Resubmissions
08/05/2025, 07:57
250508-js811azsfs 408/05/2025, 07:46
250508-jmc2dazsbz 1008/05/2025, 07:41
250508-jh4crs1rv4 8Analysis
-
max time kernel
240s -
max time network
235s -
platform
windows10-2004_x64 -
resource
win10v2004-20250502-en -
resource tags
arch:x64arch:x86image:win10v2004-20250502-enlocale:en-usos:windows10-2004-x64system -
submitted
08/05/2025, 07:57
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://maconsmallbusinesses.com/wp-content/uploads/2018/08/
Resource
win10v2004-20250502-en
General
-
Target
https://maconsmallbusinesses.com/wp-content/uploads/2018/08/
Malware Config
Signatures
-
Drops file in Program Files directory 29 IoCs
description ioc Process File created C:\Program Files\chrome_Unpacker_BeginUnzipping4132_334967490\LICENSE msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4132_513344481\protocols.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1626178942\nav_config.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1847460738\automation.js msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1847460738\classification.js msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4132_512148278\manifest.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1974008789\smart_switch_list.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4132_334967490\manifest.fingerprint msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4132_688816062\manifest.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1847460738\manifest.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1847460738\travel-facilitated-booking-bing.js msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4132_688816062\manifest.fingerprint msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1847460738\manifest.fingerprint msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1626178942\manifest.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1974008789\manifest.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1974008789\office_endpoints_list.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4132_334967490\sets.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4132_688816062\LICENSE msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4132_513344481\manifest.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4132_513344481\manifest.fingerprint msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1974008789\manifest.fingerprint msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4132_334967490\manifest.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4132_334967490\_metadata\verified_contents.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4132_688816062\keys.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4132_688816062\_metadata\verified_contents.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1847460738\travel-facilitated-booking-kayak.js msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4132_512148278\manifest.fingerprint msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1626178942\manifest.fingerprint msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4132_1847460738\extraction.js msedge.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier msedge.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry msedge.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133911646385604236" msedge.exe -
Modifies registry class 64 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16" msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 msedge.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "2" msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0" msedge.exe Key created \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU msedge.exe Key created \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" msedge.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3623617754-4043701611-775564599-1000\{CE4601C6-8F82-4AF3-BD68-55B20B282731} msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1" msedge.exe Key created \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Documents" msedge.exe Key created \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 msedge.exe Key created \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 msedge.exe Key created \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0" msedge.exe Key created \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell msedge.exe Key created \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell msedge.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1" msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1" msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1" msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e80922b16d365937a46956b92703aca08af0000 msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}" msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 msedge.exe Key created \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1" msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0" msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1" msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000 msedge.exe Key created \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 msedge.exe Key created \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 msedge.exe Key created \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 msedge.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ msedge.exe Key created \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0" msedge.exe Key created \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ msedge.exe Key created \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656} msedge.exe Key created \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings msedge.exe Key created \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3623617754-4043701611-775564599-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4" msedge.exe -
Opens file in notepad (likely ransom note) 1 IoCs
pid Process 2336 notepad.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 5552 msedge.exe 5552 msedge.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 5836 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 4132 msedge.exe 4132 msedge.exe 4132 msedge.exe 4132 msedge.exe 4132 msedge.exe 4132 msedge.exe 4132 msedge.exe -
Suspicious use of FindShellTrayWindow 18 IoCs
pid Process 4132 msedge.exe 4132 msedge.exe 4132 msedge.exe 4132 msedge.exe 4132 msedge.exe 4132 msedge.exe 4132 msedge.exe 4132 msedge.exe 4132 msedge.exe 4132 msedge.exe 4132 msedge.exe 4132 msedge.exe 4132 msedge.exe 4132 msedge.exe 4132 msedge.exe 4132 msedge.exe 4132 msedge.exe 4132 msedge.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 5836 msedge.exe 4040 msedge.exe 5476 OpenWith.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4132 wrote to memory of 744 4132 msedge.exe 84 PID 4132 wrote to memory of 744 4132 msedge.exe 84 PID 4132 wrote to memory of 3120 4132 msedge.exe 85 PID 4132 wrote to memory of 3120 4132 msedge.exe 85 PID 4132 wrote to memory of 3320 4132 msedge.exe 86 PID 4132 wrote to memory of 3320 4132 msedge.exe 86 PID 4132 wrote to memory of 3120 4132 msedge.exe 85 PID 4132 wrote to memory of 3120 4132 msedge.exe 85 PID 4132 wrote to memory of 3120 4132 msedge.exe 85 PID 4132 wrote to memory of 3120 4132 msedge.exe 85 PID 4132 wrote to memory of 3120 4132 msedge.exe 85 PID 4132 wrote to memory of 3120 4132 msedge.exe 85 PID 4132 wrote to memory of 3120 4132 msedge.exe 85 PID 4132 wrote to memory of 3120 4132 msedge.exe 85 PID 4132 wrote to memory of 3120 4132 msedge.exe 85 PID 4132 wrote to memory of 3120 4132 msedge.exe 85 PID 4132 wrote to memory of 3120 4132 msedge.exe 85 PID 4132 wrote to memory of 3120 4132 msedge.exe 85 PID 4132 wrote to memory of 3120 4132 msedge.exe 85 PID 4132 wrote to memory of 3120 4132 msedge.exe 85 PID 4132 wrote to memory of 3120 4132 msedge.exe 85 PID 4132 wrote to memory of 3120 4132 msedge.exe 85 PID 4132 wrote to memory of 3120 4132 msedge.exe 85 PID 4132 wrote to memory of 3120 4132 msedge.exe 85 PID 4132 wrote to memory of 3120 4132 msedge.exe 85 PID 4132 wrote to memory of 3120 4132 msedge.exe 85 PID 4132 wrote to memory of 3120 4132 msedge.exe 85 PID 4132 wrote to memory of 3120 4132 msedge.exe 85 PID 4132 wrote to memory of 3120 4132 msedge.exe 85 PID 4132 wrote to memory of 3120 4132 msedge.exe 85 PID 4132 wrote to memory of 3120 4132 msedge.exe 85 PID 4132 wrote to memory of 3120 4132 msedge.exe 85 PID 4132 wrote to memory of 3120 4132 msedge.exe 85 PID 4132 wrote to memory of 3120 4132 msedge.exe 85 PID 4132 wrote to memory of 3120 4132 msedge.exe 85 PID 4132 wrote to memory of 3120 4132 msedge.exe 85 PID 4132 wrote to memory of 3120 4132 msedge.exe 85 PID 4132 wrote to memory of 3120 4132 msedge.exe 85 PID 4132 wrote to memory of 3120 4132 msedge.exe 85 PID 4132 wrote to memory of 3120 4132 msedge.exe 85 PID 4132 wrote to memory of 3120 4132 msedge.exe 85 PID 4132 wrote to memory of 3120 4132 msedge.exe 85 PID 4132 wrote to memory of 3120 4132 msedge.exe 85 PID 4132 wrote to memory of 3120 4132 msedge.exe 85 PID 4132 wrote to memory of 3120 4132 msedge.exe 85 PID 4132 wrote to memory of 3120 4132 msedge.exe 85 PID 4132 wrote to memory of 3120 4132 msedge.exe 85 PID 4132 wrote to memory of 3120 4132 msedge.exe 85 PID 4132 wrote to memory of 3120 4132 msedge.exe 85 PID 4132 wrote to memory of 3120 4132 msedge.exe 85 PID 4132 wrote to memory of 3120 4132 msedge.exe 85 PID 4132 wrote to memory of 3120 4132 msedge.exe 85 PID 4132 wrote to memory of 3120 4132 msedge.exe 85 PID 4132 wrote to memory of 3120 4132 msedge.exe 85 PID 4132 wrote to memory of 3120 4132 msedge.exe 85 PID 4132 wrote to memory of 3724 4132 msedge.exe 87 PID 4132 wrote to memory of 3724 4132 msedge.exe 87 PID 4132 wrote to memory of 3724 4132 msedge.exe 87 PID 4132 wrote to memory of 3724 4132 msedge.exe 87 PID 4132 wrote to memory of 3724 4132 msedge.exe 87 PID 4132 wrote to memory of 3724 4132 msedge.exe 87 PID 4132 wrote to memory of 3724 4132 msedge.exe 87 PID 4132 wrote to memory of 3724 4132 msedge.exe 87 PID 4132 wrote to memory of 3724 4132 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://maconsmallbusinesses.com/wp-content/uploads/2018/08/1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4132 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x344,0x7ffd4ee4f208,0x7ffd4ee4f214,0x7ffd4ee4f2202⤵PID:744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2096,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=2084 /prefetch:22⤵PID:3120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=2000,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=2344 /prefetch:32⤵PID:3320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2292,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=2512 /prefetch:82⤵PID:3724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3540,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=3580 /prefetch:12⤵PID:4432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3536,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=3576 /prefetch:12⤵PID:3996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4188,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=4248 /prefetch:12⤵PID:4656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4264,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=4304 /prefetch:22⤵PID:3552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5068,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=5188 /prefetch:82⤵PID:436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5172,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=5156 /prefetch:82⤵PID:5052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5108,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=5216 /prefetch:82⤵PID:4588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5112,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=5236 /prefetch:82⤵PID:1916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5908,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=5928 /prefetch:82⤵PID:3736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5908,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=5928 /prefetch:82⤵PID:4968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6084,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=6092 /prefetch:82⤵PID:4104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6236,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=6044 /prefetch:82⤵PID:1728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6220,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=6188 /prefetch:82⤵PID:3704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6212,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=6092 /prefetch:82⤵PID:2680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6596,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=6616 /prefetch:82⤵PID:3472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6768,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=6784 /prefetch:82⤵PID:3172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6760,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=6772 /prefetch:82⤵PID:756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6948,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=6604 /prefetch:82⤵PID:2460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6012,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=5932 /prefetch:82⤵PID:5788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7180,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=6100 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4580,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=7116 /prefetch:82⤵PID:6084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7120,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=7132 /prefetch:82⤵PID:6092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7184,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=5924 /prefetch:82⤵PID:6100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --always-read-main-dll --field-trial-handle=6952,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=6996 /prefetch:12⤵PID:1132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6632,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=6608 /prefetch:82⤵PID:3632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4284,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=5256 /prefetch:82⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --always-read-main-dll --field-trial-handle=5444,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=5448 /prefetch:12⤵PID:5184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7032,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=7016 /prefetch:82⤵PID:5196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6656,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=7048 /prefetch:82⤵PID:1784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6664,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=6072 /prefetch:82⤵PID:2028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6288,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=2484 /prefetch:82⤵PID:5224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6396,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=2156 /prefetch:82⤵PID:5368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5392,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=6984 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5572,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=5560 /prefetch:82⤵PID:4924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6936,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=3480 /prefetch:82⤵PID:1728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6388,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=5584 /prefetch:82⤵PID:3172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4244,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=6268 /prefetch:82⤵PID:5896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5560,i,7498540049389027100,3735281920959499928,262144 --variations-seed-version --mojo-platform-channel-handle=5372 /prefetch:82⤵PID:5252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵PID:2036
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start1⤵PID:3232
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start2⤵PID:3004
-
-
C:\Windows\system32\notepad.exe"C:\Windows\system32\notepad.exe"1⤵PID:6000
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:4000
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5476
-
C:\Windows\System32\notepad.exe"C:\Windows\System32\notepad.exe" "C:\Users\Admin\Documents\platycranianjn.ps1"1⤵
- Opens file in notepad (likely ransom note)
PID:2336
Network
MITRE ATT&CK Enterprise v16
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
160B
MD5c3911ceb35539db42e5654bdd60ac956
SHA171be0751e5fc583b119730dbceb2c723f2389f6c
SHA25631952875f8bb2e71f49231c95349945ffc0c1dd975f06309a0d138f002cfd23d
SHA512d8b2c7c5b7105a6f0c4bc9c79c05b1202bc8deb90e60a037fec59429c04fc688a745ee1a0d06a8311466b4d14e2921dfb4476104432178c01df1e99deb48b331
-
Filesize
135B
MD54055ba4ebd5546fb6306d6a3151a236a
SHA1609a989f14f8ee9ed9bffbd6ddba3214fd0d0109
SHA256cb929ae2d466e597ecc4f588ba22faf68f7cfc204b3986819c85ac608d6f82b5
SHA51258d39f7ae0dafd067c6dba34c686506c1718112ad5af8a255eb9a7d6ec0edca318b557565f5914c5140eb9d1b6e2ffbb08c9d596f43e7a79fdb4ef95457bf29a
-
Filesize
160B
MD5a24a1941bbb8d90784f5ef76712002f5
SHA15c2b6323c7ed8913b5d0d65a4d21062c96df24eb
SHA2562a7fe18a087d8e8be847d9569420b6e8907917ff6ca0fa42be15d4e3653c8747
SHA512fd7dfec3d46b2af0bddb5aaeae79467507e0c29bab814007a39ea61231e76123659f18a453ed3feb25f16652a0c63c33545e2a0d419fafea89f563fca6a07ce2
-
Filesize
85B
MD5c3419069a1c30140b77045aba38f12cf
SHA111920f0c1e55cadc7d2893d1eebb268b3459762a
SHA256db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f
SHA512c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1
-
Filesize
43B
MD5af3a9104ca46f35bb5f6123d89c25966
SHA11ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8
SHA25681bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea
SHA5126a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1
-
Filesize
1KB
MD5ee002cb9e51bb8dfa89640a406a1090a
SHA149ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2
SHA2563dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b
SHA512d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c
-
Filesize
79B
MD57f4b594a35d631af0e37fea02df71e72
SHA1f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57
SHA256530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1
SHA512bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360
-
Filesize
280B
MD5e3657a3e5af17025e5b20b4931cce12d
SHA17da44598dee34ea617c2b72a2548a0d67673983a
SHA25627973aa04128f6fa460261f9f693e01c441ffec5803932411abdf934b1e8abac
SHA512f18af8e2466cb85cb07b18126b14fb18fd954909737a03bed2dec4e7300b2ffb2e79d4e1c786f68cea312e9725cb6dff4c85834abfd797505197258964e9e11b
-
Filesize
280B
MD5b99753da44b6438da8e7242bad3cff63
SHA1ff0646d30233e2108edcbd98f5a185a6eddb8e07
SHA2569ee28f735796661bd328fd87235ba49e01fc0bd7723d5e1660787b219b492f96
SHA51255a6014a7cc40300f43e2e1338812b1aa05b7e2ceca6ef6afe09ceac160bd64a8aad34e189ad8c58524b3e1065eab520b34ff94324e34d1ca9ca419b084021b6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD55f30c4e28fd491ea580450083acbaa9b
SHA1d76856a0377a1cc7d1cce6518781726205656982
SHA25669f339cdc055eddcd91db2b1f4e60918b891c6793be664a374e7c106ea8b208c
SHA5124f30424ebcb411234551f79c7573ab78f919d3c8d9729aa3eefbe6decb921ba3ebd8605be41b20160dfb930be2307fb421c87d02ed7b03473b86097be2766b47
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57e975.TMP
Filesize3KB
MD504f7a2898766f48b93a4d02fe63db592
SHA12e17b99bc5b782bf1788b7ac6e61c5c71102343c
SHA25660f39955ba6ebc07d147cb2689cb36f6ddb71b7c695b1992ccbf6889620d3538
SHA512349f21400b061aa061f988c3228322a321c54ea394232072b6feb934adc449dc2a11a7456b1b8e1da0daedcb9870a9e3a5503b523684f2324b7de6f0606299cc
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
69KB
MD5164a788f50529fc93a6077e50675c617
SHA1c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48
SHA256b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17
SHA512ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\verified_contents.json
Filesize1KB
MD5738e757b92939b24cdbbd0efc2601315
SHA177058cbafa625aafbea867052136c11ad3332143
SHA256d23b2ba94ba22bbb681e6362ae5870acd8a3280fa9e7241b86a9e12982968947
SHA512dca3e12dd5a9f1802db6d11b009fce2b787e79b9f730094367c9f26d1d87af1ea072ff5b10888648fb1231dd83475cf45594bb0c9915b655ee363a3127a5ffc2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\manifest.json
Filesize962B
MD5e805e9e69fd6ecdca65136957b1fb3be
SHA12356f60884130c86a45d4b232a26062c7830e622
SHA2565694c91f7d165c6f25daf0825c18b373b0a81ea122c89da60438cd487455fd6a
SHA512049662ef470d2b9e030a06006894041ae6f787449e4ab1fbf4959adcb88c6bb87a957490212697815bb3627763c01b7b243cf4e3c4620173a95795884d998a75
-
Filesize
108KB
MD506d55006c2dec078a94558b85ae01aef
SHA16a9b33e794b38153f67d433b30ac2a7cf66761e6
SHA256088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd
SHA512ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60
-
Filesize
1KB
MD5564972261314f7628395a3a67b02d9e0
SHA1f869b109198c468c9831b8a4d2040512f7411e08
SHA256f00fcef617837bc50d2834b45a0a7f83018abac01c147369141df0bb55fb95f2
SHA51281436fb4b417bb986cf8a781d86083b441567607604309eb1541a8367287c9fbf4348ce6aef33035b3253050ac46c52ebc2839a03df95e4281f7d325ed1f4653
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
1KB
MD53f23d5364e2cb7bd3671030b0d74317a
SHA17f1d7e2dfb224a8678603931a1a6bdc5d7c56ca3
SHA2561482e0c763a66cff8304fb59228e9c4ef878d8a8784bb3758855670021b1e198
SHA512b182de903f8600dfcb7e2c09d8a3c056c13a8508d8ee24ba8496434d7390949c3a00dfa366899682772c9e795f337eb2d3114db065f9aab3cabf57b96564610a
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
14KB
MD5dca04d0928e0b2efd3794c0778e091d0
SHA155fd34726c10d3fefd2c38493a06ccba710736da
SHA25680f6228f4441e57d33ea0839ceffc412741772c66864df3c5c449dd46488b7e3
SHA5129b7af0627edaa089cf07cc12cb733eb5c3742782f345450201af43a91cc704b1079fb9e4442279353818bb3674ffe40c0d2d878530b92584836847575d34fc09
-
Filesize
14KB
MD59f804055a553bfc4b1ab8c53425d5e87
SHA110d3bc3cf5553cca53a8b6e48b7d3184a7a13096
SHA2569c45aeb09bb67b884373e4b15541d3ae1864eb9782e33e492fdea1263d723d02
SHA512549b5cc2f111efbea87a93a4763985c4c470762b8d46f2e6fd2afd8d9cefc46447c3b1d6b2cf0c0cd79cdeae5a262d70f8b84ec002c0490cf7e5f885e17bf870
-
Filesize
13KB
MD5aaffa8ae2418033ca98e757c75c4e6fa
SHA1adfed240a4393e1c8aecd7ac2f3ec4561fa62212
SHA256a3fa45c6d4e7d38ba66627d149ee5cf24ca9f5dde0cf8fb49cdf9061f85aff35
SHA5120d8b3fb12e8a260b5b006779e3c740257ade24010214ba8b127c0cb39c5f8646503bf2ba7a835caa97a3a622270127953e8b58458a939872556ff57b87e4eb13
-
Filesize
36KB
MD58de7850f52ace8caf4c1e4ca435f6afa
SHA1a32e4a69ca8cfbdb75a6c4ee6f97d0cf6fc843bf
SHA256e7d851768a7f089b4bd1573d060c1893c1ee08ec12c28cacb1387e7185bac456
SHA512d608653c1953a322da6e2d2be3cfe1f810de7789be7c1ea509616acff4b67148ab8fd66daddfef6d1e619cd8ed9bcaf1a1eefc02ff9e9fcba9e7aa6358bb3ee7
-
Filesize
4KB
MD5c986edaf2ae4c9080c623e3daa33e46c
SHA14e2800dea5a06b7896b9070239b515dacb2c7aaa
SHA256efc7748814346e4a3f9a9c14207d6de0ebb7e7def3007576fe3b9d0163f9a7f4
SHA512b06148421d315e694d4a62fde5280a304593af252a13ee0ecd36aa1acf6191ff93f6483df8a70fea764ab07de16cb3b6ee2aeed6c1988d87aef93ec619cb9923
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\120d2e89-7e5c-4646-9e73-299be6ad8e29.tmp
Filesize22KB
MD53bca8411b45106afaa963d562c371631
SHA178857d33a65e7061ca18a3540c304f01e7e85325
SHA2564503345ee70aa9ca0f90012b665743d7c13ec7052e7a943222287973b752b9c7
SHA512a6a7e9af6613a30730a0b87be76f87144a3483afb756445d462de7b22543027e5e8f5822e0337ba2d7b65e413e526da962783d05d226c0d13d113d57d28b56ff
-
Filesize
872B
MD5fc0ff9400f75d2ae82f516037823eea9
SHA12338bb020819582e84394937c0fd4bd54922adb7
SHA2560d08993d04708821ee11860f974e01d5e737e8ab35d9fdb05640ede88bc89f0d
SHA51293f323d8af1c8c52101d4c948f4113237b71d0b5c116f16f37d8ffbb694fd6b611c1d1fe72b63974c436805a9ed50bb91b6a5f43faa43681b6a1f58b90644ba1
-
Filesize
23KB
MD53a82d953960d8d6b56b86f1cb4f0dab9
SHA12a27840fae6a1f15d0522db77c991572fe06d89a
SHA256c70dcd3fca860bc1206ae5f6ac2e19b3852592bd78816407d3353ae458987926
SHA512890c0cc91e62bbf5a2238c0496b2f5b664819a29eb2f4bb80e924f4878ae8295ca808bac3b94383a03a23bf73d962b40028ec742fbd8025f2d3ded518b486dfb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog~RFe5884cb.TMP
Filesize465B
MD5e20237ab1d85977d7950c3786e842dfe
SHA194f8f8ba80ddfcfd0b5120c52f3ba842dd45f690
SHA2564f462cc5f1e53a141ddedbed714e16e3a49a2176e99d4353ca6c83a4a542b04a
SHA5121df6dee63f28174fc38215f99847a2933d54c32bd460c7ae1adf06d60f17489b9eeca433fa6d8f889d4d9f03e7968ca0f16d684be3443c6dfcdb22e6b850874f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Data Protection Lists\2.0.0.0\office_endpoints_list.json
Filesize3KB
MD594406cdd51b55c0f006cfea05745effb
SHA1a15dc50ca0fd54d6f54fbc6e0788f6dcfc876cc9
SHA2568480f3d58faa017896ba8239f3395e3551325d7a6466497a9a69bf182647b25e
SHA512d4e621f57454fea7049cffc9cc3adfb0d8016360912e6a580f6fe16677e7dd7aa2ee0671cb3c5092a9435708a817f497c3b2cc7aba237d32dbdaae82f10591c3
-
Filesize
20KB
MD559ce5cfb5050bca947031c4eece8b0bd
SHA146ae7e4293c3fffa77b0381569699aee1622ae10
SHA256ff8b0e8b5f486382fc87dad7159986c22ea1378b51f3dec8c3a1c76cb1d6d080
SHA512e1d3d46530edddbf6cb017f9d55c907ed4b33b00b127061e20e83200cc64ffd2618a5967b4d9d5a8d689858f275f082fef6c5d4169a124ae11fb86cc1991ad99
-
Filesize
20KB
MD5b877b64cbf0ce3ede6eda471cf959faf
SHA13fda5dd58e81c317baba2b7ba23be2de07998767
SHA256b3fa36de9ad28920686662fa629525d6d5506e0cb626f30cb9b7ce234958ceba
SHA51247601e39b7475daea6a0afd524de1ce7d7124e53e7e011feffce8dfe5c0bc9c1fb568a164f13cd55d1617a840423d5562f8672c1353d706b5e5d78c2eb85958d
-
Filesize
11KB
MD511f10b3773c10214bd63d5b96622a300
SHA104e5da37c67546a7f516bb054bcb61a3134cb2b6
SHA256db592956a32ed1c0e2cfb8daecd4a92170c2f7f8d838b1aaa740d4eb6e894d3e
SHA512a16d7b7959fe4b8c377deef3f4bab03953d776aee5c2d9754786ecadac92c50d41af005aacf5be061c7023e2ba37e1d49ba66548e886876ce7bb3855acc527a8
-
Filesize
6KB
MD5dcbbc33f50fb1aa8377416ebeda1d59d
SHA12147bab26cdf2f17740b344362412bd2d4e157df
SHA2563175b81fd48ba8381d330dd2709c50a8f9863f7c216a546c9c6cafd73a168c13
SHA5121046b1249145307dff1ea1985de361b959d4277fad2316d2c685344b036bc53c2312c6621acae39aef280c2c06655932bed94f28c704157858eb347bcbec82df
-
Filesize
11KB
MD5708677daf2d2506204240ff1ab816277
SHA1f351922068184c7fe3d8bd88312e582194f82051
SHA25656146cdaac4b05fe85ff15dbed72fe955e85dc79d900642c75509aa69eb9dd60
SHA512208382c57a8ee7dc027218890daf8c50e0ab8b191dc1db4b288f2a9232ccf4920c448c6edf61e684a64acd07c72a7b4e68ab60e3901a442269b9e3a7b9256ba1
-
Filesize
20KB
MD5d803a24b2961aa143a0105fd9b7566ac
SHA14375a8ba6a2a37e34e7763217735d98aa452f1cf
SHA256347d62347e774a1ea32f345c1b3283303d69579f7fb7b6ca9980a6d55617b474
SHA512f227bc7824f9282e412c02f6747dd82381af24f104132b5c36f9e5463e9a8de152ff94d7e4770950c2e9801da017a4ff3b454a17555370f0b561ead4185926e9
-
Filesize
11KB
MD5ef44dd71ffb6a136b028ca7162963e1e
SHA1578e8989efa5f5ca50677b55549083296fab41c7
SHA256e2e5e45f7078f3fc741c4ed85dd607a77ec3180cd94c9144fca515a63da63b40
SHA512b1d731834d438ea90a9fd3dfe074dd2e8960ce09e2c385f6d8ae9fc76ae7f390a8eec26989d273e41190d8b95a5e3a7b6b04199d3f87dbc8584bf7f5500164f5
-
Filesize
7KB
MD505e85e1f6b689b1cf229b04980d2f3e7
SHA181a5e858d42429235d5b4ee4d7e56da332bbb125
SHA256ec1c98b1b74f1486471c5ab146785602babaccd33297da73b49308e7b34ce46a
SHA5123f143ba74975e19a1e52d9cfd468d7caa49a8ca1507ac2d63a8025db2e16afe06ba4d2bc3884dc679760ab21904e61f8ffdb6b3fe639b48dd4bf8759ea5f9d5a
-
Filesize
11KB
MD5dc034f4f3013f93d0f10cb5589f495b2
SHA1220bcf723eee92e29c12ca20f2ba3e356ff395d7
SHA2563c201773aad60b6ad3e44288abe120daed92527e48c9a59d0e540bdc2d38a188
SHA51217144c9de2c89a020887133fea3262434027706f42ad62a971ab62194a13e1f4dcff5576903d686f6603c7ab76e3fd73c8b7a7d544064974f6ba3d342ce73a37
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json
Filesize6KB
MD5bef4f9f856321c6dccb47a61f605e823
SHA18e60af5b17ed70db0505d7e1647a8bc9f7612939
SHA256fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5
SHA512bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\WorkspacesNavigationComponent\1.0.0.5\nav_config.json
Filesize2KB
MD5499d9e568b96e759959dc69635470211
SHA12462a315342e0c09fd6c5fbd7f1e7ff6914c17e6
SHA25698252dc9f9e81167e893f2c32f08ee60e9a6c43fadb454400ed3bff3a68fbf0d
SHA5123a5922697b5356fd29ccf8dcc2e5e0e8c1fd955046a5bacf11b8ac5b7c147625d31ade6ff17be86e79c2c613104b2d2aebb11557399084d422e304f287d8b905
-
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
Filesize2KB
MD5c6b9fdbe0913af65c42cb530f7040071
SHA1858b0ffe6c043d19b7ad0aa534ab52ee6a02afe1
SHA2565f214c1e6125e32af7983b45283264c8437725eb582e3def5d165d9d04292453
SHA512fb02e9060ef6c06916531eb318b3a202fdf987a8aeda423a9387e02788123ce723093bb5af517241e249d80f8cdd005e9f7a9aa8ef75b9da44678927030d1b16
-
Filesize
10KB
MD578e47dda17341bed7be45dccfd89ac87
SHA11afde30e46997452d11e4a2adbbf35cce7a1404f
SHA25667d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550
SHA5129574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5
-
Filesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
9KB
MD53d20584f7f6c8eac79e17cca4207fb79
SHA13c16dcc27ae52431c8cdd92fbaab0341524d3092
SHA2560d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643
SHA512315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59
-
Filesize
153KB
MD5b0917d8e6c5b6be358bff67f84eb8336
SHA1a6e221edcb19a1cc81575b4ddd927fd9a6fbdd6d
SHA256dff2c9d9755f96713c08f4932a9091080808ec34c0823feac2206fa526f91e60
SHA512cd5822bbf91e8f7f5ab2b471a4bf8b464bde95465e2fccc6a57e5a287ca55d5062bdd6d4b3cd76f8529ee7a9081b6a7aad7dc2a7581c344ce4fd2d3256bdf451
-
Filesize
7KB
MD564b32e80849b3a853d27bf4a27b2ac43
SHA1a4d23ef37b4641b47829fb4c118620becc82ebde
SHA256be742d5f7e6723a99961f7e2443a09552f0a08525360f4f84751c0773c93eb4a
SHA512dfec9fd6b6ee0356398d9203dfc69afd746e19858c88d1db75d6b2f2a7bee5ad2c6fd84cb92b13e7afddab88a7402dca031c32edba830e5345f41eecf8fa8f51
-
Filesize
202B
MD53407a07c85650e96c3e6ec56aa46ea1a
SHA1cad92877b5a293aac54432bd9981d68d80aab31a
SHA256d9719b4c842855ac5b7f8cbbe36b04aed226084e67d26d0c5f239d977f4a49a7
SHA51276379e47eaa4f254b36595d43d79c0034b02b68015f958ef66fb6c04a83acd7ff3b039c16cdcd7de6c95350a382f18fc29723ea84b7e5151f09a4872f7946e79