fdbdb566dabed7e26f4888cabb7c9230e96bea7f6bb44bd570ba87efc0368099

Analysis

max time kernel
150s
max time network
141s
platform
windows10_x64
resource
win10-20220414-en
resource tags

arch:x64arch:x86image:win10-20220414-enlocale:en-usos:windows10-1703-x64system
submitted
06-08-2022 12:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Stub/stub.exe
Size

1.5MB
MD5

cd57f9b56a059ce65666c2ee267f1f2a
SHA1

e1c2e55dfcacf1605fa3f75b81d05bde25986aa6
SHA256

f74dc7d939e1a44cd57d25d28e57c41a95e7080098bc1b37118ef8f51f6e2e36
SHA512

fa91e2b2bbddd9016d9f02dc6db33482aa3707db1596236f5cbe00837ba87926801f1ff1ce302e6eb3e2ad0fa8a528e7a9256e34ca1ee2249d6ef12c17d8408d

Score

7^/10

microsoft phishing

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.

Query Registry
T1012

System Information Discovery
T1082

Processes:

stub.exe

description ioc process

Key value queried \REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000\Control Panel\International\Geo\Nation stub.exe
Detected potential entity reuse from brand microsoft.
phishing microsoft

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000\Control Panel\International\Geo\Nation	stub.exe

Drops file in Windows directory 4 IoCs

Processes:

MicrosoftEdgeCP.exeMicrosoftEdge.exeMicrosoftEdgeCP.exe

description	ioc	process
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

Processes:

MicrosoftEdge.exebrowser_broker.exeMicrosoftEdgeCP.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "268435456"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Discuz!	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IntelliForms	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = 01000000be3ec789885ab50b10f3ad184b652bc4e65a6d6a1c96a8dd6d9063f17b9d9c4f4782a383f3afa86ae892bb9e92a5a9af8538c4fa711cd5cdc79ead6dc692af60ba4277705b8ee924b6974446de87a664bae96507818ee276cfc5	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\SharedCookie_MRACMigrationDone = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 4	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CRLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\ChromeMigration	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\ManagerHistoryComplete = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 32ad295c8da9d801	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\ChromeMigration\MigrationTime = e17eaf304350d801	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url3 = "https://signin.ebay.com/ws/ebayisapi.dll"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData\RulesFileNextUpdateDate = "365949801"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListFirstRun = "3"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListInPrivateBrowsingAllowed = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com\Total = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\microsoft.com\Total = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$WordPress	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\FlipAheadCompletedVersion = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = 01000000d53f10b7457369ebef54549ade3ba0962de3c67f49d9a3feea32ca1506720f0dbcd046498e60fb6511ad7db502864c01d7770e386337f7c6a0f3	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscc_inventory\Extension = "5"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\Certificates	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Toolbar	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 3b15b05b8da9d801	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Rating Prompt Shown = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url5 = "https://twitter.com/"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Extensible Cache	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = b8ab3b768da9d801	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\Certificates\83DA05A9886F7658	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1804997378-2045782378-3882459628-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\MigrationTime = e17eaf304350d801	MicrosoftEdge.exe

Suspicious behavior: MapViewOfSection 4 IoCs

Processes:

MicrosoftEdgeCP.exe

pid process

988 MicrosoftEdgeCP.exe
988 MicrosoftEdgeCP.exe
988 MicrosoftEdgeCP.exe
988 MicrosoftEdgeCP.exe

pid	process
988	MicrosoftEdgeCP.exe
988	MicrosoftEdgeCP.exe
988	MicrosoftEdgeCP.exe
988	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	pid	process
Token: SeDebugPrivilege	1380	MicrosoftEdge.exe
Token: SeDebugPrivilege	1380	MicrosoftEdge.exe
Token: SeDebugPrivilege	1380	MicrosoftEdge.exe
Token: SeDebugPrivilege	1380	MicrosoftEdge.exe
Token: SeDebugPrivilege	3872	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3872	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3872	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3872	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4836	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4836	MicrosoftEdgeCP.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exe

pid process

1380 MicrosoftEdge.exe
988 MicrosoftEdgeCP.exe
988 MicrosoftEdgeCP.exe

pid	process
1380	MicrosoftEdge.exe
988	MicrosoftEdgeCP.exe
988	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 27 IoCs

Processes:

MicrosoftEdgeCP.exe

description	pid	process	target process
PID 988 wrote to memory of 3872	988	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 988 wrote to memory of 3872	988	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 988 wrote to memory of 3872	988	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 988 wrote to memory of 3872	988	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 988 wrote to memory of 3872	988	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 988 wrote to memory of 3872	988	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 988 wrote to memory of 3872	988	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 988 wrote to memory of 3872	988	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 988 wrote to memory of 3872	988	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 988 wrote to memory of 3872	988	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 988 wrote to memory of 3872	988	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 988 wrote to memory of 3872	988	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 988 wrote to memory of 3872	988	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 988 wrote to memory of 3872	988	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 988 wrote to memory of 1940	988	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 988 wrote to memory of 1940	988	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 988 wrote to memory of 1940	988	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 988 wrote to memory of 1940	988	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 988 wrote to memory of 1940	988	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 988 wrote to memory of 1940	988	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 988 wrote to memory of 1940	988	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 988 wrote to memory of 1940	988	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 988 wrote to memory of 1940	988	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 988 wrote to memory of 1940	988	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 988 wrote to memory of 1940	988	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 988 wrote to memory of 1940	988	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 988 wrote to memory of 1940	988	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe

C:\Users\Admin\AppData\Local\Temp\Stub\stub.exe
"C:\Users\Admin\AppData\Local\Temp\Stub\stub.exe"
1⤵
- Checks computer location settings
PID:1120

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1380

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:2060

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:988

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:3872

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:1940

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:4836

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:5048

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:4152

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5Q1W3ZGU\37-8473b9[1].js
Filesize
133KB

MD5
e3b18d4a6a95306b0d89858da8f73707

SHA1
20aa07cd568f726b6984b99eed94c3809d235b20

SHA256
d6022483a43ae32ec56995126315b808b05735aa7508e8ade3b6c4c21a14f283

SHA512
fbbd13ee05db438f1c27161a5056db233eb43b7ab10daa84cd58c8aeae62505871007769a0aea8c44132bb11ed471317dc07c761c9fc1e9de90ded7b565a265c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5Q1W3ZGU\alert-info[1].svg
Filesize
4KB

MD5
853b243a660d2037534ef0aa1fa75dbe

SHA1
b8c148f283b8316101e6edb3b466f81759800009

SHA256
d1f6678537b76a69d2637a14dc4ccf178a48abf14d5fe71ce3f780815b46b85d

SHA512
190cd96b00a0537a4d35bd3f273baff5b71b5ee30ab9017c7f614518127e03b6ef98e9653d89fc978daac2241bc13203df38170da4d19ac23c19a2eafd37c151

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5Q1W3ZGU\cookie-consent.min[1].js
Filesize
956B

MD5
8e43b322c03693474b06d839837d4fa1

SHA1
c42c6458fa02771f4a0fc962bfb3cc14311e7638

SHA256
ea6c90c5174a8d235337db610bc3c84228c2e9c4a39b16701210fc375e82a18a

SHA512
6c3cce5847f2f460cfb812b484880ca583d42d9242ae5b3a1440daf7e0dca557b56c57edc460b4cf58e168f400dbfc0de164c2a846266dc61fd7db3cfd413174

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5Q1W3ZGU\home-hero-bg[1].svg
Filesize
39KB

MD5
151db21c2e4c2c163f30276469152f0b

SHA1
9561b63c99c963871da1a447bca8a801b2e5027f

SHA256
7e7f55fd1d6a0ac778deca4e11ccb740337a27f36909968c55bd3cfec431d1b6

SHA512
0416efff719e486519a22f5dfddc62f174d5948a03026e9e521992aae55411362fafa014445e830d1f2821f3818314f9d02dd5ec9b3c3cdb78201d8daed9c1cf

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5Q1W3ZGU\mwfmdl2-v3.54[1].woff
Filesize
25KB

MD5
d0263dc03be4c393a90bda733c57d6db

SHA1
8a032b6deab53a33234c735133b48518f8643b92

SHA256
22b4df5c33045b645cafa45b04685f4752e471a2e933bff5bf14324d87deee12

SHA512
9511bef269ae0797addf4cd6f2fec4ad0c4a4e06b3e5bf6138c7678a203022ac4818c7d446d154594504c947da3061030e82472d2708149c0709b1a070fdd0e3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5Q1W3ZGU\youtube-brand-logo[1].svg
Filesize
53KB

MD5
7c46377d8e519061458bd7567073aab3

SHA1
b159f1e97ef9c169f2d77c0566b1213a90c77b7f

SHA256
c48fadd0c1e1e1368d4688738cfa95622076be70dd92fdf11597dfb01263542b

SHA512
95d17ac8f9ce7d9b33feed77c56631d8922f953e9460321cf3c80fc94b2e28a62f93f032726bd39811ebbbf95a26d8066ce6c9e8de9a3d585567865a0da04dc5

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IIG15JKX\RE1Mu3b[1].png
Filesize
3KB

MD5
9f14c20150a003d7ce4de57c298f0fba

SHA1
daa53cf17cc45878a1b153f3c3bf47dc9669d78f

SHA256
112fec798b78aa02e102a724b5cb1990c0f909bc1d8b7b1fa256eab41bbc0960

SHA512
d4f6e49c854e15fe48d6a1f1a03fda93218ab8fcdb2c443668e7df478830831acc2b41daefc25ed38fcc8d96c4401377374fed35c36a5017a11e63c8dae5c487

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IIG15JKX\cda-tracker.min[1].js
Filesize
761B

MD5
37eaec9e811f81aa391f3af7a071d97f

SHA1
ca75444f071e38f8c8d3a20108d4237cffac971e

SHA256
e33543c500327801c6df16b721fed2b22c51de3974bf43c5f3e195608aa024e9

SHA512
7b4c6b786a60e4042c3b0d32ce5736b16d033d8f377700f9e4276b4a83ae75646220bed7340b5012b8927eaefa59361020a4710fe9bc3ee37e29cf8e1e00e601

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IIG15JKX\dotnetmdl2-icons-061622[1].woff
Filesize
13KB

MD5
69bd98e83eaa70274d2fcff8d71ed013

SHA1
c611bd891a63f788c1dd20e686ba40c44a4b6e79

SHA256
24cd5530dc798f9b08f7e3e48c8688b9324fa8edfc8aea24d4109fedcc6bc7bc

SHA512
a5b8429a529aa32bfe2b96d408aad99f2771d387fb45fc18a5bead5df0f6134ba9e86d01923e5745505288aaa31b4276a840d88d943d3a6b452f51b94d180551

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IIG15JKX\ef-a24652[1].css
Filesize
166KB

MD5
501a61540f1ad706f32dc3b22ffa92c3

SHA1
6e8283877b215fef5232f42c2aa6cdfdc0b7a8d6

SHA256
f5e98e2373c741c7a3d6f1c3a4b114e3f0f022c41e24ee6ba022de985eac773b

SHA512
3f08136147a867e43576136a2f5d82cd16ad65dc9ca77122b104151698451f2c702f14e63f35476f7cc461cde33e28e552a7d46c6ba6b6b6aff515e396e1dd04

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IIG15JKX\wcp-consent[1].js
Filesize
272KB

MD5
6dac845917017b70135ccf8af68d6b2e

SHA1
418dea43a8eefe05ac7138445cf7d1e093aaf17f

SHA256
768304ececf64109acb1144a4a5fb1ea56ccadf675c60b65956dfad07a8d5ceb

SHA512
205e15cc7be1b631c6ca47254207060f9eb72190f1f161ef1b1d5b3ae5d77b7382c7bdb08a38aaadae75b48d68b920d0ced3c692c1000556bc568bbea29d4e55

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\L9Z5VCND\analytics.min[1].js
Filesize
2KB

MD5
aaa69e3116e3de7a79798ee2b3ff115c

SHA1
7b15cb8b6ced649b089ecfaafa9e177eca5b9741

SHA256
50b046a4795a3b2ecc646114f4014a7ceb11e2aea52e90ee039e1096c7e0f176

SHA512
12719bb02992c574694d8adb860427f9caba476cc54c2ad2ff5e91395685032618e8200098b8438b55f16bc524697e1cb3457d04b40841fb79f2658d0e05b765

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\L9Z5VCND\bootstrap-custom.min[1].css
Filesize
216KB

MD5
ce7f184ad2311b395d533bd25c58885a

SHA1
fe303e8c38488ff10852f07b0049f88457e1f567

SHA256
0e72c8923ec63fae1eab0905682f6fd6ba865cdd0bc65fe8dc88b63be02d4f54

SHA512
ae3c7c5f38f1aebc3e80674c08aa838296f3fb69c00e5359c6d99e38cdecb2a1f756a102df032b6b5d150bbb63dd5e9b2c551804637c097afd788e4a17a155db

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\L9Z5VCND\general.min[1].js
Filesize
172KB

MD5
da2cd4b532387d516bbdeabf79c6e523

SHA1
51076584fca512d555b38cf637e2e0d20ed2b73d

SHA256
3b4948995700a56000c5fcd3f38cb803998b3eddc5f7494b1e21fa7f58a94b55

SHA512
621627d889930c24c4174211a8ab4bf2a24f6a19b83596553e898f898640cd1e6cb67c70a493a55b9259d1e0a890f761c1ad22a288e84a496eeff140c0dc36bf

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\L9Z5VCND\override[1].css
Filesize
1KB

MD5
a570448f8e33150f5737b9a57b6d889a

SHA1
860949a95b7598b394aa255fe06f530c3da24e4e

SHA256
0bd288d5397a69ead391875b422bf2cbdcc4f795d64aa2f780aff45768d78248

SHA512
217f971a8012de8fe170b4a20821a52fa198447fa582b82cf221f4d73e902c7e3aa1022cb0b209b6679c2eae0f10469a149f510a6c2132c987f46214b1e2bbbc

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\V3B00URH\ai.2.min[1].js
Filesize
117KB

MD5
85e1c3ec6fb21de4f4a754eda9400886

SHA1
ec36f38c56a1bb3da3539702db119ffcd909c94a

SHA256
726c70dd86fcc3d0253e282501acfb531f918339a52187476609db4a876922e0

SHA512
4f7d55d165a4c75ed3a4ec5784a078af6a6e8a0ee23f7f6483d44f3b236858ad93f723c8b6ed73ed75b3912c4b1e488641e6b270fff5b1d4aacea60bd12eadde

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\V3B00URH\culture-selector.min[1].js
Filesize
302B

MD5
e886b9422ab1c9a296c220de289971ab

SHA1
457b23822d9c94d763c98b681afa778b1fb2c874

SHA256
a9c2b239f8f3164d84f6bec2ed1f04f84b257b516abfb791373658300e4f2ee7

SHA512
a56b6e665783e4a6769bdd1a19c732ee3e6d9f1be010b6ab5cc4a9b040eec3be34acd8ae6322c49318e438b03ff7e1712c3a577049a01dd73a5afa0024f585dd

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\V3B00URH\dotnet-framework-runtime[1].svg
Filesize
42KB

MD5
5aaa8c37cd59979b920cd21c4a50a38d

SHA1
0ee61e3b2d58513b92cf4c6b5114c1beb55539e7

SHA256
db6c6f42e1d56092fb2c3d317968077cb29435139274faefbf4ab7681955bec6

SHA512
0fb4c45db9f29963fce195e79b4e9963e57a50ef0fcab74466d6034834e0099f1f344a8569973d4c1ece05d9b70b5938b42ead4fabaa08de7d24c911df28c235

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\V3B00URH\main.min[1].js
Filesize
28KB

MD5
7c787a73dad8db525cc982e25423ab94

SHA1
c63d78b99645cbe64f3c376d7d6749b731c2282c

SHA256
5e2e1340ec1640543dea00ea06679d0823e602216a68733722cad3ac1e9ec8f7

SHA512
ea3db2ec57b081063c78446fcbf08649e132957afca4ae252e4428e3f7db581e7f72b74d94d9bf1f04425f38f3d3ea2c942f2111edaf8cf582051f01981d6e8b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\V3B00URH\ms.analytics-web-3.min[1].js
Filesize
135KB

MD5
5aad267b76577ce1956ce11138717c36

SHA1
24d077fed1e7ced108f4d0438cf25146d3c15be0

SHA256
3937201672226f6b075ff55f7b7b6ffea3ee9b5e29b2438f6bc0189993041131

SHA512
f76416d3d77555aa41ef869afb44cef023bb26faa61ff4fe6fad48ed2688e7538c91e4a028869c9263483d7c8c97ec7db8fc0844e9c722b5fb838fcd51751b7b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\21JIY6S7.cookie
Filesize
655B

MD5
69c685f0472118f614cd830f9c75b537

SHA1
c6e4f330a22ddba13d73dd0cbf34615c1c13da58

SHA256
9e3e54c70d9695cfff9da27bbe5ef8853ac6527ba1a75ea0caf1784d5d5bf292

SHA512
99881b3bf63372fd550e1570ffc917d9dab389489b901b0505b779772e363007c7e4f646b0dc125d338d5355eb5ce128b79034a442931f80e9826db1df01c00b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\2MBQYOUQ.cookie
Filesize
655B

MD5
a18c4169704b9189a4e7fb9fc9925a33

SHA1
df893af2c9e05319241c42ee7b334a62227848d2

SHA256
a5ca6d5437fbb3270299f210aa8f0a6e4593d3a696eee6a62079e7ddf58480d5

SHA512
73be1b5672cb833ce096ec5419ad8179673f51d7b251f7e2e6eecd5e68ca0a0fb2ea663db50c74d9e3e03c62cafbd77a7a8ff1ab790e6d0280899c3f671db82f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\ZEPUSJ1P.cookie
Filesize
248B

MD5
7b569617e5ada5e9df90c17730540753

SHA1
a01ca16ef510b9268e343a6ff760cab940deab69

SHA256
829df93c8ef8c8e53768d6a883a91e0f0087cc274ac2cd93ef5fec9a97072fa2

SHA512
6faa86ef772c22cfc0b29ca5deaa4167afa20c24049231a3d41aca7e10747404cda4915d661a0a9f05e1e2f15b0109df53cf336510cd6057407de8017fd9ba6b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\RXXB5I6L\dotnet.microsoft[1].xml
Filesize
17B

MD5
3ff4d575d1d04c3b54f67a6310f2fc95

SHA1
1308937c1a46e6c331d5456bcd4b2182dc444040

SHA256
021a5868b6c9e8beba07848ba30586c693f87ac02ee2ccaa0f26b7163c0c6b44

SHA512
2b26501c4bf86ed66e941735c49ac445d683ad49ed94c5d87cc96228081ae2c8f4a8f44a2a5276b9f4b0962decfce6b9eeee38e42262ce8d865d5df0df7ec3d6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\RXXB5I6L\dotnet.microsoft[1].xml
Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\RXXB5I6L\dotnet.microsoft[1].xml
Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442
Filesize
1KB

MD5
03ad76e8c8aedb685ed8f2efcad5bdc3

SHA1
50f8c333361cd6fad507d30b0bf57f517d2c0dbd

SHA256
6cbf299a32c9b7ed55215a1002572c6f647abdf45eaafce1f0aefe4426cbe99d

SHA512
d6adb655d2888f72732c3ce4a818ca8622b921c0a7ebaa98a9ec5e90f85ca1b9ee8ac9b5fff3a30dd03ee45c777684c3d732161a327fd16b52313669fca718f8

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
Filesize
1KB

MD5
7198c2ac67e7a212bb195263ca8ab8de

SHA1
25030dce356b6146e2319b3edbca9260c351dba5

SHA256
fec42ee0069a4e29303578fb7b96506ec1a12bbdb00740c2b94453395458d31e

SHA512
c9f69ce014d47263701eb1b8f67b9edbd467005c64d00496cda5d46142813731131d3b404ea5cd4a3be5a654fb8c3ecbf9b398302de16000b7b49645a72f31aa

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177
Filesize
471B

MD5
8d06caccbcb6859e24f662e08605ea0e

SHA1
022bf853a3969f6f4717f1df93249a25fa30fad3

SHA256
b87ab090bbef70ba747ae81492c346414ff83714414e56ea79640c105f6cdb62

SHA512
cf2cdd4fd29d8f915f7f470e37314b43b514a4103e78d73b4af532408c18c70c8789711dcd9597d8cc92f54de59e4e6c8840dda953da3b8f456610e6c921909a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE
Filesize
471B

MD5
023c73b1af2317ad64e0f91787e1550a

SHA1
f25139b4541d2e7dedd6ae4eba87a7a1f3045908

SHA256
2ecc4255509a6f3bb35cd8b547f96bae88dabf9f3ef8daf626c5f8a46c104d81

SHA512
4b05be854041170769589ecc13087d137b9853002c8f972325eb74be51c40339a276d6536538638d2d72a4853cd742a15aa7afb5c553b5da35bf4402f029543f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442
Filesize
416B

MD5
d1de23636c7ca60d7ad6451ce7736e9f

SHA1
fb8909c1583f841114fb3a11b996dc48e3e4801a

SHA256
dfd397fd830f0f9d7577037fb4e3a0c0753655b2209c5453852c3bad2ed09821

SHA512
95fb87287c864848681f91122ecacc2cb9654815cfea8468d9e5b9b1423d92b56482fb38489975a84fb299c22b39b5ec6d132249acf66bc6c4a610bd84bd022c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
Filesize
404B

MD5
44b82dabec1a21420d22b5fcbe846bd2

SHA1
4f6ad74f833dbfa08d9dff2be19a6a1ce5b30349

SHA256
b63293ac69129da1cb56ac5366b19d4e863acfb581d9a2eddfadf91efd493cce

SHA512
81560f9f965f4234a3a53d68ad7b46e1bfc34a9ec41d2fa6e680ec217a91101c84232d1963040b4da5d8685b04d71ac21380a7cbde7d47654855190b441078dc

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177
Filesize
412B

MD5
ff192b9172f2a0d0fc4b16fd4d0c3aff

SHA1
6a582cdab1381e9633de89288f35a4238a6043fb

SHA256
ae445b5744b9cf8368c4022f2f69bdac6e4b174cc7f919a20a0b56728d696d39

SHA512
b00000dd84f4116aa76decdb17f913828f5ec94a20bc5b5b1e74ec75a6ab05865c9fb83503c19821c4a685348faf70774af4909c2a5f33c508a03adc6ee29764

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE
Filesize
416B

MD5
bb8597b5dd67358b27c6cfa86873aa59

SHA1
cead0d1f2552a4d554e090bd12678747696c93d8

SHA256
625ab9862c09fb25b1f2ea01f702303317ccb5720def5d6af5491a2ec669a18a

SHA512
53a72319b277b26dbfebeb1e9768edf74ebe61e26fc2238b6ceeefdc4eea7a51b8a9307ad03c35376663fd715156c7e31e1279a0f380c93895fda62da7db70c0

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\Windows\3720402701\2219095117.pri
Filesize
207KB

MD5
e2b88765ee31470114e866d939a8f2c6

SHA1
e0a53b8511186ff308a0507b6304fb16cabd4e1f

SHA256
523e419d2fa2e780239812d36caa37e92f8c3e6a5cd9f18f0d807c593effa45e

SHA512
462e8e6b4e63fc6781b6a9935b332a1dc77bfb88e1de49134f86fd46bd1598d2e842902dd9415a328e325bd7cdee766bd9473f2695acdfa769ffe7ba9ae1953d

Download Submit
memory/1120-142-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-151-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-156-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-155-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-157-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-158-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-159-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-160-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-161-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-162-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-163-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-164-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-165-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-166-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-167-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-168-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-169-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-171-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-170-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-172-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-173-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-174-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-175-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-176-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-177-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-178-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-179-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-180-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-181-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-153-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-152-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-154-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-150-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-149-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-148-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-147-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-146-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-145-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-144-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-143-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-118-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-141-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-140-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-139-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-138-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-137-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-136-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-135-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-134-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-133-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-132-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-131-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-130-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-129-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-128-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-127-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-126-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-125-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-124-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-123-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-122-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-121-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-120-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1120-119-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download