57bed7441de5b4e401bd3237d44b5fffcbc8ff4a88569959edea7573bdd13ded

Analysis

max time kernel
151s
max time network
151s
platform
windows10_x64
resource
win10-en-20211104
submitted
12-11-2021 12:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

prbsbnk21nov11.pdf.exe
Size

214KB
MD5

fcd9a3c4fcaaa8b79160097217e72990
SHA1

1952f5b38218ea08e2efa6f00ef3537df675b805
SHA256

57bed7441de5b4e401bd3237d44b5fffcbc8ff4a88569959edea7573bdd13ded
SHA512

19e4ebe418d44fb3bcc848dc484a30961106af0204f2ffd20b57ea67cc618404c1a369d248971d3dc5f47d2e66cfeca98a94adec2d05f597b134229cb3e9f483

Score

7^/10

microsoft phishing

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

prbsbnk21nov11.pdf.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Control Panel\International\Geo\Nation	prbsbnk21nov11.pdf.exe

Detected potential entity reuse from brand microsoft.
phishing microsoft

Drops file in Windows directory 4 IoCs

Processes:

MicrosoftEdgeCP.exeMicrosoftEdge.exeMicrosoftEdgeCP.exe

description	ioc	process
File created	C:\Windows\rescache\_merged\3720402701\2274612954.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2274612954.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2274612954.pri	MicrosoftEdgeCP.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

Processes:

MicrosoftEdgeCP.exeMicrosoftEdge.exebrowser_broker.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe

Modifies registry class 64 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Toolbar	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 01000000a85f9605ca1fc4ffe62aad789d24cb17e8e4551cfd9fb72ac77a7c263fc69f0d0b4f609b4570ac7159d93a56c03a9c7e07437c1763a59f19790bb66ef434a5d90fa435a47d927b083314739c2ba9673a51964c3f7ecb4292e738863803cc88cf427e2aec862466373bfc4e6655110b92c4fea0e677b22e1c5e23676ea92c77b9c8fc928c6bc8ee5b82b10a5f3d122aa70c9c37e69ffa467f8feae8c576f6a8469140bbef5d1dcbaff153873b134cfcf9678e24078243f57e5daf3a913dc8f5a56f69bf2596c2b94ba5025a0d6b5f7e80ddf5a2c1a92d39a5db90ec61d043b99811971f8821591639d8deb0b0b0eabf4da5f1ba461759bf1d7eafe77549089227e8e978b00b810a96a2078111a98f2cc75ca399df05656d9d292b76fbc6b5d5df9e81f6badad985c7cd9d61dba6ed796d1929769914f21c5fef23231d7aec26a0477e4ada66030fbac1c0daabcca45e2edfa40d3fdba08e2f64b9dbe8f24b13fa66002b3f4c9ee236f7902b20ee54f0506135b0aad20fb784ec0b4cf99b73a11e7b27b64ade496343a12de0ab009d04e74efa645dd1df57a913725ba366628136857f0b3760c2	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\MigrationTime = 79f0e5fcadd1d701	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\LowRegistry	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\InternetRegistry	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListFirstRun = "3"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Discuz!	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscc_inventory\ExtensionI = "{9C1BA048-4AD9-429F-8D51-EB148FE41DED}"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 71203cb8c2d7d701	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url5 = "https://twitter.com/"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\NextUpdateDate = "343514918"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscc_inventory\ExtensionI	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url1 = "https://www.facebook.com/"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\SmartScreenCompletedVersio = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\New Windows	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\FileVersion = "2016061511"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\New Windows\AllowInPrivate	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "268435456"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\ChromeMigration	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 2bda19b9c2d7d701	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe

Suspicious behavior: MapViewOfSection 4 IoCs

Processes:

MicrosoftEdgeCP.exe

pid process

932 MicrosoftEdgeCP.exe
932 MicrosoftEdgeCP.exe
932 MicrosoftEdgeCP.exe
932 MicrosoftEdgeCP.exe

pid	process
932	MicrosoftEdgeCP.exe
932	MicrosoftEdgeCP.exe
932	MicrosoftEdgeCP.exe
932	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 11 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	pid	process
Token: SeDebugPrivilege	4044	MicrosoftEdge.exe
Token: SeDebugPrivilege	4044	MicrosoftEdge.exe
Token: SeDebugPrivilege	4044	MicrosoftEdge.exe
Token: SeDebugPrivilege	4044	MicrosoftEdge.exe
Token: SeDebugPrivilege	3000	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3000	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2460	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3000	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2460	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1300	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1300	MicrosoftEdgeCP.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exe

pid process

4044 MicrosoftEdge.exe
932 MicrosoftEdgeCP.exe
932 MicrosoftEdgeCP.exe

pid	process
4044	MicrosoftEdge.exe
932	MicrosoftEdgeCP.exe
932	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 16 IoCs

Processes:

MicrosoftEdgeCP.exe

description	pid	process	target process
PID 932 wrote to memory of 2460	932	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 932 wrote to memory of 2460	932	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 932 wrote to memory of 2460	932	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 932 wrote to memory of 2460	932	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 932 wrote to memory of 2460	932	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 932 wrote to memory of 2460	932	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 932 wrote to memory of 2460	932	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 932 wrote to memory of 2460	932	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 932 wrote to memory of 2460	932	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 932 wrote to memory of 3000	932	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 932 wrote to memory of 3000	932	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 932 wrote to memory of 3000	932	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 932 wrote to memory of 3000	932	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 932 wrote to memory of 3000	932	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 932 wrote to memory of 3000	932	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 932 wrote to memory of 2460	932	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe

C:\Users\Admin\AppData\Local\Temp\prbsbnk21nov11.pdf.exe
"C:\Users\Admin\AppData\Local\Temp\prbsbnk21nov11.pdf.exe"
1⤵
- Checks computer location settings
PID:3772

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4044

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:360

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:932

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:2460

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:3000

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:1300

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:4180

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:4268

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JGJLU8L1\MathJax[1].js
MD5
7a3737a82ea79217ebe20f896bceb623

SHA1
96b575bbae7dac6a442095996509b498590fbbf7

SHA256
002a60f162fd4d3081f435860d408ffce6f6ef87398f75bd791cadc8dae0771d

SHA512
e0d1f62bae160008e486a6f4ef8b57aa74c1945980c00deb37b083958f4291f0a47b994e5fdb348c2d4618346b93636ce4c323c6f510ab2fbd7a6547359d28d5

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JGJLU8L1\docons.2e4974ff[1].woff2
MD5
8f5dd9a59b2085224a61a65bcf628883

SHA1
46e0d208a432636cc7c3e4d306a2f189941053f0

SHA256
19d065ad4470800df127ab06d2fe32dd9570c099dcfd4664ac9de9b66ce68703

SHA512
9202775b6f7f6f1622f7ee4c1326bd547de1e69664718a0ae414e0112d81a63415b7109529ee2a4b06d7d3072730f909ebd2636f77392dd6a55d2012bcc1c4a1

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NAJ212Y8\67b5dd8c.index-docs[1].js
MD5
a922033c70c0f51a14a70eb5620df30c

SHA1
6053c7b9bdfa862d9cd853d8017dc5c7b35f280e

SHA256
66106f3f93775d6a4d1b383af1d4711c83edc86aea5f5dbea87175b551a9ccd2

SHA512
b51d154444e4b2fecdcabedb3176f0393bd83dabaa07e4d80a459095a5a5126a547a64e6718fc54eb0cf0aa786b1731cecdf6a0fbfe6387ff1cefc314f2689b2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NAJ212Y8\TeX-AMS_CHTML[1].js
MD5
a7d2b67197a986636d79842a081ea85e

SHA1
b5e05ef7d8028a2741ec475f21560cf4e8cb2136

SHA256
9e0394a3a7bf16a1effb14fcc5557be82d9b2d662ba83bd84e303b4bdf791ef9

SHA512
ad234df68e34eb185222c24c30b384201f1e1793ad6c3dca2f54d510c7baa67eabdc39225f10e6b783757c0db859ce2ea32d6e78317c30a02d1765aee9f07109

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\T0HU796R\5cce29c0.deprecation[1].js
MD5
55bb21475c9d3a6d3c00f2c26a075e7d

SHA1
59696ef8addd5cfb642ad99521a8aed9420e0859

SHA256
3ceddaf5a1ed02614ec6b4edd5881a3ffb7ec08116154dff8eb9897230bf5e59

SHA512
35261ddaf86da82d27a29f39a7c6074a5f0e66f5b0a8098c7502289fb70b186371a7fe71410baab6cc6b726e9338afecee9f8bb075047a055723fb5e2f09b9c7

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\T0HU796R\SegoeUI-Roman-VF_web[1].woff2
MD5
bca97218dca3cb15ce0284cbcb452890

SHA1
635298cbbd72b74b1762acc7dad6c79de4b3670d

SHA256
63c12051016796d92bcf4bc20b4881057475e6dfa4937c29c9e16054814ab47d

SHA512
6e850842d1e353a5457262c5c78d20704e8bd24b532368ba5e5dfc7a4b63059d536296b597fd3ccbd541aa8f89083a79d50aaa1b5e65b4d23fc37bfd806f0545

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\T0HU796R\latest[1].woff2
MD5
2835ee281b077ca8ac7285702007c894

SHA1
2e3d4d912aaf1c3f1f30d95c2c4fcea1b7bbc29a

SHA256
e172a02b68f977a57a1690507df809db1e43130f0161961709a36dbd70b4d25f

SHA512
80881c074df064795f9cc5aa187bea92f0e258bf9f6b970e61e9d50ee812913bf454cecbe7fd9e151bdaef700ce68253697f545ac56d4e7ef7ade7814a1dbc5a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\40B1KBNG.cookie
MD5
0130871895b88356d86f8152ada422a9

SHA1
8a05016e2bd9feaa91ea92b7a95bab24d903e7d8

SHA256
fda422fe080947a5703b2fc3a6d21bef9477e11a45614b34308ba2ac6c3fd99e

SHA512
3918e6c771e456e1efe4a55b443ee7a1672ef56f7dfc4455b62f19277d697c6dc5973e254f3688fb1a4cbb8297e9dc6b67fdae86a56b63df71406fae2f39ddda

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\55AYXW1P.cookie
MD5
4a1ed58c8d3672472af22ae074bbb97e

SHA1
d92be778534256c6316f034232670b0b2341f218

SHA256
ae9282b818b7c25d6e32bfaec995c5aa5e305ce9d54de1931b524111b1d5f4e1

SHA512
69573e24907209d80bb360ed3b2e34b27ccf131a25be63a4c4ae6f691d22feddb507aafd5b75fa39f7b4288604e8ced1bdccf7063bf049ed5901fbbd94170cb1

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\HG33PQKW.cookie
MD5
ac7348d158ddba82e3b85d1a736057a7

SHA1
6163ed0cbaf5cb1a3db311c108deedd55b92bfaf

SHA256
6111bd1dc4b21ec68efef3eeb67e83b9471eac9b1b26b01785712ca7cd4a7d25

SHA512
09a995f52a19a2c078b240ad42a453a1b1ca0d8cf772e78b9c49985f74b6a896db3c8545224dc0d810a7e3e6b0623a5628fff3c149557195c08a74e65b8cb328

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\12B578593FDE07EC53D020B1D5DEBF3B_5D74C2DB556F94499BCD6D74A36958A3
MD5
14f76491ae148d148c3ab39158023747

SHA1
0ee4da48c336651d747e2b983f5bebe5b0b15d72

SHA256
39b827ed22a1e441321181e0e69a947f99823b92ab117c92807382df90924744

SHA512
2f73b0b46ba0a53570fda16886c7db81369c6e25b7895aa82929020ebad0383c63359ebe228559639f0aed7405a4eb69be0a631a24ea30bfb64b64dff8c21bd2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\2A7611428D62805A3E4E5BC4103D82E4_D0FA13DADFB59BDF00C474952E166CC1
MD5
9c8f1ec5cfe3aca05fa2c1f6fb0342f9

SHA1
c9c0b1eb3a89a45ffe7532bc9542fee1a7c9e068

SHA256
f4a064dd8234c011e9c7538be7680602695f165b19721edadb0f1d81c1419ff6

SHA512
a5bee7b0b018cf00444365ebf2d0b481eb7889b7e11d3e21826205bfc84e505968b02588d93c2bbdd78218d3025a2082732fed5ebdeffcb1a03b1f2bdf7e8b8a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
MD5
fff102e603c3266dc096be20a1a396e4

SHA1
c0ab0c186fa0ce38f741ced8c7c598db4a8d8cd6

SHA256
42e851a9d6f08a2d85fd049bf064c86c8055bedb38d61ed7a8ace5875dde4d0d

SHA512
ea05f41ae1f7b9b47babab24f429e2749ded3c4c67c2390f9eb5f30a7ccd967b98b42c2d7f324e3617ff1ff4369105954016d808de0868fda05de80ab1fe9c06

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_AD319D6DA1A11BC83AC8B4E4D3638231
MD5
45ebb1a5ebf162951855794e66df869e

SHA1
f126a648d5ea98ae8b945c2af4dd01263e8ac8df

SHA256
0c1aaae7e120581a51c4538081b42e65b1fe37c450530d8e3fe7205d8b5d5a2f

SHA512
7a44f2f03a70ec3d0f4a97e07eb21e9ff4fad645deff208249d6839b76b796b1378ae8c9fa2424fe1e22e201df7afc134f182d2413fac924711752ac111c2763

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C5130A0BDC8C859A2757D77746C10868
MD5
3153c823249cb4a788d1ee7b1f2e2eae

SHA1
bc2e7fefa454759a89def4717aa98792f0beb5a7

SHA256
cffc9e1393473846ea910db6e48df8e9f639544bd2465346b42d38dec38d1dc2

SHA512
b49802ce68462d307fda50d7eae675252f7ef39107185152943ff25d6567333108515366d319c657fda3e3c945f63fc8b6d703eb10b0957fc5eb758eba5d3e54

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
MD5
2a7e74030655944880f6ccdbf51b1e26

SHA1
089d54d40e10f9f2e6ae576e209dfe00e82fccce

SHA256
da63af14f5d11721557df1ea78f9c4de24713c5caac4127ff1dc33ae1d7c1489

SHA512
5dd74faf8c637eaa61b98b77a3c5b532e03e2eb60c6f9521b228930a059c8dbe33ed3bab326439742727e544868b33859b98ec8ca479646ffd42977d0c7c3749

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB
MD5
e20ff71dcd2d2d9db70e6781088b185f

SHA1
d2ef7edecc4cc9324177ae2fedbcdf0a52f073b0

SHA256
5a9c1cd1770e3cd8624ded2b7f3620affcae5958dc91f4ee787503fac99b5bbf

SHA512
9920b405f1fe1ae176acb803b2626bec3910c383564a751ab2706b6598f80fab1472de485cdcd0b20d7e8077db230db8ef0fd0d9f2eb969312229fd066277f01

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\12B578593FDE07EC53D020B1D5DEBF3B_5D74C2DB556F94499BCD6D74A36958A3
MD5
3491d8bdf024b313593ceb63aea127b8

SHA1
cdc0379785fb5f7e49792ba35cffb1fb4b7b77de

SHA256
022bf34919f832c1bf94f6fe2312a6bfdd702e7163a17fb2282616e367bec9fa

SHA512
dd6fe147152abaa5b6b25fd0fc2d7ea73675430835fec0bb13617a1fe71296323c38153118b8612a67e0177d9a98c934ec42084e6c5f3b9d4c5f5026641a9667

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\12B578593FDE07EC53D020B1D5DEBF3B_5D74C2DB556F94499BCD6D74A36958A3
MD5
3491d8bdf024b313593ceb63aea127b8

SHA1
cdc0379785fb5f7e49792ba35cffb1fb4b7b77de

SHA256
022bf34919f832c1bf94f6fe2312a6bfdd702e7163a17fb2282616e367bec9fa

SHA512
dd6fe147152abaa5b6b25fd0fc2d7ea73675430835fec0bb13617a1fe71296323c38153118b8612a67e0177d9a98c934ec42084e6c5f3b9d4c5f5026641a9667

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\2A7611428D62805A3E4E5BC4103D82E4_D0FA13DADFB59BDF00C474952E166CC1
MD5
2a4778026f5fc39ed269eb7ea1f273e5

SHA1
cbb6c2dd9c5646922c3bb98caaa281ae164887a0

SHA256
0f4805bae8f69147686dc4e850dd0a856ce196b00ea5fea1c8e389253c51b587

SHA512
e0510d2769dc0c4119b863038c22e277124d4fc2109f0c9b7b46ab7c7a60a8cff931d7f882a91a1f52c7a41d536ae388c2197174977bec59ef3618666320c2b5

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
MD5
1ebee557387c5a5ed25fdb9fdc1bd47e

SHA1
b8fe20100af91174eb4b594720d06c90ba5e5ac0

SHA256
cded22ceec5071422d25ff564bf4da9ee8c20d9da457e9100eced065818063b5

SHA512
f4ed7265ee82af38b3bb36e1f48597771ec735e3228fad40b02cbc9f53e26f4ee844fff256ad7fbda79188f76cd8e2ad93153c3f1c6fc9c70154bca01bc87682

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_AD319D6DA1A11BC83AC8B4E4D3638231
MD5
3c95da0d9f2688cfcbb455706ebcec60

SHA1
eb97b4cfa839512deec1fc3efd5e82a90ffdcd00

SHA256
5978f9a3793741e465bafba5324c0beea9e5416f3464416c86761b152ca8428e

SHA512
b4a2854fe8b5b11c09ab68d2eedf42a30d199da274af9e5db8ed9786a4b0d7b5740719c0afb159ab4154a3a494b416cad9c6da75a21d368d095fa46b271ab562

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C5130A0BDC8C859A2757D77746C10868
MD5
14ddc0cb64032abd4cb9ce7d60cb1c19

SHA1
347cbdf52f5c169a9fc76c2830f5756e6cd4c869

SHA256
b94adc1ed1cd938a15c1b5b40217da9bd0c6afaf80dc44b3325995182c2efb44

SHA512
2412c52b283307fc693290e6346538d5f78724f90a7842ae8ccec16337a9cd58efe82c4729bf6925ae4113dbcb2a2357018efec0e2381a9a9f4b647f17d11dcb

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
MD5
73b55d5aab16e3896417646331fa30da

SHA1
1ecd94c98594ef17b569c31134746ce6057bc8e4

SHA256
ef69b02ada5c5f73199a467d57be3a665bc155b334b6d9926da54ebfafe84c1c

SHA512
11c0a4124753ed49fe2f86c5f3978ed557764e74aa520c92fd6ef2139c5c559961f82b344ef72a2828a5f43186d0ce25bf4c760370f19cfe0ba28735f13f9f62

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB
MD5
8609f1593b325431c91836ab8b55cecb

SHA1
e580ea5a41e1dd777d537330d7efdd506810884f

SHA256
8ac92b65d2dff05a737e9710d87cb4ef50940757aefe9cb90726d36c52ca4eb7

SHA512
cdc5fa7342bcea8529278087f60052d97ef2e4e9770431ba0daf088a9d83f4243111f0a157eded7edb830a9e0d7984504685f69e2e65745f17e3ddf6b7b42506

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB
MD5
934fc639de185cc14fe28515d00d79b3

SHA1
5b131250543f3bcf31b89bdd7809fa4bbb23f7e6

SHA256
92537888404b016c184d25f04978a03c0d6562286e76876779c30354c3833e4d

SHA512
1ffde6892f14534c7dface1f2081dae8107e2d037657ea3560e5764bed5f63fe88b7452fa9ab5643c424e784c6035af5c6fd04e5510dbbb5349479570e59332a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB
MD5
934fc639de185cc14fe28515d00d79b3

SHA1
5b131250543f3bcf31b89bdd7809fa4bbb23f7e6

SHA256
92537888404b016c184d25f04978a03c0d6562286e76876779c30354c3833e4d

SHA512
1ffde6892f14534c7dface1f2081dae8107e2d037657ea3560e5764bed5f63fe88b7452fa9ab5643c424e784c6035af5c6fd04e5510dbbb5349479570e59332a

Download Submit