e72eb9d920c4df03db89207fa851b8b1c65dab237ca227fe862267d767e1ab48

Analysis

max time kernel
151s
max time network
142s
platform
windows10-1703_x64
resource
win10-20220901-en
resource tags

arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
submitted
21-11-2022 22:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Stub/stub.exe
Size

1.5MB
MD5

cd57f9b56a059ce65666c2ee267f1f2a
SHA1

e1c2e55dfcacf1605fa3f75b81d05bde25986aa6
SHA256

f74dc7d939e1a44cd57d25d28e57c41a95e7080098bc1b37118ef8f51f6e2e36
SHA512

fa91e2b2bbddd9016d9f02dc6db33482aa3707db1596236f5cbe00837ba87926801f1ff1ce302e6eb3e2ad0fa8a528e7a9256e34ca1ee2249d6ef12c17d8408d
SSDEEP

24576:7oi2Q9NXw2/wPOjdGxYqfw+Jwz/S/6RZs8nVW6k5JHkARt7DBAqnH:73Tq24GjdGSgw+W7SCRnVQTEQ/BA8

Score

7^/10

microsoft phishing

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.

Query Registry
T1012

System Information Discovery
T1082

Processes:

stub.exe

description ioc process

Key value queried \REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Control Panel\International\Geo\Nation stub.exe
Detected potential entity reuse from brand microsoft.
phishing microsoft

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Control Panel\International\Geo\Nation	stub.exe

Drops file in Windows directory 4 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

Processes:

MicrosoftEdgeCP.exeMicrosoftEdge.exebrowser_broker.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe

Modifies registry class 64 IoCs

Processes:

MicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Rating Prompt Shown = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = e02b91e7f9fdd801	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ReadingMode	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\microsoft.com	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$MediaWiki	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotnet.microsoft.com\ = "124"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Toolbar	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CacheLimit = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = 010000002d5c4aa83d7e4adc171483af965e1eff055bad2fc1d14d8e822934763eee19f5153ccece867ef00f39337c2d5397977723db3295d1029a1018e1	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Roaming\ChangeUnitGenerationNeeded = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = 010000007eeb66164854f9d5f00579b50b2d0517a6032fa2dc9b76a12d7fc0703bd1304d07e7e583b381e43abe1dff86f6704ce7e57035859c37df3547e1	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotnet.microsoft.com	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\ImageStoreRandomFolder = "6hpc49w"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpCleanupState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotnet.microsoft.com\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$blogger	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{07C23CD7-A6DB-4D69-93AB-600A5414C1EF} = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\NextBrowserDataLogTime = d01984372cfed801	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\MigrationTime = 7bef3f1b21bed801	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscc_inventory\Extension = "5"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\FileVersion = "2016061511"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 4	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\AllComplete = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Extensible Cache	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1"	MicrosoftEdge.exe

Suspicious behavior: MapViewOfSection 4 IoCs

Processes:

MicrosoftEdgeCP.exe

pid process

4168 MicrosoftEdgeCP.exe
4168 MicrosoftEdgeCP.exe
4168 MicrosoftEdgeCP.exe
4168 MicrosoftEdgeCP.exe

pid	process
4168	MicrosoftEdgeCP.exe
4168	MicrosoftEdgeCP.exe
4168	MicrosoftEdgeCP.exe
4168	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	pid	process
Token: SeDebugPrivilege	3032	MicrosoftEdge.exe
Token: SeDebugPrivilege	3032	MicrosoftEdge.exe
Token: SeDebugPrivilege	3032	MicrosoftEdge.exe
Token: SeDebugPrivilege	3032	MicrosoftEdge.exe
Token: SeDebugPrivilege	4864	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4864	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4864	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4864	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1688	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1688	MicrosoftEdgeCP.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exe

pid process

3032 MicrosoftEdge.exe
4168 MicrosoftEdgeCP.exe
4168 MicrosoftEdgeCP.exe

pid	process
3032	MicrosoftEdge.exe
4168	MicrosoftEdgeCP.exe
4168	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

MicrosoftEdgeCP.exe

description	pid	process	target process
PID 4168 wrote to memory of 4864	4168	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4168 wrote to memory of 4864	4168	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4168 wrote to memory of 4864	4168	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4168 wrote to memory of 4864	4168	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4168 wrote to memory of 4864	4168	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4168 wrote to memory of 4864	4168	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4168 wrote to memory of 4864	4168	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4168 wrote to memory of 4864	4168	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4168 wrote to memory of 4864	4168	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4168 wrote to memory of 4864	4168	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4168 wrote to memory of 1160	4168	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4168 wrote to memory of 1160	4168	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4168 wrote to memory of 1160	4168	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4168 wrote to memory of 1160	4168	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4168 wrote to memory of 1160	4168	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4168 wrote to memory of 1160	4168	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4168 wrote to memory of 1160	4168	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4168 wrote to memory of 1160	4168	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4168 wrote to memory of 1160	4168	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4168 wrote to memory of 1160	4168	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe

C:\Users\Admin\AppData\Local\Temp\Stub\stub.exe
"C:\Users\Admin\AppData\Local\Temp\Stub\stub.exe"
1⤵
- Checks computer location settings
PID:4740

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3032

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:780

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4168

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:4864

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:1160

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:1688

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:2144

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:3804

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5ETVTS4H\alert-info[1].svg
Filesize
726B

MD5
c7db49644f6bf1f50b3190ffba0516ed

SHA1
5bb312a0b6357ccb7e93158ac0f97b4e249e4696

SHA256
2d891fb5984d5f421055da7f5d7e4be525df4c973fdc4366057bc9dfd82ce281

SHA512
9b7f127443d517223a2a2cf6131a777f56aae3cd21dbcc1e87d847a0ad42e8c05a7f13347fec6d4df0582d486a57a9dc0d8121e6ca38371549f53e396cf6463a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5ETVTS4H\cda-tracker.min[1].js
Filesize
762B

MD5
dac957d8b23d6c49aa5e917f5c2505a0

SHA1
49bb19db449215dde7384578684b1704559f95e2

SHA256
04e0ac55a31e7481d75fc6a8f4198473c477c3620aa84051c39f5678b1e7694e

SHA512
b55b5d144e94b786ada89dedf1f617d5b47fe0071b857e56e12bf9e19a083ecd3375711b73029270332104e1eaca41cba364aa270fb9586466930b2ba10efe9a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5ETVTS4H\culture-selector.min[1].js
Filesize
302B

MD5
e886b9422ab1c9a296c220de289971ab

SHA1
457b23822d9c94d763c98b681afa778b1fb2c874

SHA256
a9c2b239f8f3164d84f6bec2ed1f04f84b257b516abfb791373658300e4f2ee7

SHA512
a56b6e665783e4a6769bdd1a19c732ee3e6d9f1be010b6ab5cc4a9b040eec3be34acd8ae6322c49318e438b03ff7e1712c3a577049a01dd73a5afa0024f585dd

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5ETVTS4H\dotnet-framework-runtime[1].svg
Filesize
42KB

MD5
5aaa8c37cd59979b920cd21c4a50a38d

SHA1
0ee61e3b2d58513b92cf4c6b5114c1beb55539e7

SHA256
db6c6f42e1d56092fb2c3d317968077cb29435139274faefbf4ab7681955bec6

SHA512
0fb4c45db9f29963fce195e79b4e9963e57a50ef0fcab74466d6034834e0099f1f344a8569973d4c1ece05d9b70b5938b42ead4fabaa08de7d24c911df28c235

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5ETVTS4H\ef-a24652[1].css
Filesize
166KB

MD5
3bce25f9ec586670eb7c3a14714b59f5

SHA1
1e2fa043bd39126cc8aa998365d804552d9f00ce

SHA256
4515475065d4402b18e5811b275be596230a83379aefb1b7d19d0db93b5c53a4

SHA512
0d1333eacc421ab6c91bf4fd91398075bc2a21c346dd09d971a746859b969ee5179d62adeb15fca1c872b79c1e7efa4a7454c025870b9bb053d6974fc0e74c6c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5ETVTS4H\general.min[1].js
Filesize
172KB

MD5
c09f5d0b66835ebfe3a3a40be537f834

SHA1
612de9032d53362206ab56c04cb0ab2608e3b19c

SHA256
24ce903cdbfd82e0b4ad4564a341fc49d6458179820f93cc965ffb02963580db

SHA512
081e09878395ea203eddd31e6ec577814081cdeb1a801c5d0793c3336284b861f4778786bbebfdf7e1970a25aba931320c870d6444115e21865f27463b8cc0b6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\T89GEYXW\37-8473b9[1].js
Filesize
133KB

MD5
d8b85b1b9a54c532f41ee3ad758450a6

SHA1
8311e13eb390700f93a0c3ee90bc617e0ed4301d

SHA256
f1464d6010ed2930cf906e7e4573940b4b247929c847e81d0fe866ecc4158d4f

SHA512
4ebdbd913f6eaacfb8e4086fc835a5139993659d53d181d25e18bc43f552a6abc06d7521eadf88926c892a49a6075d39e28bdd11438107aec6dda4a4988cc711

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\T89GEYXW\ai.2.min[1].js
Filesize
117KB

MD5
f63d62b7f7a371f237e1c4d5d55b82cc

SHA1
fe5bde41271fa0c3b63c13c6ce823333500e91ac

SHA256
ac4f3a99557d9c17b6ded0c6d4f0b267f4879cde9baec07a83910ab8c7059f77

SHA512
9657d9f24a2dad3e0617ac323170a940fae7a85028d268b3d1710b6a7ff91fdb136c85b421cccfcc943ea235cff3201dd0e31e908d9e1f1ba4064849da089ddf

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\T89GEYXW\analytics.min[1].js
Filesize
2KB

MD5
8ecefb1d281a6656cbfc10187c34dc98

SHA1
8f22955b673af83115a9635b22e5174fa166657a

SHA256
043815581e5875956e38c3277443a1b0f68432f97878dcd72f232974fd6e5ec1

SHA512
909952271cdfec0e6259048b6e61a04bc79a2fa4798fbb6f0c06336e1dae3558f437151b14f0a748b2f3e70a41fcbf740cdc5a1f6a7619ef05f106e690aeaeaa

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\T89GEYXW\main.min[1].js
Filesize
28KB

MD5
f65baf0aeb4e642925472561614bb06b

SHA1
79a56ef1313be37031d5add7d5267dc00ddcdd5f

SHA256
d2ba461795456e22e552fa372bc17d8c70eeba511d0df6c96bacc732c725941a

SHA512
66fc474bdd4e65d88767ad7a416bb6c34c576529d85b059422a93415b345b8eb85240098c598ac8f04457e7d2219297533efda758a20fb9d2025aeb6941cfc9c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\T89GEYXW\mwfmdl2-v3.54[1].woff
Filesize
25KB

MD5
d0263dc03be4c393a90bda733c57d6db

SHA1
8a032b6deab53a33234c735133b48518f8643b92

SHA256
22b4df5c33045b645cafa45b04685f4752e471a2e933bff5bf14324d87deee12

SHA512
9511bef269ae0797addf4cd6f2fec4ad0c4a4e06b3e5bf6138c7678a203022ac4818c7d446d154594504c947da3061030e82472d2708149c0709b1a070fdd0e3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\T89GEYXW\open-sans-v34-latin-700[1].woff2
Filesize
15KB

MD5
e45478d4d6f15dafda1f25d9e0fb5fa1

SHA1
52cb490cd0ee4442ede034085cda9652b206f91c

SHA256
d1a17abb1a999842fe425e1a4ace9d90f9c18f3595c21a63d89f0611b90cfd72

SHA512
2ac423249ec837efa35b29705f55a326dee83f727e867269b86005cce144ca8d435f7412bb0bc9babdb9ae17419e4a0314b2923bee6a5acc96c9909e9eb48645

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WEIODR1P\RE1Mu3b[1].png
Filesize
3KB

MD5
9f14c20150a003d7ce4de57c298f0fba

SHA1
daa53cf17cc45878a1b153f3c3bf47dc9669d78f

SHA256
112fec798b78aa02e102a724b5cb1990c0f909bc1d8b7b1fa256eab41bbc0960

SHA512
d4f6e49c854e15fe48d6a1f1a03fda93218ab8fcdb2c443668e7df478830831acc2b41daefc25ed38fcc8d96c4401377374fed35c36a5017a11e63c8dae5c487

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WEIODR1P\bootstrap-custom.min[1].css
Filesize
227KB

MD5
1ec0a74bd7ac4266778655ee292ae367

SHA1
cae69771c4a28ac7fcecda2f27fac358011c1b57

SHA256
5b487f577f91a21990fed3720bfcb93ad9cae0f386d712f0abdc1a3da695e528

SHA512
180f72baefe3fe26d54dc385e5a0f9d42cc7320edfd3191da4850e96ffaff418329d9b851bf31dbfe50caa3d4ef90da1c89c9e34237088fea31859659b9952aa

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WEIODR1P\open-sans-v34-latin-regular[1].woff2
Filesize
16KB

MD5
e43b535855a4ae53bd5b07a6eeb3bf67

SHA1
6507312d9491156036316484bf8dc41e8b52ddd9

SHA256
b34551ae25916c460423b82beb8e0675b27f76a9a2908f18286260fbd6de6681

SHA512
955a4c3ea5df9d2255defc2c40555ac62eeafcc81f6fa688ba5e11a252b3ed59b4275e3e9a72c3f58e66be3a4d0e9952638932fa29eb9075463537910a8e0ce6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WEIODR1P\override[1].css
Filesize
1KB

MD5
a570448f8e33150f5737b9a57b6d889a

SHA1
860949a95b7598b394aa255fe06f530c3da24e4e

SHA256
0bd288d5397a69ead391875b422bf2cbdcc4f795d64aa2f780aff45768d78248

SHA512
217f971a8012de8fe170b4a20821a52fa198447fa582b82cf221f4d73e902c7e3aa1022cb0b209b6679c2eae0f10469a149f510a6c2132c987f46214b1e2bbbc

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WEIODR1P\space-grotesk-v12-latin-700[1].woff2
Filesize
11KB

MD5
514360ed1b78e71aabe58ecd08f36706

SHA1
1062c179ea2f74b5db67f9d7822c556ed25637dd

SHA256
751851e72654508ca07678c61bdacd91b772d725f531dd8a6f62e6f941e11ecc

SHA512
1827c1a0189570e775bdcd07657e720e0bb27c2157ff46307cba551eaa16822645e388321081eb13cae7f4d024038b5279cff897a4c86c0ecd4428e60a5dac5e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Z9S3W8ED\cookie-consent.min[1].js
Filesize
956B

MD5
8e43b322c03693474b06d839837d4fa1

SHA1
c42c6458fa02771f4a0fc962bfb3cc14311e7638

SHA256
ea6c90c5174a8d235337db610bc3c84228c2e9c4a39b16701210fc375e82a18a

SHA512
6c3cce5847f2f460cfb812b484880ca583d42d9242ae5b3a1440daf7e0dca557b56c57edc460b4cf58e168f400dbfc0de164c2a846266dc61fd7db3cfd413174

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Z9S3W8ED\dotnetmdl2-icons-061622[1].woff
Filesize
13KB

MD5
69bd98e83eaa70274d2fcff8d71ed013

SHA1
c611bd891a63f788c1dd20e686ba40c44a4b6e79

SHA256
24cd5530dc798f9b08f7e3e48c8688b9324fa8edfc8aea24d4109fedcc6bc7bc

SHA512
a5b8429a529aa32bfe2b96d408aad99f2771d387fb45fc18a5bead5df0f6134ba9e86d01923e5745505288aaa31b4276a840d88d943d3a6b452f51b94d180551

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Z9S3W8ED\ms.analytics-web-3.min[1].js
Filesize
136KB

MD5
c9d788ec9041717cdf9bbfbba4d3f395

SHA1
5eaca142c7ac5bb18fdb894d400bc99f640a6a09

SHA256
581e167dd3aa1f6bff67e7cbf1bed83dfa10ec04ad2989976f118dd5724de5a0

SHA512
cb8154674030b3aa033d2aaf432c30a2f96e21f4b270810c72e0300f74abb12369cc126ec7b5f0c2cccc8dbaeabd4966703ef446460a114907f86abdc460f0c5

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Z9S3W8ED\open-sans-v34-latin-600[1].woff2
Filesize
16KB

MD5
603c99275486a11982874425a0bc0dd1

SHA1
ffeb62d105d2893d323574407b459fbae8cc90a6

SHA256
4ffc35ac4d5e3f1546a4c1a879f425f090ff3336e0fce31a39ae4973b5e8c127

SHA512
662dc53798ccda65ee972a1bb52959ca5f4c45066c1d500c2476c50ec537cb90a42d474d7dde2bec1ea8c312cc4a46e1d91ffb610130c2dc7914b65aef8a2615

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Z9S3W8ED\wcp-consent[1].js
Filesize
272KB

MD5
5f524e20ce61f542125454baf867c47b

SHA1
7e9834fd30dcfd27532ce79165344a438c31d78b

SHA256
c688d3f2135b6b51617a306a0b1a665324402a00a6bceba475881af281503ad9

SHA512
224a6e2961c75be0236140fed3606507bca49eb10cb13f7df2bcfbb3b12ebeced7107de7aa8b2b2bb3fc2aa07cd4f057739735c040ef908381be5bc86e0479b2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\65JUNICV.cookie
Filesize
562B

MD5
f83c6e11d1d50f79539c6fffb401cbb1

SHA1
184caaca01a72e9441be3c2e8f500ed03845065e

SHA256
c8ca2a3ee3b26b68643791f0d3366718407b43198f3471a950a04f6b1ae78770

SHA512
8f32f292cb0d722a016b1e3779c0ef5d96d6a76c8279199eda6140bc25445672e2f1e1e17533915454051b9475bd2ba8f5cb5e7769a6e7897e49682b4290476a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\QM4VBFIA.cookie
Filesize
247B

MD5
06cf393570f66036344f89d5b5ea9fe8

SHA1
7fb67511d735eee69868c294b8c3e3b462801866

SHA256
02d99e7f55da767501c4e4e21daa7445401dfffcf736fa767b81fa70e0ac5116

SHA512
9708df203d50760d2b41ecf7cde165618cf3066ac93abcfaca0b49f68e6a499691178b2fbc243955723a7bdc0a0829a522fe11f8e46f8d23eac8d5a467637af3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\YABM4W3X.cookie
Filesize
562B

MD5
5ac84fdcc42bc78d32f80d73b99585d0

SHA1
4a623313d8833c48394566f0164cb8ca10d109e2

SHA256
a459b411213fc4c8d1722f7fe5db409cb4dba87c332f5df4af76395cd4b89dce

SHA512
afd95062b78904354f575cfa1440caa4ec26d3bd32044c1563c36acb1749ef979c5edeb8c6254f4f7dff7b3d44c4a3e5750b478a35618d8c9a114b0c0b85025b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\258T3KM3\dotnet.microsoft[1].xml
Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\258T3KM3\dotnet.microsoft[1].xml
Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\258T3KM3\dotnet.microsoft[1].xml
Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE
Filesize
471B

MD5
8547b9a5c63a368f42299481655b2edb

SHA1
41403b04b68e6d1a77141863fff52957f1a0b4f6

SHA256
dfa88bfbdb56634f2d39b985689804955454a21ce1cbbb59a914546e433fd907

SHA512
ba94c0e67251601d57409e59aa263d1fa1f5582cca870d3626f43b3cef5e5b255592a12712deb148db528ed0ecd3c643f1efddc1f5d4df995402e6575fdf2a29

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE
Filesize
446B

MD5
1b65a9f35a4ff87afd0dd42fc809b7af

SHA1
d5024522151f8bfc9daa402906e5dc9b15bfdff0

SHA256
f1b54fb517a29251cd8fc0e85b3e5350a8772d6005dcd5b01a34a9c661a735a2

SHA512
78c7a20bf76a6ed6b00d816dc4e4ebc01a2e1996de5e36ad0fee6dc5e355833b97740b0369c5f593f0c8e92c6a7558e5a3776a6febc8ac508c685a7802f42976

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\Windows\3720402701\2219095117.pri
Filesize
207KB

MD5
e2b88765ee31470114e866d939a8f2c6

SHA1
e0a53b8511186ff308a0507b6304fb16cabd4e1f

SHA256
523e419d2fa2e780239812d36caa37e92f8c3e6a5cd9f18f0d807c593effa45e

SHA512
462e8e6b4e63fc6781b6a9935b332a1dc77bfb88e1de49134f86fd46bd1598d2e842902dd9415a328e325bd7cdee766bd9473f2695acdfa769ffe7ba9ae1953d

Download Submit
memory/4740-143-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-182-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-153-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-154-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-156-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-155-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-157-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-158-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-159-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-160-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-161-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-162-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-163-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-164-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-165-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-166-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-167-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-168-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-169-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-170-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-171-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-172-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-173-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-174-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-175-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-176-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-177-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-178-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-179-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-180-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-181-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-152-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-183-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-151-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-150-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-148-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-149-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-147-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-146-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-145-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-144-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-120-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-142-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-141-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-140-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-139-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-138-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-137-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-136-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-135-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-134-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-133-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-132-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-131-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-130-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-129-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-128-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-127-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-126-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-125-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-124-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-123-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-122-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download
memory/4740-121-0x00000000779E0000-0x0000000077B6E000-memory.dmp

Filesize
1.6MB

Download