Resubmissions
08/05/2025, 07:57
250508-js811azsfs 408/05/2025, 07:46
250508-jmc2dazsbz 1008/05/2025, 07:41
250508-jh4crs1rv4 8Analysis
-
max time kernel
147s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20250502-en -
resource tags
arch:x64arch:x86image:win10v2004-20250502-enlocale:en-usos:windows10-2004-x64system -
submitted
08/05/2025, 07:41
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://maconsmallbusinesses.com/wp-content/uploads/2018/08/
Resource
win10v2004-20250502-en
General
-
Target
https://maconsmallbusinesses.com/wp-content/uploads/2018/08/
Malware Config
Signatures
-
Downloads MZ/PE file 1 IoCs
flow pid Process 78 4844 msedge.exe -
Drops file in Program Files directory 8 IoCs
description ioc Process File created C:\Program Files\chrome_Unpacker_BeginUnzipping3788_2029369418\protocols.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3788_2029369418\manifest.fingerprint msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3788_546023397\manifest.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3788_546023397\nav_config.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3788_546023397\manifest.fingerprint msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping1528_840894555\manifest.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping1528_840894555\manifest.fingerprint msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3788_2029369418\manifest.json msedge.exe -
Checks processor information in registry 2 TTPs 4 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier msedge.exe -
Enumerates system info in registry 2 TTPs 6 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Modifies data under HKEY_USERS 3 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry msedge.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133911637038207366" msedge.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry msedge.exe -
Modifies registry class 64 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" msedge.exe Key created \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 msedge.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads" msedge.exe Key created \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff msedge.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 msedge.exe Key created \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 msedge.exe Key created \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" msedge.exe Key created \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\Local Settings msedge.exe Key created \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ msedge.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ msedge.exe Key created \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 msedge.exe Key created \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell msedge.exe Key created \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell msedge.exe Key created \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 msedge.exe Key created \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" msedge.exe Key created \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell msedge.exe Key created \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 msedge.exe Key created \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ msedge.exe Key created \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" msedge.exe Key created \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff msedge.exe Key created \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\Local Settings msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" msedge.exe Key created \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 msedge.exe Key created \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads" msedge.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ msedge.exe Key created \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg msedge.exe Key created \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" msedge.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe Key created \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" msedge.exe Key created \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" msedge.exe Key created \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" msedge.exe Key created \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3690492401-2005096563-3427069815-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" msedge.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3264 chrome.exe 3264 chrome.exe 3788 msedge.exe 3788 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
pid Process 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe -
Suspicious use of SetWindowsHookEx 7 IoCs
pid Process 5884 msedge.exe 5616 msedge.exe 5304 msedge.exe 2936 msedge.exe 3076 msedge.exe 3864 msedge.exe 1944 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1528 wrote to memory of 4448 1528 msedge.exe 95 PID 1528 wrote to memory of 4448 1528 msedge.exe 95 PID 1528 wrote to memory of 4844 1528 msedge.exe 96 PID 1528 wrote to memory of 4844 1528 msedge.exe 96 PID 1528 wrote to memory of 856 1528 msedge.exe 97 PID 1528 wrote to memory of 856 1528 msedge.exe 97 PID 1528 wrote to memory of 856 1528 msedge.exe 97 PID 1528 wrote to memory of 856 1528 msedge.exe 97 PID 1528 wrote to memory of 856 1528 msedge.exe 97 PID 1528 wrote to memory of 856 1528 msedge.exe 97 PID 1528 wrote to memory of 856 1528 msedge.exe 97 PID 1528 wrote to memory of 856 1528 msedge.exe 97 PID 1528 wrote to memory of 856 1528 msedge.exe 97 PID 1528 wrote to memory of 856 1528 msedge.exe 97 PID 1528 wrote to memory of 856 1528 msedge.exe 97 PID 1528 wrote to memory of 856 1528 msedge.exe 97 PID 1528 wrote to memory of 856 1528 msedge.exe 97 PID 1528 wrote to memory of 856 1528 msedge.exe 97 PID 1528 wrote to memory of 856 1528 msedge.exe 97 PID 1528 wrote to memory of 856 1528 msedge.exe 97 PID 1528 wrote to memory of 856 1528 msedge.exe 97 PID 1528 wrote to memory of 856 1528 msedge.exe 97 PID 1528 wrote to memory of 856 1528 msedge.exe 97 PID 1528 wrote to memory of 856 1528 msedge.exe 97 PID 1528 wrote to memory of 856 1528 msedge.exe 97 PID 1528 wrote to memory of 856 1528 msedge.exe 97 PID 1528 wrote to memory of 856 1528 msedge.exe 97 PID 1528 wrote to memory of 856 1528 msedge.exe 97 PID 1528 wrote to memory of 856 1528 msedge.exe 97 PID 1528 wrote to memory of 856 1528 msedge.exe 97 PID 1528 wrote to memory of 856 1528 msedge.exe 97 PID 1528 wrote to memory of 856 1528 msedge.exe 97 PID 1528 wrote to memory of 856 1528 msedge.exe 97 PID 1528 wrote to memory of 856 1528 msedge.exe 97 PID 1528 wrote to memory of 856 1528 msedge.exe 97 PID 1528 wrote to memory of 856 1528 msedge.exe 97 PID 1528 wrote to memory of 856 1528 msedge.exe 97 PID 1528 wrote to memory of 856 1528 msedge.exe 97 PID 1528 wrote to memory of 856 1528 msedge.exe 97 PID 1528 wrote to memory of 856 1528 msedge.exe 97 PID 1528 wrote to memory of 856 1528 msedge.exe 97 PID 1528 wrote to memory of 856 1528 msedge.exe 97 PID 1528 wrote to memory of 856 1528 msedge.exe 97 PID 1528 wrote to memory of 856 1528 msedge.exe 97 PID 1528 wrote to memory of 856 1528 msedge.exe 97 PID 1528 wrote to memory of 856 1528 msedge.exe 97 PID 1528 wrote to memory of 856 1528 msedge.exe 97 PID 1528 wrote to memory of 856 1528 msedge.exe 97 PID 1528 wrote to memory of 856 1528 msedge.exe 97 PID 1528 wrote to memory of 856 1528 msedge.exe 97 PID 1528 wrote to memory of 856 1528 msedge.exe 97 PID 1528 wrote to memory of 856 1528 msedge.exe 97 PID 1528 wrote to memory of 856 1528 msedge.exe 97 PID 1528 wrote to memory of 856 1528 msedge.exe 97 PID 1528 wrote to memory of 856 1528 msedge.exe 97 PID 1528 wrote to memory of 1596 1528 msedge.exe 98 PID 1528 wrote to memory of 1596 1528 msedge.exe 98 PID 1528 wrote to memory of 1596 1528 msedge.exe 98 PID 1528 wrote to memory of 1596 1528 msedge.exe 98 PID 1528 wrote to memory of 1596 1528 msedge.exe 98 PID 1528 wrote to memory of 1596 1528 msedge.exe 98 PID 1528 wrote to memory of 1596 1528 msedge.exe 98 PID 1528 wrote to memory of 1596 1528 msedge.exe 98 PID 1528 wrote to memory of 1596 1528 msedge.exe 98
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://maconsmallbusinesses.com/wp-content/uploads/2018/08/1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1528 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2ec,0x7ffa25bef208,0x7ffa25bef214,0x7ffa25bef2202⤵PID:4448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1388,i,11517459100378419740,16462896520009776181,262144 --variations-seed-version --mojo-platform-channel-handle=2272 /prefetch:32⤵
- Downloads MZ/PE file
PID:4844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2072,i,11517459100378419740,16462896520009776181,262144 --variations-seed-version --mojo-platform-channel-handle=2064 /prefetch:22⤵PID:856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=1808,i,11517459100378419740,16462896520009776181,262144 --variations-seed-version --mojo-platform-channel-handle=2672 /prefetch:82⤵PID:1596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3520,i,11517459100378419740,16462896520009776181,262144 --variations-seed-version --mojo-platform-channel-handle=3580 /prefetch:12⤵PID:1656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3528,i,11517459100378419740,16462896520009776181,262144 --variations-seed-version --mojo-platform-channel-handle=3588 /prefetch:12⤵PID:4244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4180,i,11517459100378419740,16462896520009776181,262144 --variations-seed-version --mojo-platform-channel-handle=4244 /prefetch:12⤵PID:1824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4252,i,11517459100378419740,16462896520009776181,262144 --variations-seed-version --mojo-platform-channel-handle=4304 /prefetch:22⤵PID:212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3700,i,11517459100378419740,16462896520009776181,262144 --variations-seed-version --mojo-platform-channel-handle=3688 /prefetch:82⤵PID:408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5084,i,11517459100378419740,16462896520009776181,262144 --variations-seed-version --mojo-platform-channel-handle=5300 /prefetch:82⤵PID:3364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5144,i,11517459100378419740,16462896520009776181,262144 --variations-seed-version --mojo-platform-channel-handle=5376 /prefetch:82⤵PID:8
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3512,i,11517459100378419740,16462896520009776181,262144 --variations-seed-version --mojo-platform-channel-handle=3712 /prefetch:82⤵PID:5128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5884,i,11517459100378419740,16462896520009776181,262144 --variations-seed-version --mojo-platform-channel-handle=5920 /prefetch:82⤵PID:5252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5884,i,11517459100378419740,16462896520009776181,262144 --variations-seed-version --mojo-platform-channel-handle=5920 /prefetch:82⤵PID:5296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6080,i,11517459100378419740,16462896520009776181,262144 --variations-seed-version --mojo-platform-channel-handle=6088 /prefetch:82⤵PID:5684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6100,i,11517459100378419740,16462896520009776181,262144 --variations-seed-version --mojo-platform-channel-handle=6108 /prefetch:82⤵PID:5872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6264,i,11517459100378419740,16462896520009776181,262144 --variations-seed-version --mojo-platform-channel-handle=6268 /prefetch:82⤵PID:6020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6428,i,11517459100378419740,16462896520009776181,262144 --variations-seed-version --mojo-platform-channel-handle=6436 /prefetch:82⤵PID:6032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6600,i,11517459100378419740,16462896520009776181,262144 --variations-seed-version --mojo-platform-channel-handle=6192 /prefetch:82⤵PID:6068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6748,i,11517459100378419740,16462896520009776181,262144 --variations-seed-version --mojo-platform-channel-handle=6760 /prefetch:82⤵PID:6108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6912,i,11517459100378419740,16462896520009776181,262144 --variations-seed-version --mojo-platform-channel-handle=6604 /prefetch:82⤵PID:5248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6744,i,11517459100378419740,16462896520009776181,262144 --variations-seed-version --mojo-platform-channel-handle=7052 /prefetch:82⤵PID:3876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6180,i,11517459100378419740,16462896520009776181,262144 --variations-seed-version --mojo-platform-channel-handle=5964 /prefetch:82⤵PID:6016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6256,i,11517459100378419740,16462896520009776181,262144 --variations-seed-version --mojo-platform-channel-handle=6924 /prefetch:82⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=6920,i,11517459100378419740,16462896520009776181,262144 --variations-seed-version --mojo-platform-channel-handle=4248 /prefetch:12⤵PID:5744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6712,i,11517459100378419740,16462896520009776181,262144 --variations-seed-version --mojo-platform-channel-handle=6532 /prefetch:82⤵PID:5800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6764,i,11517459100378419740,16462896520009776181,262144 --variations-seed-version --mojo-platform-channel-handle=6276 /prefetch:82⤵PID:5804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6936,i,11517459100378419740,16462896520009776181,262144 --variations-seed-version --mojo-platform-channel-handle=6848 /prefetch:82⤵PID:6020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6864,i,11517459100378419740,16462896520009776181,262144 --variations-seed-version --mojo-platform-channel-handle=6828 /prefetch:82⤵PID:3684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=704,i,11517459100378419740,16462896520009776181,262144 --variations-seed-version --mojo-platform-channel-handle=4284 /prefetch:82⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --always-read-main-dll --field-trial-handle=6084,i,11517459100378419740,16462896520009776181,262144 --variations-seed-version --mojo-platform-channel-handle=6816 /prefetch:12⤵PID:5532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5424,i,11517459100378419740,16462896520009776181,262144 --variations-seed-version --mojo-platform-channel-handle=5516 /prefetch:82⤵PID:5488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7008,i,11517459100378419740,16462896520009776181,262144 --variations-seed-version --mojo-platform-channel-handle=3716 /prefetch:82⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --always-read-main-dll --field-trial-handle=5516,i,11517459100378419740,16462896520009776181,262144 --variations-seed-version --mojo-platform-channel-handle=4340 /prefetch:12⤵PID:5476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6964,i,11517459100378419740,16462896520009776181,262144 --variations-seed-version --mojo-platform-channel-handle=5208 /prefetch:82⤵PID:996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4232,i,11517459100378419740,16462896520009776181,262144 --variations-seed-version --mojo-platform-channel-handle=6816 /prefetch:82⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --always-read-main-dll --field-trial-handle=6768,i,11517459100378419740,16462896520009776181,262144 --variations-seed-version --mojo-platform-channel-handle=6240 /prefetch:12⤵PID:8
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6860,i,11517459100378419740,16462896520009776181,262144 --variations-seed-version --mojo-platform-channel-handle=6732 /prefetch:82⤵PID:4456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6288,i,11517459100378419740,16462896520009776181,262144 --variations-seed-version --mojo-platform-channel-handle=6460 /prefetch:82⤵PID:5128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4388,i,11517459100378419740,16462896520009776181,262144 --variations-seed-version --mojo-platform-channel-handle=4376 /prefetch:82⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --always-read-main-dll --field-trial-handle=2740,i,11517459100378419740,16462896520009776181,262144 --variations-seed-version --mojo-platform-channel-handle=6952 /prefetch:12⤵PID:5856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6300,i,11517459100378419740,16462896520009776181,262144 --variations-seed-version --mojo-platform-channel-handle=6944 /prefetch:82⤵PID:5752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5256,i,11517459100378419740,16462896520009776181,262144 --variations-seed-version --mojo-platform-channel-handle=5276 /prefetch:82⤵PID:5908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5812,i,11517459100378419740,16462896520009776181,262144 --variations-seed-version --mojo-platform-channel-handle=6096 /prefetch:82⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --always-read-main-dll --field-trial-handle=5820,i,11517459100378419740,16462896520009776181,262144 --variations-seed-version --mojo-platform-channel-handle=6076 /prefetch:12⤵PID:5324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5460,i,11517459100378419740,16462896520009776181,262144 --variations-seed-version --mojo-platform-channel-handle=5272 /prefetch:82⤵PID:5984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6968,i,11517459100378419740,16462896520009776181,262144 --variations-seed-version --mojo-platform-channel-handle=6952 /prefetch:82⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6196,i,11517459100378419740,16462896520009776181,262144 --variations-seed-version --mojo-platform-channel-handle=6884 /prefetch:82⤵PID:5328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --always-read-main-dll --field-trial-handle=6944,i,11517459100378419740,16462896520009776181,262144 --variations-seed-version --mojo-platform-channel-handle=5264 /prefetch:12⤵PID:6040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5412,i,11517459100378419740,16462896520009776181,262144 --variations-seed-version --mojo-platform-channel-handle=4244 /prefetch:82⤵PID:5232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window2⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
PID:3788 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x268,0x7ffa25bef208,0x7ffa25bef214,0x7ffa25bef2203⤵PID:5540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1852,i,9093997190507733188,4900416005990496487,262144 --variations-seed-version --mojo-platform-channel-handle=2200 /prefetch:33⤵PID:4424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2172,i,9093997190507733188,4900416005990496487,262144 --variations-seed-version --mojo-platform-channel-handle=2168 /prefetch:23⤵PID:5712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=1956,i,9093997190507733188,4900416005990496487,262144 --variations-seed-version --mojo-platform-channel-handle=2500 /prefetch:83⤵PID:5476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4116,i,9093997190507733188,4900416005990496487,262144 --variations-seed-version --mojo-platform-channel-handle=4244 /prefetch:83⤵PID:4196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4116,i,9093997190507733188,4900416005990496487,262144 --variations-seed-version --mojo-platform-channel-handle=4244 /prefetch:83⤵PID:2944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4576,i,9093997190507733188,4900416005990496487,262144 --variations-seed-version --mojo-platform-channel-handle=4584 /prefetch:83⤵PID:3280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4672,i,9093997190507733188,4900416005990496487,262144 --variations-seed-version --mojo-platform-channel-handle=4692 /prefetch:83⤵PID:408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4660,i,9093997190507733188,4900416005990496487,262144 --variations-seed-version --mojo-platform-channel-handle=4712 /prefetch:83⤵PID:3300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4648,i,9093997190507733188,4900416005990496487,262144 --variations-seed-version --mojo-platform-channel-handle=4752 /prefetch:83⤵PID:5372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4628,i,9093997190507733188,4900416005990496487,262144 --variations-seed-version --mojo-platform-channel-handle=4740 /prefetch:83⤵PID:4368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4988,i,9093997190507733188,4900416005990496487,262144 --variations-seed-version --mojo-platform-channel-handle=4820 /prefetch:83⤵PID:1488
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵PID:544
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start1⤵PID:5476
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start2⤵PID:5580
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --string-annotations --field-trial-handle=5632,i,6139730600478074474,11892363901222880479,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5624 /prefetch:81⤵PID:6088
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --string-annotations --field-trial-handle=5420,i,6139730600478074474,11892363901222880479,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5416 /prefetch:81⤵PID:5600
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --string-annotations --field-trial-handle=5388,i,6139730600478074474,11892363901222880479,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5668 /prefetch:81⤵PID:5568
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵PID:4980
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1696,i,6139730600478074474,11892363901222880479,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=4924 /prefetch:81⤵
- Suspicious behavior: EnumeratesProcesses
PID:3264
Network
MITRE ATT&CK Enterprise v16
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
43B
MD5af3a9104ca46f35bb5f6123d89c25966
SHA11ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8
SHA25681bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea
SHA5126a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1
-
Filesize
66B
MD5496b05677135db1c74d82f948538c21c
SHA1e736e675ca5195b5fc16e59fb7de582437fb9f9a
SHA256df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7
SHA5128bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c
-
Filesize
134B
MD5049c307f30407da557545d34db8ced16
SHA1f10b86ebfe8d30d0dc36210939ca7fa7a819d494
SHA256c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54
SHA51214f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780
-
Filesize
160B
MD5c3911ceb35539db42e5654bdd60ac956
SHA171be0751e5fc583b119730dbceb2c723f2389f6c
SHA25631952875f8bb2e71f49231c95349945ffc0c1dd975f06309a0d138f002cfd23d
SHA512d8b2c7c5b7105a6f0c4bc9c79c05b1202bc8deb90e60a037fec59429c04fc688a745ee1a0d06a8311466b4d14e2921dfb4476104432178c01df1e99deb48b331
-
Filesize
105KB
MD56b75d9bb2c81bcca8182bd8251593e50
SHA13e330ed26fd626ee18e992dd50b698375afe1a1e
SHA2567f4ee78a24e42c7c3291be9948dd6c8bb66948a9e40a705320162c6975f6dd4a
SHA512f83bdb8cb01f064b7e13a42e563c9bd70fcb952fb3f7c0a4b9dcc8d6f1da395198e5d7482e9a848427dac93061a2d97985b94f59fadb92a739d23d33f7e83186
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json
Filesize3KB
MD5f9fd82b572ef4ce41a3d1075acc52d22
SHA1fdded5eef95391be440cc15f84ded0480c0141e3
SHA2565f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6
SHA51217084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339
-
Filesize
280B
MD5c793e3a252a3212c090bb7c5c5fe903f
SHA1061d0ca52594c6f85a89f8cabc1cad95058f7aad
SHA2567dbcf8030a90ebb299d8c8b4cfd972aa64f5671e9482142399b860a4c33579ec
SHA512cc559d3ea0fe36fe7415743366b932c8c08881e59412902a696a921bfd0ddc27b193ce9755de28c0fbf747a5036fed2f159a05643d3939f38739718f8306f3f8
-
Filesize
280B
MD548a81770d5aeaecbd866bb88e8388a08
SHA1570fe9d7317f684b1cc924a6658c390cd59f5a08
SHA2568ee5f3f288720cf7cc646b3de310d5223eddea57cb110e46b2ada68f5192d49e
SHA512e0512c4856c5ff162be64a3069000bd939754aa1b5f52ce68c361f02d168a6734f9be511c0185efdc94d9550fd542bebc8b3a94d3eed58743602ad5dd8d6be8a
-
Filesize
44KB
MD5ed30a5281722f9f0fcec189c06085e67
SHA109961fee0a536c341660ce6f6b07015e8bf40795
SHA256ddea4c94aa869de871e5ead923aa6ee66cc8757decd4fe4617d838c61afd092e
SHA512470c83f20ee108e0a49edff30913affc71a001f0efc09891c2117649b1fe5d18a45737e36fea47e3873d7de13b890bef7728a137f4d6985fa4bdca4f1de65be2
-
Filesize
264KB
MD5d4d1088fb5fb551997699c49ca1197ac
SHA1cd2d48115a758788353db25b4d96d3a381faf16e
SHA25695f84460dbbebe2a7e1eb9243158eab3ab1442d26a9730dc37b9926df2068031
SHA5124572970d583b25db6456f4760a6533c4b4249a49a8ea30cc4f1e71b1baaa0fed0296c510b0ba2b8aaf16d00efe2b6de9b519b224ec4fa2a5a90abadecdd6d372
-
Filesize
1.0MB
MD57a31fdb27035d83c9f211dceb302d475
SHA1eb37a3e68b3df8b91c7274728fef8e0b02f69a70
SHA256ed5b3373eb5d4f51c5493b544ad4faa3d2ef5bdd7fc202dbc97f87a4a58a2941
SHA5123d1014e221e98600420f60cd51b8009136f6480d59bc04a53730277d8b6f3a6e70d804c21758f626cda3b315ee96ccd169d917a2fb0002b6bf7371ee2ad30707
-
Filesize
8.0MB
MD5661dc42ad5784a7a206cc93045985109
SHA1e6cf9fd40616ce11581f593321f81d6b9a9d5d9a
SHA25614b9b1f72395ebb70d3582b19263557db58dfc34cd4344b506fbbf886fe53a03
SHA5125de9b6f51fa3a7463b4d4c4ea31b624eb7fdb763ceff43df2c99221dc09113ba91c79946cad2cad167902103bec2822cb9be8ef69770cea4c4e55018aed2d2f5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD5862f9b3d0bdc999c99b33ff6285f0918
SHA127beaf0fb4ec000a490c45d1719effda6cc114e0
SHA2568260c98ac4383a683d65f757c52a4103bbfc3de6bf0747af0b2f82035bdc4129
SHA512ddd332406dbcee13e2853b3a712d1736525d2f075b2a88394192904ad39bf7ffd8f0e2eceff113e7b1e4807f9cc5e0fac944aee7ccc73241c2c25fe5ba5d9ae4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5838be.TMP
Filesize3KB
MD5ea8eb2ea950ee76e9a50c64804462678
SHA176bca1c7d8bd07498ddfcb9f73c9a89d0aa74714
SHA256d324b2de68ccfd834169239bb26a67de1a576af2ee577126f380f0a31d00f00e
SHA512cec017b60499f87e409144d30190b6a68d80cd65e8f34a0327111ebd92415041f47d13542e616d1863a47c61e9d37b8ccdf0e84d76e58af1a61fa2a533439638
-
Filesize
264KB
MD5b3e94fc957b709f76f2ffe4cd4d7fc52
SHA150f330b216207e1818e8d8469912c4d4f538de39
SHA2564f9dd104fc7687b15e3040c11c3c0ebdc89c1528d804bfb44f13f1baed610565
SHA5128a220ae43dca4c38b2392edfdd5a9b14228c531da2b70c9545d1a01216c96ad32395b5c0d68c32998866c35e781cd5b6a943cacbb095d4b374c196483764b3e2
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
69KB
MD5164a788f50529fc93a6077e50675c617
SHA1c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48
SHA256b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17
SHA512ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_1\content.js
Filesize9KB
MD53d20584f7f6c8eac79e17cca4207fb79
SHA13c16dcc27ae52431c8cdd92fbaab0341524d3092
SHA2560d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643
SHA512315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59
-
Filesize
108KB
MD506d55006c2dec078a94558b85ae01aef
SHA16a9b33e794b38153f67d433b30ac2a7cf66761e6
SHA256088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd
SHA512ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\3d24122e-a8eb-46ec-b2cc-06911ff11c31.tmp
Filesize40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
Filesize
20KB
MD5fb91c9d5e448c3c31bce822ac9adccb7
SHA158d2e7400ae9367682393975b259e7fc3f9d957a
SHA256a65f5a9c427eaf941eada845c7ad25dae9fbf5ebec2b4039683178b5d98f4ace
SHA512a5631be13942b928105ec30437dc225c26ce1fad38c99a77b258dbbe26e03bcafe581365f4cf0d6f2ee232149ea35a2a502f5ab5e2cbdaee690f23b0037e5487
-
Filesize
1KB
MD51293281fc9ca5266049d3109ba02465b
SHA12dc64e9c30ce5627f538d0456cf2adc68f4f177b
SHA256ba328dba3c012c082cd7dad47158bd37b0535630b6ec41ba53995d2dd5f8b108
SHA512a7345d70c482f7437fbcc8de241eef37ec4bf8fd5086f8a957984800d65114ed9ad2e867ee2addbfec7f8dcfa5307f6320ade40ae25fa905e490eacb38974f96
-
Filesize
1KB
MD5a1a6ed3c1a35ba1893083945e1f9542b
SHA132a6c65c112bee6ffddefc86588a7720c9b9cfcd
SHA25620474f402f29176631d7dbdbabdc0f9b886eabfc80117e2bba48366890093a3e
SHA5128f6190ec1f3f10919a4f7a82035aaf9d7093d5c64e2265bc7693dca76c178fa94685fe90932e83dab3d853814c2ea2da1880fcdd7f1dc48ee2f7a2f9ddac62c1
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
13KB
MD56aabe081a92b8af78e4c116998dac2ae
SHA175b6b1cce4c0cacdab7a33a99adb459760db1d26
SHA2561a5b4dcb530793dd813efc6ac8c5f41b241677ccfc86978d0aba19b372a0b921
SHA512ae7b95dc8171b8fd2611bd3462e88d16415f8f0b56a0faf029f6fe940fa9522e63fd337ccbf08842503829da9db4602052b3988040e563b6612d408480432cf7
-
Filesize
15KB
MD5a8e93671a3501bf6bd607fb93b700587
SHA1ea1ab1de07b59a42e93f91995b2bef5babe1985c
SHA25663422a670e6bbf5e1e21f8893f4c4a196ccfc09384f2217d9c3406fd5bccf082
SHA512c1a4355a37c530e9358903197d0087151e4412df3fb5a72d328970f78c968920f32796b9c81b4b0dd0bb0c44a316252ad02a04081a69ed1504967ab96dc0269c
-
Filesize
14KB
MD514a2a38a7cf9eca74c5f1db1a1ff8643
SHA15709362dc91c9884eefb375af7f048a74f316ba6
SHA256d179f87aab3d7e35ef85278584b386554914e5842fbf2a5d857be9bef7c361d9
SHA512b97390a84ce15072eb0ab744560b9280576e577dd20b1632deea2464f8f8e81b7788ccdef93065d13358c6bf74b32862dbbdf3a2d1ec4c0fc86c1a50a091ddd1
-
Filesize
36KB
MD5893862166ace354b8f62d538d10e7dfd
SHA13e4031225428129d01856abd41bd3da96179aee7
SHA256abda8bfdb23860f4f35618d4698752ca76b8dae39f06efcd53cff5c53fcc5db4
SHA512e0cd01cb26fe94a1dae25accfa7e53c19f0dadf2ce7cd04621671b4f8dde36a1c56df0666f74c9954101cfc816e071ad2107882b99f9255f925836adc4ef2ed0
-
Filesize
323B
MD5afef4781d4ad9b4d338a9f1006ab87d8
SHA1829a3250cc12c34408d933449dc78655dfd222bd
SHA256753dc51a04dc4e7bd5cd27f06a6ada52cdb6a3402527de1fea90a6dfff3a23fa
SHA51251f9a895c5eb5d6e7c6365d40a049181f64e9751657d1e807903d898c5d5935c182901961588b217ec81d1c0f20edb15a3571e0b92203d8435fe31117367096b
-
Filesize
4KB
MD5d1ef974434fc12a5553506a6860d564f
SHA1296ef354e4b0701ddab50b19d668c1d4a3fc648e
SHA2567a607661f9004926d757335053b3d775375c990d44535933f7efe291b5dd59cd
SHA5127e485c1b4500aa65af695b91d0dfbf77a7f8b579f94d3e5c0f24afcfb6bd50829457e091730e1ecd2f71715ba3b89576d199132de83dddb3e4f32b42117f586e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\76c4a44c-27ee-4e66-96c9-e91548e34cd4.tmp
Filesize23KB
MD5ac6e5b05ea34d059205f901a34ae9dcd
SHA134f6aeb1973d26ea11fd35d59e3f23ca5d90fe86
SHA25666de813b3bab6ec03a1395a26d3edfd25277bf098db5cf888aa3917e29b3031a
SHA51249f28820fef07f247167b16b0953123fcc01c8184f06c9f21840d853c41efc78bb918973660aeddf5214fdc375cc863c6c168e619c69e10bbdf85f0c91f77954
-
Filesize
460B
MD5d75defa198bae63af168736dda7d6273
SHA10e39e0a97f3f5677d04f358144bbf0ba2e206933
SHA256e4702e99a56272104b11d97a6c3924be6d9e6c665a49a7241662b5641f884b87
SHA512302b093eb0b7bfe81aa0187ef00133dd32779513974322b4213686958a55c6b23a99fcc044bc676a92d0c67addcca7b194ba3f3902109f82534b291ac2f2b05c
-
Filesize
872B
MD5dd656481a21ca892dd9ba63e50fcbfbf
SHA137209ddbc579e1c9f3dd8e1320f0cf68e83701a0
SHA25623847af23ca4831384cc6148e453265d38109c1e41d7bac09adda1ce4c4bf568
SHA512f501bb0ce258e67121db0360072b82112dded287414269f450b83e99e4aebe92418c90eb95037511dacc4a835e357c08296eb72bd20370fc25afa357f83ca7cf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog~RFe58d443.TMP
Filesize465B
MD550e66b633f5235d448982530a533de2b
SHA1d2ad023c55ec8bb67dd33147001b3ea2fc4daebc
SHA256d90d754334ea70362ab5bc2579f765edcd3bd829831af5ea838f2f1aa288af36
SHA512fdfd683b05229e4f972c65736287e4aac06dc9c2b1602f48c3aea73cd3074f35b8c8b146c5aac2d7d46c03ca6cabaca98465d562e65b51bfce705731bdd98822
-
Filesize
22KB
MD53bca8411b45106afaa963d562c371631
SHA178857d33a65e7061ca18a3540c304f01e7e85325
SHA2564503345ee70aa9ca0f90012b665743d7c13ec7052e7a943222287973b752b9c7
SHA512a6a7e9af6613a30730a0b87be76f87144a3483afb756445d462de7b22543027e5e8f5822e0337ba2d7b65e413e526da962783d05d226c0d13d113d57d28b56ff
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig~RFe58d54c.TMP
Filesize3KB
MD522ed3cc04fcc2e66b81335c4395971fd
SHA112ef48d70ec6f360644d2573dde99756f6ac05fb
SHA25627bffcff6642dfcb87ac33eea61059552bc35ccd3c0d9f4da550398351836df9
SHA5129219928d246a8aa761ee289b0baacc7214b028976b1b890c7f1df38ecac61cb3a90e8af1b3861929155d07af304d58ae8f7304466769669a7cd40c55ae61cf40
-
Filesize
13B
MD53e45022839c8def44fd96e24f29a9f4b
SHA1c798352b5a0860f8edfd5c1589cf6e5842c5c226
SHA25601a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd
SHA5122888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9
-
Filesize
11KB
MD56fc8a120ab395b30f786ff9f16681a08
SHA1c55cdb7baee021f9ce3cc6af11699a381994f77f
SHA256ec8ca21cb45e1a498b9418c0e1d44e6ac01e1f4ec04c6e4f1b79f14a0fd827b2
SHA5128c41cac71937031977c3b6c24a8e7cf77157ee7caa7ad40df5cbeb7faee8a745416e056728a4a7b38925802ef8aeadb42fe3ef0c0f73ee63bce27713255effdf
-
Filesize
26KB
MD5280ad3376938691bb21fdd1433baa8e5
SHA19c9408892e941b145ccb101b3c2dd1641711bc94
SHA25600be64e182593ea1319b635e1821b56ce354e055f108ec92e1849e125aae96a6
SHA512420953e965d334db7db23303629ab55e7efb1a2de562659a0c587242fd301a42091bf868f89fcc1d4497200ee1702ee3b9200c58c93be58b3b49e680dfdc2d56
-
Filesize
6KB
MD51ac1ae3021862533f1c10ed1f6cc6db7
SHA193d571c980b1f3a0d0981d07af20c929d0f497fd
SHA256f8f9f9206acc509368bc2bd6d1b3a55193b1fc8d65ac023e1e5adea5d72b8bc1
SHA5125842adb1d91f275cc17739740147a1746a4a0fa50ef2a6a9b7e2102c3604000273bd6580fd13a84f8b21278fb3a1754eba269af387336b024e282c582c2dfd4c
-
Filesize
11KB
MD5c2c097d505bf22e4fd928cd0e213f32a
SHA161d50a1e4dc5b0d0f3ca638beb7de7220835290b
SHA256794ffda0981dfe7556f0923ec70cff064d60242115d4d75a5f4cba4e5fbe33d4
SHA51262adae9e8203c276bed2c320731eb9af05375bd36a72001a5de4fd23c00371be8e7edff09bad7a94388f49ec46a993f423048346e3f09f3d3fc9e0bc7a232392
-
Filesize
11KB
MD5bc3e3a8c3dea8e47320a5a782ff4a333
SHA1b0cb0208675ba7235f6c9022cdf0929c814e9599
SHA2561f7e1a5442f738ad07cbbac4fb772ea52eddcb95ce4146a4dd4da055bd967638
SHA512e03e1abea16acf48a9071c98a03f7963026f50ee1e0cf2460c79e50a6d425eda7caa3ff0ec7b10cc080849e2c0b47293f81a9d75a630254ef26360a99345b944
-
Filesize
20KB
MD531a917985c105f03b10465e9f0e01944
SHA1645d54fbeac1f035d6656b25dace6725f11fecc2
SHA25673549cfe283162e1c3f1103c772c64874068c91166e63777aa63db906b3a30ba
SHA512e4164c97d9e0b4b38186f467dc24a4a6409ca49dd8646d5407d7d2b1743af58ec104007654bd70e69fe6483715980f468cdc4f66dc031bbc8afe824cca39007b
-
Filesize
11KB
MD56eaa6a63164a21748c3f6718398d7181
SHA1cddb31510a8cb0bf5b8fc66e5eeacd8038104e6d
SHA256927cb10b52a32ceff1eea6c7e2eaa6529600c4e7582b525a374f03a73b63af8d
SHA51203d20e13eb14fa8f04ca3089bcc07278002b2634f1ef28cf497cd0f25f9d1a8dcca4e8acea1d6023670a9e52d36accc6088c8cb58366fa3ef50fddf512a873d5
-
Filesize
7KB
MD577c4fb8073131f92ff57207c8686ae8e
SHA11047c9de938c2f8bf464e182bff13d8faa426f4d
SHA2565619bc4ec2c24e94528283b66b19bd9057cab779307299f0ea5596885592ad8d
SHA512076bdb2b36c82b34a50eb2cce5440277c9104d04db125e56a02e11212fc6164a3865571b247ec494d318f8d1b2f413c61f3f28ba293ebb816e5921497f8c8dbe
-
Filesize
11KB
MD54d97d10b362ea87d9634e5396df0480b
SHA1f4a99ebb12070832a14305663c5901257632d299
SHA256eba8b0be26519b0aa573de9925d70bb92de178683e2c42e4c35e0614b42470eb
SHA5125c653eb236f6614f5b2467a0783da751090d147488524ad77b19a8cf9229118cd385a2b2f97d4ef6e66949d2bd840f814abb38c7aa62da67a4a243d9db211ced
-
Filesize
26KB
MD50669c9ef111385d8b3e45b0b641cd676
SHA12f3b5d893c672b2fab9b8cad2e2852e4c847e59d
SHA256cbb14692f27fbdcb2ded7d32096085dfcb20cd3c07f84dab40371c96959b2c00
SHA512799c0ae634adfbe0efa40aa4ca90f209b4bd422afe5c78a4625947db1220ab552f29503b9f9130d13e8e8cdc32616bb01f2d4a37a76294484bc7765d79593298
-
Filesize
11KB
MD5541f0a6a1b15c524da12b66a4e9d900b
SHA1b3eda65ff3cb9ebda8ed7bd32470b4d841688896
SHA25695e9b7892bf3d7ba5a751bf4effad1bfc61ba7d9c3c27258f5e576aa6f181519
SHA512a68eddb1ec3838b2664d775a882d6b65f5b74bcca6ee531ecf47b9c80da8ab6a66eab7f4edf62236c6c51fc28183b90c896327b6bc2da6fd7b325c1a98cdde66
-
Filesize
22KB
MD56faf2ec429a930eab637c7527848b35f
SHA1b3b9a202774ba004446b92636b0468ec0d9ab6f4
SHA256badc1e5b45dd146a8a8104ee1e1af1b23051747b44dcf4716f497118f3c7c946
SHA512ad8c8c13659ccf47d7be80ba6974f82a1c05993f46db549203abb78b0325a1a1342aa6771a0c5157422bd9674a0fd7bb50fbe191567bfb6b548daa2f746dcf03
-
Filesize
264KB
MD59d7f65e465eeb851f71d29423bd940bf
SHA11346dbb1e01d5f68bc620eea613c672da7eeb66e
SHA256926c5effcb49f369071dec9abc146659ca8545f98e59cbb6bbdd0cdd23702a56
SHA5129c44271b011a01e266b832c5667d26d2d94099eea4f1b1ce7ef823d93481883cc92382007c44b68617c87d5ab5bc467cb387b5f6cd64cbd7158ebb370824d7f3
-
Filesize
86B
MD516b7586b9eba5296ea04b791fc3d675e
SHA18890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA51258668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\WorkspacesNavigationComponent\1.0.0.5\nav_config.json
Filesize2KB
MD5499d9e568b96e759959dc69635470211
SHA12462a315342e0c09fd6c5fbd7f1e7ff6914c17e6
SHA25698252dc9f9e81167e893f2c32f08ee60e9a6c43fadb454400ed3bff3a68fbf0d
SHA5123a5922697b5356fd29ccf8dcc2e5e0e8c1fd955046a5bacf11b8ac5b7c147625d31ade6ff17be86e79c2c613104b2d2aebb11557399084d422e304f287d8b905
-
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
Filesize2KB
MD5415e96857a8b04a701a8276bdebab22d
SHA14ae44414f36626ce97ff31d0c7e9224be1145585
SHA256c7540813b52d61d0c30abf71045926248f3c1bf418182959dbe6a27dd367a9b6
SHA5128746c3468ea6e32e18c094b0e76b796aed17b56db40072717c976df58ba41659a92ddc1987062a3a5a2dd4503e30bd378d408e4bb7abcc53cefb31b691ae7d3e
-
Filesize
10KB
MD578e47dda17341bed7be45dccfd89ac87
SHA11afde30e46997452d11e4a2adbbf35cce7a1404f
SHA25667d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550
SHA5129574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5
-
Filesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir1528_2042766116\a89fb308-c1b3-45df-ad96-fc7e89371df5.tmp
Filesize153KB
MD5b0917d8e6c5b6be358bff67f84eb8336
SHA1a6e221edcb19a1cc81575b4ddd927fd9a6fbdd6d
SHA256dff2c9d9755f96713c08f4932a9091080808ec34c0823feac2206fa526f91e60
SHA512cd5822bbf91e8f7f5ab2b471a4bf8b464bde95465e2fccc6a57e5a287ca55d5062bdd6d4b3cd76f8529ee7a9081b6a7aad7dc2a7581c344ce4fd2d3256bdf451