828e8b134bfe520aebad1d1bf16c163073a521f198a7c86ca3bd8cc5ae9ac4ec

Analysis

max time kernel
63s
max time network
64s
platform
windows10_x64
resource
win10-en-20211208
submitted
11-01-2022 16:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Invoice_789.pdf
Size

406KB
MD5

277eb9fddc3247aeb3be7bf9eb123bb4
SHA1

c9372f57f1f57f6224664a5ec753a9df8075dfa2
SHA256

828e8b134bfe520aebad1d1bf16c163073a521f198a7c86ca3bd8cc5ae9ac4ec
SHA512

441070bb4ba9f46be362d78bccbaa83c0fb80291767821c6eff6947398fb39b62e0fa3936c1823c5c15b7256cf6b87cb653f679d0a58e3e33c5dfe3a2aad7b80

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 4 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
File created	C:\Windows\rescache\_merged\3720402701\1659841449.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1659841449.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1659841449.pri	MicrosoftEdgeCP.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

Processes:

AcroRd32.exeMicrosoftEdge.exebrowser_broker.exeMicrosoftEdgeCP.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 1ebad7e0bdedd701	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-08760 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Extensible Cache	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\avexanimation.com\Total = "1553"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{7023EB04-E243-47DF-9E9A-E352F76E0D89} = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url4 = "https://login.live.com/"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\New Windows	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 0000000000000000	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\avexanimation.com	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\LowRegistry\DontShowMeThisDialogAgain	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url2 = "https://login.aliexpress.com/"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\avexanimation.com	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 40496edebdedd701	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "268435456"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "1535"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\avexanimation.com\NumberO = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\avexanimation.com	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Roaming\ChangeUnitGenerationNeeded = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\MigrationTime = bca03f4542ecd701	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url1 = "https://www.facebook.com/"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\LowRegistry	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\trust	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\ChromeMigration\MigrationTime = bca03f4542ecd701	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\DetectPhoneNumberComplete = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\New Windows\AllowInPrivate	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore	MicrosoftEdge.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

Processes:

AcroRd32.exe

pid	process
3844	AcroRd32.exe
3844	AcroRd32.exe
3844	AcroRd32.exe
3844	AcroRd32.exe
3844	AcroRd32.exe
3844	AcroRd32.exe
3844	AcroRd32.exe
3844	AcroRd32.exe
3844	AcroRd32.exe
3844	AcroRd32.exe
3844	AcroRd32.exe
3844	AcroRd32.exe
3844	AcroRd32.exe
3844	AcroRd32.exe
3844	AcroRd32.exe
3844	AcroRd32.exe
3844	AcroRd32.exe
3844	AcroRd32.exe
3844	AcroRd32.exe
3844	AcroRd32.exe

Suspicious behavior: MapViewOfSection 4 IoCs

Processes:

MicrosoftEdgeCP.exe

pid process

404 MicrosoftEdgeCP.exe
404 MicrosoftEdgeCP.exe
404 MicrosoftEdgeCP.exe
404 MicrosoftEdgeCP.exe

pid	process
404	MicrosoftEdgeCP.exe
404	MicrosoftEdgeCP.exe
404	MicrosoftEdgeCP.exe
404	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	pid	process
Token: SeDebugPrivilege	2416	MicrosoftEdge.exe
Token: SeDebugPrivilege	2416	MicrosoftEdge.exe
Token: SeDebugPrivilege	2416	MicrosoftEdge.exe
Token: SeDebugPrivilege	2416	MicrosoftEdge.exe
Token: SeDebugPrivilege	896	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	896	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	896	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	896	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4104	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4104	MicrosoftEdgeCP.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

AcroRd32.exe

pid process

3844 AcroRd32.exe
Suspicious use of SendNotifyMessage 4 IoCs

Processes:

AcroRd32.exe

pid process

3844 AcroRd32.exe
3844 AcroRd32.exe
3844 AcroRd32.exe
3844 AcroRd32.exe

Suspicious use of SetWindowsHookEx 9 IoCs

Processes:

AcroRd32.exeMicrosoftEdge.exeMicrosoftEdgeCP.exe

pid	process
3844	AcroRd32.exe
3844	AcroRd32.exe
3844	AcroRd32.exe
3844	AcroRd32.exe
3844	AcroRd32.exe
3844	AcroRd32.exe
2416	MicrosoftEdge.exe
404	MicrosoftEdgeCP.exe
404	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

AcroRd32.exeRdrCEF.exe

description	pid	process	target process
PID 3844 wrote to memory of 1892	3844	AcroRd32.exe	RdrCEF.exe
PID 3844 wrote to memory of 1892	3844	AcroRd32.exe	RdrCEF.exe
PID 3844 wrote to memory of 1892	3844	AcroRd32.exe	RdrCEF.exe
PID 1892 wrote to memory of 404	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 404	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 404	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 404	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 404	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 404	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 404	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 404	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 404	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 404	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 404	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 404	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 404	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 404	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 404	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 404	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 404	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 404	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 404	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 404	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 404	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 404	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 404	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 404	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 404	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 404	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 404	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 404	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 404	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 404	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 404	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 404	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 404	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 404	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 404	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 404	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 404	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 404	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 404	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 404	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 404	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 1784	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 1784	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 1784	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 1784	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 1784	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 1784	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 1784	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 1784	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 1784	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 1784	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 1784	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 1784	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 1784	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 1784	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 1784	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 1784	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 1784	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 1784	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 1784	1892	RdrCEF.exe	RdrCEF.exe
PID 1892 wrote to memory of 1784	1892	RdrCEF.exe	RdrCEF.exe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Invoice_789.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3844

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
- Suspicious use of WriteProcessMemory
PID:1892

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=53DC7E3F30006FEC57AD627043B99ABB --mojo-platform-channel-handle=1636 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:404

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=1DF25D624B4CBCED7CCA17527B55B486 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=1DF25D624B4CBCED7CCA17527B55B486 --renderer-client-id=2 --mojo-platform-channel-handle=1664 --allow-no-sandbox-job /prefetch:1
3⤵
PID:1784

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=4FC72426DE544939E822B1AFA12D9A7E --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=4FC72426DE544939E822B1AFA12D9A7E --renderer-client-id=4 --mojo-platform-channel-handle=2072 --allow-no-sandbox-job /prefetch:1
3⤵
PID:1208

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=CD75294B909DC55786DC773787D17EF1 --mojo-platform-channel-handle=1728 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:64

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=16BA7E1F80027E0B1010AA2B7A20317D --mojo-platform-channel-handle=2492 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:2264

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C9A4165BC8EBD6FAD1F6A46D08585FE2 --mojo-platform-channel-handle=1624 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:1452

C:\Windows\SysWOW64\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://avexanimation.com/images/mt/cake.php?ajax=ok"
2⤵
PID:3116

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2416

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:2196

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:404

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:896

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:4104

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4256

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FA4I7ZM9\6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7jsDJT9g[1].woff2
MD5
de640e729acabb7a1fa4c5c8f743bfd2

SHA1
aa13646d98555b48de1ca703350e0f0476793250

SHA256
b7674ffe62f13700e8703f499d25614d273a26874fc1c5ae4a3dbc5f6296c7bc

SHA512
e3e619f4b5050f37476fdf56d00829f6fd67e41dc0b140aa6b876684ade5d76e64e9d6017e5a0a15fecc6e546e69e9be9fed013aee4f18c5e339e70ea8e260c5

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FA4I7ZM9\6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7ksDJT9g[1].woff2
MD5
2bff4cbf49d6c4d410e7e826e4c180dc

SHA1
2387062ff752c6210bad4145947c5400827d9b2c

SHA256
13d60ab4d0060e9ef18d2a386bce15f69053182da9cfab5a4baac4815f1ea936

SHA512
3daa96c0a432525f1cb319d49a5a95534a3de8d745a5c472f7a90cb69082a95b5b72749c829189e2d72002900c16039df2acaa5f0859e85f6b32c59fc81bcdd3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FA4I7ZM9\6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7nsDI[1].woff2
MD5
0408305af8e45ff50aa09d3d3732fc01

SHA1
3ff33e34998c68f480305e1d91adcd1ed8a2a7ee

SHA256
6b49f18370ab654be0367fb969d5015649fdf5406bcbec33e5b0644f4bb7fe0a

SHA512
61b96173670a3b916f8875e3ea10e17486e737d885d14969c180f427bcecf317061b57488aaf9bc734fc2ad40e55bd534e374b15db904006799380fa51e13aa9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FA4I7ZM9\6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7osDJT9g[1].woff2
MD5
37bddcbd0ea5b8026bbe7f9f44a31150

SHA1
edda1edda32448792b233b20d5a5b0f221c840c2

SHA256
159bc2e72d94cfd9f5ffa573e1d1a45b1d5a79faff4f13ea1c2098c08c6fa6dd

SHA512
dc9590cf9ee053263024b80af329ce3be755970d513ad90fc0df2ea650aa6cb26e53c4fdce93fa01c7e6cca87a67f042351c52d0d7bb2412757911d0b76e9da5

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FA4I7ZM9\6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7psDJT9g[1].woff2
MD5
718a866b25c851a31ffe030a20d079ee

SHA1
d83f2562c01b0decf7bb2d46a7d96145537d4201

SHA256
96c42fbd55c395958352cdcdaa19f5385406c8672d3206ecf5765ca836a65fdc

SHA512
91b934826790c1c69867adc0a0f125a113d4d78586642bbd3812a570a27f6dff27c59a612b6903d2523a7e1b8762f84c8f96180237931623e631471dd14a2a00

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FA4I7ZM9\6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7qsDJT9g[1].woff2
MD5
9130b5b5345debcaf198be831d2a28e3

SHA1
0f1a5461b3f69d5262989e2642e4ab8220d7513b

SHA256
acb92e2547ccc07a9e3273ffa46cbcb9f13e6e457690791f7a6944d2d37e496a

SHA512
350f404700bb3af26f89645fda690eba8383abeccaca8fd80b5a49f037744041756e6476e525fcf20ee330736f13c71ae467b3238aa505c2522ce415c26690b8

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FA4I7ZM9\6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7rsDJT9g[1].woff2
MD5
de640e729acabb7a1fa4c5c8f743bfd2

SHA1
aa13646d98555b48de1ca703350e0f0476793250

SHA256
b7674ffe62f13700e8703f499d25614d273a26874fc1c5ae4a3dbc5f6296c7bc

SHA512
e3e619f4b5050f37476fdf56d00829f6fd67e41dc0b140aa6b876684ade5d76e64e9d6017e5a0a15fecc6e546e69e9be9fed013aee4f18c5e339e70ea8e260c5

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FA4I7ZM9\6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSdg18Smxg[1].woff2
MD5
b142fb7342f1715405e2a439b4583a82

SHA1
fb731c57b0d095a8fedbf9e61730a691bf95ce34

SHA256
abd2ad82006a2447aa89bc49edda5482a9bc645e9f0b24cbe7712d04ae75e696

SHA512
28890767b91a1aedb3afe0691791708dd3123a1f11153a33fa1690ad058e88dc7981b1790df75747883de90ec645cf390b0131ec96556de69b39e4a925ca86ec

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FA4I7ZM9\6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSdh18Smxg[1].woff2
MD5
bf8908d91b2e3240f9c15b913478c450

SHA1
2eb5b8ea94c5bb0f973ba05e9d8a477db59ba869

SHA256
72cfc2f6b3de2355721b10b90854e7dc5859936d89c0113e060836b44f532cb1

SHA512
25d73d071e28990beb0db7e17b04a457eb7ced76fc98fcdd8ad8c119a998900155a49b65d37e59e9f66788dc03bf3c15d89a97883e6cc4d02b4627dee2f175f3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FA4I7ZM9\6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSdi18Smxg[1].woff2
MD5
b258cde09670640baffc73c604e155ad

SHA1
048f5e30bdee28a56ccf0fc0e141868d57290180

SHA256
fc16f1e261ac97230a68c38ac08a43069e5cf71019b9f92c06b87087ef1bf4fd

SHA512
526a439f6ac1dbc0c191ed120a5b15ce9a89e36384cbfd5b7786e40af5aa133cbdb269a98db4083848be8b0d9c0246f481e70eec60037df9768e1e84634d19de

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FA4I7ZM9\6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSdj18Smxg[1].woff2
MD5
f59a2bf90e3f4ab8a3f138feeaefec67

SHA1
7925395d91ab634ed39a2b9763673f80d3206212

SHA256
7755b417b48c79a2bc6e2f74f6a37557f4abc7f4ebad386ced33ab5fea38604c

SHA512
6cbe5f2303858dbd9650968fe82f3b14ac4e09417313ae04af643acac9cd680c42186f42b0a5a2b828328c0365bbc915442f9535d60b11551778155ca285b46b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FA4I7ZM9\6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSdo18Smxg[1].woff2
MD5
b142fb7342f1715405e2a439b4583a82

SHA1
fb731c57b0d095a8fedbf9e61730a691bf95ce34

SHA256
abd2ad82006a2447aa89bc49edda5482a9bc645e9f0b24cbe7712d04ae75e696

SHA512
28890767b91a1aedb3afe0691791708dd3123a1f11153a33fa1690ad058e88dc7981b1790df75747883de90ec645cf390b0131ec96556de69b39e4a925ca86ec

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FA4I7ZM9\6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSdv18Smxg[1].woff2
MD5
824aedc3578953b64e3e8a2dfd9abb3b

SHA1
62b8d576353b9b497747175f7cd23f52a6f7f240

SHA256
de8911ec14c841e32b0f331fcbdd56993bdda2f0763ada23ebfcb1e391e20f07

SHA512
4d453cb81f74a1fbf7382e01decbdbd5c54fdb8d1ce214cedbfabb59b14666d00f658a1671d01a0de2d03fd02ae2fda81cc65bb52a44c4b3e1776a2dfd4885dc

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FA4I7ZM9\analytics[1].js
MD5
d40531c5e99a6f84e42535859476fe35

SHA1
a901817d77b2fe5259c298c91bc65c54d7f8a1a9

SHA256
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

SHA512
0a0272b56df74d6cad69f3c56392e0eefae0516839bc487c1dc9f7bba922c9e29f942e95bd280b14c2f21f1f264392b68b47fe379eec7375ddad3c107fcf9afb

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\K4OPJ54F\0QI6MX1D_JOuGQbT0gvTJPa787z5vBJBkq0[1].woff2
MD5
6b6f359a84c898e18db3ad650ad9d54b

SHA1
8341f780d223fec3febd61d78afbecea77e5284a

SHA256
a5d9bb5c1067545ab7bc5ec13a1bf70b5e58d858343a06bcef6b6dd74dfa935c

SHA512
12096d656447a9d39c5bae2518bf0d8928e5a6dff6c309c17e575f81da47328470eade455407b3708da4a1e5218aa749d268c95df47e9462bcd3cba2a5bc3be8

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\K4OPJ54F\0QI6MX1D_JOuGQbT0gvTJPa787z5vBJOkq1umA[1].woff2
MD5
581da278e9af5d0843fda2c7dc5cdd18

SHA1
ab36e16d0c3493ebe449a022bd581d8cc72f879f

SHA256
3832b63b65fe1f44d9db9d1aceedaf4ca65c9cda636d72d1e1c721053bc44824

SHA512
4b2c0854dbff67c7ef0ee3811724ccb7cd6a492ca4c925f19bb58235f36b377117e104a686843b1a41c7beb22346eaf57844ee2fba766791e481d2a1a846813c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\K4OPJ54F\6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlBduz8A[1].woff2
MD5
3adb560db85a7533fee94e0fc278fe93

SHA1
a8f8386bba71faeaf188847b39febe9ca73fd72e

SHA256
7a9a42dea576619d891f017b83fb42c4b41565c30d266d767a7ff0c10d02f97a

SHA512
5c169f870fa3a0f5596eaf96db8f44d79ff7f92800e30e09b41c2a7506996cfe560573fa13c42f906f444012dd9bdebbfcfc4eb22ad778d8202bbc51a2c7903e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\K4OPJ54F\6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu[1].woff2
MD5
8b3ed539e3d76d4bd5649bd4bd06d181

SHA1
b2aa94477a9961b17bf518703f53859901e66295

SHA256
7209c26bc245ae1b293f4b9622201b1dc97282229a2e8fcae555f36caa8650e8

SHA512
0b00b64250b245a770b231fd5ef31787017fae10ef7db348174a5c9c75bfaff68d47f145b04cffe61ed44d12e78de78e6c1fa877f90d2ecefa927992363312b3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\K4OPJ54F\6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwmBduz8A[1].woff2
MD5
2ec081d7bdf9ed3aa2881dc4e6d5b479

SHA1
91d3530453b803c2ace16b1c0d466e4ae25ba7f0

SHA256
4de44eab29462e426981eca31a2e82331fbc494e64633889321a3b8db175527c

SHA512
bfd29e17c0115ada166d4b052252d801738efd71b899b735a92ed647ce6a66bb4ce4784dadee5ca3231cdfaa0c31c589e83a73b183ee72129de796302d368c44

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\K4OPJ54F\6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwmxduz8A[1].woff2
MD5
cb76770fed90fe39f421ced1c1b99189

SHA1
3adc32f825039a0ddd28ec57f4cb3633028a961f

SHA256
3c96ed0139d211de6f6ec5a3f042c5d51cd8ab06fa10cce8511a2c85d0e0d2fd

SHA512
648615188a28e8cfc37a77b17d141eed81cbddeb2e9acd2678bd7cedf47f78de8db4c09a737d090bd8e36d18f42d31119e9547e5114d1ede5ae3159b53c1d220

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\K4OPJ54F\application-a03821969dec51515aef904c96b7b22223902779dd85f97251559b15d66fc503.js[1].js
MD5
e25c23a010e8b15583483abce9146116

SHA1
f9963b328690fae3710375fdba426872de81e5d2

SHA256
a03821969dec51515aef904c96b7b22223902779dd85f97251559b15d66fc503

SHA512
575370dd7083b7b75f52a30d312ed1463beea889dfa96a3ded76c7a64e27260b0c463417a24e034e00c8b474809fb67090256e45ed6b5abcd02ff532b0f2fb36

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\K4OPJ54F\bbb[1].png
MD5
b69b7e77a541576009ff85da482d48f4

SHA1
95fcf3b9ad65ff0efff225629e21c6482962b584

SHA256
895c885e0ca3956c91dbbca5868c7c2795f1be81bca480028cc3dda31e12e448

SHA512
013d132832cedd26e0a3309ab0d41412bc01fd9cf49ae8ab12553e9ea694102730291170de495e37eabd453667d0131f31d62a0cab9bb32e2d7241d39bb08637

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\K4OPJ54F\images-microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd[1].svg
MD5
ee5c8d9fb6248c938fd0dc19370e90bd

SHA1
d01a22720918b781338b5bbf9202b241a5f99ee4

SHA256
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

SHA512
c77215b729d0e60c97f075998e88775cd0f813b4d094dc2fdd13e5711d16f4e5993d4521d0fbd5bf7150b0dbe253d88b1b1ff60901f053113c5d7c1919852d58

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\TQFBN924\0QI6MX1D_JOuGQbT0gvTJPa787z5vBJFkq1umA[1].woff2
MD5
da5cce7deeb06755b2a25cd4f4f1d276

SHA1
c4004cc5beb0990a376766b1ca0aacfdf6045730

SHA256
e4870a9e287f0f5e3b5a4bc0622a13bbdfc24f5903b7a92f3c96099acf866816

SHA512
71fe375ce836ed53d92f44aefbe2209011d5a626ff6414e01c7dafd648d916a1577d9ab4bf087e43e2df277b3eff6e08f6f9d3418e90fc2334ca878f5747974a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\TQFBN924\0QI6MX1D_JOuGQbT0gvTJPa787z5vBJMkq1umA[1].woff2
MD5
0d20722cbf08c1e2bcecd45121147b41

SHA1
dac85674c04b9d1a933891c12425046629923a57

SHA256
97bed1d6ed0353568e6e7e130b81f266f91f8cd34264101423346e8281baaada

SHA512
b5ebb2f890f95799941cd876dc36469486198a19424216a15426ffe98ec0c1f7af076127f3f5c35c4cf747dc75b2d66f35040d09c78dcdab61f70ba659c59d78

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\TQFBN924\0QI6MX1D_JOuGQbT0gvTJPa787z5vBJPkq1umA[1].woff2
MD5
83a905b7e33bc95d083c54e697409dd0

SHA1
887d30850024157fa8be6f43a58cd4a7db7be97e

SHA256
932fb752c418fcc67d3575afbf2767c20b8bb0075cf7eeed3ef3cddd38aa153e

SHA512
4ff72e7bad5b6457ecccfa5a132c7f4cb591f83c38684360358e6c96c64e35074b19fb576450231ed1469a139b41cde2cc67861c986f43e9b17f6a5d19bd5e9d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\TQFBN924\6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwmRduz8A[1].woff2
MD5
e65a22778da0d148c4b2e5622381eeb5

SHA1
1588442e1a3df4b766c986312e8feb13ef075088

SHA256
51b92baed544da51ed74076ee2a3b3e8a4fb231ddf6647195723ef16fa430291

SHA512
03066bc5d8684229c69ed69cb383003bcd987bcf05db8f580f7ff66cf93e191d4cf2250f8d206bb769e1e218c48ad0fe0e3213b2b0978ca4b02c26825b30886b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\TQFBN924\analytics.js[1].js
MD5
d40531c5e99a6f84e42535859476fe35

SHA1
a901817d77b2fe5259c298c91bc65c54d7f8a1a9

SHA256
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

SHA512
0a0272b56df74d6cad69f3c56392e0eefae0516839bc487c1dc9f7bba922c9e29f942e95bd280b14c2f21f1f264392b68b47fe379eec7375ddad3c107fcf9afb

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\TQFBN924\application-384077c43dddcfdb3603b90d581812b40859fe7e69bcdd46e147fb30111cb048[1].css
MD5
f1fe152387604b31523da6b62050ba57

SHA1
99781c9575bf4677276c9bfe4b7e849d96762f63

SHA256
384077c43dddcfdb3603b90d581812b40859fe7e69bcdd46e147fb30111cb048

SHA512
49b701ae775e139dca7527074f94f4fcce82c21caf42b81baefd1792a75b4fdf2e583cf727b88b88de1bad2229642b40a1553c2e35b897732f5124e85a183454

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\TQFBN924\css[1]
MD5
0886e3d6667d97f9a7e9e916fd7a56d9

SHA1
7937c228766cedc37013e7f6245c28b670d4c4b8

SHA256
d421db3f1a99d2dcc188359dc347da043170c8f56f899e97f76fa0a2fa37feb6

SHA512
f53d8d1e6b9c301298acb40702eb6d5d7705afbb45e48853faa90206b89b6e99a424bf0037918a542d8b9568a8eb00cf37676b4b1724e5901d178034104c34b9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\TQFBN924\selectize.min[1].js)
MD5
58959fa3ce7ee99b4a56f1e7ef5e5b79

SHA1
9fd52c13206dcc5149e580db6c6310af4537999b

SHA256
7ae2424aa5301b93c2ba6eb5cd32e8d1a331f3fdc13705e221e6e6101fe9bf08

SHA512
74ea9ac0193f4e2ce1ece31ae75c21e35a48be55614021de97c4dbdf553e39d5fa0d65b4bc80d8c709736aef8fc58ae218d5b45be3bcb268216bab87d48d3c7d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\TQFBN924\sp.js[1].js
MD5
9b1c9a5872480d4bb08968d1c7656b08

SHA1
f9c83721ac30dc1c3cdfaa38227382200caa3ad7

SHA256
6b8ee02bddec67b4e38863e28da563f65c682459773ba2a0800a839bc98755e7

SHA512
25a80f3425d8dee024a8b0209b6930f938f977f308dce2339e2a7f9ebc218ecc215d6239aa308c693cf0c5fa014172d5f461f175719a6fe16b9493842728661e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\TS57H9Z7\6xK3dSBYKcSV-LCoeQqfX1RYOo3qN67lqDY[1].woff2
MD5
52acf6f08bd6a2ece15dbd2f6089b24e

SHA1
a701052552efb945418f7950b90fa1eb12bb1c1e

SHA256
6e0839c2fc964208d157d5582aa3629465196ad2d90b9aee7ba1a480d8ec40a5

SHA512
f5dbb085350ff8aa9fb4b1548961f23720b31eeed52a34ad45e57c296b1632cf3ab00a11018cc861e7df4ee51f97f9e25885c0537621466470c7585a0fb07fb0

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\TS57H9Z7\6xK3dSBYKcSV-LCoeQqfX1RYOo3qNK7lqDY[1].woff2
MD5
ab21d1636010e122893da1c19309a420

SHA1
05c39f0c304aec1476a0a90307456635ac11d0ce

SHA256
08746b2e834b99d0a6e686b8c96d90e063682fa2c85805be6c82ca9ac4178688

SHA512
ee88d2c6acc68eea73920c1328bfbf34c2fe499e8be5357eca49a1ea0fbe28bd204399de3fe27d9d00183d6ace6955fdf52d04800ff1b80dbecd4257a204e5cc

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\TS57H9Z7\6xK3dSBYKcSV-LCoeQqfX1RYOo3qNa7lqDY[1].woff2
MD5
1b92efaf7b7dd74f11150286c92307b0

SHA1
fc9c705d7a45426d53efce8d26726379041d90da

SHA256
4ba425fa06c517df782f3d3cd065b5c4f21703896b28d1f76b810833ae00d3b2

SHA512
9021d58c4bd6d182774edaea4e1e6d41892d199f464e5b238c246293e5aaa50f2c23a6e9efe638a1d48617ec72b1fa6aedf991fc26a8ee8967132dad0a48bea9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\TS57H9Z7\6xK3dSBYKcSV-LCoeQqfX1RYOo3qNq7lqDY[1].woff2
MD5
619d81d89f24960286d052bc8843de1b

SHA1
15274ef64de4eeda33d92f1f27f9a1d79099428d

SHA256
ee519845ad25d096974439033bfbfc99578285ab9788287b915940cc7f8d3147

SHA512
0ce99de1d9e6812be0bc68e9fc806ea2e56c150b1e3166905262fb1dc47065c129f8f09032083f314dfe39240dc1f9fedd8cf0eaf06fa275cd855855b684272b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\TS57H9Z7\6xK3dSBYKcSV-LCoeQqfX1RYOo3qO67lqDY[1].woff2
MD5
734cfcaf94af1ce76b912d8f93ffb218

SHA1
bb60a29477e9b71a2dd0028cab2287c1083f9c1c

SHA256
99fbe63059288e616bf0889665f2bb74e43f9a03fe4ce8cd2724eeae502f3be2

SHA512
7e5a74cf06f226a114bf31ed8a341bcf895e00c3cafbeb286de8ecdf002cc3c190302c6f2a6fe3288fb48798770ac50c3120e814db879ce1cb25f4819d89978f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\TS57H9Z7\6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l[1].woff2
MD5
834648c5f6f2f73c3df33def9348d879

SHA1
7385e4868c41fb1e4ba48503a16235ddb8cd8a6c

SHA256
428f1eb7935944229430ac0fdce0033f05d9b8c1c020b87c681dd7a78ab4dd19

SHA512
28300867daf619011deffd7a059a655fa1c59acc57e7712e8294ab7d754760b182fc68b4d09d80bbbdf5f12598f5118ae3fbddbe7ad960336c1c3fb8e770433e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\TS57H9Z7\6xK3dSBYKcSV-LCoeQqfX1RYOo3qPK7lqDY[1].woff2
MD5
a814df893efadc94605ef4263526bd99

SHA1
0682ad869feb25d7c5a49eb856a1c7f574748638

SHA256
45cf150078bf4b82c64560f6113507d21c77b3f848514adb57e718c5c6b23296

SHA512
c7ce21984d1dd055d0843a958e81775efee3c121a242fd9aafb6f9d7a54cce9746263afc7175880d6b15d5bfe86970b4cabc6138dd3cfa0d2b18aa91a5640158

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\TS57H9Z7\6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSds18Q[1].woff2
MD5
a4aa9e98554416c6a6228c398c6dbcc5

SHA1
92cb71bb5a7ad00e935077f37e8aad215c462f56

SHA256
243d70f43a15541e81882d53fc506e0d6d7360c7f9f88046ee80db70174bb5c1

SHA512
3cca9104b5186d7e7c6c3ceb364c509eebf9bf522e0cb582aac706f735e7c5cf48b51c53b1879046251b43d6eb495e276c53eb59a353fe58e4f7b7f84828d627

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\TS57H9Z7\6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwkxduz8A[1].woff2
MD5
2d65a6bfdb500888771440c6524155e4

SHA1
addb0582bb9e9f9e0ef9c3454b701684c5a6e0a1

SHA256
10d7b260f98e80b969a89029f6ee067b0741db83afb176edf0234ad606148886

SHA512
7a91968fed358f8287ec2148f656696a10ce24e742120bcbcda4a19d8b9a9d9fae07ff9295ec5211e361c41b36f60bca2de4d682e41004e379797514a92c28c3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\TS57H9Z7\6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwmhduz8A[1].woff2
MD5
2c97aa870f28f103a6c6d614ac27b2a6

SHA1
5b78fd5d5631996623251caef0e0086e43adfad9

SHA256
f06e0f868083da6b311db5c374f8b1960d070dfa3380747ec37ddc1892d9bab8

SHA512
6ceb874f3b790093bd2d04cb54b98d3582322d48f648fd74daecc54c74dde9725b691838721bd29e1e38472662b741bef2e92888b5874ed62ad290f184a6af1e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\TS57H9Z7\sp[1].js
MD5
9b1c9a5872480d4bb08968d1c7656b08

SHA1
f9c83721ac30dc1c3cdfaa38227382200caa3ad7

SHA256
6b8ee02bddec67b4e38863e28da563f65c682459773ba2a0800a839bc98755e7

SHA512
25a80f3425d8dee024a8b0209b6930f938f977f308dce2339e2a7f9ebc218ecc215d6239aa308c693cf0c5fa014172d5f461f175719a6fe16b9493842728661e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\TS57H9Z7\twemoji.min.js[1].js
MD5
d072f2a34e52167d963147dc02fac5f9

SHA1
2ae75c639c1632d25fe00923c5bf8fc3177cd07e

SHA256
0e0e5259e3ff8ea805e0c5660c6336f7f46b14332e3cafb82939e1db3da8b6f8

SHA512
6c24276208463913359c7a512e70acd942789811a0c7557daacb6770d2d0e2f7a31f04c7461f9bf02e13eae0e3b77ee1c5be0bbdbabaefcc99ff324627fa43a9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\5UBGWGAX\avexanimation[1].xml
MD5
8a1d80a425171375e23853eaec184018

SHA1
ad540c5f7045acc3ce2382a357a18c89c4cf12f8

SHA256
13ada91976832fd300680763251ef6a16ef6b05f497c607531fd0d1b4d94f7f3

SHA512
c852f410ad24e59695668170dd134b4bef7ee4311f9a8f3b9cf70894da61a2e6e9f2481708a8f5fab340eb53e65a196035732c6b8e7113a32318c5b6741165dd

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
MD5
54e9306f95f32e50ccd58af19753d929

SHA1
eab9457321f34d4dcf7d4a0ac83edc9131bf7c57

SHA256
45f94dceb18a8f738a26da09ce4558995a4fe02b971882e8116fc9b59813bb72

SHA512
8711a4d866f21cdf4d4e6131ec4cfaf6821d0d22b90946be8b5a09ab868af0270a89bc326f03b858f0361a83c11a1531b894dfd1945e4812ba429a7558791f4f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
MD5
2e16b4a7da01e9cb15c90dd3fdefb5e4

SHA1
fae5f1cd86e72999525999da42580538e142e3e8

SHA256
c0f87a1d8beda864a8dc801d960816ce8b76155d2dfb183d6ef8f79879f8ecf9

SHA512
0c7f47a0ca38df5beb89528262b59e7211a9d2a77fbc985413fea4d11be9aef1340251dd159b6d425742e5e26e5a52341653f5e90412cdb4c8e1dd34fc2cfaf4

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\46C1E2EC8FE66B462573D5B140DE9324_00BCFCABDD5DA38686124BB9E456431D
MD5
b6f542db17979a59b46515f54cf46d3d

SHA1
177c6fea7434c0caf7f8ae688dfead67f074d7fe

SHA256
2773a68f54745eca01da86f9a51efc41bcc75dd0f5d498e0ae94c085d69cee63

SHA512
6b28b4e6a411253805353e855a462ed4cabe7df8faad27edca8baf7bf375e9c39e7b65f9065aad1b05bc3807938f1dfd0eb153140d6e8c5a50544b5fbe8df592

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\4FBCA3A7FDCA4C9B3A5DE14BDC8E9E60
MD5
2f05ff6e4778da2a42b9e737f5a1cbeb

SHA1
b8b95f1dde756cb0b279c52b53529a0413496d53

SHA256
e680292f8c4bda7bae6431b2841af56c3aebd43915600c50e612c5f874eb6e97

SHA512
2e1f94a21c9c6e33e0e0a22650572d28867ebcbf4d33d6c52a157a7e79c3bd1ddeeab075ac1ffb97877ee5ff0501edc9407930582300b44270285e9ddfb91690

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_45E3C223BCF135987E4038FB6B0DBA13
MD5
34615e035f22e0f62abb877ef4e65b52

SHA1
aded5c27a29bc6926d36951dc9eea6ee44b62187

SHA256
77da562e421b1004406ebda1a1e2576b3b04d6d6e62bbdff40b8c67e0a3c6486

SHA512
ab9bb483ca4844e64fe6f7318996ada72de5fa00881e20f3bf6aa78d01bfbfdab6c493b6a7ef464439d55aae243e45a1fce9b1df8d0b749607aa5bfc11931739

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
MD5
7742b56cc1df86678d52b26a3bace627

SHA1
276fd4d409d3696265a2e5fd618dccc85eed4a16

SHA256
15d4cd31a53b63d8e0e38bed5732cf866d71e1a02340292d895d2b461a6beb09

SHA512
e2197a59c0f35bceb42790bf95afb83d83b8bf29e916e198629ed16a15c4f4771ee084cb83593fe79a908b62985f9e0892d27b68047a3553f120d7787c48c771

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
MD5
9d3dbccb9042b115aae8b784e393469e

SHA1
cacd4f857dbd04b28a2097e93d444eaf5b3fbbc6

SHA256
dd827649bc450b7599e7683f225147bbbdd185adaefbd247dcfc5c2138bd2947

SHA512
dcde7f239d577db2c5bbee40d8ee07d0b7ce06434f1f4deac64a94b6c097d20abf37ebb0bae9820c6ec72b164619dd6a28e07e963f7a33a96fee8cf84c1b1a77

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\46C1E2EC8FE66B462573D5B140DE9324_00BCFCABDD5DA38686124BB9E456431D
MD5
eed115a5cc294891159488e0ddaf9abe

SHA1
7d41bd26767220c2b3bf4d37fa3fc6e7b0c337ab

SHA256
90f02713ba6a6071fb7703e018506961f4ffc7b12fa86755bbef954f25a6e22c

SHA512
75f7d127f4bb462c9b8cde5b1e0c203f044a7bea5a5f6a205e2a41ba489fd7d867f6c08d6470d52a4d872e3742cc9d213ccfb88048d269c5572e338d35299225

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\4FBCA3A7FDCA4C9B3A5DE14BDC8E9E60
MD5
6b8810255b2a7b84e1449bbcc20f8620

SHA1
b29f8664c88eb3095234c237d6285020e182f450

SHA256
089d968d4a3f631f3eb8f30ae2c1573eb06b1f5a7d41b2ff4245a0c554da7f3e

SHA512
c75aff4a23abbf039fd5aad40062e7213ab5c0242c9855e5468617f492e63e5de7b520eeaedd8f65fbb057330106e7f70859fa08cd0d57fe34d25520647793e1

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_45E3C223BCF135987E4038FB6B0DBA13
MD5
ece4e08d19e8b1ee2fa2c8f05016c867

SHA1
b93622f371039f3f1a32a24b495801df14bf1e9a

SHA256
36977c7ff82c7c39b76b938b6e09515b2e7984dceff2f7693f1e40e9dc355029

SHA512
0f62a307ca0b4f7633fbc42ec4a1a52f88247ac6d77c3983167848634a369d8b9ae41df16b0149dbc5fe140d5f5912d1fcdf938b276efbdb7a7116f9fcaffb15

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\Windows\3720402701\1659841449.pri
MD5
6dfa43a584ed243390dc943abac397c0

SHA1
665637e060c9da24288944b90b377a309da6d533

SHA256
4f31fe4baa7a557ed5fc2ccf57b2861946ecea6222200aca124796e251a524ad

SHA512
9561a2867cf1e73578d0206d4c73e576e2b8c7497ec1db8a69df6a35ca78e84bf01060089e45ec32e5afde6d3b1de26afcd0e411a25b615042ce5bdd575cb6b0

Download Submit
memory/64-134-0x0000000000000000-mapping.dmp

Download
memory/64-133-0x0000000000E38000-0x0000000000E39000-memory.dmp

Filesize
4KB

Download
memory/64-132-0x0000000076FE2000-0x0000000076FE3000-memory.dmp

Filesize
4KB

Download
memory/404-116-0x0000000076FE2000-0x0000000076FE3000-memory.dmp

Filesize
4KB

Download
memory/404-119-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/404-118-0x0000000000000000-mapping.dmp

Download
memory/404-117-0x0000000000E30000-0x0000000000E31000-memory.dmp

Filesize
4KB

Download
memory/1208-127-0x0000000000E36000-0x0000000000E37000-memory.dmp

Filesize
4KB

Download
memory/1208-126-0x0000000076FE2000-0x0000000076FE3000-memory.dmp

Filesize
4KB

Download
memory/1208-128-0x0000000000000000-mapping.dmp

Download
memory/1452-140-0x0000000076FE2000-0x0000000076FE3000-memory.dmp

Filesize
4KB

Download
memory/1452-141-0x0000000000FA8000-0x0000000000FA9000-memory.dmp

Filesize
4KB

Download
memory/1452-142-0x0000000000000000-mapping.dmp

Download
memory/1784-121-0x0000000000DE3000-0x0000000000DE4000-memory.dmp

Filesize
4KB

Download
memory/1784-120-0x0000000076FE2000-0x0000000076FE3000-memory.dmp

Filesize
4KB

Download
memory/1784-125-0x00000000010E0000-0x00000000010E1000-memory.dmp

Filesize
4KB

Download
memory/1784-122-0x0000000000000000-mapping.dmp

Download
memory/1784-124-0x00000000010D0000-0x00000000010D1000-memory.dmp

Filesize
4KB

Download
memory/1892-115-0x0000000000000000-mapping.dmp

Download
memory/2264-136-0x0000000076FE2000-0x0000000076FE3000-memory.dmp

Filesize
4KB

Download
memory/2264-137-0x0000000001112000-0x0000000001113000-memory.dmp

Filesize
4KB

Download
memory/2264-138-0x0000000000000000-mapping.dmp

Download
memory/3116-144-0x0000000000000000-mapping.dmp

Download