|
Spacey Sun 11.12.411.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
 |
|
|
| Filetype: |
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
| Entropy: |
7.999990945236572
|
| Filename: |
Spacey Sun 11.12.411.exe
|
| Filesize: |
78866424
|
| MD5: |
9fb61cd9c7b2bff0fbe3f17dbb959f80
|
| SHA1: |
4edcf71c10584651b76795d52ceea1f2d0b869f9
|
| SHA256: |
3351a3314bf07d40cda5cfd88fa3ec9609f460677c17a70f56d6cc8b63314586
|
| SHA512: |
37378fff01b51fa3bc396f5e67e7204ae3506c0a73ff6887d0080d03e21ffc409aa058d74daa792d8b598e0a744837346f5a28c42371bbd485e05fc5e3a6abaf
|
| SSDEEP: |
1572864:2r9mj0JTvSbBGYo/ra5trgXv1vaJ2lvOOCuGvwZXW+6C7IqU7Hv:oEYJDZ/ra5tK1vaJ2lAQXW+6cIPv
|
| Preview: |
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L......\.................h...8...@.
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Multi AV Scanner detection for submitted file |
AV Detection |
|
| Drops large PE files |
System Summary |
Extra Window Memory Injection
|
| Enables security privileges |
System Summary |
Extra Window Memory Injection
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
Extra Window Memory Injection
|
| Uses 32bit PE files |
Compliance, System Summary |
|
| Checks the free space of harddrives |
Malware Analysis System Evasion |
System Information Discovery
|
| Creates temporary files |
System Summary |
|
| Disables application error messsages (SetErrorMode) |
Hooking and other Techniques for Hiding and Protection |
Extra Window Memory Injection
|
| PE file has an executable .text section and no other executable section |
System Summary |
Extra Window Memory Injection
|
| Reads ini files |
System Summary |
Extra Window Memory Injection
File and Directory Discovery
|
| Reads software policies |
System Summary |
|
| Sample is known by Antivirus |
System Summary |
|
| Sample reads its own file content |
System Summary |
|
| Tries to load missing DLLs |
System Summary |
Extra Window Memory Injection
|
| Uses an in-process (OLE) Automation server |
System Summary |
|
| Contains modern PE file flags such as dynamic base (ASLR) or NX |
Compliance, System Summary |
|
| Creates license or readme file |
Compliance, Persistence and Installation Behavior |
|
| PE / OLE file has a valid certificate |
Compliance, System Summary |
|
| Submission file is bigger than most known malware samples |
System Summary |
Extra Window Memory Injection
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8,
version-valid-for 8
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
|
| Category: |
dropped
|
| Dump: |
Cookies.84.dr
|
| ID: |
dr_437
|
| Target ID: |
84
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8,
version-valid-for 8
|
| Entropy: |
2.778317583207868
|
| Encrypted: |
false
|
| Ssdeep: |
96:te+AuHC/k/cVNSyCXuuwSKvxbufW5H+LXsrx9uXckO0L/ZJV8Y:tTi/k0+yC+uw55bufo+7seXcf0L/ZJVb
|
| Size: |
20480
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Tries to harvest and steal browser information (history, passwords, etc) |
Stealing of Sensitive Information |
|
|
|
C:\Users\user\AppData\Local\Temp\2u00x0vECPsM03orBTgwNZzQ4jr\Spacey Sun.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\2u00x0vECPsM03orBTgwNZzQ4jr\Spacey Sun.exe
|
| Category: |
dropped
|
| Dump: |
Spacey Sun.exe0.0.dr
|
| ID: |
dr_87
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
PE32+ executable (GUI) x86-64, for MS Windows
|
| Entropy: |
6.759601603067868
|
| Encrypted: |
false
|
| Size: |
190595072
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Sigma detected: Script Interpreter Execution From Suspicious Folder |
System Summary |
|
| Abnormal high CPU Usage |
System Summary |
|
| Contains capabilities to detect virtual machines |
Malware Analysis System Evasion |
Security Software Discovery
Virtualization/Sandbox Evasion
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Drops files with a non-matching file extension (content does not match file extension) |
Persistence and Installation Behavior |
|
| Queries keyboard layouts |
Malware Analysis System Evasion |
System Information Discovery
|
| Queries the volume information (name, serial number etc) of a device |
Language, Device and Operating System Detection |
System Information Discovery
|
| Sigma detected: Change PowerShell Policies to an Insecure Level |
System Summary |
|
| Very long cmdline option found, this is very uncommon (may be encrypted or packed) |
HIPS / PFW / Operating System Protection Evasion |
Command and Scripting Interpreter
|
| Checks the free space of harddrives |
Malware Analysis System Evasion |
System Information Discovery
|
| Creates files inside the user directory |
System Summary |
|
| Creates mutexes |
System Summary |
|
| Disables application error messsages (SetErrorMode) |
Hooking and other Techniques for Hiding and Protection |
|
| Enumerates the file system |
Spreading, Malware Analysis System Evasion |
File and Directory Discovery
|
| Reads the hosts file |
System Summary |
|
| Sigma detected: Non Interactive PowerShell Process Spawned |
System Summary |
|
| Spawns processes |
System Summary |
|
| Tries to load missing DLLs |
System Summary |
|
|
|
C:\Users\user\AppData\Local\Temp\nB8AXbcwd4V7OPltcd\india.ps1
|
ASCII text
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nB8AXbcwd4V7OPltcd\india.ps1
|
| Category: |
dropped
|
| Dump: |
india.ps1.9.dr
|
| ID: |
dr_102
|
| Target ID: |
9
|
| Process: |
C:\Users\user\AppData\Local\Temp\2u00x0vECPsM03orBTgwNZzQ4jr\Spacey Sun.exe
|
| Type: |
ASCII text
|
| Entropy: |
5.168285537238032
|
| Encrypted: |
false
|
| Ssdeep: |
48:dUS1Y3YmPRO+AxwjhygHrYmNbIavepCCRkWfWo0WhlOTCNvWTWo0Wf:deImPE+AaMmpvlCaY/0oQCNvu/0+
|
| Size: |
2039
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Bypasses PowerShell execution policy |
HIPS / PFW / Operating System Protection Evasion |
|
| Sigma detected: Script Interpreter Execution From Suspicious Folder |
System Summary |
|
| Sigma detected: Suspicious Script Execution From Temp Folder |
System Summary |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Queries the volume information (name, serial number etc) of a device |
Language, Device and Operating System Detection |
System Information Discovery
|
| Spawns processes |
System Summary |
|
|
|
C:\Users\user\AppData\Local\Temp\nGXYUDLYVcwIbiKUGa\Colerit.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nGXYUDLYVcwIbiKUGa\Colerit.exe
|
| Category: |
dropped
|
| Dump: |
Colerit.exe.9.dr
|
| ID: |
dr_104
|
| Target ID: |
9
|
| Process: |
C:\Users\user\AppData\Local\Temp\2u00x0vECPsM03orBTgwNZzQ4jr\Spacey Sun.exe
|
| Type: |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| Entropy: |
5.2348017933119655
|
| Encrypted: |
false
|
| Ssdeep: |
49152:DKdXh5M+INtPAe3ZETinxZtmJ3vntmJ3v:DKph5M+IvPAe3ZEenr4/n4/
|
| Size: |
6927360
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) |
Malware Analysis System Evasion |
Security Software Discovery
Windows Management Instrumentation
Virtualization/Sandbox Evasion
|
| Query firmware table information (likely to detect VMs) |
Malware Analysis System Evasion |
Security Software Discovery
Virtualization/Sandbox Evasion
|
| Tries to harvest and steal browser information (history, passwords, etc) |
Stealing of Sensitive Information |
|
| Tries to harvest and steal ftp login credentials |
Stealing of Sensitive Information |
|
| Tries to steal Crypto Currency Wallets |
Stealing of Sensitive Information |
|
| Checks if Antivirus/Antispyware/Firewall program is installed (via WMI) |
Lowering of HIPS / PFW / Operating System Security Settings |
Security Software Discovery
Windows Management Instrumentation
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) |
Malware Analysis System Evasion |
System Information Discovery
Windows Management Instrumentation
|
| Queries the volume information (name, serial number etc) of a device |
Language, Device and Operating System Detection |
System Information Discovery
|
| Searches for user specific document files |
Stealing of Sensitive Information |
File and Directory Discovery
|
| Queries a list of all open handles |
System Summary |
System Information Discovery
|
| Queries the cryptographic machine GUID |
Language, Device and Operating System Detection |
System Information Discovery
|
| Spawns processes |
System Summary |
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\Spacey Sun.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\Spacey Sun.exe
|
| Category: |
dropped
|
| Dump: |
Spacey Sun.exe.0.dr
|
| ID: |
dr_73
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
PE32+ executable (GUI) x86-64, for MS Windows
|
| Entropy: |
6.759601603067868
|
| Encrypted: |
false
|
| Size: |
190595072
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\d3dcompiler_47.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\d3dcompiler_47.dll
|
| Category: |
dropped
|
| Dump: |
d3dcompiler_47.dll.0.dr
|
| ID: |
dr_68
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
| Entropy: |
6.398031738914566
|
| Encrypted: |
false
|
| Ssdeep: |
49152:hCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvdiD0N+YEzI4og/RfzHLeHTRhFRN1:oG2QCwmHjnog/pzHAo/Ayc
|
| Size: |
4916728
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\ffmpeg.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\ffmpeg.dll
|
| Category: |
dropped
|
| Dump: |
ffmpeg.dll.0.dr
|
| ID: |
dr_69
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
| Entropy: |
6.7051330084028535
|
| Encrypted: |
false
|
| Ssdeep: |
49152:ln0ZzBPpE+xOsNWoH8bVd8j+OA/7ZwddK6BfmLTqEIrrJBHZ9B:URE+x/NWXVd8jJEIBB59B
|
| Size: |
2980352
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\libEGL.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\libEGL.dll
|
| Category: |
dropped
|
| Dump: |
libEGL.dll.0.dr
|
| ID: |
dr_70
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
| Entropy: |
6.369127310246399
|
| Encrypted: |
false
|
| Ssdeep: |
6144:LYIhfSSfj/zjNSdJMAZLDRc/IAjN6YRiDDl03VHCE9UwNNMkTW9THHB:DVScNaZLdcgAj41DKVHCE9UJkapHB
|
| Size: |
493568
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\libGLESv2.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\libGLESv2.dll
|
| Category: |
dropped
|
| Dump: |
libGLESv2.dll.0.dr
|
| ID: |
dr_71
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
| Entropy: |
6.491618857049433
|
| Encrypted: |
false
|
| Ssdeep: |
98304:yLlyzbl3w1X15cEqg7qZXIdoKwaaBXRLXZ1S:gu3gztmdkwaez
|
| Size: |
8112640
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\resources\elevate.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\resources\elevate.exe
|
| Category: |
dropped
|
| Dump: |
elevate.exe.0.dr
|
| ID: |
dr_72
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
PE32 executable (console) Intel 80386, for MS Windows
|
| Entropy: |
6.442687067441468
|
| Encrypted: |
false
|
| Ssdeep: |
3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l
|
| Size: |
107520
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\vk_swiftshader.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\vk_swiftshader.dll
|
| Category: |
dropped
|
| Dump: |
vk_swiftshader.dll.0.dr
|
| ID: |
dr_74
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
| Entropy: |
6.341867172828372
|
| Encrypted: |
false
|
| Ssdeep: |
49152:QjkNw0ASIvCBfyTIoagL6zxPPREV9ExNEDvSzRqtJBcEPqt/yEwPMV/ybboVv5Em:ta0ATtxYObboP
|
| Size: |
5508096
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\vulkan-1.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\vulkan-1.dll
|
| Category: |
dropped
|
| Dump: |
vulkan-1.dll.0.dr
|
| ID: |
dr_75
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
| Entropy: |
6.6086122441916135
|
| Encrypted: |
false
|
| Ssdeep: |
24576:r9J0/WdVnM13jbBfOPEp6Z5W4DYsHF6g3P0zAk7xA:rTtnMdjlfOMp6Z5W4DYsHF6g3P0zAk7x
|
| Size: |
900096
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\System.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\System.dll
|
| Category: |
dropped
|
| Dump: |
System.dll.0.dr
|
| ID: |
dr_0
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
| Entropy: |
5.719859767584478
|
| Encrypted: |
false
|
| Ssdeep: |
192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
|
| Size: |
12288
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\nsis7z.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\nsis7z.dll
|
| Category: |
dropped
|
| Dump: |
nsis7z.dll.0.dr
|
| ID: |
dr_2
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
| Entropy: |
6.584811966667578
|
| Encrypted: |
false
|
| Ssdeep: |
6144:aUWQQ5O3fz0NG3ucDaEUTWfk+ZA0NrCL/k+uyoyBOX1okfW7w+Pfzqibckl:an5QEG39fPAkrE4yrBOXDfaNbck
|
| Size: |
434176
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
|
C:\Users\user\AppData\Local\Temp\ukeyvmdkh
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\ukeyvmdkh
|
| Category: |
dropped
|
| Dump: |
ukeyvmdkh.71.dr
|
| ID: |
dr_188
|
| Target ID: |
71
|
| Process: |
C:\Windows\SysWOW64\cmd.exe
|
| Type: |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| Entropy: |
6.3501188849045995
|
| Encrypted: |
false
|
| Ssdeep: |
3072:7VvH8RuVrLyEj/S2CUGACcceJd/klDHa/R8mxu3s8QI5uFKl:pH8RuRLlzgUd6a/AslI5uFKl
|
| Size: |
144896
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Drops files with a non-matching file extension (content does not match file extension) |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
|
C:\Users\user\AppData\Roaming\scanvalid_hm_betav4\BorlndMm.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Roaming\scanvalid_hm_betav4\BorlndMm.dll
|
| Category: |
dropped
|
| Dump: |
BorlndMm.dll.66.dr
|
| ID: |
dr_186
|
| Target ID: |
66
|
| Process: |
C:\Users\user\AppData\Local\Temp\nB8AXbcwd4V7OPltcd\TiVoServer.exe
|
| Type: |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
| Entropy: |
5.8024208675780855
|
| Encrypted: |
false
|
| Ssdeep: |
768:eKF+Ki/ija+1IGm5fe+7GGXQ/ija+1IhyPXZl0Pi75:eKF+qmd7GGYyb0a75
|
| Size: |
29696
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
|
|
C:\Users\user\AppData\Roaming\scanvalid_hm_betav4\CC3260MT.dll
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Roaming\scanvalid_hm_betav4\CC3260MT.dll
|
| Category: |
dropped
|
| Dump: |
CC3260MT.dll.66.dr
|
| ID: |
dr_175
|
| Target ID: |
66
|
| Process: |
C:\Users\user\AppData\Local\Temp\nB8AXbcwd4V7OPltcd\TiVoServer.exe
|
| Type: |
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
| Entropy: |
6.382293162945728
|
| Encrypted: |
false
|
| Ssdeep: |
12288:a1TaXhBDFeZsk4B8lLLnPo7BfUKMsG5I4S9X1/qfzKjJ3PmSruNXCwwwwwwwwwwS:sT+hB7TqpLnP8lUKHcfSJ+SruBZqW
|
| Size: |
1500160
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
|
|
C:\Users\user\AppData\Roaming\scanvalid_hm_betav4\MindClient.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Roaming\scanvalid_hm_betav4\MindClient.dll
|
| Category: |
dropped
|
| Dump: |
MindClient.dll.66.dr
|
| ID: |
dr_179
|
| Target ID: |
66
|
| Process: |
C:\Users\user\AppData\Local\Temp\nB8AXbcwd4V7OPltcd\TiVoServer.exe
|
| Type: |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
| Entropy: |
6.501374502547409
|
| Encrypted: |
false
|
| Ssdeep: |
6144:Ia3CPnngkkrohdf/U8t65qIhWG1eywT3/vxC1+jeUwNv+:uPnnglohdf/UbSG1ey0nxlNwNv+
|
| Size: |
478480
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
|
|
C:\Users\user\AppData\Roaming\scanvalid_hm_betav4\Rtl60.bpl
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Roaming\scanvalid_hm_betav4\Rtl60.bpl
|
| Category: |
dropped
|
| Dump: |
Rtl60.bpl.66.dr
|
| ID: |
dr_180
|
| Target ID: |
66
|
| Process: |
C:\Users\user\AppData\Local\Temp\nB8AXbcwd4V7OPltcd\TiVoServer.exe
|
| Type: |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
| Entropy: |
6.767809579422226
|
| Encrypted: |
false
|
| Ssdeep: |
12288:w146Fc5MU8sb70WgpeZQDJyx7W+AK1Oug2GWDKuX8oJTFrBdn+Md:w1rFZUDb741ydW+AK1a2GWDKus2prBVd
|
| Size: |
685056
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Drops files with a non-matching file extension (content does not match file extension) |
Persistence and Installation Behavior |
|
|
|
C:\Users\user\AppData\Roaming\scanvalid_hm_betav4\StlpMt45.dll
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Roaming\scanvalid_hm_betav4\StlpMt45.dll
|
| Category: |
dropped
|
| Dump: |
StlpMt45.dll.66.dr
|
| ID: |
dr_181
|
| Target ID: |
66
|
| Process: |
C:\Users\user\AppData\Local\Temp\nB8AXbcwd4V7OPltcd\TiVoServer.exe
|
| Type: |
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
| Entropy: |
6.5500705384461675
|
| Encrypted: |
false
|
| Ssdeep: |
12288:vkn33ywLy8gz7IJ/Pd0/LRZxXlB1E34aN:vkmcJ/PSRZxXVE34
|
| Size: |
618496
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
|
|
C:\Users\user\AppData\Roaming\scanvalid_hm_betav4\TiVoServer.exe
|
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Roaming\scanvalid_hm_betav4\TiVoServer.exe
|
| Category: |
dropped
|
| Dump: |
TiVoServer.exe.66.dr
|
| ID: |
dr_182
|
| Target ID: |
66
|
| Process: |
C:\Users\user\AppData\Local\Temp\nB8AXbcwd4V7OPltcd\TiVoServer.exe
|
| Type: |
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
| Entropy: |
6.250749546655814
|
| Encrypted: |
false
|
| Ssdeep: |
49152:XQiUyydnfdTw0h7XOlo7pfkAikLfF3Sq3JLFc+KUZy9EE/2G8NMyb6S4cyQ2a5R9:s/ZvlS0Lhb0llOIYhf
|
| Size: |
2264336
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Found direct / indirect Syscall (likely to bypass EDR) |
HIPS / PFW / Operating System Protection Evasion |
Abuse Elevation Control Mechanism
|
| Maps a DLL or memory area into another process |
HIPS / PFW / Operating System Protection Evasion |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| EXE planting / hijacking vulnerabilities found |
Privilege Escalation, Compliance |
DLL Search Order Hijacking
|
| Spawns processes |
System Summary |
|
|
|
C:\Users\user\AppData\Roaming\scanvalid_hm_betav4\Vcl60.bpl
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Roaming\scanvalid_hm_betav4\Vcl60.bpl
|
| Category: |
dropped
|
| Dump: |
Vcl60.bpl.66.dr
|
| ID: |
dr_183
|
| Target ID: |
66
|
| Process: |
C:\Users\user\AppData\Local\Temp\nB8AXbcwd4V7OPltcd\TiVoServer.exe
|
| Type: |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
| Entropy: |
6.676208627237961
|
| Encrypted: |
false
|
| Ssdeep: |
12288:bm+Qn2EwRdVI0Ine/pCz+2f3RAXNKEj0RJMiohzj/AQ1hRfSVW4gBeyYGmN:6+IMr0spuxJaHL1HaVpgBjYG
|
| Size: |
1326080
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Drops files with a non-matching file extension (content does not match file extension) |
Persistence and Installation Behavior |
|
|
|
C:\Users\user\AppData\Roaming\scanvalid_hm_betav4\libglib-2.0-0.dll
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Roaming\scanvalid_hm_betav4\libglib-2.0-0.dll
|
| Category: |
dropped
|
| Dump: |
libglib-2.0-0.dll.66.dr
|
| ID: |
dr_177
|
| Target ID: |
66
|
| Process: |
C:\Users\user\AppData\Local\Temp\nB8AXbcwd4V7OPltcd\TiVoServer.exe
|
| Type: |
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
| Entropy: |
6.391696538180238
|
| Encrypted: |
false
|
| Ssdeep: |
24576:OqUAgODpoSEA5CVkJ94dGF5d0HxTVmyum1WtJI/xX0Q:OqUARDmSE1VkJ94dGF5d0ZVmSL/D
|
| Size: |
1029372
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
|
|
C:\Users\user\AppData\Roaming\scanvalid_hm_betav4\loudmouth.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Roaming\scanvalid_hm_betav4\loudmouth.dll
|
| Category: |
dropped
|
| Dump: |
loudmouth.dll.66.dr
|
| ID: |
dr_178
|
| Target ID: |
66
|
| Process: |
C:\Users\user\AppData\Local\Temp\nB8AXbcwd4V7OPltcd\TiVoServer.exe
|
| Type: |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
| Entropy: |
6.686396816400311
|
| Encrypted: |
false
|
| Ssdeep: |
12288:ej5RT64PLpHD2cA7jQubZdLYU8+T5uLvYc18Iwp1SzX7DZj:ej5B64PLpHhunLt9MLvYu8rp1SzXfZj
|
| Size: |
716800
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
|
|
C:\Users\user\AppData\Roaming\scanvalid_hm_betav4\wspconfig.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Roaming\scanvalid_hm_betav4\wspconfig.dll
|
| Category: |
dropped
|
| Dump: |
wspconfig.dll.66.dr
|
| ID: |
dr_184
|
| Target ID: |
66
|
| Process: |
C:\Users\user\AppData\Local\Temp\nB8AXbcwd4V7OPltcd\TiVoServer.exe
|
| Type: |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
| Entropy: |
6.398131394073264
|
| Encrypted: |
false
|
| Ssdeep: |
12288:XjwpfW0d+Bl1mb0hILXU1XC7ngmzN6bDG+:zeW0wX1LGLEQ7ngmzyD3
|
| Size: |
548624
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
|
|
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
data
|
dropped
|
|
|
|
| File: |
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
| Category: |
dropped
|
| Dump: |
edb.log.96.dr
|
| ID: |
dr_454
|
| Target ID: |
96
|
| Process: |
C:\Windows\System32\svchost.exe
|
| Type: |
data
|
| Entropy: |
0.7482287857687052
|
| Encrypted: |
false
|
| Ssdeep: |
1536:9J8s6YR3pnhWKInznxTgScwXhCeEcrKYSZNmTHk4UQJ32aqGT46yAwFM5hA7yH0Q:9JZj5MiKNnNhoxuNR
|
| Size: |
1310720
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage user DataBase, version 0x620, checksum 0xa38176af, page size 16384, DirtyShutdown, Windows version 10.0
|
dropped
|
|
|
|
| File: |
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
| Category: |
dropped
|
| Dump: |
qmgr.db.96.dr
|
| ID: |
dr_452
|
| Target ID: |
96
|
| Process: |
C:\Windows\System32\svchost.exe
|
| Type: |
Extensible storage user DataBase, version 0x620, checksum 0xa38176af, page size 16384, DirtyShutdown, Windows version 10.0
|
| Entropy: |
0.6291151575084477
|
| Encrypted: |
false
|
| Ssdeep: |
1536:XSB2ESB2SSjlK/HZH03N9Jdt8gYkr3g16l2UPkLk+kDWyrufTRryrUOLUzCJ:Xaza9iJa+2UtmOQOL
|
| Size: |
1310720
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
|
|
|
| File: |
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
| Category: |
dropped
|
| Dump: |
qmgr.jfm.96.dr
|
| ID: |
dr_453
|
| Target ID: |
96
|
| Process: |
C:\Windows\System32\svchost.exe
|
| Type: |
data
|
| Entropy: |
0.07875618448291141
|
| Encrypted: |
false
|
| Ssdeep: |
3:ht/KYeZ3YcmYkb8yYdk/a1yR8Dlllllqvzc1XlAllHol///lZMPCyH:h1KzZ3IY+NYdV1L/lCClApo5
|
| Size: |
16384
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\ProgramData\a16pp\26pz58qie
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie
0xe, schema 4, UTF-8, version-valid-for 2
|
dropped
|
|
|
|
| File: |
C:\ProgramData\a16pp\26pz58qie
|
| Category: |
dropped
|
| Dump: |
26pz58qie.75.dr
|
| ID: |
dr_196
|
| Target ID: |
75
|
| Process: |
C:\Windows\SysWOW64\explorer.exe
|
| Type: |
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie
0xe, schema 4, UTF-8, version-valid-for 2
|
| Entropy: |
0.8745947603342119
|
| Encrypted: |
false
|
| Ssdeep: |
96:aZ8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:W8yLG7IwRWf4
|
| Size: |
51200
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\ProgramData\a16pp\5fkx4e
|
ASCII text, with very long lines (1717), with CRLF line terminators
|
dropped
|
|
|
|
| File: |
C:\ProgramData\a16pp\5fkx4e
|
| Category: |
dropped
|
| Dump: |
5fkx4e.75.dr
|
| ID: |
dr_190
|
| Target ID: |
75
|
| Process: |
C:\Windows\SysWOW64\explorer.exe
|
| Type: |
ASCII text, with very long lines (1717), with CRLF line terminators
|
| Entropy: |
5.498288591230544
|
| Encrypted: |
false
|
| Ssdeep: |
192:/nTFTRRFYbBp6SLZNMGaXU6qU4rzy+/3/OYiNBw8D7Sl:LreDFNMroyrdw60
|
| Size: |
10237
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\ProgramData\a16pp\as268y
|
SQLite 3.x database, last written using SQLite version 3046000, file counter 2, database pages 41, 1st free page 29, free
pages 1, cookie 0x25, schema 4, UTF-8, version-valid-for 2
|
dropped
|
|
|
|
| File: |
C:\ProgramData\a16pp\as268y
|
| Category: |
dropped
|
| Dump: |
as268y.75.dr
|
| ID: |
dr_191
|
| Target ID: |
75
|
| Process: |
C:\Windows\SysWOW64\explorer.exe
|
| Type: |
SQLite 3.x database, last written using SQLite version 3046000, file counter 2, database pages 41, 1st free page 29, free
pages 1, cookie 0x25, schema 4, UTF-8, version-valid-for 2
|
| Entropy: |
0.45909911068154247
|
| Encrypted: |
false
|
| Ssdeep: |
96:OpdTxQ+ALqL/uejzH+bF+UIYysX0lj/twfLyl0e9S8E:OpdT7IqL/tH+bF+UI3i67Kylj9
|
| Size: |
196608
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\ProgramData\a16pp\f37g4o
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 89, cookie
0x37, schema 4, UTF-8, version-valid-for 9
|
dropped
|
|
|
|
| File: |
C:\ProgramData\a16pp\f37g4o
|
| Category: |
dropped
|
| Dump: |
f37g4o.75.dr
|
| ID: |
dr_197
|
| Target ID: |
75
|
| Process: |
C:\Windows\SysWOW64\explorer.exe
|
| Type: |
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 89, cookie
0x37, schema 4, UTF-8, version-valid-for 9
|
| Entropy: |
1.124003908482409
|
| Encrypted: |
false
|
| Ssdeep: |
384:KUM2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:Kkq+n0E91LyKOMq+8iP5GLP/0
|
| Size: |
196608
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\ProgramData\a16pp\ua1djw
|
SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 5, database pages 68, cookie
0x4a, schema 4, UTF-8, version-valid-for 5
|
dropped
|
|
|
|
| File: |
C:\ProgramData\a16pp\ua1djw
|
| Category: |
dropped
|
| Dump: |
ua1djw.75.dr
|
| ID: |
dr_193
|
| Target ID: |
75
|
| Process: |
C:\Windows\SysWOW64\explorer.exe
|
| Type: |
SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 5, database pages 68, cookie
0x4a, schema 4, UTF-8, version-valid-for 5
|
| Entropy: |
1.1358713074177111
|
| Encrypted: |
false
|
| Ssdeep: |
192:ulsfoVZkNi61n1ulH51pX6ErGVupU2olwJAoPqfPk:ulsfoQx1n1ulH5zBGVupUheOoPqfM
|
| Size: |
139264
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\ProgramData\a16pp\v3wbai
|
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version
2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
|
dropped
|
|
|
|
| File: |
C:\ProgramData\a16pp\v3wbai
|
| Category: |
dropped
|
| Dump: |
v3wbai.75.dr
|
| ID: |
dr_189
|
| Target ID: |
75
|
| Process: |
C:\Windows\SysWOW64\explorer.exe
|
| Type: |
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version
2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
|
| Entropy: |
0.08235737944063153
|
| Encrypted: |
false
|
| Ssdeep: |
12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
|
| Size: |
98304
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\ProgramData\a16pp\vk6xt0zus
|
SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 2, database pages 20, cookie
0xc, schema 4, UTF-8, version-valid-for 2
|
dropped
|
|
|
|
| File: |
C:\ProgramData\a16pp\vk6xt0zus
|
| Category: |
dropped
|
| Dump: |
vk6xt0zus.75.dr
|
| ID: |
dr_192
|
| Target ID: |
75
|
| Process: |
C:\Windows\SysWOW64\explorer.exe
|
| Type: |
SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 2, database pages 20, cookie
0xc, schema 4, UTF-8, version-valid-for 2
|
| Entropy: |
0.8616778647394084
|
| Encrypted: |
false
|
| Ssdeep: |
48:pMtA+IIkCVEq8Ma0D0HOlf/6ykwpLf/UUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:pOCCn8MouB6w9f/MiZqmvJKLPeymwil
|
| Size: |
40960
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\ProgramData\a16pp\zcbasr
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4,
UTF-8, version-valid-for 1
|
dropped
|
|
|
|
| File: |
C:\ProgramData\a16pp\zcbasr
|
| Category: |
dropped
|
| Dump: |
zcbasr.75.dr
|
| ID: |
dr_195
|
| Target ID: |
75
|
| Process: |
C:\Windows\SysWOW64\explorer.exe
|
| Type: |
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4,
UTF-8, version-valid-for 1
|
| Entropy: |
0.5407252242845243
|
| Encrypted: |
false
|
| Ssdeep: |
96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
|
| Size: |
155648
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\ProgramData\a16pp\zm790r
|
SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 2, database pages 9, cookie
0x6, schema 4, UTF-8, version-valid-for 2
|
dropped
|
|
|
|
| File: |
C:\ProgramData\a16pp\zm790r
|
| Category: |
dropped
|
| Dump: |
zm790r.75.dr
|
| ID: |
dr_199
|
| Target ID: |
75
|
| Process: |
C:\Windows\SysWOW64\explorer.exe
|
| Type: |
SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 2, database pages 9, cookie
0x6, schema 4, UTF-8, version-valid-for 2
|
| Entropy: |
0.08436837154972243
|
| Encrypted: |
false
|
| Ssdeep: |
192:5va0zkVmvQhyn+Zoz679fqlQbGhMHPaVAL23v2:51zkVmvQhyn+Zoz67f
|
| Size: |
294912
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\D3DSCache\835c0a3b00fa7ea1\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\D3DSCache\835c0a3b00fa7ea1\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
|
| Category: |
dropped
|
| Dump: |
F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx.76.dr
|
| ID: |
dr_201
|
| Target ID: |
76
|
| Process: |
C:\Users\user\AppData\Local\Temp\2u00x0vECPsM03orBTgwNZzQ4jr\Spacey Sun.exe
|
| Type: |
data
|
| Entropy: |
0.01264908944072593
|
| Encrypted: |
false
|
| Ssdeep: |
3:yA//lGlll/l/lXp9ZjrPBY0QlUl/1RX/ZP:v//0dPBY0wUvhJ
|
| Size: |
65552
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\D3DSCache\835c0a3b00fa7ea1\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\D3DSCache\835c0a3b00fa7ea1\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
|
| Category: |
dropped
|
| Dump: |
F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock.76.dr
|
| ID: |
dr_202
|
| Target ID: |
76
|
| Process: |
C:\Users\user\AppData\Local\Temp\2u00x0vECPsM03orBTgwNZzQ4jr\Spacey Sun.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
1.5
|
| Encrypted: |
false
|
| Ssdeep: |
3:R:R
|
| Size: |
4
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\D3DSCache\835c0a3b00fa7ea1\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
|
Matlab v4 mat-file (little endian) (, numeric, rows 0, columns 16, imaginary
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\D3DSCache\835c0a3b00fa7ea1\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
|
| Category: |
dropped
|
| Dump: |
F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val.76.dr
|
| ID: |
dr_200
|
| Target ID: |
76
|
| Process: |
C:\Users\user\AppData\Local\Temp\2u00x0vECPsM03orBTgwNZzQ4jr\Spacey Sun.exe
|
| Type: |
Matlab v4 mat-file (little endian) (, numeric, rows 0, columns 16, imaginary
|
| Entropy: |
0.03206046103477371
|
| Encrypted: |
false
|
| Ssdeep: |
6:C9q0XXUEZ+lX1KP02UVi2clRAAtz2Hrn:/6Q14UViHAc2L
|
| Size: |
65536
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\26d04ea6-06df-4782-a305-8d69bad2ff42.tmp
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\26d04ea6-06df-4782-a305-8d69bad2ff42.tmp
|
| Category: |
dropped
|
| Dump: |
26d04ea6-06df-4782-a305-8d69bad2ff42.tmp.83.dr
|
| ID: |
dr_309
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
6.082785546668074
|
| Encrypted: |
false
|
| Ssdeep: |
768:OMkbJ6eg6KzhXRLtkVKse3Vi1zNtPerH7MJvcZbsaICioRJDSgzMMd6qD47u30A:OMk16zRRSVKakRsaIFoRtSmd6qE7m
|
| Size: |
43176
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\668dddb1-9e24-4a11-89a0-944395470d47.tmp
|
JSON data
|
modified
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\668dddb1-9e24-4a11-89a0-944395470d47.tmp
|
| Category: |
modified
|
| Dump: |
668dddb1-9e24-4a11-89a0-944395470d47.tmp.81.dr
|
| ID: |
dr_211
|
| Target ID: |
81
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
6.090669185438646
|
| Encrypted: |
false
|
| Ssdeep: |
768:lDXzgWPsj/qlGJqIY8GB4kWSmi1zNtPMD1yFtaPGJDSgzMMd6qD47u3+Ciol:l/Ps+wsI7yn3rtSmd6qE7lFol
|
| Size: |
41984
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\91962a91-b404-4bc2-9d5f-a6ce140ef689.tmp
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\91962a91-b404-4bc2-9d5f-a6ce140ef689.tmp
|
| Category: |
dropped
|
| Dump: |
91962a91-b404-4bc2-9d5f-a6ce140ef689.tmp.81.dr
|
| ID: |
dr_210
|
| Target ID: |
81
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
6.090669185438646
|
| Encrypted: |
false
|
| Ssdeep: |
768:lDXzgWPsj/qlGJqIY8GB4kWSmi1zNtPMD1yFtaPGJDSgzMMd6qD47u3+Ciol:l/Ps+wsI7yn3rtSmd6qE7lFol
|
| Size: |
41984
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\67b71a96-8724-4723-85de-e75495375592.tmp
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\67b71a96-8724-4723-85de-e75495375592.tmp
|
| Category: |
dropped
|
| Dump: |
67b71a96-8724-4723-85de-e75495375592.tmp.83.dr
|
| ID: |
dr_330
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.640152186923991
|
| Encrypted: |
false
|
| Ssdeep: |
1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7S:fwUQC5VwBIiElEd2K57P7S
|
| Size: |
107893
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)
|
| Category: |
dropped
|
| Dump: |
67b71a96-8724-4723-85de-e75495375592.tmp.83.dr
|
| ID: |
dr_415
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.640152186923991
|
| Encrypted: |
false
|
| Ssdeep: |
1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7S:fwUQC5VwBIiElEd2K57P7S
|
| Size: |
107893
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67D41FAC-1E08.pma
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67D41FAC-1E08.pma
|
| Category: |
dropped
|
| Dump: |
BrowserMetrics-67D41FAC-1E08.pma.81.dr
|
| ID: |
dr_206
|
| Target ID: |
81
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
data
|
| Entropy: |
0.046413400946559706
|
| Encrypted: |
false
|
| Ssdeep: |
192:Zr0Qr08YiNtm/gnOAtzYC0JPi6VBKP72qtX3egvIL2hvJNEFBIUvS0RQcTajbn8H:+S0MtMgX0IRbhxSVpva308T2RGOD
|
| Size: |
4194304
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67D41FAC-38C.pma
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67D41FAC-38C.pma
|
| Category: |
dropped
|
| Dump: |
BrowserMetrics-67D41FAC-38C.pma.83.dr
|
| ID: |
dr_221
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
data
|
| Entropy: |
0.45045459473746113
|
| Encrypted: |
false
|
| Ssdeep: |
3072:r+8bMQzQcgn4c0WZpUjPkcZmJJMTND1XuEfqKlVORKxxHHg1HFL:rbMwgn4VLkcZO811PqKlVORKxxHHaH
|
| Size: |
4194304
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
|
| Category: |
dropped
|
| Dump: |
settings.dat.81.dr
|
| ID: |
dr_207
|
| Target ID: |
81
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
data
|
| Entropy: |
4.105637406271287
|
| Encrypted: |
false
|
| Ssdeep: |
3:FiWWltlcUpPmPIijS3XbnbO6YBVP/Sh/JzvbYuDRBOc7cEJH1l:o1cUh4Y3LbO/BVsJDbYuDRBOyc
|
| Size: |
280
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\5b0f80eb-0e0a-4eb5-af02-2d10ae4a12d7.tmp
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\5b0f80eb-0e0a-4eb5-af02-2d10ae4a12d7.tmp
|
| Category: |
dropped
|
| Dump: |
5b0f80eb-0e0a-4eb5-af02-2d10ae4a12d7.tmp.83.dr
|
| ID: |
dr_337
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
5.282062576301898
|
| Encrypted: |
false
|
| Ssdeep: |
192:st5J99QTryDigabatSuyplsr8aFvrEo6BRkY9YLC86bV+FiHQw5cU6P3cGJ:st5PGKSu4lsr8CD56HTbGeQwhA
|
| Size: |
14488
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\6a0e5b25-9dd9-4b22-a94a-a24046c02c36.tmp
|
very short file (no magic)
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\6a0e5b25-9dd9-4b22-a94a-a24046c02c36.tmp
|
| Category: |
dropped
|
| Dump: |
6a0e5b25-9dd9-4b22-a94a-a24046c02c36.tmp.83.dr
|
| ID: |
dr_389
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
very short file (no magic)
|
| Entropy: |
0.0
|
| Encrypted: |
false
|
| Ssdeep: |
3:L:L
|
| Size: |
1
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\72100de8-898b-4bdf-91b1-554ff0726536.tmp
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\72100de8-898b-4bdf-91b1-554ff0726536.tmp
|
| Category: |
dropped
|
| Dump: |
72100de8-898b-4bdf-91b1-554ff0726536.tmp.83.dr
|
| ID: |
dr_343
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
5.561334094504196
|
| Encrypted: |
false
|
| Ssdeep: |
768:CSxmmzWh47pLGLxDLqsW5wYSf4+u8F1+UoAYDCx9Tuqh0VfUC9xbog/OVPJ9jUIU:CUVzmkcxDLqsWaYSfNuu1ja89jUTZYBi
|
| Size: |
40504
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp
|
ASCII text
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp
|
| Category: |
dropped
|
| Dump: |
000001.dbtmp0.83.dr
|
| ID: |
dr_291
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
ASCII text
|
| Entropy: |
3.2743974703476995
|
| Encrypted: |
false
|
| Ssdeep: |
3:1sjgWIV//Uv:1qIFUv
|
| Size: |
16
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log
|
| Category: |
dropped
|
| Dump: |
000003.log3.83.dr
|
| ID: |
dr_258
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
data
|
| Entropy: |
3.5394429593752084
|
| Encrypted: |
false
|
| Ssdeep: |
3:iWstvhYNrkUn:iptAd
|
| Size: |
33
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)
|
ASCII text
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)
|
| Category: |
dropped
|
| Dump: |
000001.dbtmp0.83.dr
|
| ID: |
dr_413
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
ASCII text
|
| Entropy: |
3.2743974703476995
|
| Encrypted: |
false
|
| Ssdeep: |
3:1sjgWIV//Uv:1qIFUv
|
| Size: |
16
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG
|
ASCII text
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG
|
| Category: |
dropped
|
| Dump: |
LOG6.83.dr
|
| ID: |
dr_260
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
ASCII text
|
| Entropy: |
5.264012180009259
|
| Encrypted: |
false
|
| Ssdeep: |
6:iOG9F11N723oH+Tcwtp3hBtB2KLl49FfWcM+q2PN723oH+Tcwtp3hBWsIFUv:7G9FFaYebp3dFLC9F+9+vVaYebp3eFUv
|
| Size: |
311
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001
|
OpenPGP Secret Key
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001
|
| Category: |
dropped
|
| Dump: |
MANIFEST-000001.83.dr
|
| ID: |
dr_285
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
OpenPGP Secret Key
|
| Entropy: |
4.704993772857998
|
| Encrypted: |
false
|
| Ssdeep: |
3:scoBAIxQRDKIVjn:scoBY7jn
|
| Size: |
41
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log
|
data
|
modified
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log
|
| Category: |
modified
|
| Dump: |
000003.log0.83.dr
|
| ID: |
dr_226
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
data
|
| Entropy: |
5.222865473725268
|
| Encrypted: |
false
|
| Ssdeep: |
24576:IbPMZpV6fI/MXhZSihQgCmnVAEpENU2iOYcafbE2n:IbkZpV6fx2mjF
|
| Size: |
2163821
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG
|
ASCII text
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG
|
| Category: |
dropped
|
| Dump: |
LOG3.83.dr
|
| ID: |
dr_225
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
ASCII text
|
| Entropy: |
5.17645364149136
|
| Encrypted: |
false
|
| Ssdeep: |
6:iOG9FRVUO3+q2PN723oH+Tcwt9Eh1tIFUto9FRsZmwC92VkwON723oH+Tcwt9Ehx:7G9FRVU7vVaYeb9Eh16FUto9FRs/C9mW
|
| Size: |
340
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)
|
ASCII text
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)
|
| Category: |
dropped
|
| Dump: |
LOG3.83.dr
|
| ID: |
dr_412
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
ASCII text
|
| Entropy: |
5.17645364149136
|
| Encrypted: |
false
|
| Ssdeep: |
6:iOG9FRVUO3+q2PN723oH+Tcwt9Eh1tIFUto9FRsZmwC92VkwON723oH+Tcwt9Ehx:7G9FRVU7vVaYeb9Eh16FUto9FRs/C9mW
|
| Size: |
340
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8,
version-valid-for 1
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS
|
| Category: |
dropped
|
| Dump: |
DIPS.83.dr
|
| ID: |
dr_256
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8,
version-valid-for 1
|
| Entropy: |
0.4623683791279851
|
| Encrypted: |
false
|
| Ssdeep: |
24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBuRsB:TouQq3qh7z3bY2LNW9WMcUvBuRsB
|
| Size: |
28672
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5,
schema 4, UTF-8, version-valid-for 5
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase
|
| Category: |
dropped
|
| Dump: |
DashTrackerDatabase.83.dr
|
| ID: |
dr_266
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5,
schema 4, UTF-8, version-valid-for 5
|
| Entropy: |
0.8708334089814068
|
| Encrypted: |
false
|
| Ssdeep: |
12:LBtW4mqsmvEFUU30dZV3lY7+YNbr1dj3BzA2ycFUxOUDaazMvbKGxiTUwZ79GV:LLaqEt30J2NbDjfy6UOYMvbKGxjgm
|
| Size: |
10240
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG
|
ASCII text
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG
|
| Category: |
dropped
|
| Dump: |
LOG0.83.dr
|
| ID: |
dr_216
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
ASCII text
|
| Entropy: |
5.194543344961205
|
| Encrypted: |
false
|
| Ssdeep: |
6:iOG9rdAq2PN723oH+TcwtnG2tMsIFUto9rdhZmwC9A1kwON723oH+TcwtnG2tMsd:7G9JAvVaYebn9GFUto9Jh/C9A15OaYeV
|
| Size: |
349
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)
|
ASCII text
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)
|
| Category: |
dropped
|
| Dump: |
LOG0.83.dr
|
| ID: |
dr_401
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
ASCII text
|
| Entropy: |
5.194543344961205
|
| Encrypted: |
false
|
| Ssdeep: |
6:iOG9rdAq2PN723oH+TcwtnG2tMsIFUto9rdhZmwC9A1kwON723oH+TcwtnG2tMsd:7G9JAvVaYebn9GFUto9Jh/C9A15OaYeV
|
| Size: |
349
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8,
version-valid-for 6
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db
|
| Category: |
dropped
|
| Dump: |
EdgeHubAppUsageSQLite.db.83.dr
|
| ID: |
dr_268
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8,
version-valid-for 6
|
| Entropy: |
0.6121142642327531
|
| Encrypted: |
false
|
| Ssdeep: |
12:TLs9pRSJDBJuqJSEDNvrWjJQ9Dl9np59yDLgHFUxOUDaaTXubHa7mW+28+gMAlon:TLapR+DDNzWjJ0npnyXKUO8+jtpyR4mL
|
| Size: |
20480
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp
|
ASCII text
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp
|
| Category: |
dropped
|
| Dump: |
000001.dbtmp1.83.dr
|
| ID: |
dr_294
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
ASCII text
|
| Entropy: |
3.2743974703476995
|
| Encrypted: |
false
|
| Ssdeep: |
3:1sjgWIV//Uv:1qIFUv
|
| Size: |
16
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log
|
| Category: |
dropped
|
| Dump: |
000003.log.83.dr
|
| ID: |
dr_223
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
data
|
| Entropy: |
5.354146235326977
|
| Encrypted: |
false
|
| Ssdeep: |
6144:ZA/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:ZFdMyq49tEndBuHltBfdK5WNbsVEziPU
|
| Size: |
375520
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)
|
ASCII text
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)
|
| Category: |
dropped
|
| Dump: |
000001.dbtmp1.83.dr
|
| ID: |
dr_414
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
ASCII text
|
| Entropy: |
3.2743974703476995
|
| Encrypted: |
false
|
| Ssdeep: |
3:1sjgWIV//Uv:1qIFUv
|
| Size: |
16
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG
|
ASCII text
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG
|
| Category: |
dropped
|
| Dump: |
LOG2.83.dr
|
| ID: |
dr_222
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
ASCII text
|
| Entropy: |
5.1519157384441945
|
| Encrypted: |
false
|
| Ssdeep: |
6:iOG9FREe1N723oH+Tcwtk2WwnvB2KLl49Fbq2PN723oH+Tcwtk2WwnvIFUv:7G9FREuaYebkxwnvFLC9FbvVaYebkxwp
|
| Size: |
315
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001
|
OpenPGP Secret Key
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001
|
| Category: |
dropped
|
| Dump: |
MANIFEST-0000011.83.dr
|
| ID: |
dr_287
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
OpenPGP Secret Key
|
| Entropy: |
4.704993772857998
|
| Encrypted: |
false
|
| Ssdeep: |
3:scoBAIxQRDKIVjn:scoBY7jn
|
| Size: |
41
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json
|
JSON data
|
modified
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json
|
| Category: |
modified
|
| Dump: |
domains_config.json.83.dr
|
| ID: |
dr_297
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
5.324616450101113
|
| Encrypted: |
false
|
| Ssdeep: |
6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6RV:C1gAg1zfvN
|
| Size: |
358860
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log
|
| Category: |
dropped
|
| Dump: |
000003.log10.83.dr
|
| ID: |
dr_322
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
data
|
| Entropy: |
1.8784775129881184
|
| Encrypted: |
false
|
| Ssdeep: |
6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
|
| Size: |
418
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG
|
ASCII text
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG
|
| Category: |
dropped
|
| Dump: |
LOG15.83.dr
|
| ID: |
dr_323
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
ASCII text
|
| Entropy: |
5.170212934413654
|
| Encrypted: |
false
|
| Ssdeep: |
6:iOG9yuWIq2PN723oH+Tcwt8aPrqIFUto9y6ZmwC9yGkwON723oH+Tcwt8amLJ:7G9yuWIvVaYebL3FUto9y6/C9yG5OaYD
|
| Size: |
325
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)
|
ASCII text
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)
|
| Category: |
dropped
|
| Dump: |
LOG15.83.dr
|
| ID: |
dr_402
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
ASCII text
|
| Entropy: |
5.170212934413654
|
| Encrypted: |
false
|
| Ssdeep: |
6:iOG9yuWIq2PN723oH+Tcwt8aPrqIFUto9y6ZmwC9yGkwON723oH+Tcwt8amLJ:7G9yuWIvVaYebL3FUto9y6/C9yG5OaYD
|
| Size: |
325
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log
|
| Category: |
dropped
|
| Dump: |
000003.log9.83.dr
|
| ID: |
dr_320
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
data
|
| Entropy: |
1.8784775129881184
|
| Encrypted: |
false
|
| Ssdeep: |
6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
|
| Size: |
418
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG
|
ASCII text
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG
|
| Category: |
dropped
|
| Dump: |
LOG14.83.dr
|
| ID: |
dr_321
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
ASCII text
|
| Entropy: |
5.14996299961241
|
| Encrypted: |
false
|
| Ssdeep: |
6:iOG9yDeq2PN723oH+Tcwt865IFUto9yYdhZmwC9yYd7kwON723oH+Tcwt86+ULJ:7G9yDevVaYeb/WFUto9ywh/C9yw75Oar
|
| Size: |
329
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)
|
ASCII text
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)
|
| Category: |
dropped
|
| Dump: |
LOG14.83.dr
|
| ID: |
dr_403
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
ASCII text
|
| Entropy: |
5.14996299961241
|
| Encrypted: |
false
|
| Ssdeep: |
6:iOG9yDeq2PN723oH+Tcwt865IFUto9yYdhZmwC9yYd7kwON723oH+Tcwt86+ULJ:7G9yDevVaYeb/WFUto9ywh/C9yw75Oar
|
| Size: |
329
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log
|
| Category: |
dropped
|
| Dump: |
000003.log4.83.dr
|
| ID: |
dr_290
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
data
|
| Entropy: |
1.8784775129881184
|
| Encrypted: |
false
|
| Ssdeep: |
12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWA:
|
| Size: |
1254
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
|
ASCII text
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
|
| Category: |
dropped
|
| Dump: |
LOG8.83.dr
|
| ID: |
dr_293
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
ASCII text
|
| Entropy: |
5.157949186398297
|
| Encrypted: |
false
|
| Ssdeep: |
6:iOG95t+q2PN723oH+Tcwt8NIFUto94ZmwC9IVkwON723oH+Tcwt8+eLJ:7G95ovVaYebpFUto94/C9g5OaYebqJ
|
| Size: |
325
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)
|
ASCII text
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)
|
| Category: |
dropped
|
| Dump: |
LOG8.83.dr
|
| ID: |
dr_410
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
ASCII text
|
| Entropy: |
5.157949186398297
|
| Encrypted: |
false
|
| Ssdeep: |
6:iOG95t+q2PN723oH+Tcwt8NIFUto94ZmwC9IVkwON723oH+Tcwt8+eLJ:7G95ovVaYebpFUto94/C9g5OaYebqJ
|
| Size: |
325
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json
|
| Category: |
dropped
|
| Dump: |
computed_hashes.json.83.dr
|
| ID: |
dr_369
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
5.809210454117189
|
| Encrypted: |
false
|
| Ssdeep: |
6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
|
| Size: |
429
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
|
| Category: |
dropped
|
| Dump: |
History-journal.83.dr
|
| ID: |
dr_233
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
data
|
| Entropy: |
0.2184882828120532
|
| Encrypted: |
false
|
| Ssdeep: |
3:AjtFlljq7A/mhWJFuQ3yy7IOWUQll4dweytllrE9SFcTp4AGbNCV9RUIP:T75fOilud0Xi99pEY5
|
| Size: |
8720
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)
|
ASCII text, with very long lines (1597), with CRLF line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)
|
| Category: |
dropped
|
| Dump: |
db6a96ca-53c7-4d70-8785-e96321178dec.tmp.83.dr
|
| ID: |
dr_421
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
ASCII text, with very long lines (1597), with CRLF line terminators
|
| Entropy: |
5.183660917461099
|
| Encrypted: |
false
|
| Ssdeep: |
1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
|
| Size: |
115717
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8,
version-valid-for 7
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons
|
| Category: |
dropped
|
| Dump: |
HubApps Icons.83.dr
|
| ID: |
dr_218
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8,
version-valid-for 7
|
| Entropy: |
3.6477206359171848
|
| Encrypted: |
false
|
| Ssdeep: |
384:aj9P0YQkQerkgam6Il773pLDcbP/KbtDjl+RKToaADhf:adVe2b17ObP/Gl+RKc39
|
| Size: |
49152
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG
|
ASCII text
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG
|
| Category: |
dropped
|
| Dump: |
LOG7.83.dr
|
| ID: |
dr_273
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
ASCII text
|
| Entropy: |
5.2245002868057435
|
| Encrypted: |
false
|
| Ssdeep: |
12:7G95vVaYeb8rcHEZrELFUto9y/C9+5OaYeb8rcHEZrEZSJ:74FVaYeb8nZrExg65oOaYeb8nZrEZe
|
| Size: |
409
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old
(copy)
|
ASCII text
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old
(copy)
|
| Category: |
dropped
|
| Dump: |
LOG7.83.dr
|
| ID: |
dr_411
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
ASCII text
|
| Entropy: |
5.2245002868057435
|
| Encrypted: |
false
|
| Ssdeep: |
12:7G95vVaYeb8rcHEZrELFUto9y/C9+5OaYeb8rcHEZrEZSJ:74FVaYeb8nZrExg65oOaYeb8nZrEZe
|
| Size: |
409
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
|
| Category: |
dropped
|
| Dump: |
000003.log8.83.dr
|
| ID: |
dr_317
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
data
|
| Entropy: |
5.641624444328325
|
| Encrypted: |
false
|
| Ssdeep: |
48:+Zea/tm8Mkv5ExXZZrV03Sx4LylsDMGULiRHHS2/41:+Aax5YfT2osDMGtTQ1
|
| Size: |
1983
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
|
ASCII text
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
|
| Category: |
dropped
|
| Dump: |
LOG13.83.dr
|
| ID: |
dr_319
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
ASCII text
|
| Entropy: |
5.14159256981922
|
| Encrypted: |
false
|
| Ssdeep: |
6:iOG98eyq2PN723oH+Tcwt8a2jMGIFUto98e1ZmwC98MRkwON723oH+Tcwt8a2jM4:7G9avVaYeb8EFUto9r1/C9v5OaYeb8bJ
|
| Size: |
340
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)
|
ASCII text
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)
|
| Category: |
dropped
|
| Dump: |
LOG13.83.dr
|
| ID: |
dr_405
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
ASCII text
|
| Entropy: |
5.14159256981922
|
| Encrypted: |
false
|
| Ssdeep: |
6:iOG98eyq2PN723oH+Tcwt8a2jMGIFUto98e1ZmwC98MRkwON723oH+Tcwt8a2jM4:7G9avVaYeb8EFUto9r1/C9v5OaYeb8bJ
|
| Size: |
340
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\9860ab34-d807-4450-94d7-26a109028159.tmp
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\9860ab34-d807-4450-94d7-26a109028159.tmp
|
| Category: |
dropped
|
| Dump: |
9860ab34-d807-4450-94d7-26a109028159.tmp.84.dr
|
| ID: |
dr_429
|
| Target ID: |
84
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
1.0
|
| Encrypted: |
false
|
| Ssdeep: |
3:H:H
|
| Size: |
2
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)
|
| Category: |
dropped
|
| Dump: |
f819a45e-022f-4236-a89c-f46f40a17e02.tmp.84.dr
|
| ID: |
dr_451
|
| Target ID: |
84
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.718418993774295
|
| Encrypted: |
false
|
| Ssdeep: |
3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiVY:YHpoeS7PMVKJTnMRK3VY
|
| Size: |
111
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 9, cookie 0x4, schema 4, UTF-8,
version-valid-for 8
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL
|
| Category: |
dropped
|
| Dump: |
Reporting and NEL.84.dr
|
| ID: |
dr_434
|
| Target ID: |
84
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 9, cookie 0x4, schema 4, UTF-8,
version-valid-for 8
|
| Entropy: |
1.5544481863763793
|
| Encrypted: |
false
|
| Ssdeep: |
96:OIEumQv8m1ccnvS6mkkUQljf438a4gG1a:OIEumQv8m1ccnvS683ssP6
|
| Size: |
36864
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)
|
| Category: |
dropped
|
| Dump: |
c21fc3bd-85bb-478c-9393-d14fd15c6b33.tmp.84.dr
|
| ID: |
dr_442
|
| Target ID: |
84
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
1.0
|
| Encrypted: |
false
|
| Ssdeep: |
3:H:H
|
| Size: |
2
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF4a18c.TMP (copy)
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF4a18c.TMP (copy)
|
| Category: |
dropped
|
| Dump: |
c21fc3bd-85bb-478c-9393-d14fd15c6b33.tmp.84.dr
|
| ID: |
dr_444
|
| Target ID: |
84
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
1.0
|
| Encrypted: |
false
|
| Ssdeep: |
3:H:H
|
| Size: |
2
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF4ae6c.TMP (copy)
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF4ae6c.TMP (copy)
|
| Category: |
dropped
|
| Dump: |
c21fc3bd-85bb-478c-9393-d14fd15c6b33.tmp.84.dr
|
| ID: |
dr_445
|
| Target ID: |
84
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
1.0
|
| Encrypted: |
false
|
| Ssdeep: |
3:H:H
|
| Size: |
2
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF4bad0.TMP (copy)
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF4bad0.TMP (copy)
|
| Category: |
dropped
|
| Dump: |
c21fc3bd-85bb-478c-9393-d14fd15c6b33.tmp.84.dr
|
| ID: |
dr_449
|
| Target ID: |
84
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
1.0
|
| Encrypted: |
false
|
| Ssdeep: |
3:H:H
|
| Size: |
2
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)
|
| Category: |
dropped
|
| Dump: |
efb896d6-5095-4e05-a53d-5c9db08a4c27.tmp.84.dr
|
| ID: |
dr_447
|
| Target ID: |
84
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.1275671571169275
|
| Encrypted: |
false
|
| Ssdeep: |
3:Y2ktGMxkAXWMSN:Y2xFMSN
|
| Size: |
40
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\a799c78b-fd17-41aa-a25b-810bf5c4e5c2.tmp
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\a799c78b-fd17-41aa-a25b-810bf5c4e5c2.tmp
|
| Category: |
dropped
|
| Dump: |
a799c78b-fd17-41aa-a25b-810bf5c4e5c2.tmp.84.dr
|
| ID: |
dr_440
|
| Target ID: |
84
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
1.0
|
| Encrypted: |
false
|
| Ssdeep: |
3:H:H
|
| Size: |
2
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\b66b1cf7-79ea-4d94-99af-b72c750dfcce.tmp
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\b66b1cf7-79ea-4d94-99af-b72c750dfcce.tmp
|
| Category: |
dropped
|
| Dump: |
b66b1cf7-79ea-4d94-99af-b72c750dfcce.tmp.84.dr
|
| ID: |
dr_435
|
| Target ID: |
84
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
1.0
|
| Encrypted: |
false
|
| Ssdeep: |
3:H:H
|
| Size: |
2
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\c21fc3bd-85bb-478c-9393-d14fd15c6b33.tmp
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\c21fc3bd-85bb-478c-9393-d14fd15c6b33.tmp
|
| Category: |
dropped
|
| Dump: |
c21fc3bd-85bb-478c-9393-d14fd15c6b33.tmp.84.dr
|
| ID: |
dr_432
|
| Target ID: |
84
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
1.0
|
| Encrypted: |
false
|
| Ssdeep: |
3:H:H
|
| Size: |
2
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\efb896d6-5095-4e05-a53d-5c9db08a4c27.tmp
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\efb896d6-5095-4e05-a53d-5c9db08a4c27.tmp
|
| Category: |
dropped
|
| Dump: |
efb896d6-5095-4e05-a53d-5c9db08a4c27.tmp.84.dr
|
| ID: |
dr_438
|
| Target ID: |
84
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.1275671571169275
|
| Encrypted: |
false
|
| Ssdeep: |
3:Y2ktGMxkAXWMSN:Y2xFMSN
|
| Size: |
40
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\f819a45e-022f-4236-a89c-f46f40a17e02.tmp
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\f819a45e-022f-4236-a89c-f46f40a17e02.tmp
|
| Category: |
dropped
|
| Dump: |
f819a45e-022f-4236-a89c-f46f40a17e02.tmp.84.dr
|
| ID: |
dr_431
|
| Target ID: |
84
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.718418993774295
|
| Encrypted: |
false
|
| Ssdeep: |
3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiVY:YHpoeS7PMVKJTnMRK3VY
|
| Size: |
111
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8,
version-valid-for 3
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history
|
| Category: |
dropped
|
| Dump: |
campaign_history.83.dr
|
| ID: |
dr_215
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8,
version-valid-for 3
|
| Entropy: |
0.8350301952073809
|
| Encrypted: |
false
|
| Ssdeep: |
24:TLSOUOq0afDdWec9sJlAMoqsgC7zn2z8ZI7J5fc:T+OUzDbg3sAM/sgCnn2ztc
|
| Size: |
20480
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)
|
| Category: |
dropped
|
| Dump: |
e2a56b9f-614f-4bc3-93e8-923c7b4ff861.tmp.83.dr
|
| ID: |
dr_419
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
5.136539119606812
|
| Encrypted: |
false
|
| Ssdeep: |
192:st5kdplsr8aFvrE9kY9YHC86bV+FiHQw5cU6P3cGJ:st5Qlsr8CDOZbGeQwhA
|
| Size: |
10910
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4d8a9.TMP (copy)
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4d8a9.TMP (copy)
|
| Category: |
dropped
|
| Dump: |
e2a56b9f-614f-4bc3-93e8-923c7b4ff861.tmp.83.dr
|
| ID: |
dr_423
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
5.136539119606812
|
| Encrypted: |
false
|
| Ssdeep: |
192:st5kdplsr8aFvrE9kY9YHC86bV+FiHQw5cU6P3cGJ:st5Qlsr8CDOZbGeQwhA
|
| Size: |
10910
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF526b9.TMP (copy)
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF526b9.TMP (copy)
|
| Category: |
dropped
|
| Dump: |
e2a56b9f-614f-4bc3-93e8-923c7b4ff861.tmp.83.dr
|
| ID: |
dr_426
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
5.136539119606812
|
| Encrypted: |
false
|
| Ssdeep: |
192:st5kdplsr8aFvrE9kY9YHC86bV+FiHQw5cU6P3cGJ:st5Qlsr8CDOZbGeQwhA
|
| Size: |
10910
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF59bda.TMP (copy)
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF59bda.TMP (copy)
|
| Category: |
dropped
|
| Dump: |
e2a56b9f-614f-4bc3-93e8-923c7b4ff861.tmp.83.dr
|
| ID: |
dr_428
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
5.136539119606812
|
| Encrypted: |
false
|
| Ssdeep: |
192:st5kdplsr8aFvrE9kY9YHC86bV+FiHQw5cU6P3cGJ:st5Qlsr8CDOZbGeQwhA
|
| Size: |
10910
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)
|
| Category: |
dropped
|
| Dump: |
b8abfe07-c90c-45f1-8e26-0a4f6c5a1c56.tmp.83.dr
|
| ID: |
dr_418
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
5.57636670784865
|
| Encrypted: |
false
|
| Ssdeep: |
768:CSQm8zWtLqsW5wYSf4ru8F1+UoAYDCx9Tuqh0VfUC9xbog/OVPb9uUIifMIrwXHF:CpbzILqsWaYSfCuu1jau9uU0Zig0t4
|
| Size: |
26889
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF4dcc0.TMP (copy)
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF4dcc0.TMP (copy)
|
| Category: |
dropped
|
| Dump: |
b8abfe07-c90c-45f1-8e26-0a4f6c5a1c56.tmp.83.dr
|
| ID: |
dr_424
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
5.57636670784865
|
| Encrypted: |
false
|
| Ssdeep: |
768:CSQm8zWtLqsW5wYSf4ru8F1+UoAYDCx9Tuqh0VfUC9xbog/OVPb9uUIifMIrwXHF:CpbzILqsWaYSfCuu1jau9uU0Zig0t4
|
| Size: |
26889
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp
|
ASCII text
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp
|
| Category: |
dropped
|
| Dump: |
000001.dbtmp.83.dr
|
| ID: |
dr_288
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
ASCII text
|
| Entropy: |
3.2743974703476995
|
| Encrypted: |
false
|
| Ssdeep: |
3:1sjgWIV//Uv:1qIFUv
|
| Size: |
16
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log
|
| Category: |
dropped
|
| Dump: |
000003.log2.83.dr
|
| ID: |
dr_244
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
data
|
| Entropy: |
5.820851246702902
|
| Encrypted: |
false
|
| Ssdeep: |
24:F2xc5NmWcncmoCCRORpllg2hEDfhH1ldCRORpllg2h3VNjAW5NQECRORpllg2hEb:F2emnfrd6DfxDrdVVzXrd6GxTErdAxe
|
| Size: |
2403
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)
|
ASCII text
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)
|
| Category: |
dropped
|
| Dump: |
000001.dbtmp.83.dr
|
| ID: |
dr_416
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
ASCII text
|
| Entropy: |
3.2743974703476995
|
| Encrypted: |
false
|
| Ssdeep: |
3:1sjgWIV//Uv:1qIFUv
|
| Size: |
16
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG
|
ASCII text
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG
|
| Category: |
dropped
|
| Dump: |
LOG5.83.dr
|
| ID: |
dr_246
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
ASCII text
|
| Entropy: |
5.179533576828477
|
| Encrypted: |
false
|
| Ssdeep: |
6:iOG9xUQWCAB1N723oH+TcwtE/a252KLl49xUG+q2PN723oH+TcwtE/a2ZIFUv:7G9xUeMaYeb8xLC9xUHvVaYeb8J2FUv
|
| Size: |
301
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
|
OpenPGP Secret Key
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
|
| Category: |
dropped
|
| Dump: |
MANIFEST-0000010.83.dr
|
| ID: |
dr_286
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
OpenPGP Secret Key
|
| Entropy: |
4.704993772857998
|
| Encrypted: |
false
|
| Ssdeep: |
3:scoBAIxQRDKIVjn:scoBY7jn
|
| Size: |
41
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
|
| Category: |
dropped
|
| Dump: |
2cc80dabc69f58b6_0.83.dr
|
| ID: |
dr_333
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
data
|
| Entropy: |
5.576973935602469
|
| Encrypted: |
false
|
| Ssdeep: |
3072:I9LexPXfOc11LeeclL/+4wn88Sjt28jyoa:x1LwlL/Xw88Sjt28jVa
|
| Size: |
119703
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1
|
| Category: |
dropped
|
| Dump: |
2cc80dabc69f58b6_1.83.dr
|
| ID: |
dr_339
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
data
|
| Entropy: |
6.39483135039074
|
| Encrypted: |
false
|
| Ssdeep: |
3072:ZErH4tCmzMQHwbLASejL/EnUD0vxYUxGFz01CUipwEwYXW+:+zGHwgSWL/EUQvxTG61CUjWm+
|
| Size: |
202105
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index
|
| Category: |
dropped
|
| Dump: |
index.83.dr
|
| ID: |
dr_289
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
data
|
| Entropy: |
2.1431558784658327
|
| Encrypted: |
false
|
| Ssdeep: |
3:m+l:m
|
| Size: |
24
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
|
| Category: |
dropped
|
| Dump: |
temp-index.83.dr
|
| ID: |
dr_292
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
data
|
| Entropy: |
3.5931902015385067
|
| Encrypted: |
false
|
| Ssdeep: |
3:yxC0Xl/lp/lxEsu5nl:yxNq75l
|
| Size: |
72
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)
|
| Category: |
dropped
|
| Dump: |
temp-index.83.dr
|
| ID: |
dr_417
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
data
|
| Entropy: |
3.5931902015385067
|
| Encrypted: |
false
|
| Ssdeep: |
3:yxC0Xl/lp/lxEsu5nl:yxNq75l
|
| Size: |
72
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF50249.TMP
(copy)
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF50249.TMP
(copy)
|
| Category: |
dropped
|
| Dump: |
temp-index.83.dr
|
| ID: |
dr_425
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
data
|
| Entropy: |
3.5931902015385067
|
| Encrypted: |
false
|
| Ssdeep: |
3:yxC0Xl/lp/lxEsu5nl:yxNq75l
|
| Size: |
72
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
|
| Category: |
dropped
|
| Dump: |
000003.log5.83.dr
|
| ID: |
dr_296
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
data
|
| Entropy: |
3.417388068414819
|
| Encrypted: |
false
|
| Ssdeep: |
96:L96hynoVTbVrEp3Zflp+4+XilFUDYU0/gtO5VO4Y0OH6GAr5Q9:HnoVTbVIdp+4giHgJ0/gtTUOm1Q9
|
| Size: |
6521
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
|
ASCII text
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
|
| Category: |
dropped
|
| Dump: |
LOG9.83.dr
|
| ID: |
dr_298
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
ASCII text
|
| Entropy: |
5.084449054545448
|
| Encrypted: |
false
|
| Ssdeep: |
6:iOG9Tyq2PN723oH+TcwtrQMxIFUto9B1ZmwC98RkwON723oH+TcwtrQMFLJ:7G9evVaYebCFUto9B1/C9M5OaYebtJ
|
| Size: |
328
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)
|
ASCII text
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)
|
| Category: |
dropped
|
| Dump: |
LOG9.83.dr
|
| ID: |
dr_409
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
ASCII text
|
| Entropy: |
5.084449054545448
|
| Encrypted: |
false
|
| Ssdeep: |
6:iOG9Tyq2PN723oH+TcwtrQMxIFUto9B1ZmwC98RkwON723oH+TcwtrQMFLJ:7G9evVaYebCFUto9B1/C9M5OaYebtJ
|
| Size: |
328
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13386428592011700
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13386428592011700
|
| Category: |
dropped
|
| Dump: |
Session_13386428592011700.83.dr
|
| ID: |
dr_275
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
data
|
| Entropy: |
3.815921399664145
|
| Encrypted: |
false
|
| Ssdeep: |
24:38/us2psAF4unxstLp3X2amEtG1Chq1Ez/msY0QKkOAM4:32us2zF6Lp2FEkChcE6HOp
|
| Size: |
1443
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8,
version-valid-for 1
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts
|
| Category: |
dropped
|
| Dump: |
Shortcuts.83.dr
|
| ID: |
dr_263
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8,
version-valid-for 1
|
| Entropy: |
0.44194574462308833
|
| Encrypted: |
false
|
| Ssdeep: |
12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
|
| Size: |
20480
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
|
ASCII text
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
|
| Category: |
dropped
|
| Dump: |
LOG1.83.dr
|
| ID: |
dr_219
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
ASCII text
|
| Entropy: |
5.16667690679947
|
| Encrypted: |
false
|
| Ssdeep: |
6:iOG9w2q2PN723oH+Tcwt7Uh2ghZIFUto9ySkZmwC9ySEkwON723oH+Tcwt7Uh2gd:7G9PvVaYebIhHh2FUto9ySk/C9ySE5On
|
| Size: |
356
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)
|
ASCII text
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)
|
| Category: |
dropped
|
| Dump: |
LOG1.83.dr
|
| ID: |
dr_399
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
ASCII text
|
| Entropy: |
5.16667690679947
|
| Encrypted: |
false
|
| Ssdeep: |
6:iOG9w2q2PN723oH+Tcwt7Uh2ghZIFUto9ySkZmwC9ySEkwON723oH+Tcwt7Uh2gd:7G9PvVaYebIhHh2FUto9ySk/C9ySE5On
|
| Size: |
356
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1
|
| Category: |
dropped
|
| Dump: |
data_10.83.dr
|
| ID: |
dr_329
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
data
|
| Entropy: |
0.0012471779557650352
|
| Encrypted: |
false
|
| Ssdeep: |
3:MsEllllkEthXllkl2zE:/M/xT02z
|
| Size: |
270336
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1
|
| Category: |
dropped
|
| Dump: |
data_1.83.dr
|
| ID: |
dr_327
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
data
|
| Entropy: |
0.0012471779557650352
|
| Encrypted: |
false
|
| Ssdeep: |
3:MsEllllkEthXllkl2zE:/M/xT02z
|
| Size: |
270336
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG
|
ASCII text
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG
|
| Category: |
dropped
|
| Dump: |
LOG10.83.dr
|
| ID: |
dr_301
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
ASCII text
|
| Entropy: |
5.226079987965478
|
| Encrypted: |
false
|
| Ssdeep: |
12:7G9PvVaYebvqBQFUto9yH/C9C5OaYebvqBvJ:743VaYebvZg6ZsOaYebvk
|
| Size: |
438
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old
(copy)
|
ASCII text
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old
(copy)
|
| Category: |
dropped
|
| Dump: |
LOG10.83.dr
|
| ID: |
dr_408
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
ASCII text
|
| Entropy: |
5.226079987965478
|
| Encrypted: |
false
|
| Ssdeep: |
12:7G9PvVaYebvqBQFUto9yH/C9C5OaYebvqBvJ:743VaYebvZg6ZsOaYebvk
|
| Size: |
438
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\8b0af4fc-04a7-4568-a39b-8504f2de99b1.tmp
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\8b0af4fc-04a7-4568-a39b-8504f2de99b1.tmp
|
| Category: |
dropped
|
| Dump: |
8b0af4fc-04a7-4568-a39b-8504f2de99b1.tmp.84.dr
|
| ID: |
dr_439
|
| Target ID: |
84
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.1275671571169275
|
| Encrypted: |
false
|
| Ssdeep: |
3:Y2ktGMxkAXWMSN:Y2xFMSN
|
| Size: |
40
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT
Auditing Pending Reports (copy)
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT
Auditing Pending Reports (copy)
|
| Category: |
dropped
|
| Dump: |
b383aeb7-0bc6-4e26-b86b-81031faaeb5a.tmp.84.dr
|
| ID: |
dr_443
|
| Target ID: |
84
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
1.0
|
| Encrypted: |
false
|
| Ssdeep: |
3:H:H
|
| Size: |
2
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT
Auditing Pending Reports~RF4ae7c.TMP (copy)
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT
Auditing Pending Reports~RF4ae7c.TMP (copy)
|
| Category: |
dropped
|
| Dump: |
b383aeb7-0bc6-4e26-b86b-81031faaeb5a.tmp.84.dr
|
| ID: |
dr_446
|
| Target ID: |
84
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
1.0
|
| Encrypted: |
false
|
| Ssdeep: |
3:H:H
|
| Size: |
2
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT
Auditing Pending Reports~RF4bae0.TMP (copy)
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT
Auditing Pending Reports~RF4bae0.TMP (copy)
|
| Category: |
dropped
|
| Dump: |
b383aeb7-0bc6-4e26-b86b-81031faaeb5a.tmp.84.dr
|
| ID: |
dr_450
|
| Target ID: |
84
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
1.0
|
| Encrypted: |
false
|
| Ssdeep: |
3:H:H
|
| Size: |
2
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch
Dictionaries (copy)
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch
Dictionaries (copy)
|
| Category: |
dropped
|
| Dump: |
8b0af4fc-04a7-4568-a39b-8504f2de99b1.tmp.84.dr
|
| ID: |
dr_448
|
| Target ID: |
84
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.1275671571169275
|
| Encrypted: |
false
|
| Ssdeep: |
3:Y2ktGMxkAXWMSN:Y2xFMSN
|
| Size: |
40
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust
Tokens
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8,
version-valid-for 4
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust
Tokens
|
| Category: |
dropped
|
| Dump: |
Trust Tokens.84.dr
|
| ID: |
dr_436
|
| Target ID: |
84
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8,
version-valid-for 4
|
| Entropy: |
0.3886039372934488
|
| Encrypted: |
false
|
| Ssdeep: |
24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
|
| Size: |
36864
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\b35404de-e4ac-4aee-8478-0d0806882ca7.tmp
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\b35404de-e4ac-4aee-8478-0d0806882ca7.tmp
|
| Category: |
dropped
|
| Dump: |
b35404de-e4ac-4aee-8478-0d0806882ca7.tmp.84.dr
|
| ID: |
dr_430
|
| Target ID: |
84
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
1.0
|
| Encrypted: |
false
|
| Ssdeep: |
3:H:H
|
| Size: |
2
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\b383aeb7-0bc6-4e26-b86b-81031faaeb5a.tmp
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\b383aeb7-0bc6-4e26-b86b-81031faaeb5a.tmp
|
| Category: |
dropped
|
| Dump: |
b383aeb7-0bc6-4e26-b86b-81031faaeb5a.tmp.84.dr
|
| ID: |
dr_433
|
| Target ID: |
84
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
1.0
|
| Encrypted: |
false
|
| Ssdeep: |
3:H:H
|
| Size: |
2
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\e92a3f03-9fc2-4c7e-be6d-8b0833f85a0a.tmp
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\e92a3f03-9fc2-4c7e-be6d-8b0833f85a0a.tmp
|
| Category: |
dropped
|
| Dump: |
e92a3f03-9fc2-4c7e-be6d-8b0833f85a0a.tmp.84.dr
|
| ID: |
dr_441
|
| Target ID: |
84
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
1.0
|
| Encrypted: |
false
|
| Ssdeep: |
3:H:H
|
| Size: |
2
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log
|
| Category: |
dropped
|
| Dump: |
000003.log1.83.dr
|
| ID: |
dr_236
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
data
|
| Entropy: |
3.4921535629071894
|
| Encrypted: |
false
|
| Ssdeep: |
3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
|
| Size: |
80
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG
|
ASCII text
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG
|
| Category: |
dropped
|
| Dump: |
LOG4.83.dr
|
| ID: |
dr_238
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
ASCII text
|
| Entropy: |
5.230520147437819
|
| Encrypted: |
false
|
| Ssdeep: |
12:7G9NoAvVaYebvqBZFUto9Pr1/C9W5OaYebvqBaJ:74NlVaYebvyg6Pr6AOaYebvL
|
| Size: |
426
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old
(copy)
|
ASCII text
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old
(copy)
|
| Category: |
dropped
|
| Dump: |
LOG4.83.dr
|
| ID: |
dr_422
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
ASCII text
|
| Entropy: |
5.230520147437819
|
| Encrypted: |
false
|
| Ssdeep: |
12:7G9NoAvVaYebvqBZFUto9Pr1/C9W5OaYebvqBaJ:74NlVaYebvyg6Pr6AOaYebvL
|
| Size: |
426
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
|
ASCII text
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
|
| Category: |
dropped
|
| Dump: |
LOG.83.dr
|
| ID: |
dr_214
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
ASCII text
|
| Entropy: |
5.222672014434814
|
| Encrypted: |
false
|
| Ssdeep: |
6:iOG9ym7+q2PN723oH+TcwtpIFUto9ymrZmwC9ym7VkwON723oH+Tcwta/WLJ:7G9ymivVaYebmFUto9ymr/C9ymh5OaYM
|
| Size: |
329
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)
|
ASCII text
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)
|
| Category: |
dropped
|
| Dump: |
LOG.83.dr
|
| ID: |
dr_400
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
ASCII text
|
| Entropy: |
5.222672014434814
|
| Encrypted: |
false
|
| Ssdeep: |
6:iOG9ym7+q2PN723oH+TcwtpIFUto9ymrZmwC9ym7VkwON723oH+Tcwta/WLJ:7G9ymivVaYebmFUto9ymr/C9ymh5OaYM
|
| Size: |
329
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 11, database pages 91, cookie
0x37, schema 4, UTF-8, version-valid-for 11
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
|
| Category: |
dropped
|
| Dump: |
Web Data.83.dr
|
| ID: |
dr_220
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 11, database pages 91, cookie
0x37, schema 4, UTF-8, version-valid-for 11
|
| Entropy: |
1.2680344979985037
|
| Encrypted: |
false
|
| Ssdeep: |
384:7/2qOB1nxCkMdSA1LyKOMq+8iP5GDHP/0jMVum5:aq+n0Jd91LyKOMq+8iP5GLP/0M
|
| Size: |
196608
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8,
version-valid-for 1
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager
|
| Category: |
dropped
|
| Dump: |
QuotaManager.83.dr
|
| ID: |
dr_254
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8,
version-valid-for 1
|
| Entropy: |
0.46646524545198376
|
| Encrypted: |
false
|
| Ssdeep: |
48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB0RctZ:v7doKsKuKZKlZNmu46yjx02tZ
|
| Size: |
40960
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json
|
ASCII text, with very long lines (3951), with CRLF line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json
|
| Category: |
dropped
|
| Dump: |
arbitration_service_config.json.83.dr
|
| ID: |
dr_324
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
ASCII text, with very long lines (3951), with CRLF line terminators
|
| Entropy: |
5.190465908239046
|
| Encrypted: |
false
|
| Ssdeep: |
192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
|
| Size: |
11755
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\b1e41ca0-c3b4-4c01-8ba4-7dfa7b8e4bf4.tmp
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\b1e41ca0-c3b4-4c01-8ba4-7dfa7b8e4bf4.tmp
|
| Category: |
dropped
|
| Dump: |
b1e41ca0-c3b4-4c01-8ba4-7dfa7b8e4bf4.tmp.83.dr
|
| ID: |
dr_224
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
5.279875911565859
|
| Encrypted: |
false
|
| Ssdeep: |
192:st5J99QTryDigabatSuyplsr8aFvrEo6BRkY9YLC86bV+FiHQw5536P3cGJ:st5PGKSu4lsr8CD56HTbGeQwH3A
|
| Size: |
14653
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\b8abfe07-c90c-45f1-8e26-0a4f6c5a1c56.tmp
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\b8abfe07-c90c-45f1-8e26-0a4f6c5a1c56.tmp
|
| Category: |
dropped
|
| Dump: |
b8abfe07-c90c-45f1-8e26-0a4f6c5a1c56.tmp.83.dr
|
| ID: |
dr_303
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
5.57636670784865
|
| Encrypted: |
false
|
| Ssdeep: |
768:CSQm8zWtLqsW5wYSf4ru8F1+UoAYDCx9Tuqh0VfUC9xbog/OVPb9uUIifMIrwXHF:CpbzILqsWaYSfCuu1jau9uU0Zig0t4
|
| Size: |
26889
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\d0f84bdb-8df8-4570-a46c-e295e142ed22.tmp
|
very short file (no magic)
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\d0f84bdb-8df8-4570-a46c-e295e142ed22.tmp
|
| Category: |
dropped
|
| Dump: |
d0f84bdb-8df8-4570-a46c-e295e142ed22.tmp.83.dr
|
| ID: |
dr_390
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
very short file (no magic)
|
| Entropy: |
0.0
|
| Encrypted: |
false
|
| Ssdeep: |
3:L:L
|
| Size: |
1
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8,
version-valid-for 1
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db
|
| Category: |
dropped
|
| Dump: |
Databases.db.83.dr
|
| ID: |
dr_250
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8,
version-valid-for 1
|
| Entropy: |
0.3410017321959524
|
| Encrypted: |
false
|
| Ssdeep: |
12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
|
| Size: |
28672
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\db6a96ca-53c7-4d70-8785-e96321178dec.tmp
|
ASCII text, with very long lines (1597), with CRLF line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\db6a96ca-53c7-4d70-8785-e96321178dec.tmp
|
| Category: |
dropped
|
| Dump: |
db6a96ca-53c7-4d70-8785-e96321178dec.tmp.83.dr
|
| ID: |
dr_356
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
ASCII text, with very long lines (1597), with CRLF line terminators
|
| Entropy: |
5.183660917461099
|
| Encrypted: |
false
|
| Ssdeep: |
1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
|
| Size: |
115717
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\e2a56b9f-614f-4bc3-93e8-923c7b4ff861.tmp
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\e2a56b9f-614f-4bc3-93e8-923c7b4ff861.tmp
|
| Category: |
dropped
|
| Dump: |
e2a56b9f-614f-4bc3-93e8-923c7b4ff861.tmp.83.dr
|
| ID: |
dr_306
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
5.136539119606812
|
| Encrypted: |
false
|
| Ssdeep: |
192:st5kdplsr8aFvrE9kY9YHC86bV+FiHQw5cU6P3cGJ:st5Qlsr8CDOZbGeQwhA
|
| Size: |
10910
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\f7ca14df-c135-42af-b30c-0e3dbdd62070.tmp
|
JSON data
|
modified
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\f7ca14df-c135-42af-b30c-0e3dbdd62070.tmp
|
| Category: |
modified
|
| Dump: |
f7ca14df-c135-42af-b30c-0e3dbdd62070.tmp.83.dr
|
| ID: |
dr_228
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
5.279830253125756
|
| Encrypted: |
false
|
| Ssdeep: |
192:st5J99QTryDigabatSuyplsr8aFvrEo6BRkY9YLC86bV+FiHQw5Z36P3cGJ:st5PGKSu4lsr8CD56HTbGeQw/3A
|
| Size: |
14653
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm
|
| Category: |
dropped
|
| Dump: |
load_statistics.db-shm.83.dr
|
| ID: |
dr_313
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
data
|
| Entropy: |
0.10859426977926644
|
| Encrypted: |
false
|
| Ssdeep: |
12:0+Q+6LpEjVl/PnnnnnnnnnnnnnvoQrEo8VF4D:0dBoPnnnnnnnnnnnnnvBjpD
|
| Size: |
32768
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
|
SQLite Write-Ahead Log, version 3007000
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
|
| Category: |
dropped
|
| Dump: |
load_statistics.db-wal.83.dr
|
| ID: |
dr_315
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
SQLite Write-Ahead Log, version 3007000
|
| Entropy: |
0.9815801706689012
|
| Encrypted: |
false
|
| Ssdeep: |
384:2rkRDmLW9lwlkf4LMy3atULpngIpZlvpJi1pjN88nIp328bOpRz5+8ZDyby2LyNj:3w2qhDCkPRoBU21OI
|
| Size: |
350232
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
|
| Category: |
dropped
|
| Dump: |
000003.log6.83.dr
|
| ID: |
dr_304
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
data
|
| Entropy: |
3.238769398475814
|
| Encrypted: |
false
|
| Ssdeep: |
12:p9lc8QyOuuuuuuuuuuuuuuuuuuuuuuum8ag:pHayWg
|
| Size: |
628
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
|
ASCII text
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
|
| Category: |
dropped
|
| Dump: |
LOG11.83.dr
|
| ID: |
dr_307
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
ASCII text
|
| Entropy: |
5.172836929697254
|
| Encrypted: |
false
|
| Ssdeep: |
6:iOG9Bq2PN723oH+TcwtfrK+IFUto9fXZmwC9pkwON723oH+TcwtfrUeLJ:7G9BvVaYeb23FUto9fX/C9p5OaYeb3J
|
| Size: |
325
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)
|
ASCII text
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)
|
| Category: |
dropped
|
| Dump: |
LOG11.83.dr
|
| ID: |
dr_407
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
ASCII text
|
| Entropy: |
5.172836929697254
|
| Encrypted: |
false
|
| Ssdeep: |
6:iOG9Bq2PN723oH+TcwtfrK+IFUto9fXZmwC9pkwON723oH+TcwtfrUeLJ:7G9BvVaYeb23FUto9fX/C9p5OaYeb3J
|
| Size: |
325
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
|
| Category: |
dropped
|
| Dump: |
000003.log7.83.dr
|
| ID: |
dr_311
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
data
|
| Entropy: |
4.083903231942818
|
| Encrypted: |
false
|
| Ssdeep: |
24:G0nYUtypD32m3yWlIZMBA5NgKIvB8SxX/Zs:LYUtyp5q55NvIp8SxX/Zs
|
| Size: |
850
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
|
ASCII text
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
|
| Category: |
dropped
|
| Dump: |
LOG12.83.dr
|
| ID: |
dr_312
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
ASCII text
|
| Entropy: |
5.1575750850191495
|
| Encrypted: |
false
|
| Ssdeep: |
6:iOG90Aq2PN723oH+TcwtfrzAdIFUto90hZmwC9Q1kwON723oH+TcwtfrzILJ:7G90AvVaYeb9FUto90h/C9k5OaYeb2J
|
| Size: |
343
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)
|
ASCII text
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)
|
| Category: |
dropped
|
| Dump: |
LOG12.83.dr
|
| ID: |
dr_406
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
ASCII text
|
| Entropy: |
5.1575750850191495
|
| Encrypted: |
false
|
| Ssdeep: |
6:iOG90Aq2PN723oH+TcwtfrzAdIFUto90hZmwC9Q1kwON723oH+TcwtfrzILJ:7G90AvVaYeb9FUto90h/C9k5OaYeb2J
|
| Size: |
343
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser
|
| Category: |
dropped
|
| Dump: |
Last Browser.83.dr
|
| ID: |
dr_299
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
data
|
| Entropy: |
3.32524464792714
|
| Encrypted: |
false
|
| Ssdeep: |
3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
|
| Size: |
120
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version
|
| Category: |
dropped
|
| Dump: |
Last Version.81.dr
|
| ID: |
dr_209
|
| Target ID: |
81
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
2.6612262562697895
|
| Encrypted: |
false
|
| Ssdeep: |
3:NYLFRQZ:ap2Z
|
| Size: |
13
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)
|
| Category: |
dropped
|
| Dump: |
91962a91-b404-4bc2-9d5f-a6ce140ef689.tmp.81.dr
|
| ID: |
dr_212
|
| Target ID: |
81
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
6.090669185438646
|
| Encrypted: |
false
|
| Ssdeep: |
768:lDXzgWPsj/qlGJqIY8GB4kWSmi1zNtPMD1yFtaPGJDSgzMMd6qD47u3+Ciol:l/Ps+wsI7yn3rtSmd6qE7lFol
|
| Size: |
41984
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF48691.TMP (copy)
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF48691.TMP (copy)
|
| Category: |
dropped
|
| Dump: |
91962a91-b404-4bc2-9d5f-a6ce140ef689.tmp.81.dr
|
| ID: |
dr_213
|
| Target ID: |
81
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
6.090669185438646
|
| Encrypted: |
false
|
| Ssdeep: |
768:lDXzgWPsj/qlGJqIY8GB4kWSmi1zNtPMD1yFtaPGJDSgzMMd6qD47u3+Ciol:l/Ps+wsI7yn3rtSmd6qE7lFol
|
| Size: |
41984
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF48b44.TMP (copy)
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF48b44.TMP (copy)
|
| Category: |
dropped
|
| Dump: |
91962a91-b404-4bc2-9d5f-a6ce140ef689.tmp.81.dr
|
| ID: |
dr_404
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
6.090669185438646
|
| Encrypted: |
false
|
| Ssdeep: |
768:lDXzgWPsj/qlGJqIY8GB4kWSmi1zNtPMD1yFtaPGJDSgzMMd6qD47u3+Ciol:l/Ps+wsI7yn3rtSmd6qE7lFol
|
| Size: |
41984
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4b216.TMP (copy)
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4b216.TMP (copy)
|
| Category: |
dropped
|
| Dump: |
91962a91-b404-4bc2-9d5f-a6ce140ef689.tmp.81.dr
|
| ID: |
dr_420
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
6.090669185438646
|
| Encrypted: |
false
|
| Ssdeep: |
768:lDXzgWPsj/qlGJqIY8GB4kWSmi1zNtPMD1yFtaPGJDSgzMMd6qD47u3+Ciol:l/Ps+wsI7yn3rtSmd6qE7lFol
|
| Size: |
41984
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF59b9b.TMP (copy)
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF59b9b.TMP (copy)
|
| Category: |
dropped
|
| Dump: |
91962a91-b404-4bc2-9d5f-a6ce140ef689.tmp.81.dr
|
| ID: |
dr_427
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
6.090669185438646
|
| Encrypted: |
false
|
| Ssdeep: |
768:lDXzgWPsj/qlGJqIY8GB4kWSmi1zNtPMD1yFtaPGJDSgzMMd6qD47u3+Ciol:l/Ps+wsI7yn3rtSmd6qE7lFol
|
| Size: |
41984
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8,
version-valid-for 6
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history
|
| Category: |
dropped
|
| Dump: |
campaign_history0.83.dr
|
| ID: |
dr_217
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8,
version-valid-for 6
|
| Entropy: |
0.6773696719930975
|
| Encrypted: |
false
|
| Ssdeep: |
12:TLpUAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3islRud6zcQAJmdngzQdoO:TLiOUOq0afDdWec9sJhOs3fsuZ7J5fc
|
| Size: |
20480
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings
|
| Category: |
dropped
|
| Dump: |
customSettings.83.dr
|
| ID: |
dr_392
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.3818353308528755
|
| Encrypted: |
false
|
| Ssdeep: |
3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
|
| Size: |
47
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14
|
| Category: |
dropped
|
| Dump: |
customSettings_F95BA787499AB4FA9EFFF472CE383A14.83.dr
|
| ID: |
dr_393
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.014438730983427
|
| Encrypted: |
false
|
| Ssdeep: |
3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
|
| Size: |
35
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings
|
| Category: |
dropped
|
| Dump: |
edgeSettings.83.dr
|
| ID: |
dr_314
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.3439888556902035
|
| Encrypted: |
false
|
| Ssdeep: |
3:kDnaV6bVsFUIMf1HDOWg3djTHXoSWDSQ97P:kDYaoUIe1HDM3oskP
|
| Size: |
81
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1
|
| Category: |
dropped
|
| Dump: |
edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.83.dr
|
| ID: |
dr_316
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
3.80180718117079
|
| Encrypted: |
false
|
| Ssdeep: |
1536:RlIyFAMrwvaGbyLWzDr6PDofI8vsUnPRLz+PMh:weWGP7Eh
|
| Size: |
130439
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris
|
| Category: |
dropped
|
| Dump: |
synchronousLookupUris.83.dr
|
| ID: |
dr_308
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.346439344671015
|
| Encrypted: |
false
|
| Ssdeep: |
3:kfKbUPVXXMVQX:kygV5
|
| Size: |
40
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468
|
| Category: |
dropped
|
| Dump: |
synchronousLookupUris_638343870221005468.83.dr
|
| ID: |
dr_310
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
data
|
| Entropy: |
4.556488479039065
|
| Encrypted: |
false
|
| Ssdeep: |
3:GSCIPPlzYxi21goD:bCWBYx99D
|
| Size: |
57
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic
|
| Category: |
dropped
|
| Dump: |
topTraffic.83.dr
|
| ID: |
dr_394
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.030394788231021
|
| Encrypted: |
false
|
| Ssdeep: |
3:0xXeZUSXkcVn:0Re5kcV
|
| Size: |
29
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371
|
| Category: |
dropped
|
| Dump: |
topTraffic_170540185939602997400506234197983529371.83.dr
|
| ID: |
dr_395
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
data
|
| Entropy: |
7.999649474060713
|
| Encrypted: |
true
|
| Ssdeep: |
12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
|
| Size: |
575056
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982
|
raw G3 (Group 3) FAX, byte-padded
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982
|
| Category: |
dropped
|
| Dump: |
topTraffic_638004170464094982.83.dr
|
| ID: |
dr_318
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
raw G3 (Group 3) FAX, byte-padded
|
| Entropy: |
7.999625908035124
|
| Encrypted: |
true
|
| Ssdeep: |
12288:KaRwcD8XXTZGZJHXBjOVX3xFttENr4+3eGPnKvJWXrydqb:KaR5oZ2MBFt8r4+3eG/URdqb
|
| Size: |
460992
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache
|
| Category: |
dropped
|
| Dump: |
uriCache.83.dr
|
| ID: |
dr_269
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
3.169925001442312
|
| Encrypted: |
false
|
| Ssdeep: |
3:CMzOn:CM6
|
| Size: |
9
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_
|
| Category: |
dropped
|
| Dump: |
uriCache_.83.dr
|
| ID: |
dr_271
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
5.027568837190883
|
| Encrypted: |
false
|
| Ssdeep: |
3:YTyLSmafBoTfIeRDHtDozRLuLgfGBkGAeekVy8HfzXNPIAciqQSdAY4Y:YWLSGTt1o9LuLgfGBPAzkVj/T8WyAy
|
| Size: |
179
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations
|
| Category: |
dropped
|
| Dump: |
Variations.81.dr
|
| ID: |
dr_208
|
| Target ID: |
81
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.3751917412896075
|
| Encrypted: |
false
|
| Ssdeep: |
3:YQ3JYq9xSs0dMEJAELJ2rjozQan:YQ3Kq9X0dMgAEwjM
|
| Size: |
86
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\c695a4a1-7fb6-4d51-8b7c-71cf1d8b0ca5.tmp
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\c695a4a1-7fb6-4d51-8b7c-71cf1d8b0ca5.tmp
|
| Category: |
dropped
|
| Dump: |
c695a4a1-7fb6-4d51-8b7c-71cf1d8b0ca5.tmp.83.dr
|
| ID: |
dr_227
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
6.082657200969261
|
| Encrypted: |
false
|
| Ssdeep: |
768:OMkbJ6eg6KzhXRLtkTKse3Vi1zNtGrH7MJvcZbsaICioRJDSgzMMd6qD47u30A:OMk16zRRSTKJRsaIFoRtSmd6qE7m
|
| Size: |
43253
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ffc72a61-f3a7-4a74-a079-fbafe3959d5d.tmp
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ffc72a61-f3a7-4a74-a079-fbafe3959d5d.tmp
|
| Category: |
dropped
|
| Dump: |
ffc72a61-f3a7-4a74-a079-fbafe3959d5d.tmp.83.dr
|
| ID: |
dr_391
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
6.090820134108617
|
| Encrypted: |
false
|
| Ssdeep: |
768:lDXzgWPsj/qlGJqIY8GB4xWumi1zNtPerH7MJvoJDSgzMMd6qD47u3+Ciol:l/Ps+wsI7yOzAtSmd6qE7lFol
|
| Size: |
42082
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
|
| Category: |
dropped
|
| Dump: |
5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres.83.dr
|
| ID: |
dr_397
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
data
|
| Entropy: |
3.8404358974031054
|
| Encrypted: |
false
|
| Ssdeep: |
48:uiTrlKxrgxTxl9Il8uxEyhCNA0DRHN4TF/8Ld1rc:mSYX3hCBDRH6F/8s
|
| Size: |
2278
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres
|
| Category: |
dropped
|
| Dump: |
cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres.83.dr
|
| ID: |
dr_398
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
data
|
| Entropy: |
3.9944656214540775
|
| Encrypted: |
false
|
| Ssdeep: |
96:JYXCSaSnSUumHXBQDwIO2w+RJcXSdB6ZG03A1:JxSaSSHG2DwZ2TkXSdo4UO
|
| Size: |
4622
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres
|
| Category: |
dropped
|
| Dump: |
e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres.83.dr
|
| ID: |
dr_396
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
data
|
| Entropy: |
3.9013653138515307
|
| Encrypted: |
false
|
| Ssdeep: |
48:uiTrlKx68Wa7xNxl9Il8uxQ4Qem0F744RelBHNL52vVsbbqHFfFuUG6d/vc:aTYXQXem0axTtL524bqHNFuU8
|
| Size: |
2684
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\json[1].json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\json[1].json
|
| Category: |
dropped
|
| Dump: |
json[1].json.75.dr
|
| ID: |
dr_194
|
| Target ID: |
75
|
| Process: |
C:\Windows\SysWOW64\explorer.exe
|
| Type: |
JSON data
|
| Entropy: |
5.3889050214548595
|
| Encrypted: |
false
|
| Ssdeep: |
48:SfNaoCE6TTECEFfNaoCdz6CdtfNaoCbPFCb7fNaoCfZ0UrU0U8CM:6NnCE6TTECExNnCkCbNnCZCHNnCR0Ur9
|
| Size: |
1787
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\json[1].json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\json[1].json
|
| Category: |
dropped
|
| Dump: |
json[1].json0.75.dr
|
| ID: |
dr_198
|
| Target ID: |
75
|
| Process: |
C:\Windows\SysWOW64\explorer.exe
|
| Type: |
JSON data
|
| Entropy: |
5.227210656949829
|
| Encrypted: |
false
|
| Ssdeep: |
12:MVBX8QNJBiROpUOMVO5VRH1KYpm4k7OpUOMBoBX8QNJBiROpUf/Q9rQKSYpPD6kM:OBfNaoCdc5DH17dCdBoBfNaoCuxLYCs
|
| Size: |
740
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
| Category: |
modified
|
| Dump: |
ModuleAnalysisCache.65.dr
|
| ID: |
dr_172
|
| Target ID: |
65
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
data
|
| Entropy: |
5.063731534798098
|
| Encrypted: |
false
|
| Ssdeep: |
768:TLbV3IpNBQkj2Uh4iUxkOZhxbardFCJOOdB8tAHkLNZzNKe1MlYo7YPU:TLbV3CNBQkj2Uh4iUxkO1qdwJOOdB8tu
|
| Size: |
28398
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
|
| Category: |
dropped
|
| Dump: |
StartupProfileData-Interactive.20.dr
|
| ID: |
dr_115
|
| Target ID: |
20
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
data
|
| Entropy: |
5.487881602253852
|
| Encrypted: |
false
|
| Ssdeep: |
48:tizsSU4xymdajms4RKqr9tEoUQ/78NQffiiuxJZKaVEouYAgwd64rHLjtvN:tizlHxvJsIKqrnl7KWK7J5Eo9AdrxN
|
| Size: |
3008
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\2260e71b-07ec-4880-b5e4-ca4a8da5abb5.tmp
|
Google Chrome extension, version 3
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\2260e71b-07ec-4880-b5e4-ca4a8da5abb5.tmp
|
| Category: |
dropped
|
| Dump: |
2260e71b-07ec-4880-b5e4-ca4a8da5abb5.tmp.83.dr
|
| ID: |
dr_305
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
Google Chrome extension, version 3
|
| Entropy: |
7.951995436832936
|
| Encrypted: |
false
|
| Ssdeep: |
192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
|
| Size: |
11185
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\2u00x0vECPsM03orBTgwNZzQ4jr\LICENSE.electron.txt
|
ASCII text
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\2u00x0vECPsM03orBTgwNZzQ4jr\LICENSE.electron.txt
|
| Category: |
dropped
|
| Dump: |
LICENSE.electron.txt0.0.dr
|
| ID: |
dr_83
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
ASCII text
|
| Entropy: |
5.13006727705212
|
| Encrypted: |
false
|
| Ssdeep: |
24:36DiJHxRHuyPP3GtIHw1Gg9QH+sUW8Ok4F+d1o36qjFD:36DiJzfPvGt7ICQH+sfIte36AFD
|
| Size: |
1096
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Creates license or readme file |
Compliance, Persistence and Installation Behavior |
|
|
|
C:\Users\user\AppData\Local\Temp\2u00x0vECPsM03orBTgwNZzQ4jr\LICENSES.chromium.html
|
HTML document, ASCII text, with CRLF, LF line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\2u00x0vECPsM03orBTgwNZzQ4jr\LICENSES.chromium.html
|
| Category: |
dropped
|
| Dump: |
LICENSES.chromium.html0.0.dr
|
| ID: |
dr_84
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
HTML document, ASCII text, with CRLF, LF line terminators
|
| Entropy: |
4.744454520037538
|
| Encrypted: |
false
|
| Ssdeep: |
24576:s89dQ06poh6j5qjK6mwRlXTimf4jZ6ojK6QjZ6UjK6ajK64jK6ZjZ6ijK6e6cjKI:7+eGf
|
| Size: |
11165867
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\2u00x0vECPsM03orBTgwNZzQ4jr\chrome_100_percent.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\2u00x0vECPsM03orBTgwNZzQ4jr\chrome_100_percent.pak
|
| Category: |
dropped
|
| Dump: |
chrome_100_percent.pak0.0.dr
|
| ID: |
dr_76
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
7.9148426429448415
|
| Encrypted: |
false
|
| Ssdeep: |
3072:Vz8JCGIdTwsWr8o9RHi/T9P1L2o418Gb0+VRLf0ld0GY3cQ3ERVm2I:Vz81IdTOr8EC/T95K18Gb0OV8ld0Gec+
|
| Size: |
147398
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\2u00x0vECPsM03orBTgwNZzQ4jr\chrome_200_percent.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\2u00x0vECPsM03orBTgwNZzQ4jr\chrome_200_percent.pak
|
| Category: |
dropped
|
| Dump: |
chrome_200_percent.pak0.0.dr
|
| ID: |
dr_77
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
7.944409804058383
|
| Encrypted: |
false
|
| Ssdeep: |
6144:7DQYajN6svyA6nIEb7r8EC/T9ugx5GMRejnbdZnVE6YoppO4:ofjN6svyA6F4B79a6edhVELoXO4
|
| Size: |
219772
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\2u00x0vECPsM03orBTgwNZzQ4jr\d3dcompiler_47.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\2u00x0vECPsM03orBTgwNZzQ4jr\d3dcompiler_47.dll
|
| Category: |
dropped
|
| Dump: |
d3dcompiler_47.dll0.0.dr
|
| ID: |
dr_78
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
| Entropy: |
6.398031738914566
|
| Encrypted: |
false
|
| Ssdeep: |
49152:hCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvdiD0N+YEzI4og/RfzHLeHTRhFRN1:oG2QCwmHjnog/pzHAo/Ayc
|
| Size: |
4916728
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
|
C:\Users\user\AppData\Local\Temp\2u00x0vECPsM03orBTgwNZzQ4jr\ffmpeg.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\2u00x0vECPsM03orBTgwNZzQ4jr\ffmpeg.dll
|
| Category: |
dropped
|
| Dump: |
ffmpeg.dll0.0.dr
|
| ID: |
dr_79
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
| Entropy: |
6.7051330084028535
|
| Encrypted: |
false
|
| Ssdeep: |
49152:ln0ZzBPpE+xOsNWoH8bVd8j+OA/7ZwddK6BfmLTqEIrrJBHZ9B:URE+x/NWXVd8jJEIBB59B
|
| Size: |
2980352
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
|
|
C:\Users\user\AppData\Local\Temp\2u00x0vECPsM03orBTgwNZzQ4jr\icudtl.dat
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\2u00x0vECPsM03orBTgwNZzQ4jr\icudtl.dat
|
| Category: |
dropped
|
| Dump: |
icudtl.dat0.0.dr
|
| ID: |
dr_80
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
6.265285813757595
|
| Encrypted: |
false
|
| Ssdeep: |
196608:gSPBhORiYAXHiXUxY/iJ53IWhlVjEeIu2Y8A:g+wkpHiXUxY/iJ53IWhlVjEeIjA
|
| Size: |
10464144
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\2u00x0vECPsM03orBTgwNZzQ4jr\libEGL.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\2u00x0vECPsM03orBTgwNZzQ4jr\libEGL.dll
|
| Category: |
dropped
|
| Dump: |
libEGL.dll0.0.dr
|
| ID: |
dr_81
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
| Entropy: |
6.369127310246399
|
| Encrypted: |
false
|
| Ssdeep: |
6144:LYIhfSSfj/zjNSdJMAZLDRc/IAjN6YRiDDl03VHCE9UwNNMkTW9THHB:DVScNaZLdcgAj41DKVHCE9UJkapHB
|
| Size: |
493568
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
|
C:\Users\user\AppData\Local\Temp\2u00x0vECPsM03orBTgwNZzQ4jr\libGLESv2.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\2u00x0vECPsM03orBTgwNZzQ4jr\libGLESv2.dll
|
| Category: |
dropped
|
| Dump: |
libGLESv2.dll0.0.dr
|
| ID: |
dr_82
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
| Entropy: |
6.491618857049433
|
| Encrypted: |
false
|
| Ssdeep: |
98304:yLlyzbl3w1X15cEqg7qZXIdoKwaaBXRLXZ1S:gu3gztmdkwaez
|
| Size: |
8112640
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
|
C:\Users\user\AppData\Local\Temp\2u00x0vECPsM03orBTgwNZzQ4jr\resources.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\2u00x0vECPsM03orBTgwNZzQ4jr\resources.pak
|
| Category: |
dropped
|
| Dump: |
resources.pak0.0.dr
|
| ID: |
dr_85
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
7.9962246703956685
|
| Encrypted: |
true
|
| Ssdeep: |
98304:IZvJh4POXD1V8SGg/dlE8NVwrwrQqgvxJ5NG6fVMLuYHzpO1w1f:exaWXD16S5lE8NVwkrQqgvxXNpfVM6M3
|
| Size: |
5800396
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\2u00x0vECPsM03orBTgwNZzQ4jr\snapshot_blob.bin
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\2u00x0vECPsM03orBTgwNZzQ4jr\snapshot_blob.bin
|
| Category: |
dropped
|
| Dump: |
snapshot_blob.bin0.0.dr
|
| ID: |
dr_86
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
4.1799020116031365
|
| Encrypted: |
false
|
| Ssdeep: |
3072:CECRChjZdcRF9U0ybk0Lbr1kFqSvrpziqESTylLZuacR20RjJ7n1G/x:pAClXWO0GtkFLpRylLKR20R9rc
|
| Size: |
320614
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\52a9c6be-756c-4e97-8143-c0d7268b27ec.tmp
|
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components
3
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\52a9c6be-756c-4e97-8143-c0d7268b27ec.tmp
|
| Category: |
dropped
|
| Dump: |
52a9c6be-756c-4e97-8143-c0d7268b27ec.tmp.83.dr
|
| ID: |
dr_277
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components
3
|
| Entropy: |
7.983996634657522
|
| Encrypted: |
false
|
| Ssdeep: |
3072:5WcDW3D2an0GMJGqJCj+1ZxdmdopHjHTFYPQyairiVoo4XSWrPoiXvJddppWmEI5:l81Lel7E6lEMVo/S01fDpWmEgD
|
| Size: |
206855
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\636983ba
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\636983ba
|
| Category: |
dropped
|
| Dump: |
636983ba.70.dr
|
| ID: |
dr_187
|
| Target ID: |
70
|
| Process: |
C:\Users\user\AppData\Roaming\scanvalid_hm_betav4\TiVoServer.exe
|
| Type: |
data
|
| Entropy: |
7.4107144765714645
|
| Encrypted: |
false
|
| Ssdeep: |
24576:ngfMD6HU/Ofu27GdQntEVHzgUZ/TAM25Neoo:ngtFfBGdQntEVHzbZ85i
|
| Size: |
876337
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\97817df6-791d-4d9b-9ce7-7b2a6a07c929.tmp
|
JPEG image data, comment: "Lavc59.36.100", baseline, precision 8, 1280x720, components 3
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\97817df6-791d-4d9b-9ce7-7b2a6a07c929.tmp
|
| Category: |
dropped
|
| Dump: |
97817df6-791d-4d9b-9ce7-7b2a6a07c929.tmp.83.dr
|
| ID: |
dr_295
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JPEG image data, comment: "Lavc59.36.100", baseline, precision 8, 1280x720, components 3
|
| Entropy: |
7.996949419046844
|
| Encrypted: |
true
|
| Ssdeep: |
24576:pacP6hmahdbHOvDlOm85HUKp5rYh7uB/GGU8R:p6mahdauHUKp5s7uB/ZR
|
| Size: |
834204
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\T5idFAPyOf4i2eUHJI
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\T5idFAPyOf4i2eUHJI
|
| Category: |
dropped
|
| Dump: |
T5idFAPyOf4i2eUHJI.9.dr
|
| ID: |
dr_89
|
| Target ID: |
9
|
| Process: |
C:\Users\user\AppData\Local\Temp\2u00x0vECPsM03orBTgwNZzQ4jr\Spacey Sun.exe
|
| Type: |
Zip archive data, at least v2.0 to extract, compression method=deflate
|
| Entropy: |
7.9982227136034
|
| Encrypted: |
true
|
| Ssdeep: |
98304:7C4ibOtjiCxhAj1D3j5A68wJchYvNJX579EF+w:7CF4iPRD3VAIchYp5Dw
|
| Size: |
3943426
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Queries the volume information (name, serial number etc) of a device |
Language, Device and Operating System Detection |
System Information Discovery
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0fl1blcx.a5b.ps1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0fl1blcx.a5b.ps1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_0fl1blcx.a5b.ps1.32.dr
|
| ID: |
dr_128
|
| Target ID: |
32
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0w10evhi.bqa.ps1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0w10evhi.bqa.ps1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_0w10evhi.bqa.ps1.29.dr
|
| ID: |
dr_126
|
| Target ID: |
29
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1h2zu0hj.hre.ps1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1h2zu0hj.hre.ps1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_1h2zu0hj.hre.ps1.43.dr
|
| ID: |
dr_146
|
| Target ID: |
43
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_45edo3xr.les.psm1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_45edo3xr.les.psm1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_45edo3xr.les.psm1.43.dr
|
| ID: |
dr_147
|
| Target ID: |
43
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5xbeoqsi.rp0.ps1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5xbeoqsi.rp0.ps1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_5xbeoqsi.rp0.ps1.36.dr
|
| ID: |
dr_138
|
| Target ID: |
36
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_arf5siof.zdq.ps1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_arf5siof.zdq.ps1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_arf5siof.zdq.ps1.51.dr
|
| ID: |
dr_162
|
| Target ID: |
51
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_axljrgoh.mu5.psm1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_axljrgoh.mu5.psm1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_axljrgoh.mu5.psm1.51.dr
|
| ID: |
dr_163
|
| Target ID: |
51
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_aztq1n2m.2ev.ps1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_aztq1n2m.2ev.ps1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_aztq1n2m.2ev.ps1.45.dr
|
| ID: |
dr_148
|
| Target ID: |
45
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cb5cr2ak.smd.ps1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cb5cr2ak.smd.ps1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_cb5cr2ak.smd.ps1.65.dr
|
| ID: |
dr_170
|
| Target ID: |
65
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cjohadpv.b5n.ps1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cjohadpv.b5n.ps1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_cjohadpv.b5n.ps1.29.dr
|
| ID: |
dr_124
|
| Target ID: |
29
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_czqto2h0.fae.psm1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_czqto2h0.fae.psm1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_czqto2h0.fae.psm1.52.dr
|
| ID: |
dr_167
|
| Target ID: |
52
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_d4yrkv0r.qzn.psm1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_d4yrkv0r.qzn.psm1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_d4yrkv0r.qzn.psm1.43.dr
|
| ID: |
dr_145
|
| Target ID: |
43
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_deh5l5ye.pfm.ps1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_deh5l5ye.pfm.ps1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_deh5l5ye.pfm.ps1.49.dr
|
| ID: |
dr_158
|
| Target ID: |
49
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_e0owa235.ink.psm1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_e0owa235.ink.psm1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_e0owa235.ink.psm1.33.dr
|
| ID: |
dr_133
|
| Target ID: |
33
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_esinqz3r.cu0.psm1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_esinqz3r.cu0.psm1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_esinqz3r.cu0.psm1.20.dr
|
| ID: |
dr_117
|
| Target ID: |
20
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_f4om5amm.npd.psm1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_f4om5amm.npd.psm1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_f4om5amm.npd.psm1.35.dr
|
| ID: |
dr_137
|
| Target ID: |
35
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fadbkmf1.3ri.ps1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fadbkmf1.3ri.ps1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_fadbkmf1.3ri.ps1.20.dr
|
| ID: |
dr_116
|
| Target ID: |
20
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_g0suc1pt.j34.ps1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_g0suc1pt.j34.ps1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_g0suc1pt.j34.ps1.52.dr
|
| ID: |
dr_164
|
| Target ID: |
52
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_g5enfpui.n4p.psm1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_g5enfpui.n4p.psm1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_g5enfpui.n4p.psm1.52.dr
|
| ID: |
dr_165
|
| Target ID: |
52
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gpxjldj4.vyb.ps1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gpxjldj4.vyb.ps1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_gpxjldj4.vyb.ps1.41.dr
|
| ID: |
dr_140
|
| Target ID: |
41
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gq04e1fq.rou.psm1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gq04e1fq.rou.psm1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_gq04e1fq.rou.psm1.29.dr
|
| ID: |
dr_125
|
| Target ID: |
29
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gz415xps.wmw.psm1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gz415xps.wmw.psm1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_gz415xps.wmw.psm1.32.dr
|
| ID: |
dr_129
|
| Target ID: |
32
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hduatxxx.amy.psm1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hduatxxx.amy.psm1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_hduatxxx.amy.psm1.18.dr
|
| ID: |
dr_114
|
| Target ID: |
18
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hihi05ox.qrj.ps1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hihi05ox.qrj.ps1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_hihi05ox.qrj.ps1.43.dr
|
| ID: |
dr_144
|
| Target ID: |
43
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hpuptlxl.ve5.ps1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hpuptlxl.ve5.ps1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_hpuptlxl.ve5.ps1.47.dr
|
| ID: |
dr_154
|
| Target ID: |
47
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hyh2mu3s.q13.ps1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hyh2mu3s.q13.ps1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_hyh2mu3s.q13.ps1.55.dr
|
| ID: |
dr_168
|
| Target ID: |
55
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ift2lz3l.0jb.psm1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ift2lz3l.0jb.psm1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_ift2lz3l.0jb.psm1.45.dr
|
| ID: |
dr_151
|
| Target ID: |
45
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_iyj0jkzx.zmr.ps1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_iyj0jkzx.zmr.ps1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_iyj0jkzx.zmr.ps1.28.dr
|
| ID: |
dr_122
|
| Target ID: |
28
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jchl3nv2.q2c.psm1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jchl3nv2.q2c.psm1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_jchl3nv2.q2c.psm1.28.dr
|
| ID: |
dr_123
|
| Target ID: |
28
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jjx5g3ar.l3w.psm1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jjx5g3ar.l3w.psm1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_jjx5g3ar.l3w.psm1.41.dr
|
| ID: |
dr_143
|
| Target ID: |
41
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l5sqcmux.4wo.ps1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l5sqcmux.4wo.ps1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_l5sqcmux.4wo.ps1.32.dr
|
| ID: |
dr_130
|
| Target ID: |
32
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lcvwbd33.leg.psm1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lcvwbd33.leg.psm1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_lcvwbd33.leg.psm1.65.dr
|
| ID: |
dr_174
|
| Target ID: |
65
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lepbkgid.qeu.psm1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lepbkgid.qeu.psm1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_lepbkgid.qeu.psm1.17.dr
|
| ID: |
dr_110
|
| Target ID: |
17
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lflhcev4.vtn.ps1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lflhcev4.vtn.ps1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_lflhcev4.vtn.ps1.27.dr
|
| ID: |
dr_118
|
| Target ID: |
27
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lt3mbrjb.5fs.ps1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lt3mbrjb.5fs.ps1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_lt3mbrjb.5fs.ps1.18.dr
|
| ID: |
dr_113
|
| Target ID: |
18
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_msjfe3yt.shz.psm1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_msjfe3yt.shz.psm1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_msjfe3yt.shz.psm1.41.dr
|
| ID: |
dr_141
|
| Target ID: |
41
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nbqqf4l1.c22.psm1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nbqqf4l1.c22.psm1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_nbqqf4l1.c22.psm1.46.dr
|
| ID: |
dr_153
|
| Target ID: |
46
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ohgtj2ts.n5z.psm1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ohgtj2ts.n5z.psm1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_ohgtj2ts.n5z.psm1.27.dr
|
| ID: |
dr_121
|
| Target ID: |
27
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_otoopv34.0vx.ps1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_otoopv34.0vx.ps1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_otoopv34.0vx.ps1.27.dr
|
| ID: |
dr_120
|
| Target ID: |
27
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pxe3zper.lti.ps1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pxe3zper.lti.ps1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_pxe3zper.lti.ps1.45.dr
|
| ID: |
dr_150
|
| Target ID: |
45
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_q3101sy1.inl.ps1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_q3101sy1.inl.ps1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_q3101sy1.inl.ps1.18.dr
|
| ID: |
dr_111
|
| Target ID: |
18
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_q5h1wsyc.kld.psm1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_q5h1wsyc.kld.psm1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_q5h1wsyc.kld.psm1.18.dr
|
| ID: |
dr_112
|
| Target ID: |
18
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qfkgwwdl.des.psm1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qfkgwwdl.des.psm1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_qfkgwwdl.des.psm1.36.dr
|
| ID: |
dr_139
|
| Target ID: |
36
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qpx5khzl.t3q.psm1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qpx5khzl.t3q.psm1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_qpx5khzl.t3q.psm1.32.dr
|
| ID: |
dr_131
|
| Target ID: |
32
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qpzuirhs.5es.psm1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qpzuirhs.5es.psm1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_qpzuirhs.5es.psm1.65.dr
|
| ID: |
dr_171
|
| Target ID: |
65
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_quc0sugu.x2b.psm1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_quc0sugu.x2b.psm1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_quc0sugu.x2b.psm1.47.dr
|
| ID: |
dr_157
|
| Target ID: |
47
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_r4tx4qmx.pdf.ps1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_r4tx4qmx.pdf.ps1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_r4tx4qmx.pdf.ps1.65.dr
|
| ID: |
dr_173
|
| Target ID: |
65
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_s1tqwhk4.5yu.psm1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_s1tqwhk4.5yu.psm1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_s1tqwhk4.5yu.psm1.17.dr
|
| ID: |
dr_108
|
| Target ID: |
17
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sq5vdh5z.g3k.psm1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sq5vdh5z.g3k.psm1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_sq5vdh5z.g3k.psm1.29.dr
|
| ID: |
dr_127
|
| Target ID: |
29
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_t1kqkxwl.x0a.ps1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_t1kqkxwl.x0a.ps1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_t1kqkxwl.x0a.ps1.47.dr
|
| ID: |
dr_156
|
| Target ID: |
47
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tgpgpnic.0cg.psm1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tgpgpnic.0cg.psm1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_tgpgpnic.0cg.psm1.45.dr
|
| ID: |
dr_149
|
| Target ID: |
45
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_u1weh3yx.qrq.ps1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_u1weh3yx.qrq.ps1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_u1weh3yx.qrq.ps1.35.dr
|
| ID: |
dr_134
|
| Target ID: |
35
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ukyp4eco.xjh.ps1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ukyp4eco.xjh.ps1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_ukyp4eco.xjh.ps1.52.dr
|
| ID: |
dr_166
|
| Target ID: |
52
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uqdgnlia.wqt.psm1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uqdgnlia.wqt.psm1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_uqdgnlia.wqt.psm1.47.dr
|
| ID: |
dr_155
|
| Target ID: |
47
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uyfn52j1.tyw.psm1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uyfn52j1.tyw.psm1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_uyfn52j1.tyw.psm1.55.dr
|
| ID: |
dr_169
|
| Target ID: |
55
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vdo40j1c.lh5.psm1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vdo40j1c.lh5.psm1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_vdo40j1c.lh5.psm1.35.dr
|
| ID: |
dr_135
|
| Target ID: |
35
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vdrjlcyr.rwf.psm1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vdrjlcyr.rwf.psm1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_vdrjlcyr.rwf.psm1.49.dr
|
| ID: |
dr_161
|
| Target ID: |
49
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vl5ki111.wq5.ps1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vl5ki111.wq5.ps1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_vl5ki111.wq5.ps1.33.dr
|
| ID: |
dr_132
|
| Target ID: |
33
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wwgjde35.r20.ps1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wwgjde35.r20.ps1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_wwgjde35.r20.ps1.17.dr
|
| ID: |
dr_109
|
| Target ID: |
17
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_x35mpkj5.mlw.ps1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_x35mpkj5.mlw.ps1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_x35mpkj5.mlw.ps1.41.dr
|
| ID: |
dr_142
|
| Target ID: |
41
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xdn1gd5m.uxf.ps1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xdn1gd5m.uxf.ps1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_xdn1gd5m.uxf.ps1.35.dr
|
| ID: |
dr_136
|
| Target ID: |
35
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xghxth44.vca.ps1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xghxth44.vca.ps1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_xghxth44.vca.ps1.46.dr
|
| ID: |
dr_152
|
| Target ID: |
46
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xjy0muaf.ulu.ps1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xjy0muaf.ulu.ps1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_xjy0muaf.ulu.ps1.17.dr
|
| ID: |
dr_107
|
| Target ID: |
17
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yqxs3fab.nwl.ps1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yqxs3fab.nwl.ps1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_yqxs3fab.nwl.ps1.49.dr
|
| ID: |
dr_160
|
| Target ID: |
49
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yrxnpddr.uyj.psm1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yrxnpddr.uyj.psm1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_yrxnpddr.uyj.psm1.27.dr
|
| ID: |
dr_119
|
| Target ID: |
27
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_z5zo1rch.bfh.psm1
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_z5zo1rch.bfh.psm1
|
| Category: |
dropped
|
| Dump: |
__PSScriptPolicyTest_z5zo1rch.bfh.psm1.49.dr
|
| ID: |
dr_159
|
| Target ID: |
49
|
| Process: |
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
| Type: |
ASCII text, with no line terminators
|
| Entropy: |
4.038920595031593
|
| Encrypted: |
false
|
| Ssdeep: |
3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
|
| Size: |
60
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\b94f295d-9e2d-4923-9531-2fe651af5529.tmp
|
very short file (no magic)
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\b94f295d-9e2d-4923-9531-2fe651af5529.tmp
|
| Category: |
dropped
|
| Dump: |
b94f295d-9e2d-4923-9531-2fe651af5529.tmp.83.dr
|
| ID: |
dr_331
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
very short file (no magic)
|
| Entropy: |
0.0
|
| Encrypted: |
false
|
| Ssdeep: |
3:L:L
|
| Size: |
1
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\cv_debug.log
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\cv_debug.log
|
| Category: |
dropped
|
| Dump: |
cv_debug.log.83.dr
|
| ID: |
dr_302
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
5.421358654383702
|
| Encrypted: |
false
|
| Ssdeep: |
48:Y4MfJVe5wMd5wMe07cIF5Io0MY5kU2A0OpJ5xnL0MotJ5VovUx0B5Q5mWdp0BWPW:JIVuwEw5MUFZLBQLtz3M
|
| Size: |
1658
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\d043d6e6-2d33-4d09-a6c2-f0e6b468e654.tmp
|
very short file (no magic)
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\d043d6e6-2d33-4d09-a6c2-f0e6b468e654.tmp
|
| Category: |
dropped
|
| Dump: |
d043d6e6-2d33-4d09-a6c2-f0e6b468e654.tmp.83.dr
|
| ID: |
dr_325
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
very short file (no magic)
|
| Entropy: |
0.0
|
| Encrypted: |
false
|
| Ssdeep: |
3:L:L
|
| Size: |
1
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\e24f73b8-819b-4da3-88b4-36efdeb966cd.tmp
|
Google Chrome extension, version 3
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\e24f73b8-819b-4da3-88b4-36efdeb966cd.tmp
|
| Category: |
dropped
|
| Dump: |
e24f73b8-819b-4da3-88b4-36efdeb966cd.tmp.83.dr
|
| ID: |
dr_284
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
Google Chrome extension, version 3
|
| Entropy: |
7.839678617100523
|
| Encrypted: |
false
|
| Ssdeep: |
3072:zZH5WPD5SqCJryow8AWTtwGrasOQNHjWRKnvXTwL:zpIPFCXjAWTtwGusOWmMvjwL
|
| Size: |
154545
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\fccdfdd5-010c-44bc-8282-8b04fa439033.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41924
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\fccdfdd5-010c-44bc-8282-8b04fa439033.tmp
|
| Category: |
dropped
|
| Dump: |
fccdfdd5-010c-44bc-8282-8b04fa439033.tmp.83.dr
|
| ID: |
dr_279
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41924
|
| Entropy: |
7.996159328201069
|
| Encrypted: |
true
|
| Ssdeep: |
1536:fFZ2cHkObrS5Vvm808scZeEzFrSpzBUl4MZIGM/iysAGz88:fbb1UdS8scZNzFrMa4M+lKqeZ
|
| Size: |
76314
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nB8AXbcwd4V7OPltcd\BorlndMm.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nB8AXbcwd4V7OPltcd\BorlndMm.dll
|
| Category: |
dropped
|
| Dump: |
BorlndMm.dll.9.dr
|
| ID: |
dr_90
|
| Target ID: |
9
|
| Process: |
C:\Users\user\AppData\Local\Temp\2u00x0vECPsM03orBTgwNZzQ4jr\Spacey Sun.exe
|
| Type: |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
| Entropy: |
5.8024208675780855
|
| Encrypted: |
false
|
| Ssdeep: |
768:eKF+Ki/ija+1IGm5fe+7GGXQ/ija+1IhyPXZl0Pi75:eKF+qmd7GGYyb0a75
|
| Size: |
29696
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Queries the volume information (name, serial number etc) of a device |
Language, Device and Operating System Detection |
System Information Discovery
|
|
|
C:\Users\user\AppData\Local\Temp\nB8AXbcwd4V7OPltcd\CC3260MT.dll
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nB8AXbcwd4V7OPltcd\CC3260MT.dll
|
| Category: |
dropped
|
| Dump: |
CC3260MT.dll.9.dr
|
| ID: |
dr_91
|
| Target ID: |
9
|
| Process: |
C:\Users\user\AppData\Local\Temp\2u00x0vECPsM03orBTgwNZzQ4jr\Spacey Sun.exe
|
| Type: |
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
| Entropy: |
6.382293162945728
|
| Encrypted: |
false
|
| Ssdeep: |
12288:a1TaXhBDFeZsk4B8lLLnPo7BfUKMsG5I4S9X1/qfzKjJ3PmSruNXCwwwwwwwwwwS:sT+hB7TqpLnP8lUKHcfSJ+SruBZqW
|
| Size: |
1500160
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Queries the volume information (name, serial number etc) of a device |
Language, Device and Operating System Detection |
System Information Discovery
|
|
|
C:\Users\user\AppData\Local\Temp\nB8AXbcwd4V7OPltcd\MindClient.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nB8AXbcwd4V7OPltcd\MindClient.dll
|
| Category: |
dropped
|
| Dump: |
MindClient.dll.9.dr
|
| ID: |
dr_96
|
| Target ID: |
9
|
| Process: |
C:\Users\user\AppData\Local\Temp\2u00x0vECPsM03orBTgwNZzQ4jr\Spacey Sun.exe
|
| Type: |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
| Entropy: |
6.501374502547409
|
| Encrypted: |
false
|
| Ssdeep: |
6144:Ia3CPnngkkrohdf/U8t65qIhWG1eywT3/vxC1+jeUwNv+:uPnnglohdf/UbSG1ey0nxlNwNv+
|
| Size: |
478480
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
|
|
C:\Users\user\AppData\Local\Temp\nB8AXbcwd4V7OPltcd\Rtl60.bpl
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nB8AXbcwd4V7OPltcd\Rtl60.bpl
|
| Category: |
dropped
|
| Dump: |
Rtl60.bpl.9.dr
|
| ID: |
dr_97
|
| Target ID: |
9
|
| Process: |
C:\Users\user\AppData\Local\Temp\2u00x0vECPsM03orBTgwNZzQ4jr\Spacey Sun.exe
|
| Type: |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
| Entropy: |
6.767809579422226
|
| Encrypted: |
false
|
| Ssdeep: |
12288:w146Fc5MU8sb70WgpeZQDJyx7W+AK1Oug2GWDKuX8oJTFrBdn+Md:w1rFZUDb741ydW+AK1a2GWDKus2prBVd
|
| Size: |
685056
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Drops files with a non-matching file extension (content does not match file extension) |
Persistence and Installation Behavior |
|
|
|
C:\Users\user\AppData\Local\Temp\nB8AXbcwd4V7OPltcd\StlpMt45.dll
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nB8AXbcwd4V7OPltcd\StlpMt45.dll
|
| Category: |
dropped
|
| Dump: |
StlpMt45.dll.9.dr
|
| ID: |
dr_98
|
| Target ID: |
9
|
| Process: |
C:\Users\user\AppData\Local\Temp\2u00x0vECPsM03orBTgwNZzQ4jr\Spacey Sun.exe
|
| Type: |
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
| Entropy: |
6.5500705384461675
|
| Encrypted: |
false
|
| Ssdeep: |
12288:vkn33ywLy8gz7IJ/Pd0/LRZxXlB1E34aN:vkmcJ/PSRZxXVE34
|
| Size: |
618496
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
|
|
C:\Users\user\AppData\Local\Temp\nB8AXbcwd4V7OPltcd\TiVoServer.exe
|
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nB8AXbcwd4V7OPltcd\TiVoServer.exe
|
| Category: |
dropped
|
| Dump: |
TiVoServer.exe.9.dr
|
| ID: |
dr_99
|
| Target ID: |
9
|
| Process: |
C:\Users\user\AppData\Local\Temp\2u00x0vECPsM03orBTgwNZzQ4jr\Spacey Sun.exe
|
| Type: |
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
| Entropy: |
6.250749546655814
|
| Encrypted: |
false
|
| Ssdeep: |
49152:XQiUyydnfdTw0h7XOlo7pfkAikLfF3Sq3JLFc+KUZy9EE/2G8NMyb6S4cyQ2a5R9:s/ZvlS0Lhb0llOIYhf
|
| Size: |
2264336
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Creates a process in suspended mode (likely to inject code) |
HIPS / PFW / Operating System Protection Evasion |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Drops files with a non-matching file extension (content does not match file extension) |
Persistence and Installation Behavior |
|
| EXE planting / hijacking vulnerabilities found |
Privilege Escalation, Compliance |
DLL Search Order Hijacking
|
| Spawns processes |
System Summary |
|
|
|
C:\Users\user\AppData\Local\Temp\nB8AXbcwd4V7OPltcd\Vcl60.bpl
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nB8AXbcwd4V7OPltcd\Vcl60.bpl
|
| Category: |
dropped
|
| Dump: |
Vcl60.bpl.9.dr
|
| ID: |
dr_100
|
| Target ID: |
9
|
| Process: |
C:\Users\user\AppData\Local\Temp\2u00x0vECPsM03orBTgwNZzQ4jr\Spacey Sun.exe
|
| Type: |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
| Entropy: |
6.676208627237961
|
| Encrypted: |
false
|
| Ssdeep: |
12288:bm+Qn2EwRdVI0Ine/pCz+2f3RAXNKEj0RJMiohzj/AQ1hRfSVW4gBeyYGmN:6+IMr0spuxJaHL1HaVpgBjYG
|
| Size: |
1326080
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Drops files with a non-matching file extension (content does not match file extension) |
Persistence and Installation Behavior |
|
| Queries the volume information (name, serial number etc) of a device |
Language, Device and Operating System Detection |
System Information Discovery
|
|
|
C:\Users\user\AppData\Local\Temp\nB8AXbcwd4V7OPltcd\flattest.mpeg
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nB8AXbcwd4V7OPltcd\flattest.mpeg
|
| Category: |
dropped
|
| Dump: |
flattest.mpeg.9.dr
|
| ID: |
dr_92
|
| Target ID: |
9
|
| Process: |
C:\Users\user\AppData\Local\Temp\2u00x0vECPsM03orBTgwNZzQ4jr\Spacey Sun.exe
|
| Type: |
data
|
| Entropy: |
4.768639387969871
|
| Encrypted: |
false
|
| Ssdeep: |
768:x5jP+G/tj+AVC42oIhPT+v+TJqHICWt067fzXDJgB:2NfoIB+v+TJ2Ad7fzzy
|
| Size: |
40436
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Queries the volume information (name, serial number etc) of a device |
Language, Device and Operating System Detection |
System Information Discovery
|
|
|
C:\Users\user\AppData\Local\Temp\nB8AXbcwd4V7OPltcd\glengarry.odp
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nB8AXbcwd4V7OPltcd\glengarry.odp
|
| Category: |
dropped
|
| Dump: |
glengarry.odp.9.dr
|
| ID: |
dr_93
|
| Target ID: |
9
|
| Process: |
C:\Users\user\AppData\Local\Temp\2u00x0vECPsM03orBTgwNZzQ4jr\Spacey Sun.exe
|
| Type: |
data
|
| Entropy: |
7.8619498615791
|
| Encrypted: |
false
|
| Ssdeep: |
12288:X7TE+RUGzngUQm2Ns9mtyHJTbhMcGhKZ2a5TFf8:LTJMUQbs9rBhMuZ2iTe
|
| Size: |
625974
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Queries the volume information (name, serial number etc) of a device |
Language, Device and Operating System Detection |
System Information Discovery
|
|
|
C:\Users\user\AppData\Local\Temp\nB8AXbcwd4V7OPltcd\libglib-2.0-0.dll
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nB8AXbcwd4V7OPltcd\libglib-2.0-0.dll
|
| Category: |
dropped
|
| Dump: |
libglib-2.0-0.dll.9.dr
|
| ID: |
dr_94
|
| Target ID: |
9
|
| Process: |
C:\Users\user\AppData\Local\Temp\2u00x0vECPsM03orBTgwNZzQ4jr\Spacey Sun.exe
|
| Type: |
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
| Entropy: |
6.391696538180238
|
| Encrypted: |
false
|
| Ssdeep: |
24576:OqUAgODpoSEA5CVkJ94dGF5d0HxTVmyum1WtJI/xX0Q:OqUARDmSE1VkJ94dGF5d0ZVmSL/D
|
| Size: |
1029372
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Queries the volume information (name, serial number etc) of a device |
Language, Device and Operating System Detection |
System Information Discovery
|
|
|
C:\Users\user\AppData\Local\Temp\nB8AXbcwd4V7OPltcd\loudmouth.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nB8AXbcwd4V7OPltcd\loudmouth.dll
|
| Category: |
dropped
|
| Dump: |
loudmouth.dll.9.dr
|
| ID: |
dr_95
|
| Target ID: |
9
|
| Process: |
C:\Users\user\AppData\Local\Temp\2u00x0vECPsM03orBTgwNZzQ4jr\Spacey Sun.exe
|
| Type: |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
| Entropy: |
6.686396816400311
|
| Encrypted: |
false
|
| Ssdeep: |
12288:ej5RT64PLpHD2cA7jQubZdLYU8+T5uLvYc18Iwp1SzX7DZj:ej5B64PLpHhunLt9MLvYu8rp1SzXfZj
|
| Size: |
716800
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
| Queries the volume information (name, serial number etc) of a device |
Language, Device and Operating System Detection |
System Information Discovery
|
|
|
C:\Users\user\AppData\Local\Temp\nB8AXbcwd4V7OPltcd\wspconfig.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nB8AXbcwd4V7OPltcd\wspconfig.dll
|
| Category: |
dropped
|
| Dump: |
wspconfig.dll.9.dr
|
| ID: |
dr_101
|
| Target ID: |
9
|
| Process: |
C:\Users\user\AppData\Local\Temp\2u00x0vECPsM03orBTgwNZzQ4jr\Spacey Sun.exe
|
| Type: |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
| Entropy: |
6.398131394073264
|
| Encrypted: |
false
|
| Ssdeep: |
12288:XjwpfW0d+Bl1mb0hILXU1XC7ngmzN6bDG+:zeW0wX1LGLEQ7ngmzyD3
|
| Size: |
548624
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Drops PE files |
Persistence and Installation Behavior |
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\LICENSE.electron.txt
|
ASCII text
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\LICENSE.electron.txt
|
| Category: |
dropped
|
| Dump: |
LICENSE.electron.txt.0.dr
|
| ID: |
dr_6
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
ASCII text
|
| Entropy: |
5.13006727705212
|
| Encrypted: |
false
|
| Ssdeep: |
24:36DiJHxRHuyPP3GtIHw1Gg9QH+sUW8Ok4F+d1o36qjFD:36DiJzfPvGt7ICQH+sfIte36AFD
|
| Size: |
1096
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Creates license or readme file |
Compliance, Persistence and Installation Behavior |
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\LICENSES.chromium.html
|
HTML document, ASCII text, with CRLF, LF line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\LICENSES.chromium.html
|
| Category: |
dropped
|
| Dump: |
LICENSES.chromium.html.0.dr
|
| ID: |
dr_7
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
HTML document, ASCII text, with CRLF, LF line terminators
|
| Entropy: |
4.744454520037538
|
| Encrypted: |
false
|
| Ssdeep: |
24576:s89dQ06poh6j5qjK6mwRlXTimf4jZ6ojK6QjZ6UjK6ajK64jK6ZjZ6ijK6e6cjKI:7+eGf
|
| Size: |
11165867
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\chrome_100_percent.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\chrome_100_percent.pak
|
| Category: |
dropped
|
| Dump: |
chrome_100_percent.pak.0.dr
|
| ID: |
dr_3
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
7.9148426429448415
|
| Encrypted: |
false
|
| Ssdeep: |
3072:Vz8JCGIdTwsWr8o9RHi/T9P1L2o418Gb0+VRLf0ld0GY3cQ3ERVm2I:Vz81IdTOr8EC/T95K18Gb0OV8ld0Gec+
|
| Size: |
147398
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\chrome_200_percent.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\chrome_200_percent.pak
|
| Category: |
dropped
|
| Dump: |
chrome_200_percent.pak.0.dr
|
| ID: |
dr_4
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
7.944409804058383
|
| Encrypted: |
false
|
| Ssdeep: |
6144:7DQYajN6svyA6nIEb7r8EC/T9ugx5GMRejnbdZnVE6YoppO4:ofjN6svyA6F4B79a6edhVELoXO4
|
| Size: |
219772
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\icudtl.dat
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\icudtl.dat
|
| Category: |
dropped
|
| Dump: |
icudtl.dat.0.dr
|
| ID: |
dr_5
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
6.265285813757595
|
| Encrypted: |
false
|
| Ssdeep: |
196608:gSPBhORiYAXHiXUxY/iJ53IWhlVjEeIu2Y8A:g+wkpHiXUxY/iJ53IWhlVjEeIjA
|
| Size: |
10464144
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\af.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\af.pak
|
| Category: |
dropped
|
| Dump: |
af.pak.0.dr
|
| ID: |
dr_8
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
5.405751542572978
|
| Encrypted: |
false
|
| Ssdeep: |
12288:NNNlADacvxmRmrH8FGyB+Eja+H2Jyndae1t5I1L3o0vkICgt2ni+FQXp2dq2Fw32:/NlADaSxmRmL8FZMEja+H2Jyndae1t5X
|
| Size: |
545943
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\am.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\am.pak
|
| Category: |
dropped
|
| Dump: |
am.pak.0.dr
|
| ID: |
dr_9
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
4.8936222613463665
|
| Encrypted: |
false
|
| Ssdeep: |
24576:yTTo1CMhTCN9yDrxdXHIjWDGSzmX/h5WzIMBqVFq+XG/6rx9PF4:S50
|
| Size: |
882232
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\ar.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\ar.pak
|
| Category: |
dropped
|
| Dump: |
ar.pak.0.dr
|
| ID: |
dr_10
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
4.921225757088056
|
| Encrypted: |
false
|
| Ssdeep: |
12288:eiy1TFnsBkVwA/Nj2REP+avPUHumVkmhSL5lNZrQswfpQfk:e/5ZB5ZQD
|
| Size: |
967968
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\bg.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\bg.pak
|
| Category: |
dropped
|
| Dump: |
bg.pak.0.dr
|
| ID: |
dr_11
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
4.662406709603209
|
| Encrypted: |
false
|
| Ssdeep: |
24576:qOxoqWwOJLYyzQkECjUdVbKXLZ373ZpA3AAKkmVDlKK74umpG7gJ5bxuFqoRQxxK:qkoqWwOJLYf8UdVbKXLZ373Z23AQmVDR
|
| Size: |
1007566
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\bn.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\bn.pak
|
| Category: |
dropped
|
| Dump: |
bn.pak.0.dr
|
| ID: |
dr_12
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
4.276622693899991
|
| Encrypted: |
false
|
| Ssdeep: |
3072:/uLkpSpKbx1PKHhqSqJX2T/lH8xcEf6Mf8ZfFmueffB+hBb7xIL5jojBrqB8:/070b3iQSqQfFNofB+hBbW5sqB8
|
| Size: |
1298446
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\ca.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\ca.pak
|
| Category: |
dropped
|
| Dump: |
ca.pak.0.dr
|
| ID: |
dr_13
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
5.401531882541058
|
| Encrypted: |
false
|
| Ssdeep: |
12288:/+WRa+oyi7NZ5rCiWNQ3RWUu5PhFkN3Mw2juwHzejm0t3lt+Hb7TdnJLnwOwjcKB:WIazIqMDLpih1MNYBPS5q8OPX
|
| Size: |
612679
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\cs.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\cs.pak
|
| Category: |
dropped
|
| Dump: |
cs.pak.0.dr
|
| ID: |
dr_14
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
5.83692019711766
|
| Encrypted: |
false
|
| Ssdeep: |
6144:nd3UfAmJ9uWIDGCfcaJ4bV5Ag0VmAc+M55C+y/ZNOjoJSBZT8Q6:lUfrPvCR0V5AgW655C+y/ZNOcJS0
|
| Size: |
632451
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\da.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\da.pak
|
| Category: |
dropped
|
| Dump: |
da.pak.0.dr
|
| ID: |
dr_15
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
5.448804350284151
|
| Encrypted: |
false
|
| Ssdeep: |
6144:Sna6pzBAk5R0p7xQzVzz5hIWZ+1seR93wlQZ+JwvJobdZ6a0Nu5byXdUdjjg5d43:Sa6pzKgS7TWU97ir5byXqd+k
|
| Size: |
571795
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\de.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\de.pak
|
| Category: |
dropped
|
| Dump: |
de.pak.0.dr
|
| ID: |
dr_16
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
5.500800340097999
|
| Encrypted: |
false
|
| Ssdeep: |
12288:4W8SD3crMF3K7UpLgUaIIyYuC5RiMuUs3CJg:4IwMF3K7UpLgUaI4f5MMmCJg
|
| Size: |
611325
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\el.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\el.pak
|
| Category: |
dropped
|
| Dump: |
el.pak.0.dr
|
| ID: |
dr_17
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
4.745919426521623
|
| Encrypted: |
false
|
| Ssdeep: |
24576:9FkGUHCFbX46cQDYX9GpMDbYJXDsStimiHN3C2NpYuzywjvmpgVoy2IWYNQK2bvg:bWHCFbX46cQDYX9GpMDbYJXDsStimiHN
|
| Size: |
1103668
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\en-GB.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\en-GB.pak
|
| Category: |
dropped
|
| Dump: |
en-GB.pak.0.dr
|
| ID: |
dr_18
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
5.516061451943629
|
| Encrypted: |
false
|
| Ssdeep: |
6144:12FyTWkHrYksira/dFc9gkMP9eWQSKgfaYcAk8Ha5qbxfBcKR5o:10wZBJr4kMnQSKe25cxQ
|
| Size: |
496744
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\en-US.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\en-US.pak
|
| Category: |
dropped
|
| Dump: |
en-US.pak.0.dr
|
| ID: |
dr_19
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
5.507569724388424
|
| Encrypted: |
false
|
| Ssdeep: |
6144:bBLy2+0m1ZazYweDL8MP9eOQcDNfaY7hDHW5+7xEngnt/SOwB:xb9zY8MZQcDNq5IxXwB
|
| Size: |
501514
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\es-419.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\es-419.pak
|
| Category: |
dropped
|
| Dump: |
es-419.pak.0.dr
|
| ID: |
dr_20
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
5.370886749489671
|
| Encrypted: |
false
|
| Ssdeep: |
6144:NoAdhbDQVGjBNtAp8Yl7VSoZd05zabaQ+UnLxd:NoAd9DIGjypFVo5za1++d
|
| Size: |
603432
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\es.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\es.pak
|
| Category: |
dropped
|
| Dump: |
es.pak.0.dr
|
| ID: |
dr_21
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
5.35135146291312
|
| Encrypted: |
false
|
| Ssdeep: |
6144:zz29e/Le47xz1yHlH9gIFppw+SQnlOm+oC8jC5Jzf26rFuDn6PZOUx:zzQeDxAlDjp5nlOQC8jC5d2wFaR0
|
| Size: |
602489
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\et.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\et.pak
|
| Category: |
dropped
|
| Dump: |
et.pak.0.dr
|
| ID: |
dr_22
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
5.449756570583017
|
| Encrypted: |
false
|
| Ssdeep: |
6144:o4mPykeKfhMSxIw9TS7/h+GoIyj0+mFZnrtTKwtGPRiYbOMvm5wM/s7iCKMlapzE:o4m6keqMSKzrormFZaiMvm5wMLW
|
| Size: |
549196
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\fa.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\fa.pak
|
| Category: |
dropped
|
| Dump: |
fa.pak.0.dr
|
| ID: |
dr_23
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
5.039478079792085
|
| Encrypted: |
false
|
| Ssdeep: |
24576:7n8u313uyqoT+seqSRmX5loTUOmdAQifaQ2XxFMJGk62YhFeii8QMX4qOVUD9kGx:95lJ
|
| Size: |
898379
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\fi.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\fi.pak
|
| Category: |
dropped
|
| Dump: |
fi.pak.0.dr
|
| ID: |
dr_24
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
5.418448297522113
|
| Encrypted: |
false
|
| Ssdeep: |
12288:KoE7rU719XL7t6pav5cSnUtWnypzWa9bEYM:KJz85csn7l
|
| Size: |
560066
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\fil.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\fil.pak
|
| Category: |
dropped
|
| Dump: |
fil.pak.0.dr
|
| ID: |
dr_25
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
5.196666452570618
|
| Encrypted: |
false
|
| Ssdeep: |
6144:M5/i70oeq8sXmy/DQR3FYkehXlMxm05PeV7m2boEWABhUK:fQddE05I7F
|
| Size: |
633637
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\fr.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\fr.pak
|
| Category: |
dropped
|
| Dump: |
fr.pak.0.dr
|
| ID: |
dr_26
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
5.383660151683568
|
| Encrypted: |
false
|
| Ssdeep: |
12288:rWrl/ZLz3JB5epYZo6QuaMVY0pza1wP8ZCMYnYaJQB3DKRCblQzOpv8wxm940wCH:anXVjZ5gw
|
| Size: |
652560
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\gu.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\gu.pak
|
| Category: |
dropped
|
| Dump: |
gu.pak.0.dr
|
| ID: |
dr_27
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
4.314253375430849
|
| Encrypted: |
false
|
| Ssdeep: |
3072:N2251pe4X3BgdhvnzZMhY1FndKIwjAwREJKVMjNiT7llj63rFulfeSi5NEWsWi/H:h51pe4XRanSY1FdeaHY5qerh81p1G
|
| Size: |
1281681
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\he.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\he.pak
|
| Category: |
dropped
|
| Dump: |
he.pak.0.dr
|
| ID: |
dr_28
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
4.608693387739405
|
| Encrypted: |
false
|
| Ssdeep: |
12288:duOtOheiCDTM92T4Orl72rQJ4Wq+/w8LSUqACEXkoeQCajE5Q6s4H+HKarb54NmM:Tta5P+C
|
| Size: |
789701
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\hi.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\hi.pak
|
| Category: |
dropped
|
| Dump: |
hi.pak.0.dr
|
| ID: |
dr_29
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
4.291985143760702
|
| Encrypted: |
false
|
| Ssdeep: |
3072:111gfHzhHlhaogMbIUxG89NfnkV/BO0ZV1dKuGlYvbfYjD6OEOTByntDPtDlypfE:jCNqUxXZngiF5dKnhzB
|
| Size: |
1352346
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\hr.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\hr.pak
|
| Category: |
dropped
|
| Dump: |
hr.pak.0.dr
|
| ID: |
dr_30
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
5.506128334387656
|
| Encrypted: |
false
|
| Ssdeep: |
6144:Vi/hMF5xdvEIw9QhM/PnO5Pu9YO59grEK:VmMLjEIw9v/25mYMvK
|
| Size: |
609490
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\hu.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\hu.pak
|
| Category: |
dropped
|
| Dump: |
hu.pak.0.dr
|
| ID: |
dr_31
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
5.632600282657118
|
| Encrypted: |
false
|
| Ssdeep: |
6144:BrBrcuTR3zp96Hi0pUxuAJukit/uKd5Vt8zZ9pn1SiYBEyQUtIesM2bnjDm54RRK:vcu93mASd5Vt8qCtJa5ECj
|
| Size: |
656975
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\id.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\id.pak
|
| Category: |
dropped
|
| Dump: |
id.pak.0.dr
|
| ID: |
dr_32
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
5.371878443254451
|
| Encrypted: |
false
|
| Ssdeep: |
6144:sGMXnqsxXd7yxeolSwtcnC4Qf+eVnjHFnTmBsAodK5LXppjOBqfnFiT8kz/Hf:OqsGxhgwUD4VnjHFTm2A15LXpgf
|
| Size: |
541718
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\it.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\it.pak
|
| Category: |
dropped
|
| Dump: |
it.pak.0.dr
|
| ID: |
dr_33
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
5.292043673051707
|
| Encrypted: |
false
|
| Ssdeep: |
6144:E/1FMHWLqBIXj2VkxQ7SV2gN+oESIqRRRsO1wtOAeZRT9Tb+SwGa0mDxrcAqpzSQ:CFM2GBOHzZzwim81BkfAmgV5yLI7z
|
| Size: |
594538
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\ja.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\ja.pak
|
| Category: |
dropped
|
| Dump: |
ja.pak.0.dr
|
| ID: |
dr_34
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
5.701618406732983
|
| Encrypted: |
false
|
| Ssdeep: |
6144:bXAjF1qXzFkyRHXrnMUSodzZnQ2r7fbb05z6tQf75vVf:ynqjiQXrdzZnQ2r785zXf7/
|
| Size: |
724145
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\kn.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\kn.pak
|
| Category: |
dropped
|
| Dump: |
kn.pak.0.dr
|
| ID: |
dr_35
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
4.2327113359927955
|
| Encrypted: |
false
|
| Ssdeep: |
12288:hAAYZzbijL/JQjvZ6VbSa7l5PnW+4uYSxf6:m8D5PWp
|
| Size: |
1463242
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\ko.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\ko.pak
|
| Category: |
dropped
|
| Dump: |
ko.pak.0.dr
|
| ID: |
dr_36
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
6.068269118673925
|
| Encrypted: |
false
|
| Ssdeep: |
12288:sNcivPifYj4311pFlpTHInIzzx2SAG0G1zRXhwzzHt8SnIhrJ3v5lYxLCuwH55RF:sNDA5AKEnWn
|
| Size: |
613609
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\lt.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\lt.pak
|
| Category: |
dropped
|
| Dump: |
lt.pak.0.dr
|
| ID: |
dr_37
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
5.6266260576158595
|
| Encrypted: |
false
|
| Ssdeep: |
12288:wCFFgDJpDzS5Mk42fKocW52Cj5R7oLQ30gr6S3M:wCFFgYMxBoj5iL20gm
|
| Size: |
660230
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\lv.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\lv.pak
|
| Category: |
dropped
|
| Dump: |
lv.pak.0.dr
|
| ID: |
dr_38
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
5.629688577996798
|
| Encrypted: |
false
|
| Ssdeep: |
6144:ezbApK+KJf28TSf804aN9tVFEYgb8TJBNQcF/7bOf5ahatZF2ToAompqDh2Fg9Px:IbApLRfTKtQTPvZOf5BF2Towq/O5Y
|
| Size: |
658780
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\ml.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\ml.pak
|
| Category: |
dropped
|
| Dump: |
ml.pak.0.dr
|
| ID: |
dr_39
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
4.266817661674899
|
| Encrypted: |
false
|
| Ssdeep: |
24576:YDEcESnub631KfJB31zX0F5zsS23i5u61asK3X:Yp5K
|
| Size: |
1519586
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\mr.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\mr.pak
|
| Category: |
dropped
|
| Dump: |
mr.pak.0.dr
|
| ID: |
dr_40
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
4.292525398619223
|
| Encrypted: |
false
|
| Ssdeep: |
6144:Lci9RyxXkxo7v2cj5aA1KZJWLiNscNa5kmV4f9:Lp9RyxXxv2SaAYZsiNsck5kmV4f9
|
| Size: |
1254664
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\ms.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\ms.pak
|
| Category: |
dropped
|
| Dump: |
ms.pak.0.dr
|
| ID: |
dr_41
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
5.244907736989617
|
| Encrypted: |
false
|
| Ssdeep: |
6144:IhKfnFzhJgNpv84/xhb2cEvRlZW2cJJqcCFN5bROuyGcISm9NN:KvHx12PlZA+N5shGb
|
| Size: |
568567
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\nb.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\nb.pak
|
| Category: |
dropped
|
| Dump: |
nb.pak.0.dr
|
| ID: |
dr_42
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
5.42368028641047
|
| Encrypted: |
false
|
| Ssdeep: |
12288:0WsuGbJHG6xbgkcuHNoOp7fEXHQxJVOC5Tmkb93NLUqt:0iO5GGHGAxJVOC5qkb9Zb
|
| Size: |
550045
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\nl.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\nl.pak
|
| Category: |
dropped
|
| Dump: |
nl.pak.0.dr
|
| ID: |
dr_43
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
5.358217041913093
|
| Encrypted: |
false
|
| Ssdeep: |
12288:6RKZ2jlbJ9WQusZUbKgb5bmDn+5btfIzApRGqbn9zmTy:J2jlbJ9WQusZUt5bmDn+5bFIzApwqbnX
|
| Size: |
569715
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\pl.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\pl.pak
|
| Category: |
dropped
|
| Dump: |
pl.pak.0.dr
|
| ID: |
dr_44
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
5.766145729574053
|
| Encrypted: |
false
|
| Ssdeep: |
12288:9QlvoWoOB/k3E6XfQfuzSJYVHLbqGPTCUd9e3mHU9Mvmv1QhHLm55bmolf+y:9W1xtMM1QhC57
|
| Size: |
634328
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\pt-BR.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\pt-BR.pak
|
| Category: |
dropped
|
| Dump: |
pt-BR.pak.0.dr
|
| ID: |
dr_45
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
5.420490621146597
|
| Encrypted: |
false
|
| Ssdeep: |
6144:9b1/6l8GnyzJJNBXBLSXdByBX5QHQXWdbBsRvM95b:xN6l8LZ57XqsRk9F
|
| Size: |
595174
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\pt-PT.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\pt-PT.pak
|
| Category: |
dropped
|
| Dump: |
pt-PT.pak.0.dr
|
| ID: |
dr_46
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
5.392357783619002
|
| Encrypted: |
false
|
| Ssdeep: |
6144:Y34oWq9v0uMzieJVJJxhaiYmWmfzJQ5HPjatASR2S6:No7v0mOQ5vjaiSR2d
|
| Size: |
599243
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\ro.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\ro.pak
|
| Category: |
dropped
|
| Dump: |
ro.pak.0.dr
|
| ID: |
dr_47
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
5.448830769365002
|
| Encrypted: |
false
|
| Ssdeep: |
6144:RCkBYphXw1jsE5douoveWgTj0OoWH4GXN5AnjULLs2eS/PrHf:KXw1t5Kuomr4OvHN5AjUmS/Tf
|
| Size: |
620746
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\ru.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\ru.pak
|
| Category: |
dropped
|
| Dump: |
ru.pak.0.dr
|
| ID: |
dr_48
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
4.83548384526238
|
| Encrypted: |
false
|
| Ssdeep: |
12288:PjUfQjRo4YSysDdhzJ9LF1WAah8/x6HzW/yqSvDse/4VW5XhwEYHVeXN2hLO3j/B:Pjsr5C3hK
|
| Size: |
1021587
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\sk.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\sk.pak
|
| Category: |
dropped
|
| Dump: |
sk.pak.0.dr
|
| ID: |
dr_49
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
5.809514681911138
|
| Encrypted: |
false
|
| Ssdeep: |
12288:okgWwkbY/l4Ri2iHbD5pITw0tm7WTjsxt9/J:okckip5AwhlthJ
|
| Size: |
642856
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\sl.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\sl.pak
|
| Category: |
dropped
|
| Dump: |
sl.pak.0.dr
|
| ID: |
dr_50
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
5.482541737546086
|
| Encrypted: |
false
|
| Ssdeep: |
12288:ZeM+hcB2hEzBOe5BffpWJUMr+i/fzUYqc:4hV8Oe5BffFi/fzUq
|
| Size: |
616537
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\sr.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\sr.pak
|
| Category: |
dropped
|
| Dump: |
sr.pak.0.dr
|
| ID: |
dr_51
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
4.757855558759311
|
| Encrypted: |
false
|
| Ssdeep: |
12288:IWCAGeOANb3nZ2/AyWWIllpScdRbqhi41LNCvI5Y8UEquZxr9q37bzOmd/k/9:IWlNjSvfX5auv9
|
| Size: |
949158
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\sv.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\sv.pak
|
| Category: |
dropped
|
| Dump: |
sv.pak.0.dr
|
| ID: |
dr_52
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
5.535772967127639
|
| Encrypted: |
false
|
| Ssdeep: |
6144:uwBQV4G6rkQp7gvcK4Rbbek4ih7xZDklR0w0vRFcz5RtGuU+SF4nk/M2OSOmW5Qw:uEE4Thsv74phXm5WrwTNN
|
| Size: |
553642
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\sw.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\sw.pak
|
| Category: |
dropped
|
| Dump: |
sw.pak.0.dr
|
| ID: |
dr_53
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
5.337435340465963
|
| Encrypted: |
false
|
| Ssdeep: |
12288:zgctwUjcpdFcGb52medqmgcRdmM5RbQW49aIe2h6jyMifJjNUiEqab2Sg8jc5Pzj:z2ui55aB6
|
| Size: |
584260
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\ta.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\ta.pak
|
| Category: |
dropped
|
| Dump: |
ta.pak.0.dr
|
| ID: |
dr_54
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
4.045085601955292
|
| Encrypted: |
false
|
| Ssdeep: |
6144:EjKPpE8vMXpzZbEtgzNNCNntY5esxtRdGtm1vYpiMyO:+KgXpVoIN4NnK5esGtm1vYpiMyO
|
| Size: |
1507096
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\te.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\te.pak
|
| Category: |
dropped
|
| Dump: |
te.pak.0.dr
|
| ID: |
dr_55
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
4.298505038369196
|
| Encrypted: |
false
|
| Ssdeep: |
12288:hk7McKN60ytIW7F602HgpC8ybtKRT57bG8W3pH8WVphBz3p1FPnpTiRlE2izTAgZ:sC5lXHx1
|
| Size: |
1394789
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\th.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\th.pak
|
| Category: |
dropped
|
| Dump: |
th.pak.0.dr
|
| ID: |
dr_56
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
4.337297146352046
|
| Encrypted: |
false
|
| Ssdeep: |
12288:RetKSZN9LyZYAIzyLvRsCUQkJUszRP5eXeIZM6Oy9eGTsuB5UFrdNL3flj8RRUqI:ROc5/NW
|
| Size: |
1172114
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\tr.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\tr.pak
|
| Category: |
dropped
|
| Dump: |
tr.pak.0.dr
|
| ID: |
dr_57
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
5.609485305439981
|
| Encrypted: |
false
|
| Ssdeep: |
12288:vs3Hk8v/qiApHzNsgjDQqZFCzulPkV5MbJy:UXdqzTPkV5cJy
|
| Size: |
595094
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\uk.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\uk.pak
|
| Category: |
dropped
|
| Dump: |
uk.pak.0.dr
|
| ID: |
dr_58
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
4.863193742946134
|
| Encrypted: |
false
|
| Ssdeep: |
12288:/XaAkxYnWsxl7csSr+YhG5gZk27IFMPF5aB3Ijtl+AY+r5iPuTLNiXE8qU1wE:f77Zo5DrG
|
| Size: |
1023408
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\ur.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\ur.pak
|
| Category: |
dropped
|
| Dump: |
ur.pak.0.dr
|
| ID: |
dr_59
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
5.147206307155774
|
| Encrypted: |
false
|
| Ssdeep: |
12288:jx0NVkIovZ8PM/lnhqtdQiN9NyD1At/5XH6EhTCQOxs/QQYruYVwadcJKwU4uvce:jxSg45FCUs
|
| Size: |
893135
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\vi.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\vi.pak
|
| Category: |
dropped
|
| Dump: |
vi.pak.0.dr
|
| ID: |
dr_60
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
5.783245780324485
|
| Encrypted: |
false
|
| Ssdeep: |
12288:8HfhhCE+cqINoE4ZVaNw6FO0CwFcQLbUgaIyNP5a8hW3cHvUOemziDH8FaFT1L:8H1+cqFVp6Q01FPnW5a8E308OewiDGaH
|
| Size: |
705694
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\zh-CN.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\zh-CN.pak
|
| Category: |
dropped
|
| Dump: |
zh-CN.pak.0.dr
|
| ID: |
dr_61
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
6.675340905454557
|
| Encrypted: |
false
|
| Ssdeep: |
6144:zDtYrD/YKHry4zTeFV735rz44JHR59GJdxRt334z2u0qBoZcli:zeHHO4zTAZ5rz44Jx5gNnn4h0Ka
|
| Size: |
507471
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\zh-TW.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\locales\zh-TW.pak
|
| Category: |
dropped
|
| Dump: |
zh-TW.pak.0.dr
|
| ID: |
dr_62
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
6.688239880146463
|
| Encrypted: |
false
|
| Ssdeep: |
6144:fmSkEl3+2/YOYStJJXFn2QouXoYED53dAznXDgGPCKKiOeWTU:fMElO3zS53loYED5NAznN+6
|
| Size: |
501987
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\resources.pak
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\resources.pak
|
| Category: |
dropped
|
| Dump: |
resources.pak.0.dr
|
| ID: |
dr_64
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
7.9962246703956685
|
| Encrypted: |
true
|
| Ssdeep: |
98304:IZvJh4POXD1V8SGg/dlE8NVwrwrQqgvxJ5NG6fVMLuYHzpO1w1f:exaWXD16S5lE8NVwkrQqgvxXNpfVM6M3
|
| Size: |
5800396
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\resources\app.asar
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\resources\app.asar
|
| Category: |
dropped
|
| Dump: |
app.asar.0.dr
|
| ID: |
dr_63
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
5.660289825491416
|
| Encrypted: |
false
|
| Ssdeep: |
196608:PZno7tZAZpATyJBcKGNRVvQKD6C9U2E6RP/F1xE/BcjxPBxd0T96gVqAmIxDTF4v:LpvBtm
|
| Size: |
41572875
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\snapshot_blob.bin
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\snapshot_blob.bin
|
| Category: |
dropped
|
| Dump: |
snapshot_blob.bin.0.dr
|
| ID: |
dr_65
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
4.1799020116031365
|
| Encrypted: |
false
|
| Ssdeep: |
3072:CECRChjZdcRF9U0ybk0Lbr1kFqSvrpziqESTylLZuacR20RjJ7n1G/x:pAClXWO0GtkFLpRylLKR20R9rc
|
| Size: |
320614
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\v8_context_snapshot.bin
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\v8_context_snapshot.bin
|
| Category: |
dropped
|
| Dump: |
v8_context_snapshot.bin.0.dr
|
| ID: |
dr_66
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
data
|
| Entropy: |
5.15348523468557
|
| Encrypted: |
false
|
| Ssdeep: |
6144:Ges4hmb1aXFI1QZtXWO0GtkF8zFylLKR24mCGaGfv+4AJBb4bsgvHc47ACl8dUQ4:Ge1hmbI19FA9oY24o4YKvUiFjrD
|
| Size: |
693457
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\vk_swiftshader_icd.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\7z-out\vk_swiftshader_icd.json
|
| Category: |
dropped
|
| Dump: |
vk_swiftshader_icd.json.0.dr
|
| ID: |
dr_67
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
JSON data
|
| Entropy: |
4.724752649036734
|
| Encrypted: |
false
|
| Ssdeep: |
3:YD96WyV18tzsmyXLVi1rTVWSCwW2TJHzeZ18rY:Y8WyV18tAZLVmCwXFiZ18rY
|
| Size: |
106
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\app-64.7z
|
7-zip archive data, version 0.4
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\nshADC6.tmp\app-64.7z
|
| Category: |
dropped
|
| Dump: |
app-64.7z.0.dr
|
| ID: |
dr_1
|
| Target ID: |
0
|
| Process: |
C:\Users\user\Desktop\Spacey Sun 11.12.411.exe
|
| Type: |
7-zip archive data, version 0.4
|
| Entropy: |
7.999996267179037
|
| Encrypted: |
true
|
| Size: |
78482290
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\128.png
|
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\128.png
|
| Category: |
dropped
|
| Dump: |
128.png.83.dr
|
| ID: |
dr_282
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
|
| Entropy: |
7.929761711048726
|
| Encrypted: |
false
|
| Ssdeep: |
96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
|
| Size: |
4982
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\af\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\af\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json8.83.dr
|
| ID: |
dr_241
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.512512697156616
|
| Encrypted: |
false
|
| Ssdeep: |
12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
|
| Size: |
908
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\am\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\am\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json24.83.dr
|
| ID: |
dr_265
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.702209356847184
|
| Encrypted: |
false
|
| Ssdeep: |
24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
|
| Size: |
1285
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\ar\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\ar\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json2.83.dr
|
| ID: |
dr_232
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.5533961615623735
|
| Encrypted: |
false
|
| Ssdeep: |
12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
|
| Size: |
1244
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\az\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\az\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json51.83.dr
|
| ID: |
dr_364
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.867640976960053
|
| Encrypted: |
false
|
| Ssdeep: |
24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
|
| Size: |
977
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\be\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\be\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json23.83.dr
|
| ID: |
dr_264
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
3.535189746470889
|
| Encrypted: |
false
|
| Ssdeep: |
48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
|
| Size: |
3107
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\bg\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\bg\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json11.83.dr
|
| ID: |
dr_245
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.561317517930672
|
| Encrypted: |
false
|
| Ssdeep: |
24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
|
| Size: |
1389
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\bn\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\bn\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json68.83.dr
|
| ID: |
dr_382
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.25392954144533
|
| Encrypted: |
false
|
| Ssdeep: |
24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
|
| Size: |
1763
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\ca\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\ca\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json32.83.dr
|
| ID: |
dr_281
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.569672473374877
|
| Encrypted: |
false
|
| Ssdeep: |
12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
|
| Size: |
930
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\cs\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\cs\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json20.83.dr
|
| ID: |
dr_259
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.947221919047
|
| Encrypted: |
false
|
| Ssdeep: |
12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
|
| Size: |
913
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\cy\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\cy\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json62.83.dr
|
| ID: |
dr_376
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.815663786215102
|
| Encrypted: |
false
|
| Ssdeep: |
12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
|
| Size: |
806
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\da\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\da\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json73.83.dr
|
| ID: |
dr_387
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.5096240460083905
|
| Encrypted: |
false
|
| Ssdeep: |
24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
|
| Size: |
883
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\de\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\de\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json42.83.dr
|
| ID: |
dr_354
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.621865814402898
|
| Encrypted: |
false
|
| Ssdeep: |
24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
|
| Size: |
1031
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\el\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\el\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json41.83.dr
|
| ID: |
dr_353
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.618182455684241
|
| Encrypted: |
false
|
| Ssdeep: |
24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
|
| Size: |
1613
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\en\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\en\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json44.83.dr
|
| ID: |
dr_357
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.4858053753176526
|
| Encrypted: |
false
|
| Ssdeep: |
12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
|
| Size: |
851
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\en_CA\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\en_CA\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json45.83.dr
|
| ID: |
dr_358
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.4858053753176526
|
| Encrypted: |
false
|
| Ssdeep: |
12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
|
| Size: |
851
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\en_GB\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\en_GB\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json43.83.dr
|
| ID: |
dr_355
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.494568170878587
|
| Encrypted: |
false
|
| Ssdeep: |
12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
|
| Size: |
848
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\en_US\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\en_US\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json63.83.dr
|
| ID: |
dr_377
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.461560329690825
|
| Encrypted: |
false
|
| Ssdeep: |
24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
|
| Size: |
1425
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\es\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\es\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json37.83.dr
|
| ID: |
dr_346
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.537633413451255
|
| Encrypted: |
false
|
| Ssdeep: |
12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
|
| Size: |
961
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\es_419\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\es_419\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json35.83.dr
|
| ID: |
dr_344
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.570019855018913
|
| Encrypted: |
false
|
| Ssdeep: |
24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
|
| Size: |
959
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\et\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\et\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json54.83.dr
|
| ID: |
dr_367
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.633956349931516
|
| Encrypted: |
false
|
| Ssdeep: |
24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
|
| Size: |
968
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\eu\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\eu\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json46.83.dr
|
| ID: |
dr_359
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.4975520913636595
|
| Encrypted: |
false
|
| Ssdeep: |
24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
|
| Size: |
838
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\fa\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\fa\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json66.83.dr
|
| ID: |
dr_380
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.673517697192589
|
| Encrypted: |
false
|
| Ssdeep: |
24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
|
| Size: |
1305
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\fi\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\fi\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json33.83.dr
|
| ID: |
dr_341
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.6294343834070935
|
| Encrypted: |
false
|
| Ssdeep: |
12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
|
| Size: |
911
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\fil\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\fil\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json36.83.dr
|
| ID: |
dr_345
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.451724169062555
|
| Encrypted: |
false
|
| Ssdeep: |
24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
|
| Size: |
939
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\fr\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\fr\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json15.83.dr
|
| ID: |
dr_251
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.622066056638277
|
| Encrypted: |
false
|
| Ssdeep: |
24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
|
| Size: |
977
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\fr_CA\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\fr_CA\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json58.83.dr
|
| ID: |
dr_372
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.621319511196614
|
| Encrypted: |
false
|
| Ssdeep: |
24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
|
| Size: |
972
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\gl\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\gl\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json5.83.dr
|
| ID: |
dr_237
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.497202347098541
|
| Encrypted: |
false
|
| Ssdeep: |
12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
|
| Size: |
990
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\gu\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\gu\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json59.83.dr
|
| ID: |
dr_373
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.294833932445159
|
| Encrypted: |
false
|
| Ssdeep: |
24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
|
| Size: |
1658
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\hi\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\hi\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json50.83.dr
|
| ID: |
dr_363
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.314484457325167
|
| Encrypted: |
false
|
| Ssdeep: |
48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
|
| Size: |
1672
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\hr\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\hr\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json1.83.dr
|
| ID: |
dr_231
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.6369398601609735
|
| Encrypted: |
false
|
| Ssdeep: |
24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
|
| Size: |
935
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\hu\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\hu\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json70.83.dr
|
| ID: |
dr_384
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.816501737523951
|
| Encrypted: |
false
|
| Ssdeep: |
24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
|
| Size: |
1065
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\hy\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\hy\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json.83.dr
|
| ID: |
dr_229
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
3.7629875118570055
|
| Encrypted: |
false
|
| Ssdeep: |
48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
|
| Size: |
2771
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\id\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\id\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json74.83.dr
|
| ID: |
dr_388
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.474411340525479
|
| Encrypted: |
false
|
| Ssdeep: |
12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
|
| Size: |
858
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\is\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\is\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json67.83.dr
|
| ID: |
dr_381
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.6457079159286545
|
| Encrypted: |
false
|
| Ssdeep: |
12:YGXU2rOcxGe+J97M9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95Mw89KkJ+je:YwBrD2g2DBLMfFuWvdpY94viDO+uh
|
| Size: |
954
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\it\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\it\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json14.83.dr
|
| ID: |
dr_249
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.474743599345443
|
| Encrypted: |
false
|
| Ssdeep: |
12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
|
| Size: |
899
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\iw\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\iw\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json31.83.dr
|
| ID: |
dr_280
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
3.8239097369647634
|
| Encrypted: |
false
|
| Ssdeep: |
24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
|
| Size: |
2230
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\ja\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\ja\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json52.83.dr
|
| ID: |
dr_365
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
5.292894989863142
|
| Encrypted: |
false
|
| Ssdeep: |
24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
|
| Size: |
1160
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\ka\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\ka\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json18.83.dr
|
| ID: |
dr_255
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
3.586016059431306
|
| Encrypted: |
false
|
| Ssdeep: |
48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
|
| Size: |
3264
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\kk\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\kk\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json26.83.dr
|
| ID: |
dr_270
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
3.6081439490236464
|
| Encrypted: |
false
|
| Ssdeep: |
96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
|
| Size: |
3235
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\km\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\km\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json39.83.dr
|
| ID: |
dr_349
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
3.891443295908904
|
| Encrypted: |
false
|
| Ssdeep: |
96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
|
| Size: |
3122
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\kn\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\kn\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json12.83.dr
|
| ID: |
dr_247
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.28990403715536
|
| Encrypted: |
false
|
| Ssdeep: |
48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/U0WG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZ0J
|
| Size: |
1895
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\ko\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\ko\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json10.83.dr
|
| ID: |
dr_243
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
5.3945675025513955
|
| Encrypted: |
false
|
| Ssdeep: |
24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
|
| Size: |
1042
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\lo\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\lo\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json27.83.dr
|
| ID: |
dr_272
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
3.8479764584971368
|
| Encrypted: |
false
|
| Ssdeep: |
48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
|
| Size: |
2535
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\lt\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\lt\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json34.83.dr
|
| ID: |
dr_342
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.797571191712988
|
| Encrypted: |
false
|
| Ssdeep: |
24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
|
| Size: |
1028
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\lv\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\lv\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json16.83.dr
|
| ID: |
dr_252
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.700308832360794
|
| Encrypted: |
false
|
| Ssdeep: |
24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
|
| Size: |
994
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\ml\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\ml\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json71.83.dr
|
| ID: |
dr_385
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.358252286391144
|
| Encrypted: |
false
|
| Ssdeep: |
24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
|
| Size: |
2091
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\mn\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\mn\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json25.83.dr
|
| ID: |
dr_267
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
3.595196082412897
|
| Encrypted: |
false
|
| Ssdeep: |
48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
|
| Size: |
2778
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\mr\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\mr\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json56.83.dr
|
| ID: |
dr_370
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.287702203591075
|
| Encrypted: |
false
|
| Ssdeep: |
48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
|
| Size: |
1719
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\ms\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\ms\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json64.83.dr
|
| ID: |
dr_378
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.457879437756106
|
| Encrypted: |
false
|
| Ssdeep: |
24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
|
| Size: |
936
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\my\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\my\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json72.83.dr
|
| ID: |
dr_386
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
3.5483353063347587
|
| Encrypted: |
false
|
| Ssdeep: |
48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
|
| Size: |
3830
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\ne\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\ne\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json48.83.dr
|
| ID: |
dr_361
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.187050294267571
|
| Encrypted: |
false
|
| Ssdeep: |
24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
|
| Size: |
1898
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\nl\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\nl\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json61.83.dr
|
| ID: |
dr_375
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.513485418448461
|
| Encrypted: |
false
|
| Ssdeep: |
12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
|
| Size: |
914
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\no\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\no\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json6.83.dr
|
| ID: |
dr_239
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.4541485835627475
|
| Encrypted: |
false
|
| Ssdeep: |
24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
|
| Size: |
878
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\pa\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\pa\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json22.83.dr
|
| ID: |
dr_262
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
3.839730779948262
|
| Encrypted: |
false
|
| Ssdeep: |
48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
|
| Size: |
2766
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\pl\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\pl\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json28.83.dr
|
| ID: |
dr_274
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.879137540019932
|
| Encrypted: |
false
|
| Ssdeep: |
24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
|
| Size: |
978
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\pt_BR\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\pt_BR\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json7.83.dr
|
| ID: |
dr_240
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.599411354657937
|
| Encrypted: |
false
|
| Ssdeep: |
12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
|
| Size: |
907
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\pt_PT\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\pt_PT\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json69.83.dr
|
| ID: |
dr_383
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.604761241355716
|
| Encrypted: |
false
|
| Ssdeep: |
24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
|
| Size: |
914
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\ro\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\ro\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json4.83.dr
|
| ID: |
dr_235
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.686555713975264
|
| Encrypted: |
false
|
| Ssdeep: |
24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
|
| Size: |
937
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\ru\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\ru\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json57.83.dr
|
| ID: |
dr_371
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.69531415794894
|
| Encrypted: |
false
|
| Ssdeep: |
24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
|
| Size: |
1337
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\si\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\si\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json65.83.dr
|
| ID: |
dr_379
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
3.7416822879702547
|
| Encrypted: |
false
|
| Ssdeep: |
48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
|
| Size: |
2846
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\sk\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\sk\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json13.83.dr
|
| ID: |
dr_248
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.882122893545996
|
| Encrypted: |
false
|
| Ssdeep: |
24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
|
| Size: |
934
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\sl\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\sl\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json47.83.dr
|
| ID: |
dr_360
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.6041913416245
|
| Encrypted: |
false
|
| Ssdeep: |
12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
|
| Size: |
963
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\sr\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\sr\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json40.83.dr
|
| ID: |
dr_351
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.569671329405572
|
| Encrypted: |
false
|
| Ssdeep: |
24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
|
| Size: |
1320
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\sv\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\sv\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json0.83.dr
|
| ID: |
dr_230
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.627108704340797
|
| Encrypted: |
false
|
| Ssdeep: |
24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
|
| Size: |
884
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\sw\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\sw\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json38.83.dr
|
| ID: |
dr_348
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.50673686618174
|
| Encrypted: |
false
|
| Ssdeep: |
12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
|
| Size: |
980
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\ta\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\ta\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json55.83.dr
|
| ID: |
dr_368
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.132139619026436
|
| Encrypted: |
false
|
| Ssdeep: |
24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
|
| Size: |
1941
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\te\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\te\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json49.83.dr
|
| ID: |
dr_362
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.327258153043599
|
| Encrypted: |
false
|
| Ssdeep: |
48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
|
| Size: |
1969
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\th\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\th\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json29.83.dr
|
| ID: |
dr_276
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.343724179386811
|
| Encrypted: |
false
|
| Ssdeep: |
48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
|
| Size: |
1674
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\tr\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\tr\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json21.83.dr
|
| ID: |
dr_261
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.853399816115876
|
| Encrypted: |
false
|
| Ssdeep: |
24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
|
| Size: |
1063
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\uk\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\uk\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json19.83.dr
|
| ID: |
dr_257
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.686760246306605
|
| Encrypted: |
false
|
| Ssdeep: |
24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
|
| Size: |
1333
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\ur\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\ur\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json17.83.dr
|
| ID: |
dr_253
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.861856182762435
|
| Encrypted: |
false
|
| Ssdeep: |
24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
|
| Size: |
1263
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\vi\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\vi\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json30.83.dr
|
| ID: |
dr_278
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
5.062722522759407
|
| Encrypted: |
false
|
| Ssdeep: |
24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
|
| Size: |
1074
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\zh_CN\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\zh_CN\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json60.83.dr
|
| ID: |
dr_374
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
5.7905809868505544
|
| Encrypted: |
false
|
| Ssdeep: |
12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
|
| Size: |
879
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\zh_HK\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\zh_HK\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json9.83.dr
|
| ID: |
dr_242
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.50367724745418
|
| Encrypted: |
false
|
| Ssdeep: |
24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
|
| Size: |
1205
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\zh_TW\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\zh_TW\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json53.83.dr
|
| ID: |
dr_366
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
5.76581227215314
|
| Encrypted: |
false
|
| Ssdeep: |
12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
|
| Size: |
843
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\zu\messages.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_locales\zu\messages.json
|
| Category: |
dropped
|
| Dump: |
messages.json3.83.dr
|
| ID: |
dr_234
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.65963951143349
|
| Encrypted: |
false
|
| Ssdeep: |
24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
|
| Size: |
912
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_metadata\verified_contents.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\_metadata\verified_contents.json
|
| Category: |
dropped
|
| Dump: |
verified_contents.json.83.dr
|
| ID: |
dr_300
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
5.757003753691263
|
| Encrypted: |
false
|
| Ssdeep: |
192:RBG1G1UPkUj/86Op//Ier/2nsNLJtwg+K8HNnswuHEIIMuuqd7CKqvlcp7xpHsUy:m8IEI4u8R039y
|
| Size: |
11280
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\dasherSettingSchema.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\dasherSettingSchema.json
|
| Category: |
dropped
|
| Dump: |
dasherSettingSchema.json.83.dr
|
| ID: |
dr_335
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
4.284628987131403
|
| Encrypted: |
false
|
| Ssdeep: |
12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
|
| Size: |
854
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\manifest.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\manifest.json
|
| Category: |
dropped
|
| Dump: |
manifest.json.83.dr
|
| ID: |
dr_328
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
5.417833205646285
|
| Encrypted: |
false
|
| Ssdeep: |
24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj1h9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/APhgiVb
|
| Size: |
2525
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\offscreendocument.html
|
HTML document, ASCII text
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\offscreendocument.html
|
| Category: |
dropped
|
| Dump: |
offscreendocument.html.83.dr
|
| ID: |
dr_283
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
HTML document, ASCII text
|
| Entropy: |
4.862433271815736
|
| Encrypted: |
false
|
| Ssdeep: |
3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
|
| Size: |
97
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\offscreendocument_main.js
|
ASCII text, with very long lines (4882)
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\offscreendocument_main.js
|
| Category: |
dropped
|
| Dump: |
offscreendocument_main.js.83.dr
|
| ID: |
dr_340
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
ASCII text, with very long lines (4882)
|
| Entropy: |
5.444710692772984
|
| Encrypted: |
false
|
| Ssdeep: |
1536:mKgC9lwS3skucsAHnA5Ayc/XzyEW8WW9Y1G6WIMctANlKIkk0ToyxecN9Bu1/9a:0UsMXz7b81tANlKr5oyPBuza
|
| Size: |
122162
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\page_embed_script.js
|
ASCII text, with very long lines (337)
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\page_embed_script.js
|
| Category: |
dropped
|
| Dump: |
page_embed_script.js.83.dr
|
| ID: |
dr_336
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
ASCII text, with very long lines (337)
|
| Entropy: |
4.678465166211649
|
| Encrypted: |
false
|
| Ssdeep: |
6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK6ALY6WHXt3:2Q8KVqb2u/Rt3OnjNkdd
|
| Size: |
338
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\service_worker_bin_prod.js
|
ASCII text, with very long lines (4884)
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\CRX_INSTALL\service_worker_bin_prod.js
|
| Category: |
dropped
|
| Dump: |
service_worker_bin_prod.js.83.dr
|
| ID: |
dr_338
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
ASCII text, with very long lines (4884)
|
| Entropy: |
5.42886594885059
|
| Encrypted: |
false
|
| Ssdeep: |
1536:6EO+9lhvoaEAoAf0OliS9XbrrJQiFZcBaw7ILYzEVKOAKa4q32O1I5Z+dOOXW+xi:DoE9Xb9ZevcKOAKaN2O1IwOOJxX9U
|
| Size: |
130889
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\e24f73b8-819b-4da3-88b4-36efdeb966cd.tmp
|
Google Chrome extension, version 3
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_1595898780\e24f73b8-819b-4da3-88b4-36efdeb966cd.tmp
|
| Category: |
dropped
|
| Dump: |
e24f73b8-819b-4da3-88b4-36efdeb966cd.tmp0.83.dr
|
| ID: |
dr_326
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
Google Chrome extension, version 3
|
| Entropy: |
7.839678617100523
|
| Encrypted: |
false
|
| Ssdeep: |
3072:zZH5WPD5SqCJryow8AWTtwGrasOQNHjWRKnvXTwL:zpIPFCXjAWTtwGusOWmMvjwL
|
| Size: |
154545
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_686225793\2260e71b-07ec-4880-b5e4-ca4a8da5abb5.tmp
|
Google Chrome extension, version 3
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_686225793\2260e71b-07ec-4880-b5e4-ca4a8da5abb5.tmp
|
| Category: |
dropped
|
| Dump: |
2260e71b-07ec-4880-b5e4-ca4a8da5abb5.tmp0.83.dr
|
| ID: |
dr_332
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
Google Chrome extension, version 3
|
| Entropy: |
7.951995436832936
|
| Encrypted: |
false
|
| Ssdeep: |
192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
|
| Size: |
11185
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_686225793\CRX_INSTALL\_metadata\verified_contents.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_686225793\CRX_INSTALL\_metadata\verified_contents.json
|
| Category: |
dropped
|
| Dump: |
verified_contents.json0.83.dr
|
| ID: |
dr_352
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
5.8889033066924155
|
| Encrypted: |
false
|
| Ssdeep: |
48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
|
| Size: |
1753
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_686225793\CRX_INSTALL\content.js
|
Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_686225793\CRX_INSTALL\content.js
|
| Category: |
dropped
|
| Dump: |
content.js.83.dr
|
| ID: |
dr_347
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
|
| Entropy: |
6.1716321262973315
|
| Encrypted: |
false
|
| Ssdeep: |
192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
|
| Size: |
9815
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_686225793\CRX_INSTALL\content_new.js
|
Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_686225793\CRX_INSTALL\content_new.js
|
| Category: |
dropped
|
| Dump: |
content_new.js.83.dr
|
| ID: |
dr_350
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
|
| Entropy: |
6.174387413738973
|
| Encrypted: |
false
|
| Ssdeep: |
192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
|
| Size: |
10388
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\scoped_dir908_686225793\CRX_INSTALL\manifest.json
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\scoped_dir908_686225793\CRX_INSTALL\manifest.json
|
| Category: |
dropped
|
| Dump: |
manifest.json0.83.dr
|
| ID: |
dr_334
|
| Target ID: |
83
|
| Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
| Type: |
JSON data
|
| Entropy: |
5.698567446030411
|
| Encrypted: |
false
|
| Ssdeep: |
24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
|
| Size: |
962
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Local\Temp\u4DGxo8bIYxUkrMfWX
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
modified
|
|
|
|
| File: |
C:\Users\user\AppData\Local\Temp\u4DGxo8bIYxUkrMfWX
|
| Category: |
modified
|
| Dump: |
u4DGxo8bIYxUkrMfWX.9.dr
|
| ID: |
dr_103
|
| Target ID: |
9
|
| Process: |
C:\Users\user\AppData\Local\Temp\2u00x0vECPsM03orBTgwNZzQ4jr\Spacey Sun.exe
|
| Type: |
Zip archive data, at least v2.0 to extract, compression method=deflate
|
| Entropy: |
7.979765013045765
|
| Encrypted: |
false
|
| Ssdeep: |
49152:vfxg3IyMkyRE4ZVHAHsFKPt8as+tmdZmI:v3d9HAHsIPt8z+81
|
| Size: |
1961181
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
| Signature Hits |
Behavior Group |
Mitre Attack |
|
| Queries the volume information (name, serial number etc) of a device |
Language, Device and Operating System Detection |
System Information Discovery
|
|
|
C:\Users\user\AppData\Roaming\Spacey\14075649-8c08-4cd0-9171-5d1519032b3a.tmp
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Roaming\Spacey\14075649-8c08-4cd0-9171-5d1519032b3a.tmp
|
| Category: |
dropped
|
| Dump: |
14075649-8c08-4cd0-9171-5d1519032b3a.tmp.9.dr
|
| ID: |
dr_88
|
| Target ID: |
9
|
| Process: |
C:\Users\user\AppData\Local\Temp\2u00x0vECPsM03orBTgwNZzQ4jr\Spacey Sun.exe
|
| Type: |
JSON data
|
| Entropy: |
5.703511218669423
|
| Encrypted: |
false
|
| Ssdeep: |
12:YKWSCuj9rrt+HRkGik5rFQ5Tiogvzlzn1Z0YioRx8tou5:YKWJu5rrtSNOubbZmB5
|
| Size: |
434
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Roaming\Spacey\Local State (copy)
|
JSON data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Roaming\Spacey\Local State (copy)
|
| Category: |
dropped
|
| Dump: |
14075649-8c08-4cd0-9171-5d1519032b3a.tmp.9.dr
|
| ID: |
dr_106
|
| Target ID: |
9
|
| Process: |
C:\Users\user\AppData\Local\Temp\2u00x0vECPsM03orBTgwNZzQ4jr\Spacey Sun.exe
|
| Type: |
JSON data
|
| Entropy: |
5.703511218669423
|
| Encrypted: |
false
|
| Ssdeep: |
12:YKWSCuj9rrt+HRkGik5rFQ5Tiogvzlzn1Z0YioRx8tou5:YKWJu5rrtSNOubbZmB5
|
| Size: |
434
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Roaming\scanvalid_hm_betav4\flattest.mpeg
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Roaming\scanvalid_hm_betav4\flattest.mpeg
|
| Category: |
dropped
|
| Dump: |
flattest.mpeg.66.dr
|
| ID: |
dr_176
|
| Target ID: |
66
|
| Process: |
C:\Users\user\AppData\Local\Temp\nB8AXbcwd4V7OPltcd\TiVoServer.exe
|
| Type: |
data
|
| Entropy: |
4.768639387969871
|
| Encrypted: |
false
|
| Ssdeep: |
768:x5jP+G/tj+AVC42oIhPT+v+TJqHICWt067fzXDJgB:2NfoIB+v+TJ2Ad7fzzy
|
| Size: |
40436
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
C:\Users\user\AppData\Roaming\scanvalid_hm_betav4\glengarry.odp
|
data
|
dropped
|
|
|
|
| File: |
C:\Users\user\AppData\Roaming\scanvalid_hm_betav4\glengarry.odp
|
| Category: |
dropped
|
| Dump: |
glengarry.odp.66.dr
|
| ID: |
dr_185
|
| Target ID: |
66
|
| Process: |
C:\Users\user\AppData\Local\Temp\nB8AXbcwd4V7OPltcd\TiVoServer.exe
|
| Type: |
data
|
| Entropy: |
7.8619498615791
|
| Encrypted: |
false
|
| Ssdeep: |
12288:X7TE+RUGzngUQm2Ns9mtyHJTbhMcGhKZ2a5TFf8:LTJMUQbs9rBhMuZ2iTe
|
| Size: |
625974
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
Chrome Cache Entry: 640
|
ASCII text
|
downloaded
|
|
|
|
| File: |
Chrome Cache Entry: 640
|
| Category: |
downloaded
|
| Dump: |
chromecache_640.78.dr
|
| ID: |
dr_455
|
| Target ID: |
78
|
| Process: |
C:\Program Files\Google\Chrome\Application\chrome.exe
|
| Type: |
ASCII text
|
| Entropy: |
3.9353986674667634
|
| Encrypted: |
false
|
| Ssdeep: |
3:VQAOx/1n:VQAOd1n
|
| Size: |
29
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
Chrome Cache Entry: 641
|
ASCII text, with very long lines (65531)
|
downloaded
|
|
|
|
| File: |
Chrome Cache Entry: 641
|
| Category: |
downloaded
|
| Dump: |
chromecache_641.78.dr
|
| ID: |
dr_456
|
| Target ID: |
78
|
| Process: |
C:\Program Files\Google\Chrome\Application\chrome.exe
|
| Type: |
ASCII text, with very long lines (65531)
|
| Entropy: |
5.437563825091133
|
| Encrypted: |
false
|
| Ssdeep: |
3072:M+UkDj4BST/k4ZYSTVcxhNmaZI4RpTh6z6x0zW:jrjLT/k4ZYSTVcxhNmaZI4RpTh46AW
|
| Size: |
131641
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
Chrome Cache Entry: 642
|
ASCII text, with very long lines (896)
|
downloaded
|
|
|
|
| File: |
Chrome Cache Entry: 642
|
| Category: |
downloaded
|
| Dump: |
chromecache_642.78.dr
|
| ID: |
dr_457
|
| Target ID: |
78
|
| Process: |
C:\Program Files\Google\Chrome\Application\chrome.exe
|
| Type: |
ASCII text, with very long lines (896)
|
| Entropy: |
5.1913012055179655
|
| Encrypted: |
false
|
| Ssdeep: |
24:hpPMgXGQolhHTBHslgT1d1uawBATEfGuoBN2t2t2t2t2t2t2tomffffffo:hpPMgPoDTKlgJXwBAA+uSNYYYYYYYom4
|
| Size: |
901
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
|
\Device\Null
|
ASCII text
|
dropped
|
|
|
|
| File: |
\Device\Null
|
| Category: |
dropped
|
| Dump: |
Null.9.dr
|
| ID: |
dr_105
|
| Target ID: |
9
|
| Process: |
C:\Users\user\AppData\Local\Temp\2u00x0vECPsM03orBTgwNZzQ4jr\Spacey Sun.exe
|
| Type: |
ASCII text
|
| Entropy: |
4.9912086958641035
|
| Encrypted: |
false
|
| Ssdeep: |
6:0BA6EHOoAMI237kkOmAWRUFHc6Cywm19wXNxY6:LHXjwkTRmCywmnwdt
|
| Size: |
257
|
| Whitelisted: |
false
|
| Reputation: |
timeout
|
|
