5 | cb027ba6eb6dd3f033c02183b9423995 |
| SHA1 | 368e7121931587d29d988e1b8cb0fda785e5d18b |
| SHA256 | 04a007926a68bb33e36202eb27f53882af7fd009c1ec3ad7177fba380a5fb96f |
| SHA512 | 6a575205c83b1fc3bfac164828fbdb3a25ead355a6071b7d443c0f8ab5796fe2601c48946c2e4c9915e08ad14106b4a01d2fcd534d50ea51c4bc88879d8bec8d |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64PW6Y69\8CgcSSLayxEVUBf0swP_bQGMId8.br[1].js
| MD5 | a5363c37b617d36dfd6d25bfb89ca56b |
| SHA1 | 31682afce628850b8cb31faa8e9c4c5ec9ebb957 |
| SHA256 | 8b4d85985e62c264c03c88b31e68dbabdcc9bd42f40032a43800902261ff373f |
| SHA512 | e70f996b09e9fa94ba32f83b7aa348dc3a912146f21f9f7a7b5deea0f68cf81723ab4fedf1ba12b46aa4591758339f752a4eba11539beb16e0e34ad7ec946763 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64PW6Y69\Gw7eETSwe7GHmKwW1lRqGPQJXRo.br[1].js
| MD5 | 17cdab99027114dbcbd9d573c5b7a8a9 |
| SHA1 | 42d65caae34eba7a051342b24972665e61fa6ae2 |
| SHA256 | 5ff6b0f0620aa14559d5d869dbeb96febc4014051fa7d5df20223b10b35312de |
| SHA512 | 1fe83b7ec455840a8ddb4eedbbcd017f4b6183772a9643d40117a96d5fff70e8083e424d64deba209e0ef2e54368acd58e16e47a6810d6595e1d89d90bca149a |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XN6IH2Y6\psgXZvzYJMEW2ydikIk493Va1d4.br[1].js
| MD5 | f4da106e481b3e221792289864c2d02a |
| SHA1 | d8ba5c1615a4a8ed8ee93c5c8e2ea0fb490a0994 |
| SHA256 | 47cb84d180c1d6ba7578c379bdc396102043b31233544e25a5a6f738bb425ac9 |
| SHA512 | 66518ee1b6c0df613074e500a393e973844529ca81437c4bafe6bf111cba4d697af4fe36b8d1b2aa9b25f3eb93cd76df63abfc3269ac7e9f87c5f28a3764008e |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7XVM1D5W\nt6a1ZR520utsLoZmSYgwxdOPgI[1].js
| MD5 | 0c2672dc05a52fbfb8e3bc70271619c2 |
| SHA1 | 9ede9ad59479db4badb0ba19992620c3174e3e02 |
| SHA256 | 54722cf65ab74a85441a039480691610df079e6dd3316c452667efe4a94ffd39 |
| SHA512 | dd2b3e4438a9deaa6b306cbc0a50a035d9fe19c6180bc49d2a9d8cdbb2e25d9c6c8c5265c640ac362dc353169727f8c26503e11a8a061a2517a303f61d0ccd3c |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64PW6Y69\9cuwOQ_qE7qTGKohzrf_gIjTlPI.br[1].js
| MD5 | fabb77c7ae3fd2271f5909155fb490e5 |
| SHA1 | cde0b1304b558b6de7503d559c92014644736f88 |
| SHA256 | e482bf4baaa167335f326b9b4f4b83e806cc21fb428b988a4932c806d918771c |
| SHA512 | cabb38f7961ab11449a6e895657d39c947d422f0b3e1da976494c53203e0e91adfc514b6100e632939c4335c119165d2330512caa7d836a6c863087775edaa9f |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64PW6Y69\gKwIRAF4fg7noG1zyeUz8x3Jdhc.br[1].js
| MD5 | 47442e8d5838baaa640a856f98e40dc6 |
| SHA1 | 54c60cad77926723975b92d09fe79d7beff58d99 |
| SHA256 | 15ed1579bccf1571a7d8b888226e9fe455aca5628684419d1a18f7cda68af89e |
| SHA512 | 87c849283248baf779faab7bde1077a39274da88bea3a6f8e1513cb8dcd24a8c465bf431aee9d655b4e4802e62564d020f0bb1271fb331074d2ec62fc8d08f63 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XN6IH2Y6\_2I169N92jVtSc_VEsV0nma5sRY.br[1].js
| MD5 | 3104955279e1bbbdb4ae5a0e077c5a74 |
| SHA1 | ba10a722fff1877c3379dee7b5f028d467ffd6cf |
| SHA256 | a0a1cee602080757fbadb2d23ead2bbb8b0726b82fdb2ed654da4403f1e78ef1 |
| SHA512 | 6937ed6194e4842ff5b4878b0d680e02caf3185baf65edc131260b56a87968b5d6c80f236c1de1a059d8158bc93b80b831fe679f38fc06dfb7c3413d1d5355aa |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64PW6Y69\9xGNA8UskvA9WHF58zbLOHZ5HvI.br[1].js
| MD5 | d6741608ba48e400a406aca7f3464765 |
| SHA1 | 8961ca85ad82bb701436ffc64642833cfbaff303 |
| SHA256 | b1db1d8c0e5316d2c8a14e778b7220ac75adae5333a6d58ba7fd07f4e6eaa83c |
| SHA512 | e85360dbbb0881792b86dcaf56789434152ed69e00a99202b880f19d551b8c78eeff38a5836024f5d61dbc36818a39a921957f13fbf592baafd06acb1aed244b |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64PW6Y69\V_fBQ_iVmAgE_Ta_T-6BNXc0ZY4.br[1].js
| MD5 | f5712e664873fde8ee9044f693cd2db7 |
| SHA1 | 2a30817f3b99e3be735f4f85bb66dd5edf6a89f4 |
| SHA256 | 1562669ad323019cda49a6cf3bddece1672282e7275f9d963031b30ea845ffb2 |
| SHA512 | ca0eb961e52d37caa75f0f22012c045876a8b1a69db583fe3232ea6a7787a85beabc282f104c9fd236da9a500ba15fdf7bd83c1639bfd73ef8eb6a910b75290d |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64PW6Y69\5L3iD467J3iJWEPwIjxlK0MMDpY.br[1].js
| MD5 | 2ef3074238b080b648e9a10429d67405 |
| SHA1 | 15d57873ff98195c57e34fc778accc41c21172e7 |
| SHA256 | e90558eb19208ad73f0de1cd9839d0317594bf23da0514f51272bf27183f01da |
| SHA512 | c1d7074a0ebf5968b468f98fc4c0c7829999e402dd91c617e679eeb46c873dc04096cbf9277e115fc42c97516a6c11a9f16afa571e00f0d826beb463e2d1f7b0 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64PW6Y69\K_V1CARn2Q2lTs5njJKUvUkHyi4.br[1].js
| MD5 | 6c2c6db3832d53062d303cdff5e2bd30 |
| SHA1 | b7a064a64ceae5c9009ef7d6d8f63b90d3933c9d |
| SHA256 | 06b77ee16a2cd34acd210b4f2b6e423762ea8874bb26ae5a37db9dd01a00ff70 |
| SHA512 | bc2d115b53035b700d727af9d7efaf32dd2a39a2344f3f5fa1a82586be849ec7803e8320661e66ab7dd2a17e64b7897e95bbd84502b91997fa46eba4e67e8c7d |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64PW6Y69\awRIKLY04rWw5wNlVL186SolQSo.br[1].js
| MD5 | e4fb9b839186660b1f729b8df8c994b4 |
| SHA1 | 931792cd70ced4ad586f6329c30c294ebea1548e |
| SHA256 | 6838611c8ab6539005e11c84ca308158f89a51db57a62caf21faab48bf576177 |
| SHA512 | 625436bb52cbd7df7ed03be05fea52c5d54b6cc15037d70c268d9598e648a22246db902b9c6f097ba8b18bd924f6ab17120736285d54dce13773237f1669853a |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64PW6Y69\8LIV7VPMYjV_ya4Ggnu8LBWQIQQ.br[1].js
| MD5 | d81844c2ebcf5f3260a692e3e89dde7f |
| SHA1 | 5a3874fb9f597e42fdd94e5bc5da0a709b70d57a |
| SHA256 | 9905f086f3f40ac4b8ec2c9f0752a157ed637b2ffc2c87971e8306d6cb12fe9f |
| SHA512 | 8005f3ebd5bc8dc903917df581563595ea3e427f31992260aa4e6ed8bc30095442174ad153a83c378575ffb2de878338b0e87d8cdd57dfdc49e646ca9e4ada77 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64PW6Y69\jZjSh5AHStaNJxXQwyPphbnzJA4.br[1].js
| MD5 | bbec4d3dd1d2e299f11443924697315b |
| SHA1 | d5dd4c447e0899c3dbc03508016f7d5fa461cc00 |
| SHA256 | e07f7ed9f842b6cab9cf84ce28e7e88c873439c7a117bf28680aa91a4465256d |
| SHA512 | e41b2fdb37f7dca4eeddac429ce9a6b122ac59f1e790a1a937bc442e08c3507f57813447bdd4672c5ed33804059e66e1eb1e575905fed4ea1e4712d512bc4b66 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64PW6Y69\1rUTIFRcUHTZUBaDs_0q8KvUlR0.br[1].js
| MD5 | c63e610f6bfb2687ee044cee7d3e16c7 |
| SHA1 | b78022432ac754cc41335341a8e07f2676bad789 |
| SHA256 | c150d5e192ece8d69ba8029d87ecbc66674013b8418264cc86f0abcb0da0a38b |
| SHA512 | 11029009d8d0885d16a4b546816cc0f22f51ffd035fdd87d58eaf432017947460a1a78a543c0eb3875af49342a240ea606aced23654bc190ba6a4b7101e13a3a |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64PW6Y69\910ptS3pcIDQ7a5acMaHuQliuN0.br[1].js
| MD5 | 8898a2f705976d9be01f35a493f9a98f |
| SHA1 | bc69bec33a98575d55fefae8883c8bb636061007 |
| SHA256 | 5f30270aa2dc8a094d790e1e4a62b17c7d76a20b449d9b69af797a55fada9108 |
| SHA512 | c8575df93fbd1f65a285d484257adfe12733e47a6524a18d5910d33562eefd1d9da7197d16c7a3cad3bc5ad89546ff0fefe90e5c96e7850ecec9708c90334349 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64PW6Y69\NfTD8Ovh04Y_Ni14YxqYB8R_2_Q.br[1].js
| MD5 | f1cf1909716ce3da53172898bb780024 |
| SHA1 | d8d34904e511b1c9aae1565ba10ccd045c940333 |
| SHA256 | 9abac0cbfa6f89106b66cd4f698ead5ccbf615ecf8cd7e9e88567a7c33cfec01 |
| SHA512 | 8b641e93405565b4a57c051edefc8e02d6c929ddd4c52f9bfbd19c57896aa40426bf5ed6760dbd479719561c4f0a25bfc4102f0f49d3d308035c9ca90b1d0fce |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XN6IH2Y6\ID-70CBAEOXh6Nwxga-CxgpUq4k.br[1].js
| MD5 | fd88c51edb7fcfe4f8d0aa2763cebe4a |
| SHA1 | 18891af14c4c483baa6cb35c985c6debab2d9c8a |
| SHA256 | 51f58a23f7723b6cbd51b994cb784fbc2a4ab58442adaeda6c778f648073b699 |
| SHA512 | ffe417fa00113273fe7ac1b1bd83c98a3a9dc12d41c77b60c52cc5ffd461d9ca2020c2444ac43771d737c70c58eca40786a5c5762b60f30da523f709684510df |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XN6IH2Y6\eKvcHdnNwo1WcxoSioV4ztnfZk8.br[1].js
| MD5 | fb797698ef041dd693aee90fb9c13c7e |
| SHA1 | 394194f8dd058927314d41e065961b476084f724 |
| SHA256 | 795e9290718eb62a1fb00646dc738f6a6b715b1171dd54a3d2defa013a74f3da |
| SHA512 | e03c4ab727567be95b349b971e29cffb3890cfb1a1ddf997b34b9d69154294a00a5112f4ffca4df4e26bbf96afa75e5943e965edc8f8e21035ed2ef30b7688d8 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XN6IH2Y6\uiannz55FdT0j3p9jGwegfI5aIY.br[1].js
| MD5 | 45345f7e8380393ca0c539ae4cfe32bd |
| SHA1 | 292d5f4b184b3ff7178489c01249f37f5ca395a7 |
| SHA256 | 3a40a1ff034448d68d92a75ababa09ba5f2b71d130f5f6bdf160dcf8851529a9 |
| SHA512 | 2bfd00bf303ad5a1e8413b5ee6a162167605511fefb8df61a8f40f80382f5520df690a53b1058365f1d81562b2668376886d0f829517a642fcd87412801fe987 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U2YUJLSD\ydDuUFvQrnTEDpvE14Ya7abrPGk.br[1].js
| MD5 | d807dbbb6ee3a78027dc7075e0b593ff |
| SHA1 | 27109cd41f6b1f2084c81b5d375ea811e51ac567 |
| SHA256 | 0acdce370092c141b0c6617ed6e2163f04bb9b93d3213b62c2bc7a46fe0243c7 |
| SHA512 | e037dfc31d595b459660fe7d938eedb4f43d208d247174ee8d6fd0d125f211142cd73497e4601893cecb6f565b7e2e7815ce416d72bb95504d3f277e4e806d11 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7XVM1D5W\g2mFaePdYzQOubI8JEItbebrED8.gz[1].css
| MD5 | 6d94f94bfb17721a8da8b53731eb0601 |
| SHA1 | ae540db8d146e17cfc3d09d46b31bd16b3308a6d |
| SHA256 | 21829c74fce2c9bbbb3099a7a487de71465ed712410c32bc6c69884db07a90dd |
| SHA512 | bf33fb4858b56f888108bcd5c2691613b68715e260e59c1e37a050a709be04a8e0eaf5509667183a0d51f1201e58c02df4f744a0772242ee5b61595c44c072e7 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XN6IH2Y6\_ykiGO1K5rjAQeICdJheT3jfLeY.gz[1].css
| MD5 | 7a903a859615d137e561051c006435c2 |
| SHA1 | 7c2cbeb8b0e83e80954b14360b4c6e425550bc54 |
| SHA256 | 281d6234fd292800c2a5dbd14e524c9cee0d4438188b0b7d873abf41515a7666 |
| SHA512 | aa47efab7ec689b838d1e5adfe26e035e8b93f2b806f1954214447cb2065fa5906f81a70b4c656b3ce1490d8ac2009c7e7b0f96491d6d4559c41fb25d08fe35c |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XN6IH2Y6\tPLNa5UcMaQEzzg0acZfPM45N6I.gz[1].css
| MD5 | 9baa6773c6549250a3393e62c56eb395 |
| SHA1 | 5bb4eead8609cd30b9b96b23ec4fd0082ae64c1d |
| SHA256 | dadf403df8cfe888e59e6a051aee3783a2bf0bcc60dc1d09a7797daaee726ca2 |
| SHA512 | cf12319cf07897864828d9c950df4a98a0628d828a7fee75f1235fc5d3a57c90a40b5ded2743af2e62b1d13d3f6be0d302ada054e7c0d7164b8ba12054909b8d |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U2YUJLSD\Yb-MiHwFpZo4XYbuuNLKCnyhd1M.gz[1].css
| MD5 | aca7b62ef304e4e17941914622bf3a91 |
| SHA1 | 0d66f41d9084a43dd339dfa584d0c44fc3c438e3 |
| SHA256 | a4579184b85367432ce944bc8652024345ba631b3e16bcf6330a9be1c45c1591 |
| SHA512 | 7bf21542a5b092d32ed1bee229447baecdb9c2e9bdc4ec7f6cd7101f84ce67039e2142ac6413b9a231a77a427e8959b99edbd2445c293af54c0135c7c303c344 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XN6IH2Y6\x6CS8glKlDAxrUISUqfsWELwuk8.gz[1].js
| MD5 | a11c94339eeee97cb5970f1e67d968c8 |
| SHA1 | 67ec6b6f0883da56cce10a9d704718a2e1879f81 |
| SHA256 | 075448f2e460e6e3e64ef93c8aa1291710123c60bbaeeaa3677e9b5630a472ab |
| SHA512 | 6dbe79f332d83ad6edf5927ed8a1882d24903a1cf6afed53b1c313b2694faa247638f8e704f0ebabc89aaae61cb0d76cff43fd1803515fec8b36db8dd1f816ba |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7XVM1D5W\x12uI8Q-OP_G0YUbMcEKo8IIlH4.br[1].css
| MD5 | 319f554ab214ed6702d5d2894dbab0f6 |
| SHA1 | 85066a911732ea9aa94ea23d1422f17446e1f6a4 |
| SHA256 | 68662add453f7d4ac4220d76deb9507c9635890e2323299fd659dc613af0934d |
| SHA512 | 6969b054dbdcca749acbb693e3c07007b43e4199134996a939e4b3084a9797355c599cf04d1f008aff23a784a0e888dcea1fe54456863da6f21f5a4aba524dbb |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V28C7N3J\edgecompatviewlist[1].xml
| MD5 | d4fc49dc14f63895d997fa4940f24378 |
| SHA1 | 3efb1437a7c5e46034147cbbc8db017c69d02c31 |
| SHA256 | 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1 |
| SHA512 | cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\26C212D9399727259664BDFCA073966E_F9F7D6A7ECE73106D2A8C63168CDA10D
| MD5 | 1b2ea7933d9b109d668b86fe35f77fcd |
| SHA1 | 73f418d8be95d883b0415e201dec9262afb9d396 |
| SHA256 | 803c6807e9e496ce2263107cfd344fbbd3fbc16395e1c031fe9daef383fcc151 |
| SHA512 | d2c285228cf87bbafba7fcc56f22b178f853c5926604bd89b4cc1d85bb430e93d6be7469bed8841fbc064308827713fa69a371985fba31cfc9339666d3bb4224 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\26C212D9399727259664BDFCA073966E_F9F7D6A7ECE73106D2A8C63168CDA10D
| MD5 | 4f4fb6b56c580b5615ecd99f47101143 |
| SHA1 | abf1baa9134b571462fcbd71beb405ec2ee25f1e |
| SHA256 | 91c754b67089824ef338d45ce912625c719989d9ca1534215a78fc6a40086d13 |
| SHA512 | d642f8b2cd07e9873526b48b9357670cb2aae686ea2f5ce7930c491f6c45258c68ab607ebe64749066c0338a60fd7af60cdb7816e19f1cd7bb118e074f74f016 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\NH5NLFXP\favicon[1].ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\c157c97c-c3a3-47ce-82cb-a9d56f143dc9
| MD5 | 832437e598280921906c94c2532daaaa |
| SHA1 | 553338fe0284645041ade02c83924ce88116105d |
| SHA256 | 123f4f06dbfd583efbb2918321f29fb5521d2812c10f7d8aa2c8e04ff91e72ef |
| SHA512 | 6b2e34aee1f89c14b1e0afd900c96485c02fe89ee8f82604bb691faf00ed517f28637632a86e48a8d10184364c0fe37cd5713d35c412ca8ff68a449ae10fe7c5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 557442def82304128ebe6e29c86e36da |
| SHA1 | 1758457fb95dddf5324bd8afbd7c20388abf75d3 |
| SHA256 | 45c15d3f605784fa8ca1c3b5bf74dafb7990fe791b963b0b08c163e55c0617ab |
| SHA512 | 900cf518d8da044e2e76a5f6972a4400042588ac7426d36b638349c49dfcc2dc6f8d42fb960af5963cbb0282149e0120c88564a871defa5c46d4aed89f28aba4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs.js
| MD5 | fb02f38c7f4b321fa60438d727131843 |
| SHA1 | 3c253185f65821f865cb2ffef59cfda285b41e4a |
| SHA256 | 66c4dc5ff06bd4c5c1aecb3385f429e505e82110e03c14b1f1260a374aaf5106 |
| SHA512 | 6d9e78446d6357907b7d2304de86411bddb1cad4d69d900d0896702a9f5c9e8713518c46e1614914cd04bd37288cb753dde0796b262772b6df5efc1d6254fded |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs.js
| MD5 | 16c946b4d1403dfa4dc63f45b4f9faf7 |
| SHA1 | 97b0d1fdbbfe6a8adf55da6939126c0354b68527 |
| SHA256 | 2893629a09c241396d77191b859fa1eb64363b5882e6f4c0c5dd538785ba6d43 |
| SHA512 | b38bdf57f6e6999d06ac378e1345ebd8285377b04b070129a9738018d4bfb3cfebe628472b493383e77e153cb011feb9c9c2abe6c3b86ac04b8c17638256b8ae |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DFC1B6A1223EC96113.TMP
| MD5 | d3cdb7663712ddb6ef5056c72fe69e86 |
| SHA1 | f08bf69934fb2b9ca0aba287c96abe145a69366c |
| SHA256 | 3e8c2095986b262ac8fccfabda2d021fc0d3504275e83cffe1f0a333f9efbe15 |
| SHA512 | c0acd65db7098a55dae0730eb1dcd8aa94e95a71f39dd40b087be0b06afc5d1bb310f555781853b5a78a8803dba0fb44df44bd2bb14baeca29c7c7410dffc812 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 40c96db4d49616f26b7a141cdc1e4c98 |
| SHA1 | 70b708b39d0833c077cbcd74663f6106225e6f97 |
| SHA256 | c83a1c87d09b64ae12fad8614e7db99fe97c41a1e61326dcbe074b376d9862d8 |
| SHA512 | eaf15adfd8a8bbc4e259a48d1f9541f1b060e81a7f369df87aa91831a5be575aa5ee89ada8a06d5127cca18ab83d09f13c8204b6561bdf3cc0ff3ba6c3d12c46 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 731c0e733fe1e3123d366af7c8e578ae |
| SHA1 | 9756304ea773dd9cd96e5996dc79de2ed6a9ae9c |
| SHA256 | 8f426b4be5e3440fa14d37480f018b7dc3d1a547b0e91c2fbfc6e31d9054a359 |
| SHA512 | d29e0f2356a3226f64692b390c122d4d70f09f677d9f5d086f2babaeba6574d670171edb24ff52f928871ec489680f57910e21fac1ca8ec08783a07d21b1f427 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js
| MD5 | 295ee6f4568b8663d689e494dec8e44b |
| SHA1 | 7aa098ca690abef493f91302483827f546bd48e1 |
| SHA256 | 3142df3e0872473229e613dc44611f8725f96d34939cd0b1491486144d3d8635 |
| SHA512 | 8fd78697b7e3a3ec2756326586e26417a40491164bd8634ad9b3ad82da2c9f6fceca59c72d6782ce75c00202300278d212f3fbb2db0344a7b916a9eb0f3d6170 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js
| MD5 | a30a03cfc6958e3f4337bb0f3fc93188 |
| SHA1 | 9d0656f6a494ffd51a617d23900a54377fc3722f |
| SHA256 | 344eca42ba9c7bb296ecd6a13dbe90c7fa402178bf9473459440340c8f9a4630 |
| SHA512 | b66fe7c25b98d4ae2c89f558febae22a4976f602013e03df358bd1dd8b0e5010c21216166f89fd6c088f5ce8ee7c8eaffafd2b9bc843151796f3305adb18b430 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 04f94085aef31c091810abd90ffa4920 |
| SHA1 | be6c19f4ac8d6528f5289157878f19e20e5ee292 |
| SHA256 | 220bc4d756ee509c52f93f6b71bc86f3b52e31bed11252c33331a7f78903096a |
| SHA512 | 9a58973541aa33f213b54bdc9d9b3fc253cd349947c7b71e68e7fb1852b7d91c6875b61df7f4dda5a41939c6430bbb884587f8e2394ef86537b83df62975d881 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\15893
| MD5 | 5336028e60c42c08e52417e0a901cb94 |
| SHA1 | 2c57dfab2a81dba4fcfb85362cf105a0e718222f |
| SHA256 | 87b969e90764c53632fcdfa3c940ce079afe42dbec640c15aee36724c96fb1a7 |
| SHA512 | 3442b81008f97447dc1ee5e20800c57c121a4173d22483e6b3d837547ca2e901636c22edcc144ea6dfcdb8247f5af8c1130f5f1faab0d7b95ab97847dca92809 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 4afd55bdfbdd945857650e0f35f6d4ac |
| SHA1 | 0082f0bac1c5361e48aa51faafc279988e290636 |
| SHA256 | 8c8b835cc5134e45d2f090aa386f96e71198c853f70e2afc3d8ac3c1824ccf24 |
| SHA512 | 3ed468352dd9fdc375d5b786d32424823c0b756f3de71ebf672c72249100bed6ae7c6b99ffc360c35f9e3981355b3fed061e25dfa8ff66389f0d4c074528bb8b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 78c1dc123ef687f2b022c586bd111907 |
| SHA1 | 616ccca207f3d7aba6846e74462d32eba07defcd |
| SHA256 | 9b6e10a67a4e204ebe3d616d3c4c68ce9704b4ea3cb7460e6b6b5b80ea1d6e61 |
| SHA512 | fb0099d40e82575cf494993318cdd5186359962b6d8b000d378a65cf9ba147d42268ec1b73b8096779e8e790382aeddc3b482f7c8f5bb19b13d7db5c3c9587bc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | e86038610806e52e2ea2720eeb454d7d |
| SHA1 | ab6ee5740dc04d9d46296991aa16474360bbad2b |
| SHA256 | 95c476555e03c5d0a1c4cbdf7c4ddadd49058ce46f766069516b0bb91cfeac70 |
| SHA512 | 34c5ea9a327ad7ee26cf3f7875d536df9cd084232d00a480fb3c68affe114897a025122c0dfaeaf6814dc4ea8f9c7ee7dd59c10967f68e6bd2a2355e0a318829 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | c868d1db1e13c449e70a5172b5d98162 |
| SHA1 | e92a5f3fc19ad08eb09179babce8830975735501 |
| SHA256 | 7b9cfc0fa9e68f53eae0bf50e9f9d10797b9d5f8a0c21df7723faea320742dab |
| SHA512 | 3a69f1a4aca713db6012be2a7ebf3a4f05a1b1d096d4a39f550791ad39beca974ff3289390ea05ea0fe7b1914c0e35c58fbcd44c3ffe5357fdee9d566ae21167 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js
| MD5 | 0e35165b63a1f1a5cffcdc4e7c996dd8 |
| SHA1 | 5476475fc10440aaa9cb4d9f2f578f7e3222f064 |
| SHA256 | d4704bfb0a2e161629412f343fb33492079100ea41c78461b802266d2b492e4d |
| SHA512 | 8c3ea5ffa7a3a3b94dd22c2a53b1a97bcd2b52d7e254b762adfda7b06758d0c4c2c8a11e08d088281292652b18b6e0dd772be345810440a63f22b04ee42260d1 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 2540a0751f8176e0b62c6b712302da75 |
| SHA1 | ea183c649ce968dcb6787a2ea1d3f364a0874e6e |
| SHA256 | 4674a68808fda294ed2dadf20ac8bd5c918ecd2756dd03a50ad670d1c1c5d928 |
| SHA512 | 465617f5fa039420af09ad4016f85823f843b1d8bfb703bf8ed4b3270663c5dfda31cb08cdbefcfd661ba81514ea10971b0d7de0d5f66e53047ed38f172dbe98 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\968B8C67693C57E8BEEC986AC813158289ED3283
| MD5 | dc537cb627529d6385e79e5f1ede7445 |
| SHA1 | 869e82ba6f043f8e26566d4de61e02ea89df6c66 |
| SHA256 | f8903ab5cfad377cddbf822fdc5fcff813d3e4a28caccd2c02f049a4a724394a |
| SHA512 | ec19f620121fe136f22dacd3d49a39f1997afb50749d4e8a05b368e3ebe545eb81f8199af0b890b591886a95ad4f6e91d1949773102ea57d78e53c88429606cf |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\371B5DB4C8056F470F167CC2F86D05B0D5196C91
| MD5 | 205dda438139e3632a42e80373e207ca |
| SHA1 | 5e79d5ce6ea326afd426fdd82b1bcf3ada782ba1 |
| SHA256 | 266f884a1b9458d087a62b8354484b7c662ce0b060b5c5d418ff1a2cd9c275cb |
| SHA512 | be6ee0e59794f71b9a47e61265c9b37ce23622b38c6db83b2b0ede804807945f61f6cc9f4bce63eeb7f31415a4cfc84a27f2fac813d51f2b43d9a2fe40c6a7cd |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\7F34D320F5B033BA8189CEC7C732CBF697D610DF
| MD5 | c10cdd865dddf91f11c1075dcf10163a |
| SHA1 | 8873fdc8ddae6743b9313f810205cca5e045b6d7 |
| SHA256 | 26f608d3d19158269242a6b9b7725b1a429335143dfc75114a3cfcc18da4e96c |
| SHA512 | 0322f687ba76060813cab0661007e7565c2504a08d065031fa00646e0aa7f33d8d367e99f7c29ce4bb94a7b9d6b49744604b720f2bc56b7eb12b5dbe3fd1e951 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 06b6d2dc042997aa83eb12b08224b7d6 |
| SHA1 | 920713b622bdcf8d912d5f576865377f0a22197e |
| SHA256 | 76532294de9a36096b455277000d138a27341d0dc0bb078f131d6c2b8cdd31e5 |
| SHA512 | bd7ae9e307e11a87d98966f0b30d368bd66ccbe6ee271e183d24ee6176749fd7d36e827ed3a75ec07817038c6bc7f5233643047fe5fbb2c55c10e491357b9d30 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 2d4509ab2152f5c3666d9108ea58b8bf |
| SHA1 | 9f44ecff005a60c9487bae5e7e244c855f0a5041 |
| SHA256 | a98bc56ecf7773655f2050f0f5b8282f138eedf592784430e842cfe4adb814b4 |
| SHA512 | 4a0ef8d13c619b50ebb5949d268f14ada754f062888f5549909d52a68eb1a5258cb6b209aa4515657c3556431d22ced1ccf65276cfb2233cbd40f0e848809489 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 59bd8e8851ec919a808f0ca58830c899 |
| SHA1 | 7e86f769bc28aedf2049b63460cfe190c48b8fe9 |
| SHA256 | 78fee7ccddf2b267c9719d75c39dbe6812fad9c6cc61b925642e295e2c31730a |
| SHA512 | 862042b51fba9ec145b8a8647973ec022306c892e94a9a71c92bce1ce069b0ffd5e39127e93f0d3979e68498cf92bb40322a7c30c1a9a7694bd099791b9ae5e6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | d8e128e7318a0b47dcfcda456416fca6 |
| SHA1 | 1bd034b66d297b4a7445d0629e832e1b1979745c |
| SHA256 | 05ede2f7db46443ca9c54dce165e653fd0b773fe6976c726ca68aa93b1bf096e |
| SHA512 | a2e241f44ae3cb4c3abaab07c7a4eaf26d4438b9b5f592baaafb5f297e1132660e28eece549b7c8c990a5b09e1759259375d8b42a1cbcb0d1f35737c4ebbc6c4 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\23851
| MD5 | b184050e9ba905daff39170fd2a54d28 |
| SHA1 | 4b9ef22ec3574e145e3b8fd3f22939a2cf8ccbe9 |
| SHA256 | 9ab944064dfaa9c32c49113d573fde3d3d395130f6329e951969f39c5f75e2f8 |
| SHA512 | 71877f1f754d1217f0cde227afa5e956c11da9f4403c273b42b6e077136db9a35a8a42692a91010f464e560b68dfa380196f806e051b98b970bd370cc6279ee8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 401df777d6620bda7c47060a3033151b |
| SHA1 | 79013ad8f00a5a9edc0a83ba6b7ed3816f4931e1 |
| SHA256 | c1cff94ce0c338862bbf0c9a9a781d928ec88e02794171f85b5168ce76bc14b8 |
| SHA512 | 2a285a7f12e57d0870f034257e923bbfc7ebe93970b70b431099e25ba756d70ab6de3a182b90dd78ef9607778985d5e366c223f3e3ffd888dcd448d3a24f12ec |
Analysis: behavioral2
Detonation Overview
Submitted
2024-09-27 01:51
Reported
2024-09-27 02:02
Platform
win10-20240611-en
Max time kernel
601s
Max time network
381s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\SilverRat.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File opened for modification | C:\Windows\Debug\ESE.TXT | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\SilverRat.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CacheLimit = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListInPrivateBrowsingAllowed = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\ | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = fb7148e37f10db01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 6d1b15f77f10db01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 0030bbe87f10db01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\NextPromptBuild = "15063" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "395205405" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 91bae6e27f10db01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 4 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\SilverRat.exe
"C:\Users\Admin\AppData\Local\Temp\Silver Rat [Re Lab]\SilverRat.exe"
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | dotnet.microsoft.com | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 92.123.128.149:443 | www.bing.com | tcp |
| GB | 92.123.128.149:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 137.241.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.16.208.104.in-addr.arpa | udp |
Files
memory/2332-0-0x0000019070520000-0x0000019070530000-memory.dmp
memory/2332-17-0x0000019070630000-0x0000019070640000-memory.dmp
memory/2332-35-0x000001906DB60000-0x000001906DB62000-memory.dmp
memory/4080-64-0x000001DCFB4F0000-0x000001DCFB4F2000-memory.dmp
memory/4080-71-0x000001DCFB6A0000-0x000001DCFB6A2000-memory.dmp
memory/4080-67-0x000001DCFB620000-0x000001DCFB622000-memory.dmp
memory/4080-69-0x000001DCFB680000-0x000001DCFB682000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
| MD5 | 96d65f8e752bd844d9a6f74c77c5860b |
| SHA1 | 296f9760a717ebf7f779e58cc09052d613db7d96 |
| SHA256 | 27a7c1dbca57ffd2a0cdcbf66a784b5e9b33a911e3b517980e9d95c265d3d874 |
| SHA512 | 8815fd2c989d503276dd7d2f31bf53fe3d7f94d8e159726713302f7de70eeda5f8eb7d70f2407a7500836762c0dc7188846b2fd6f1f66fcfe28cd5cc1aba6c8e |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
| MD5 | 1b7a9ee8aa9588764be3da6c45e2889f |
| SHA1 | 90105a72f382a4543bf72a19ff2837784582fbc0 |
| SHA256 | febf2135ee3996cb1083eab61923e2eea35368de8c13fd50cf66795165d7fe97 |
| SHA512 | 7ff9efe783088359406823046db199db995db77076390f65365f924b463f32baac1caedbfca646e28c171d2a4fe94691dcab66cb998294c45ff3b306e67396c5 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9
| MD5 | a8a5fa5af16b818c5f2ea9a115191552 |
| SHA1 | 6c2235840a046b1c67411fdfc5f0646e08311e78 |
| SHA256 | 7e76ee2b57d2f8cce4b063443e240ddc416cc18b393f957bb8589595e9485fc1 |
| SHA512 | 56fb7f9cd4091ecca5053abfcb02c8af15edd186e647e6d95d9813d9dc0a31ce537cb14061865f3af96e165ff6245a7a376e6128f59eef764ef56f52da46da0e |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9
| MD5 | 1f35db5518ad727ec378aa2cbdb454cb |
| SHA1 | 436ebf1c65d3da2b1bf31e1ae860ef97034b3684 |
| SHA256 | b76655fbe206300cae6f21b2b2d67922e4a7e17884c56fa576126398b8973baa |
| SHA512 | 65f30ef738006d859d4fbaf413e294beeba7322f27f6f3a3a5f10388ff7575bb0481d71ff54d14626489f59b47b3a17e73ee14966124cb8bb117ffe927b73919 |
memory/5096-89-0x0000019FB7340000-0x0000019FB7440000-memory.dmp
memory/5096-90-0x0000019FB7340000-0x0000019FB7440000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
| MD5 | 1bfe591a4fe3d91b03cdf26eaacd8f89 |
| SHA1 | 719c37c320f518ac168c86723724891950911cea |
| SHA256 | 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8 |
| SHA512 | 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZVQ9VIUB\edgecompatviewlist[1].xml
| MD5 | d4fc49dc14f63895d997fa4940f24378 |
| SHA1 | 3efb1437a7c5e46034147cbbc8db017c69d02c31 |
| SHA256 | 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1 |
| SHA512 | cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a |
memory/2332-119-0x0000019078990000-0x0000019078991000-memory.dmp
memory/2332-118-0x0000019078980000-0x0000019078981000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\GJWP86QK\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |