1d11b355d92df2cf0a2cd4a99eb6f504054c06f3a9dcd1aa323db80995cd34ac

Analysis

max time kernel
144s
max time network
148s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
24-08-2022 15:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Elexe.exe
Size

3.6MB
MD5

c667f56e9478041be404800045530768
SHA1

0f2b5b78640d29c151144655df527a16d0e29782
SHA256

1d11b355d92df2cf0a2cd4a99eb6f504054c06f3a9dcd1aa323db80995cd34ac
SHA512

383e14dbeac1fcb82beb37815d70f2bb04bd82faa328f1f5c5df839abfffae1bdf3cd264f219747fd58a2dcb491ba38df39cded4d5b39cf6686d7d8b9c17d233
SSDEEP

98304:aBLr+jWK685nOwHaIo3q1+pa51rOVRf9TXUZ9C4smmz:gX2bNkw6Ioaspa51S9QbC44

Score

9^/10

evasion themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
evasion

Query Registry
T1012

Virtualization/Sandbox Evasion
T1497

Processes:

Elexe.exe

description ioc process

Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Elexe.exe
Downloads MZ/PE file

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Elexe.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Elexe.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Elexe.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Elexe.exe

Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.

Query Registry
T1012

System Information Discovery
T1082

Processes:

Elexe.exe

description ioc process

Key value queried \REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000\Control Panel\International\Geo\Nation Elexe.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000\Control Panel\International\Geo\Nation	Elexe.exe

Themida packer 2 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
behavioral1/memory/1584-165-0x0000000000280000-0x0000000000C52000-memory.dmp	themida
behavioral1/memory/1584-166-0x0000000000280000-0x0000000000C52000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 1 IoCs
evasion trojan

System Information Discovery
T1082

Processes:

Elexe.exe

description ioc process

Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA Elexe.exe
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

Elexe.exe

pid process

1584 Elexe.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Elexe.exe

pid	process
1584	Elexe.exe

Drops file in Windows directory 4 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4940 3472 WerFault.exe MicrosoftEdgeCP.exe

pid	pid_target	process	target process
4940	3472	WerFault.exe	MicrosoftEdgeCP.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

Processes:

MicrosoftEdge.exebrowser_broker.exeMicrosoftEdgeCP.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpCleanupState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 010000003ac7eb2f14b1fc669c1f79fd3750a6921a4a276668b8ba1b89592d6f2fb2feca43f4fe5cff49d17ec2f450f91d85ed1b934e24029fd3ac896331	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\New Windows\AllowInPrivate	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 26b064f6cdb7d801	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\youtube.com\NumberOfSubdom = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListFirstRun = "3"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 0100000043e898c7fbb1d6ffcdf0d61d44601991f38d382bdf90172e28e4f46a4cd65d78eb3bd006005761efb3212512de20825b30e266a12b3ce3b2a2b9	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 00adccf1cdb7d801	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\Favorites	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\SharedCookie_MRACMigrationDone = "1"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\ImageStoreRandomFolder = "twcre3k"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = f04834f6cdb7d801	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\ChromeMigration\MigrationTime = 6ffae4b25daed801	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 2d5abae2cdb7d801	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\youtube.com\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "262144"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 5425a1e1cdb7d801	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\InternetRegistry	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IntelliForms	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\Favorites\Order = 0c0000000a000000000000000c0000000100000000000000	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscc_inventory\ExtensionI = "{89BFAEC7-DC08-4B4C-B52F-6E4F9BD9B976}"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Roaming	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\FirstRecoveryTime = 6ffae4b25daed801	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\LastClosedWidth = "800"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\LowRegistry	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B72164 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\MigrationTime = 6ffae4b25daed801	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2600230786-2767877416-126655653-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main	MicrosoftEdge.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

Elexe.exe

pid process

1584 Elexe.exe
Suspicious behavior: MapViewOfSection 4 IoCs

Processes:

MicrosoftEdgeCP.exe

pid process

4284 MicrosoftEdgeCP.exe
4284 MicrosoftEdgeCP.exe
4284 MicrosoftEdgeCP.exe
4284 MicrosoftEdgeCP.exe

pid	process
1584	Elexe.exe

pid	process
4284	MicrosoftEdgeCP.exe
4284	MicrosoftEdgeCP.exe
4284	MicrosoftEdgeCP.exe
4284	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 12 IoCs

Processes:

Elexe.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	pid	process
Token: SeDebugPrivilege	1584	Elexe.exe
Token: SeDebugPrivilege	4744	MicrosoftEdge.exe
Token: SeDebugPrivilege	4744	MicrosoftEdge.exe
Token: SeDebugPrivilege	4744	MicrosoftEdge.exe
Token: SeDebugPrivilege	4744	MicrosoftEdge.exe
Token: SeDebugPrivilege	3472	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3472	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3472	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3472	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3940	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3940	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4744	MicrosoftEdge.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

Elexe.exe

pid process

1584 Elexe.exe
Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exe

pid process

4744 MicrosoftEdge.exe
4284 MicrosoftEdgeCP.exe
4284 MicrosoftEdgeCP.exe

pid	process
1584	Elexe.exe

pid	process
4744	MicrosoftEdge.exe
4284	MicrosoftEdgeCP.exe
4284	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

MicrosoftEdgeCP.exe

description	pid	process	target process
PID 4284 wrote to memory of 3472	4284	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4284 wrote to memory of 3472	4284	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4284 wrote to memory of 3472	4284	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4284 wrote to memory of 3472	4284	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4284 wrote to memory of 3472	4284	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4284 wrote to memory of 3472	4284	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4284 wrote to memory of 3472	4284	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4284 wrote to memory of 3472	4284	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4284 wrote to memory of 3604	4284	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4284 wrote to memory of 3604	4284	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4284 wrote to memory of 3604	4284	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe

C:\Users\Admin\AppData\Local\Temp\Elexe.exe
"C:\Users\Admin\AppData\Local\Temp\Elexe.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks computer location settings
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1584

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4744

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:4224

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4284

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:3472

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 3472 -s 2548
2⤵
- Program crash
PID:4940

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:3940

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:3604

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:1700

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CTN1TK7U\desktop_polymer[1].js
Filesize
8.6MB

MD5
f154065a1338846c67b34703262321e9

SHA1
fca21271925aa3e450f977b082f532726117ad2f

SHA256
862bffbc2279e6454e4fead5b800163a44dac5dee8ee57e755250243c917bc56

SHA512
d4e1113fc71978bc93d7c00905bc9d63ed41b343ba799cfa6910171bebd42f2a5183b3b742ad00da9eba428b27aa2f5d9d3632160effa4d429c478ebb3ffa409

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CTN1TK7U\www-i18n-constants[1].js
Filesize
4KB

MD5
dbcf9990f51eddb220da4c82bdeda43a

SHA1
68642dd91f2d296a174bc55e8bc2eaf70c88c04e

SHA256
b1d60a881693125e1efa2160251d48a4ef9db81e2135d18fb76a49af8d5c632d

SHA512
945ed31d10257d0de094ed93d65b0e4f0968fcc08b8d2d214dc69428a9d52ca16d0c52d1501f57a8aac3306b1483d96452f4b9cf26331d872bc263cdd5f00df7

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CTN1TK7U\www-main-desktop-watch-page-skeleton[1].css
Filesize
4KB

MD5
82cc0fe23e17a4796c0cfb568448e46b

SHA1
7ae8665105ad4efe7e56d1d408777095ce4cc8f3

SHA256
adfe9e8b7aa74296e68748cd04111363890200dbd386fa4d283d59753ff22238

SHA512
e40975354e7a696acff6e506ac685916dd0e2dfb62e7930d6de2be742ec1dadd91def929347195d15eaadf7a973cecbc08f9feab01fbd19ea322386153c3b8ac

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\INLA2WXK\KFOlCnqEu92Fr1MmEU9vBg[1].woff2
Filesize
49KB

MD5
08c655068d5dd3674b4f2eaacb470c03

SHA1
9430880adc2841ca12c163de1c1b3bf9f18c4375

SHA256
4fc8591cc545b7b4f70d80b085bf6577fad41d5d30ddd4f0d0c8ab792084c35e

SHA512
b2fce4bc018fa18de66095cc33d95455a4d544e93d512b02bcb8af06aadb550cd0f4aecbceaa013857196c91b6e3c4565a199835cfb37c682cb7bddb69420198

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\INLA2WXK\KFOlCnqEu92Fr1MmSU5vBg[1].woff2
Filesize
49KB

MD5
8a62a215526d45866385d53ed7509ae8

SHA1
5f22bfd8ff7dab62ac11b76dee4ef04b419d59b5

SHA256
34ccd21cf8cc2a2bdcd7dbe6bef05246067ff849bf71308e207bf525f581763d

SHA512
845f721e564e03955c34607c9c9cf4000db46788313ebf27c1d12473c7948cf2609b08b24093c5d01f6c97acc79456e7aa838c291462bfb19700bbfd07ee243f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\INLA2WXK\KFOlCnqEu92Fr1MmWUlvBg[1].woff2
Filesize
49KB

MD5
90f0b37f809b546f34189807169e9a76

SHA1
ee8c931951df57cd7b7c8758053c72ebebf22297

SHA256
9dcacf1d025168ee2f84aaf40bad826f08b43c94db12eb59dbe2a06a3e98bfb2

SHA512
bd5ff2334a74edb6a68a394096d9ae01bd744d799a49b33e1fd95176cbec8b40d8e19f24b9f424f43b5053f11b8dd50b488bffedd5b04edbaa160756dd1c7628

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\INLA2WXK\KFOmCnqEu92Fr1Me4A[1].woff2
Filesize
49KB

MD5
ee26c64c3b9b936cc1636071584d1181

SHA1
8efbc8a10d568444120cc0adf001b2d74c3a2910

SHA256
d4d175f498b00516c629ce8af152cbe745d73932fa58cc9fdfc8e4b49c0da368

SHA512
981a0d065c999eea3c61a2ba522cb64a0c11f0d0f0fe7529c917f956bce71e1622654d50d7d9f03f37774d8eee0370cfb8a86a0606723923b0e0061e1049cbc6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\INLA2WXK\css2[1].css
Filesize
2KB

MD5
62574ec85936724bb37ffffffeca1d59

SHA1
3a4ba20fd2956d1d14fd802421369328bd4b4732

SHA256
71081114b5b8d6a5d51b53bdf0537a8d293cf160029497cc5285115059cf44c7

SHA512
86c5e838aca7aac3ebadbacfd0a75394bef6b07bb4d0682ffaba3a712217d3a50032fda5bdee8f3cad7dafdc9438b71901c3b4e1765ef7b8ecabd75af0285231

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\INLA2WXK\intersection-observer.min[1].js
Filesize
5KB

MD5
936a7c8159737df8dce532f9ea4d38b4

SHA1
8834ea22eff1bdfd35d2ef3f76d0e552e75e83c5

SHA256
3ea95af77e18116ed0e8b52bb2c0794d1259150671e02994ac2a8845bd1ad5b9

SHA512
54471260a278d5e740782524392249427366c56b288c302c73d643a24c96d99a487507fbe1c47e050a52144713dfeb64cd37bc6359f443ce5f8feb1a2856a70a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\INLA2WXK\webcomponents-ce-sd[1].js
Filesize
91KB

MD5
4909bb3c9a7b71c3b60ae404041a7beb

SHA1
d1c44ef5c21cfb6072ece971c42099eeb2995d46

SHA256
5e6abfa3632dd0cc11fdd2f6a424feab060acc951e6f141b5d4491d39cdffc03

SHA512
a3fa547221d1929fa9952a2d9c648440b63262d6a802708fbfaf9cba208aae7fe16b8546a037c073339c90d26724002da52c17131ae87fe6106471a74f4b3219

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KYIQKDX6\rs=AGKMywEzH2ywC_YXPblBgICjQoSp1LgQyg[1].css
Filesize
31KB

MD5
f18e00d0ec2fd2004eff74f4c57716e7

SHA1
04cda18b6a2204f7db81bd00acb9f7b0eb89c1a3

SHA256
c2501e5c17ed173e692de29b7999c9ed1f92dcc595c23e251169b2f02cee51b5

SHA512
d4adb84fe621c85bf71d02e2950136a40622aa4e93a9da6006e4a2d592dce320107b2f086695616dbc6e3e9e9f71ff6c5c94661a6b923dd54bcefcf0b16158e5

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KYIQKDX6\www-onepick[1].css
Filesize
841B

MD5
b182f64ebc958940b940085ec72bfd32

SHA1
5d11fd1d9609c99480a4cf231e35973abafee58b

SHA256
f013fb8bcc8b163655a877ca39afa7f96d49356ac8b78642a94c2deb86396fc9

SHA512
89b9e917f6920a4976f243e869e9a2c53f569eb1519cf3d84b50a7033f51ad505c7a11e99f70bf7536bb44d793bad2af77f93b38b84f8211cafef45c665ede94

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KYIQKDX6\www-tampering[1].js
Filesize
9KB

MD5
23b672bfc2a4927ea93097dcceccd774

SHA1
af88a45c03ffd786aea1162f59ba7d14972f0028

SHA256
fc56a7e5dbd2e46a38b0a2cbc3e8b9aeeddbcb004de178216741e006071ac952

SHA512
63bf12b0c41ab73a81227f100d47dd23cc6e306c0cc5f13bb6e50261b1599417ad781e7c6d5b9cfc153864a5bb9b6125797b02b3ec7c803240d0c32dc2c5643f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OM61H1K7\network[1].js
Filesize
13KB

MD5
ee417ef3b5afb176d7d8217cc05e8bac

SHA1
36667dbe03694db8e1dbf5a69c70acb96cddc3fb

SHA256
54a9eaa071d4d7521b1ffb97ed1aed1b34af18e6829ec08c10a8e5ceefafb64b

SHA512
2b01bda7c6513c25a5453fdec2f1f38997d1549ef3e379c4b6763983560ec5c2e47280547131abe11068f83cc28a61d04b3e24da070498f013e68477f445db49

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OM61H1K7\scheduler[1].js
Filesize
7KB

MD5
921bbf6da58cea78e5567eb4e6008919

SHA1
2720277ae403851d33577291c4df2c9570df1002

SHA256
5f6120f85a41b5d54efbee528bc7f4b71a595af72f88a83503e0c0e03692100b

SHA512
79b8cc3c99fd8e4d58058a39d286a7158cca2f945596e96fb85ad32c05e4d65c9aebc7de46eef65bb9756b8262d75827dad40214ca7a14e00461a3f7ad5f7146

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OM61H1K7\spf[1].js
Filesize
38KB

MD5
1c63a9044c0fa9bff24a7ef714ed1c7a

SHA1
40730bf54fc9af65c46f95fecd9885e5fcc95aeb

SHA256
ea20694e67c8afb9575f9c42d5e953f383bf46e0af3b6ac7625fcc93e4adc8cd

SHA512
28ff85b1250038fb13f6d1966ce77d9d33ef6b648e54a27234a051b2d26214b0af12ca53c576862877bdd358cbbe4f123176a2111805cd0c29ef0a6d4373b600

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OM61H1K7\web-animations-next-lite.min[1].js
Filesize
49KB

MD5
cb9360b813c598bdde51e35d8e5081ea

SHA1
d2949a20b3e1bc3e113bd31ccac99a81d5fa353d

SHA256
e0cbfda7bfd7be1dcb66bbb507a74111fc4b2becbc742cd879751c3b4cbfa2f0

SHA512
a51e7374994b6c4adc116bc9dea60e174032f7759c0a4ff8eef0ce1a053054660d205c9bb05224ae67a64e2b232719ef82339a9cad44138b612006975578783c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize
1KB

MD5
afbc85584800a68717f6cd37278bdcf5

SHA1
7783ba8af33f829154af33aad41b6799f57d5a21

SHA256
ba89ec24c44decd4290d6c00c856eaa1d05e519006a492b57bd6bd4b09bbb0f0

SHA512
17a5b9b3c17920558c5f0ca30a1c6388f4a34a84f79b859e7b085a0249eba9f7845d5a14f99bf3e671b756ddf56b95cf238ce075f20c501f6b73aaa77bab5997

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_E34C02FD7B17821EDEB2D4A54ADABE2F
Filesize
472B

MD5
8606d61dc4df03744e67b043caac9294

SHA1
6eb67458e717f809122c13f43b67ca6d5ffa9153

SHA256
42774acc2a67f2afe0c2433659248c715d3cf4a6f254825a1bc567289999a9a5

SHA512
42a57f964b5f12e6ba5fcf2d17661cfd3f4d0c4f58b239bb85e66cef1da0bbb432698fa25ecbbfd9125f7743b6dcdbaa80fb5c4677668478425f0abad4407f59

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize
724B

MD5
5a11c6099b9e5808dfb08c5c9570c92f

SHA1
e5dc219641146d1839557973f348037fa589fd18

SHA256
91291a5edc4e10a225d3c23265d236ecc74473d9893be5bd07e202d95b3fb172

SHA512
c2435b6619464a14c65ab116ab83a6e0568bdf7abc5e5a5e19f3deaf56c70a46360965da8b60e1256e9c8656aef9751adb9e762731bb8dbab145f1c8224ac8f9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_B291340C29DEF8EC5B180117A3DAE2AC
Filesize
472B

MD5
57024d00a7c5d4905ecee2c1068b8c22

SHA1
7805eba537d67d0ddf49c526659e33c8ec1c584a

SHA256
8cc85b237c88f7ba1f04fad646a1b8246c1f9efbd4e11bd0a36ba8316b62577d

SHA512
21f9c841d6382b3e3fcfc9597977d8c5c2e394b387357234a7098daac3b0820941503f10be6a623fb959447c26167fd6c2a361a654befd8506ee6caf7897a7c7

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_ACDFA308476C56CF4053AED7D5D7CE64
Filesize
472B

MD5
ce8314ee3fd6b1f11d5b2a1cd9852a2b

SHA1
28a0ac3e4cd595c52650c31988d902886c9192cf

SHA256
9c6145d542388d4be407e64999e73e1bb65023f1fcd7308a05697bf1aaff46ce

SHA512
b21b6229ccc1c8332ecf965d2f77fd7eeb5b4c1627ad7ee5b02b5c69563939ca7917ec4ad3e4a5f2a8eda0b0f734fab57bffc03bd4ffeb8e19a717e478750001

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize
410B

MD5
a3bc7d45864e9e6fb591ccff88af3407

SHA1
38cc3d1201f82b27b4ab2de60c94e77059b154e3

SHA256
45e765907b41e5f5d4184c90f510428471f876efa1c4ff96119236e20ce621c2

SHA512
962f57742026fdc8f7ce57a51c1fce61bfb46db9071d72891f065b0c381dba6dba9ef3be5368325582ad2959aaac43820f0be044578bd7e211317f8a1bb30189

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_E34C02FD7B17821EDEB2D4A54ADABE2F
Filesize
406B

MD5
1ddcb845d64d221429a2b5ef6e074c4b

SHA1
e5f1f882e494a19040b9e9f1e6e227725fadaf05

SHA256
9941e788e8c43549ff045bc092d3eb224bf34357218a8811b0642fd83e549754

SHA512
c03a221c313f7ab03a1c31b4b8d8fe93db4d2573197e31239ac433cf1da82016c0f1119d98226533a9c2fcc29ad149c3e46e1c8926f6d33c5aa166bd663bbc75

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize
392B

MD5
9b2fed28b29f9de691837499c0333f32

SHA1
cbb467b999d4e94f5f269dba7db76c87deb5382b

SHA256
7df91f9c9e9f347bc695b0ed5588335ad79463e4cffa7109215d3311af217e7c

SHA512
008ab8d303f43f950da55580a5e80454a65860abf5e1fc72c0c20d4c4021ff86c6478ab3c9ec001165fbd5bd0889a3c44450e6c442e9c77bb04809bf6c929819

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_B291340C29DEF8EC5B180117A3DAE2AC
Filesize
406B

MD5
ab5c4e9a2c27b864097311d200e0314a

SHA1
f63302a8d7ba51b2693cac3ffe89e805dcc1ab9e

SHA256
c9dd1d49efc1075f834d92b9002e8eb6ade6b543689d3eb732a8449b2d946bf5

SHA512
f1aa05182ae27f46fad29e4eaa1dec4ca139db846d7ea5f899cd11cfb0d11d339e81663b0198407bf57d1a17ebdb18cada59ca94807e3e5c5ae14f2917662d62

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_ACDFA308476C56CF4053AED7D5D7CE64
Filesize
402B

MD5
fd683bb5ca830ae6d6000b637752b400

SHA1
d211b42b9226df6454f91bd0521fe6f560432991

SHA256
6294c5aec9519451f4d718ad94df0e5a0103afd0b97470647a1478d5d939d717

SHA512
b1672afa0d89c445e6aa601c0f5747ba869fbb636a916455a435e570e4a01dfe529806636c04a502c5df094706a0c050b527a723a8af584b78a07e185bcd2d4e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\Windows\3720402701\2219095117.pri
Filesize
207KB

MD5
e2b88765ee31470114e866d939a8f2c6

SHA1
e0a53b8511186ff308a0507b6304fb16cabd4e1f

SHA256
523e419d2fa2e780239812d36caa37e92f8c3e6a5cd9f18f0d807c593effa45e

SHA512
462e8e6b4e63fc6781b6a9935b332a1dc77bfb88e1de49134f86fd46bd1598d2e842902dd9415a328e325bd7cdee766bd9473f2695acdfa769ffe7ba9ae1953d

Download Submit
memory/1584-144-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-186-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-150-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-151-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-152-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-153-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-157-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-158-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-159-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-160-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-161-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-162-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-163-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-164-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-165-0x0000000000280000-0x0000000000C52000-memory.dmp

Filesize
9.8MB

Download
memory/1584-166-0x0000000000280000-0x0000000000C52000-memory.dmp

Filesize
9.8MB

Download
memory/1584-167-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-168-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-169-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-170-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-171-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-172-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-173-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-174-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-175-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-176-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-177-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-178-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-179-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-180-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-181-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-182-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-183-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-184-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-185-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-149-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-187-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-188-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-189-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-209-0x0000000009D30000-0x0000000009D38000-memory.dmp

Filesize
32KB

Download
memory/1584-217-0x000000000C2F0000-0x000000000C328000-memory.dmp

Filesize
224KB

Download
memory/1584-148-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-147-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-146-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-145-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-120-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-143-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-142-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-140-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-141-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-139-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-138-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-137-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-136-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-135-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-134-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-133-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-132-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-131-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-130-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-129-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-127-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-128-0x0000000000280000-0x0000000000C52000-memory.dmp

Filesize
9.8MB

Download
memory/1584-126-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-125-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-124-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-123-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-122-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download
memory/1584-121-0x0000000077CC0000-0x0000000077E4E000-memory.dmp

Filesize
1.6MB

Download