fe259ff7425d276f317072153ec9f5b87eede298643578b84428c402a162502f

Analysis

max time kernel
1804s
max time network
1818s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
12/01/2023, 17:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RBX Alt Manager.exe
Size

3.8MB
MD5

3088950d8671e650f0feba02fba8a9e0
SHA1

920ddfb2ceeb97dee4b4a1650c717a83c02e9d9b
SHA256

fe259ff7425d276f317072153ec9f5b87eede298643578b84428c402a162502f
SHA512

9cd9ce262821a8d074ca5153e7334bccc8a5475d6a062830897d167344af71215885b215ef9f0d4275f2ffdbd97451f9519d292fa0cd57a7d737f09d4ea41b54
SSDEEP

98304:cV2bT1QqxBpJzyaqUOJp0IyjI7W0FWUc:c+QqxBOlUOJp0tk7bWU

Score

8^/10

microsoft phishing

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 5 IoCs

pid	Process
3360	ndp48-web.exe
1284	Setup.exe
4840	SetupUtility.exe
3752	SetupUtility.exe
4636	dismhost.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000\Control Panel\International\Geo\Nation	RBX Alt Manager.exe

Loads dropped DLL 21 IoCs

pid	Process
1284	Setup.exe
1284	Setup.exe
1284	Setup.exe
1284	Setup.exe
4636	dismhost.exe
4636	dismhost.exe
4636	dismhost.exe
4636	dismhost.exe
4636	dismhost.exe
4636	dismhost.exe
4636	dismhost.exe
4636	dismhost.exe
4636	dismhost.exe
4636	dismhost.exe
4636	dismhost.exe
4636	dismhost.exe
4636	dismhost.exe
4636	dismhost.exe
4636	dismhost.exe
4636	dismhost.exe
4636	dismhost.exe

Detected potential entity reuse from brand microsoft.
phishing microsoft

Drops file in System32 directory 15 IoCs

description	ioc	Process
File opened for modification	\??\c:\windows\syswow64\msvcp120_clr0400.dll	Setup.exe
File opened for modification	\??\c:\windows\system32\ucrtbase_clr0400.dll	Setup.exe
File opened for modification	\??\c:\windows\syswow64\msvcr120_clr0400.dll	Setup.exe
File opened for modification	\??\c:\windows\syswow64\msvcr100_clr0400.dll	Setup.exe
File opened for modification	\??\c:\windows\system32\aspnet_counters.dll	Setup.exe
File opened for modification	\??\c:\windows\system32\msvcr100_clr0400.dll	Setup.exe
File opened for modification	\??\c:\windows\syswow64\msvcp140_clr0400.dll	Setup.exe
File opened for modification	\??\c:\windows\syswow64\vcruntime140_clr0400.dll	Setup.exe
File opened for modification	\??\c:\windows\system32\msvcp120_clr0400.dll	Setup.exe
File opened for modification	\??\c:\windows\system32\msvcp140_clr0400.dll	Setup.exe
File opened for modification	\??\c:\windows\system32\msvcr120_clr0400.dll	Setup.exe
File opened for modification	\??\c:\windows\system32\en-us\dfshim.dll.mui	Setup.exe
File opened for modification	\??\c:\windows\system32\vcruntime140_clr0400.dll	Setup.exe
File opened for modification	\??\c:\windows\syswow64\aspnet_counters.dll	Setup.exe
File opened for modification	\??\c:\windows\syswow64\ucrtbase_clr0400.dll	Setup.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	\??\c:\program files (x86)\microsoft.net\redistlist\assemblylist_4_client.xml	Setup.exe
File opened for modification	\??\c:\program files (x86)\microsoft.net\redistlist\assemblylist_4_extended.xml	Setup.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_filter.dll	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\sysglobl.dll	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\system.threading.dll	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\assembly\gac_msil\system.windows.presentation\v4.0_4.0.0.0__b77a5c561934e089\system.windows.presentation.dll	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\system.identitymodel.dll	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\system.net.primitives.dll	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\appconfig\appsetting.ascx	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\microsoft.visualbasic.targets	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\app_code\webadminpage.cs	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\netstandard.dll	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_wp.exe	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\system.workflow.componentmodel.dll	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\aspnet_regbrowsers.exe	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\sql\en\tracking_logic.sql	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\system.device.dll	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\system.runtime.caching.dll	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\system.xml.serialization.dll	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\assembly\gac_msil\system.reflection.emit.ilgeneration\v4.0_4.0.0.0__b03f5f7f11d50a3a\system.reflection.emit.ilgeneration.dll	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\appconfig\app_localresources\createappsetting.aspx.resx	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\assembly\gac_msil\system.runtime.windowsruntime.ui.xaml\v4.0_4.0.0.0__b77a5c561934e089\system.runtime.windowsruntime.ui.xaml.dll	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms.datavisualization.design\v4.0_4.0.0.0__31bf3856ad364e35\system.windows.forms.datavisualization.design.dll	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\mscoree.tlb	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\system.data.entity.design.dll	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\system.runtime.extensions.dll	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\config\web_lowtrust.config	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\microsoft.visualc.dll	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\assembly\gac_msil\system.diagnostics.fileversioninfo\v4.0_4.0.0.0__b03f5f7f11d50a3a\system.diagnostics.fileversioninfo.dll	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\appconfig\app_localresources\debugandtrace.aspx.resx	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\system.componentmodel.composition.dll	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\assembly\gac_msil\system.threading.thread\v4.0_4.0.0.0__b03f5f7f11d50a3a\system.threading.thread.dll	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\adonetdiag.mof.uninstall	Setup.exe
File opened for modification	\??\c:\windows\inf\msdtc bridge 4.0.0.0\_transactionbridgeperfcounters.h	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\addinprocess.exe.config	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\system.net.security.dll	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\assembly\gac_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\security\wizard\app_localresources\wizardpermission.ascx.resx	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\appconfig\debugandtrace.aspx	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\security\wizard\app_localresources\wizardproviderinfo.ascx.resx	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\microsoft.build.xsd	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\microsoft.visualc.dll	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\system.collections.dll	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\regasm.exe	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\system.runtime.serialization.formatters.dll	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\normnfc.nlp	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\assembly\gac_msil\system.diagnostics.tracing\v4.0_4.0.0.0__b03f5f7f11d50a3a\system.diagnostics.tracing.dll	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\assembly\gac_msil\system.reflection.emit\v4.0_4.0.0.0__b03f5f7f11d50a3a\system.reflection.emit.dll	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\system.runtime.numerics.dll	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\security\users\app_localresources\manageusers.aspx.resx	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\security\users\app_localresources\adduser.aspx.resx	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\assembly\gac_msil\system.drawing.design\v4.0_4.0.0.0__b03f5f7f11d50a3a\system.drawing.design.dll	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\microsoft.internal.tasks.dataflow.dll	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\clrcompression.dll	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\assembly\gac_msil\system.net.sockets\v4.0_4.0.0.0__b03f5f7f11d50a3a\system.net.sockets.dll	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\assembly\gac_msil\system.data.common\v4.0_4.0.0.0__b03f5f7f11d50a3a\system.data.common.dll	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvc.dll	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\system.threading.timer.dll	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\system.enterpriseservices.tlb	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\security\wizard\confirmation.ascx	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\system.data.datasetextensions.dll	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\providers\manageconsolidatedproviders.aspx	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\system.xml.linq.dll	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\aspnet.config	Setup.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_perf.ini	Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Setup.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	POWERPNT.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	POWERPNT.EXE

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\DatabaseComplete = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\LowRegistry\DOMStorage	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com\Total = "13"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\NextPromptBuild = "15063"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\FirstRecoveryTime = d581f14b6daed801	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "161"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\PersistedStorageItemTable\System\{2682EB8D-639E-4292-9B08-757818FF18 = 0114020000000000c0000000000000464c0000000114020000000000c000000000000046830000002000000076585669b626d90176585669b626d9018c7e5d69b626d90160f6150000000000010000000000000000000000000000009f0314001f50e04fd020ea3a6910a2d808002b30309d19002f433a5c0000000000000000000000000000000000000050003100000000000000000010005573657273003c0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000005500730065007200730000001400500031000000000000000000100041646d696e003c0009000400efbe00000000000000002e0000000000000000000000000000000000000000000000000000000000410064006d0069006e000000140056003100000000000000000010004170704461746100400009000400efbe00000000000000002e000000000000000000000000000000000000000000000000000000000041007000700044006100740061000000160050003100000000000000000010004c6f63616c003c0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000004c006f00630061006c00000014005a003100000000000000000010005061636b616765730000420009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000005000610063006b00610067006500730000001800b0003100000000000000000010004d6963726f736f66742e4d6963726f736f6674456467655f3877656b796233643862627765007c0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000004d006900630072006f0073006f00660074002e004d006900630072006f0073006f006600740045006400670065005f003800770065006b00790062003300640038006200620077006500000034005c0031000000000000000000100054656d70537461746500440009000400efbe00000000000000002e0000000000000000000000000000000000000000000000000000000000540065006d00700053007400610074006500000018005c00310000000000000000001000446f776e6c6f61647300440009000400efbe00000000000000002e000000000000000000000000000000000000000000000000000000000044006f0077006e006c006f00610064007300000018006800320060f615002c56049620004e445034382d7e312e45584500004c0009000400efbe2c5604962c5604962e0000000000000000000000000000000000000000000000000074e521006e0064007000340038002d007700650062002e0065007800650000001c000000a30000001c000000010000001c0000003400000000000000a200000018000000030000008163aa0c1000000057696e646f777300433a5c55736572735c41646d696e5c417070446174615c4c6f63616c5c5061636b616765735c4d6963726f736f66742e4d6963726f736f6674456467655f3877656b7962336438626277655c54656d7053746174655c446f776e6c6f6164735c6e647034382d7765622e657865000010000000050000a028000000cd0000001c0000000b0000a08f856c5e220e60479afeea3317b67173cd00000060000000030000a05800000000000000686d61686b636d7300000000000000004281527e94a49e448d31250bd70a2bc1c780f9d16b1aed1198fa7ad0e57bc6414281527e94a49e448d31250bd70a2bc1c780f9d16b1aed1198fa7ad0e57bc641d2000000090000a08d00000031535053e28a5846bc4c3843bbfc139326986dce7100000004000000001f0000002f00000053002d0031002d0035002d00320031002d0031003000390039003800300038003600370032002d0033003800320038003100390038003900350030002d0031003500330035003100340032003100340038002d00310030003000300000000000000000003900000031535053b1166d44ad8d7048a748402ea43d788c1d0000006800000000480000009246335f000000000000d01200000000000000000000000000000000	browser_broker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$MediaWiki	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\Certificates\83DA05A9886F7658 = 03000000010000001400000083da05a9886f7658be73acf0a4930c0f99b92f011400000001000000140000003656896549cb5b9b2f3cac4216504d91b933d79104000000010000001000000062455357dd57cb80c32ab295743cccc00f00000001000000200000006811c6215f18c75fdbe32cf56bd66248562a7fa3ba459cfee338745061e583941900000001000000100000002d581a49c8eb5b3b3c6ef9bb65314d705c000000010000000400000000100000180000000100000010000000bb048f1838395f6fc3a1f3d2b7e976542000000001000000dc060000308206d8308204c0a003020102020a613fb718000000000004300d06092a864886f70d01010b0500308188310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e31323030060355040313294d6963726f736f667420526f6f7420436572746966696361746520417574686f726974792032303131301e170d3131313031383232353531395a170d3236313031383233303531395a307e310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e312830260603550403131f4d6963726f736f66742053656375726520536572766572204341203230313130820222300d06092a864886f70d01010105000382020f003082020a0282020100d00bc0a4a81981e236e5e2aae5f3b2155875beb4e549f1e084f9bb0d64ef85c18155b8f3e7f16d40553dce8b6ad18493f5757c5ba4d47410ca32f323d3aeeecf9e0458c2d947cbd17c004148711b01671718afc6fe73037ee4ef439cef01712a1f81264377985457739d552bf09e8e7d060eac1b54f326f7f82308228b9e061d3738fd72d2cae563c19a5a7db26db352a96ee9aeb5fc8b36f99efaf61c581b9756a511e5b752dbbbe9f054bfb4ff2c6cb85d26cea00ad7df93ed7fddacf12c731ad9193755badd22788ea1d49b09f807223171b094aee0b0e726445790819715ce61ec65e24bf185521632f8b578aa7ecd4dec8321a4a89bbe9a6a04e0a31ccd56186cfd6b2f423ee237f272abd07873727bdeec0058e52130a3083a99ef9fc3f77a169665b5c381aff4397049aff6a9f66a0038f9b40819e01a35a55676225f6af269ae3ead58464db854f68941441e72b1bc122753d2c1ffb2cd50981eb5f4bbb6c28239d9ac1bf23b27846ab0c6260bd73a10e7b3db7cd356ac534c0bfa3b313774d8592bf9007919067bfd1c1d42d4410d2f050ed56b4923ffcfcdf87a82cfda3c2ddfe8d8120418ba1e8877b8981f1007bbc8057e0b09bf6bdde34e5bb0f9c784a63bca4c9f5b6229f7c7a2a89588702ce5c13f3c52234f409ac33185832fbf29f11d508f219607ceeff280c2447d9b62ef2fc37789ab454d533e0279d30203010001a382014b30820147301006092b06010401823715010403020100301d0603551d0e041604143656896549cb5b9b2f3cac4216504d91b933d791301906092b0601040182371402040c1e0a00530075006200430041300b0603551d0f040403020186300f0603551d130101ff040530030101ff301f0603551d23041830168014722d3a02319043b914054ee1eaa7c731d1238934305a0603551d1f04533051304fa04da04b8649687474703a2f2f63726c2e6d6963726f736f66742e636f6d2f706b692f63726c2f70726f64756374732f4d6963526f6f436572417574323031315f323031315f30335f32322e63726c305e06082b0601050507010104523050304e06082b060105050730028642687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b692f63657274732f4d6963526f6f436572417574323031315f323031315f30335f32322e637274300d06092a864886f70d01010b0500038202010041c861c1f55b9e3e9131f1b0c6bf0901b49db69074d709dba62e0d9fc8e7763446af0760894c81b33cd5f4123575c273a5f54d848ccba45dafbf92f617085742957265057679adeed1bab82e54a35107ac68eb210ce32581c2cd2af2c3ffcfc2bd49189ac7f084c5f914bc6b95e596efb342d253d54aa012c4ae12765309560e9df7d3a6498850f28a2c9720a2be4e78ef0565b74ba11688de31c70842247ca47b9e9dbc60005e6297e393fca7fe5b7b25dfe4537f4bbee63ef0db0179421c6e856c7db64430fba5379293b2a5ee20ad3f53d5c9f4286b57c1f81d6ab7562ab627811ca62d9fe7f4d0318397a82ab6acbe1b41f5e4895f56fbda5ad35e7d5594107e5357f44a3d402ac8bd679f84e110eefdda6b158249fc461dff4506749c4214edc539d3b3cd0b832790435192f24482ae6e9a1517b219fac7456c98017bbf37a9b088a492bc3838e01de47c97981a2e5fef3865b7352fbd7f4f21fac48cd26f06f94935eadf200f25aaea60ab2c1f4b89fcb7fa5c54904b3ea2284f6ce45265c1fd901c8582886ee9a655dd21287945b014e50acce65fc4bbdb6134699fac2638f7c1294108152e4ca0f7f90c3ede5fab08092d83acac348362f4c949428925b56eb247c5b339a0b1201b2cb18e046fa530491cd046e9405bf4ad6ebadb824a87124a80094ddbdf76b9055b1be0bb20705f0025c7d30efa16ad7b229e7108	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotnet.microsoft.com\ = "13"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\PersistedStorageItemTable	browser_broker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\ManagerHistoryComplete = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = 01000000e93f1f7a09c37d9e2f7493d5c2a9ae0b7929783f4e563aa9decb4786687713e32a5134e8e62e95616052568c8fb3fa74562bd6b8d0f0dd0e301d3f0d8323e29b8e6b1a79fe7f5894ba7f42f794caf80360060503edffcd0a1e0ff54674ed4a29632f40d225d5846ae29eb114da0ecff7355a3bbd24a4fcaa5742304bbef33e82893b8c522850e9fa4b4ec8f4e29f6da81dc7ff8c6cfd3df7165655112157eb92f03065d0be0fca02882ee4d3dc9dc86d36eda665f12b462094eb4de98a37a6c56eaf99e9953482fbace01e119428375aac6bbe5fba4eabf9e2a1080867b5916bf05654e1c2de757f0103e5ccbf607bc094e3801b448734c8f7184b21deefbee929c7340e482d67fbeb360a647666238ecdf44dbeb6f48d5c30f1a11011077cb9bfa04cd979419ab8f41bec7969588374c83ecd70a7b6778226ca88968d1bae37c682784ce539c42b4851abf5735772e0ee61147c48ee24b91d449921054db949470e892fef37fc9bae77ff1a618312bf10fd43ee01ba1445e5ffc5a88cbbd6c8bae226bb1d5a9316e82fdba65ffc2d1f5fb2fbcda23bab88f5ec30d0f1ff89f666ccd1f403a6	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = e725c563b626d901	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "80"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\ChromeMigration	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\ImageStoreRandomFolder = "ajgrily"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotnet.microsoft.com\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "40"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$http://www.typepad.com/	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\NextUpdateDate = "380362827"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CTLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\Favorites\Order = 0c0000000a000000000000000c0000000100000000000000	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com\Total = "201"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\NextBrowserDataLogTime = f0721cc3e826d901	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\NextUpdateDate = "380314241"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\Certificates\83DA05A9886F7658	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\microsoft.com\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\PersistedStorageItemTable\System\{2682EB8D-639E-4292-9B08-757818FF18	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Toolbar	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\AllComplete = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotnet.microsoft.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotnet.microsoft.com\ = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPublisher	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0"	MicrosoftEdge.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8F43288AD272F3103B6FB1428485EA3014C0BCFE	Setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8F43288AD272F3103B6FB1428485EA3014C0BCFE\Blob = 5900000001000000160000005200530041002f005300480041003200350036000000190000000100000010000000bb048f1838395f6fc3a1f3d2b7e97654140000000100000014000000722d3a02319043b914054ee1eaa7c731d12389340300000001000000140000008f43288ad272f3103b6fb1428485ea3014c0bcfe69000000010000000e000000300c060a2b0601040182373c03020b00000001000000540000004d006900630072006f0073006f0066007400200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003100310000000f0000000100000020000000279cd652c4e252bfbe5217ac722205d7729ba409148cfa9e6d9e5b1cb94eaff1040000000100000010000000ce0490d5e56c34a5ae0be98be581185d5c0000000100000004000000001000002000000001000000f1050000308205ed308203d5a00302010202103f8bc8b5fc9fb29643b569d66c42e144300d06092a864886f70d01010b0500308188310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e31323030060355040313294d6963726f736f667420526f6f7420436572746966696361746520417574686f726974792032303131301e170d3131303332323232303532385a170d3336303332323232313330345a308188310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e31323030060355040313294d6963726f736f667420526f6f7420436572746966696361746520417574686f72697479203230313130820222300d06092a864886f70d01010105000382020f003082020a0282020100b28041aa35384d13723268224db8b2f1ffd552bc6cc7f5d24a8c36eed1c25c7e8c8aaeaf13286fc073e33aced025a85a3a6defa8b859ab132368cd0c2987d16f805c8f447f5d90015258ac51c55f2a87dcdcd80a1dc103b97bb056e8a3de6461c29ef8f37cb9ec0db554fe4cb6654f88f09c48990c420b097c315917790678288d893a4c0325be716a5c0be78460a49922e3d2af84a4a7fbd198ed0ca9de9489e10ea0dcc0ce993dea0852bb5679e41f84ba1eb8b4c4495c4f314b87dddd0567269980e07111a3b8a541e2a453b9f73229830c13bf365e04b34b43472f6be2911ed3984fdd4207c8e81d12fc99a96b3e927ec8d6693afc64bdb6099dcafd0c0ba29b77604b0394a4306912d6422dc1414ccadcaafd8f5b83469ad9fcb1d1e3b3c97f487acd24f0418f5c74d0acb010200649b7c72d21c857e3d086f30368fbd0ce71c189994a64016cfdec3091cf413c92c7e5ba861d6184c75f833962aeb4922f47f30bf855eba01f59d0bb749b1ed076e6f2e906d710e8fa64de69c635968802f046b83f27996fcb71892935f7481602358fd5797c4d02cf5feb8a834f457188f9a90d4e72e9c29c07cf491b4e040e63518c5ed800c1552cb6c6e0c2654ec93439f59cb3c47ee8616e135f15c45fd97eed1dceee44eccb2e86b1ec38f670edab5c13c1d90f0dc780b255ed34f7ac9be4c3dae7473ca6b58f31dfc54bafebf10203010001a351304f300b0603551d0f040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414722d3a02319043b914054ee1eaa7c731d1238934301006092b06010401823715010403020100300d06092a864886f70d01010b050003820201007f72cf0fb7c515db9bc049ca265bfe9e13e6d3f0d2db975ff24b3f4db3ae19aeedd797a0acefa93aa3c241b0e5b8919e13812403e609fd3f574039212456d1102f4b40a936864bb453579afbf17e898f11fe186c51aae8ed0995b5e571c9a1e98775a6157fc97e37545e7493c5c367cc0d4f6ba8170c6d08927e8bdd81aa2d7021c33d0614bbbf245ea784d73f0f2122bd4b0006db971cd85ed4c50b5c876e50a4e8c338a4fbcb2cc592669b855ecb7a6c937c8029585b57b54069ba0879a66462159d879645b5662320038b1c73a0d3a27933e0505986db2fe50225ea732a9f0014c836c7923be94e00ecd85609b9334912d2540b01abac47b691297d4cb475805201e8ca82f69fccac9c8f17ea2f26b0ab72ac0bfe9e511ec74355674f51b357d6b6ecee52b73ae94ee1d78188bc4f8e75bb4ba8f035aa26d4676749b2704c3b93dc1ddf78908672b238a4d1dc924dc958eb2b125cd43bae8c6bb083e5013ff80932f693353422afdd370d7709802bcd4800f18c9919470501e9d1bfd14ed0e628433799a40a4a08d99a7173d2aacd31136376a1376f92381e7d123c6632e7cb6de1fc5289ddcad666059a9661bea228c71ca3a736503c3aa4df4a6ee6873bceebf0e081379d133c528ebdb91d34c61dd50a6a3d9829708c892ad1ab8210481fdcf4efa5c5bb551a3863844eb76cad9554ec6522104917b8c01ec70fac5447	Setup.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\ndp48-web.exe.cpx2c5r.partial:Zone.Identifier	browser_broker.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4600	POWERPNT.EXE

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
1284	Setup.exe
1284	Setup.exe
1284	Setup.exe
1284	Setup.exe
1284	Setup.exe
1284	Setup.exe
1284	Setup.exe
1284	Setup.exe
1284	Setup.exe
1284	Setup.exe
1284	Setup.exe
1284	Setup.exe
1284	Setup.exe
1284	Setup.exe
1284	Setup.exe
1284	Setup.exe
1284	Setup.exe
1284	Setup.exe
1284	Setup.exe
1284	Setup.exe
1284	Setup.exe
1284	Setup.exe

Suspicious behavior: MapViewOfSection 4 IoCs

pid	Process
4800	MicrosoftEdgeCP.exe
4800	MicrosoftEdgeCP.exe
4800	MicrosoftEdgeCP.exe
4800	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 15 IoCs

description	pid	Process
Token: SeDebugPrivilege	2300	RBX Alt Manager.exe
Token: SeDebugPrivilege	4416	MicrosoftEdge.exe
Token: SeDebugPrivilege	4416	MicrosoftEdge.exe
Token: SeDebugPrivilege	4416	MicrosoftEdge.exe
Token: SeDebugPrivilege	4416	MicrosoftEdge.exe
Token: SeDebugPrivilege	400	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	400	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	400	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	400	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	5084	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	5084	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4416	MicrosoftEdge.exe
Token: SeDebugPrivilege	1284	Setup.exe
Token: SeBackupPrivilege	3640	dism.exe
Token: SeRestorePrivilege	3640	dism.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1284	Setup.exe
4600	POWERPNT.EXE

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
4416	MicrosoftEdge.exe
4800	MicrosoftEdgeCP.exe
4800	MicrosoftEdgeCP.exe
3360	ndp48-web.exe
4600	POWERPNT.EXE
4600	POWERPNT.EXE
4600	POWERPNT.EXE
4600	POWERPNT.EXE

Suspicious use of WriteProcessMemory 46 IoCs

description	pid	Process	procid_target
PID 2300 wrote to memory of 4676	2300	RBX Alt Manager.exe	66
PID 2300 wrote to memory of 4676	2300	RBX Alt Manager.exe	66
PID 2300 wrote to memory of 4676	2300	RBX Alt Manager.exe	66
PID 4800 wrote to memory of 400	4800	MicrosoftEdgeCP.exe	72
PID 4800 wrote to memory of 400	4800	MicrosoftEdgeCP.exe	72
PID 4800 wrote to memory of 400	4800	MicrosoftEdgeCP.exe	72
PID 4800 wrote to memory of 400	4800	MicrosoftEdgeCP.exe	72
PID 4800 wrote to memory of 400	4800	MicrosoftEdgeCP.exe	72
PID 4800 wrote to memory of 400	4800	MicrosoftEdgeCP.exe	72
PID 4800 wrote to memory of 400	4800	MicrosoftEdgeCP.exe	72
PID 4800 wrote to memory of 400	4800	MicrosoftEdgeCP.exe	72
PID 4800 wrote to memory of 400	4800	MicrosoftEdgeCP.exe	72
PID 4800 wrote to memory of 400	4800	MicrosoftEdgeCP.exe	72
PID 4800 wrote to memory of 400	4800	MicrosoftEdgeCP.exe	72
PID 4800 wrote to memory of 400	4800	MicrosoftEdgeCP.exe	72
PID 4800 wrote to memory of 400	4800	MicrosoftEdgeCP.exe	72
PID 4800 wrote to memory of 2268	4800	MicrosoftEdgeCP.exe	75
PID 4800 wrote to memory of 2268	4800	MicrosoftEdgeCP.exe	75
PID 4800 wrote to memory of 2268	4800	MicrosoftEdgeCP.exe	75
PID 4800 wrote to memory of 2268	4800	MicrosoftEdgeCP.exe	75
PID 4800 wrote to memory of 2268	4800	MicrosoftEdgeCP.exe	75
PID 4800 wrote to memory of 2268	4800	MicrosoftEdgeCP.exe	75
PID 4800 wrote to memory of 2268	4800	MicrosoftEdgeCP.exe	75
PID 4800 wrote to memory of 2268	4800	MicrosoftEdgeCP.exe	75
PID 4800 wrote to memory of 2268	4800	MicrosoftEdgeCP.exe	75
PID 4800 wrote to memory of 2268	4800	MicrosoftEdgeCP.exe	75
PID 4800 wrote to memory of 2268	4800	MicrosoftEdgeCP.exe	75
PID 4800 wrote to memory of 2268	4800	MicrosoftEdgeCP.exe	75
PID 4800 wrote to memory of 2268	4800	MicrosoftEdgeCP.exe	75
PID 4800 wrote to memory of 2268	4800	MicrosoftEdgeCP.exe	75
PID 2700 wrote to memory of 3360	2700	browser_broker.exe	76
PID 2700 wrote to memory of 3360	2700	browser_broker.exe	76
PID 2700 wrote to memory of 3360	2700	browser_broker.exe	76
PID 3360 wrote to memory of 1284	3360	ndp48-web.exe	78
PID 3360 wrote to memory of 1284	3360	ndp48-web.exe	78
PID 3360 wrote to memory of 1284	3360	ndp48-web.exe	78
PID 1284 wrote to memory of 4840	1284	Setup.exe	80
PID 1284 wrote to memory of 4840	1284	Setup.exe	80
PID 1284 wrote to memory of 4840	1284	Setup.exe	80
PID 1284 wrote to memory of 3752	1284	Setup.exe	82
PID 1284 wrote to memory of 3752	1284	Setup.exe	82
PID 1284 wrote to memory of 3752	1284	Setup.exe	82
PID 1284 wrote to memory of 3640	1284	Setup.exe	97
PID 1284 wrote to memory of 3640	1284	Setup.exe	97
PID 3640 wrote to memory of 4636	3640	dism.exe	98
PID 3640 wrote to memory of 4636	3640	dism.exe	98

C:\Users\Admin\AppData\Local\Temp\RBX Alt Manager.exe
"C:\Users\Admin\AppData\Local\Temp\RBX Alt Manager.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2300
- C:\Users\Admin\AppData\Local\Temp\RBX Alt Manager.exe
  "C:\Users\Admin\AppData\Local\Temp\RBX Alt Manager.exe"
  2⤵
  - Checks computer location settings
  PID:4676

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4416

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- NTFS ADS
- Suspicious use of WriteProcessMemory
PID:2700
- C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\ndp48-web.exe
  "C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\ndp48-web.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3360
- - C:\6714060c5d2c32e5ef1b88ea02a8e166\Setup.exe
    C:\6714060c5d2c32e5ef1b88ea02a8e166\\Setup.exe /x86 /x64 /web
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in System32 directory
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Checks processor information in registry
    - Modifies system certificate store
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:1284
  - - C:\6714060c5d2c32e5ef1b88ea02a8e166\SetupUtility.exe
      SetupUtility.exe /aupause
      4⤵
      Executes dropped EXE
      PID:4840
  - - C:\6714060c5d2c32e5ef1b88ea02a8e166\SetupUtility.exe
      SetupUtility.exe /screboot
      4⤵
      Executes dropped EXE
      PID:3752
  - - C:\Windows\System32\dism.exe
      dism.exe /quiet /norestart /online /add-package /packagepath:"C:\6714060c5d2c32e5ef1b88ea02a8e166\x64-Windows10.0-KB4486129-x64.cab"
      4⤵
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:3640
    - - C:\Users\Admin\AppData\Local\Temp\BD1CD671-E9AC-49E5-B6A5-A29335D67BFA\dismhost.exe
        
        C:\Users\Admin\AppData\Local\Temp\BD1CD671-E9AC-49E5-B6A5-A29335D67BFA\dismhost.exe {0277D966-2696-4979-868D-983FC3C8D87A}
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4636

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4800

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:400

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:5084

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:2268

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:1484

C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE
"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" "C:\Users\Admin\Desktop\UnprotectUnpublish.potm" /ou ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:4600

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1960

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\6714060c5d2c32e5ef1b88ea02a8e166\1025\LocalizedData.xml

Filesize
80KB

MD5
d8165beb3b8433921d0d5611b85bfa35

SHA1
bef57e3511e18170ebbc9ae3aefd73ce3f50f8f4

SHA256
b092668e0825f7f498acdc1bf10e1d2cb6ca99497389142cf9af815f25a4b712

SHA512
9fa221f549b4e660c4f40c7ab0e483e3d9a9204248da51675058f32f4f56667c782667295decbb441a581f582a099fe34c6cc569d0c4ec13e85c680abf5870b0

Download Submit
C:\6714060c5d2c32e5ef1b88ea02a8e166\1028\LocalizedData.xml

Filesize
69KB

MD5
f3a4fd6968658a18882cf300553f2f89

SHA1
b75ccaeff41bf9c8586bca612550cb9dca6b09ea

SHA256
53742293b25149b19d8677b15f6424fc71e308014b1bcf883e6949d1dab3961c

SHA512
9692c8577034c0e628a42d581f634ed174b4af684ee87c947556888027215bbf4c92286a3ad1cb1792fc6f7392190719ebef85b60fce48e20239abcb58d04d97

Download Submit
C:\6714060c5d2c32e5ef1b88ea02a8e166\1029\LocalizedData.xml

Filesize
85KB

MD5
d6801174849373cde3f1d214d80fe834

SHA1
50caf47aa60b999ca7b43d3ceb75d0dbffd2278a

SHA256
cbb0da2d1efa7de6736e67c978848d53acf8b502bf3daf43ce40b05076145a7c

SHA512
a4cf812dc4fac888dad4ca986fcb07b93f45633fe5931f24afff4558d9a29734a0ac5d647f3bc631c377fba816c19bd44178398bb6166f6f84e5f05acb8e0a18

Download Submit
C:\6714060c5d2c32e5ef1b88ea02a8e166\1030\LocalizedData.xml

Filesize
83KB

MD5
03b1e582ec5454b2fa3599e788569dfa

SHA1
75845acdd04fb17011218b06fd7c28830641f021

SHA256
59884541554376a26143b105fa924b9f9961254d22db8dedf7de7f3495d7a1dd

SHA512
23d1b1c2e2c78692a48b959bdb70c3c321a76792885b19805cafd543c0ef25856f8f115af766ea46f20eb2c440eaf31e656726710b12ae5f362779bea28035bc

Download Submit
C:\6714060c5d2c32e5ef1b88ea02a8e166\1031\LocalizedData.xml

Filesize
88KB

MD5
afb4b1d7103ddca43ea723acbcdd31fd

SHA1
c4d95dfd4869df636091e979c8b3bd7684004a48

SHA256
961efe11e9e3e553269cb14dc1b942e9ac68b86740d59aa35e4ff6e5913532dd

SHA512
bde563d158e38f7a46abe564e365bbc9cfa235f4735f668a532919f0575bead27bdd6fa11ac50802c989f2f69371c2e9179c9affbc85954a9b4050f9122e26a5

Download Submit
C:\6714060c5d2c32e5ef1b88ea02a8e166\1032\LocalizedData.xml

Filesize
90KB

MD5
71bdb323a746a4adab9ce42498e937bc

SHA1
8e58d4ba5623a50610bd99e82df135708a9f130e

SHA256
6c5a6e11a85c9e172e7748a9a9f19f8598870a63a103a7ac18cbbd0cdf026475

SHA512
b7d66fa4f1a1b7130cdd801447fe0c4965cba1618c01d4ff64b9707e3e132fb13858aa498ea26fb1e54b56daf83e5e7958c6a4fcc1a4ad6dd6c2ffa966e58b76

Download Submit
C:\6714060c5d2c32e5ef1b88ea02a8e166\1033\LocalizedData.xml

Filesize
83KB

MD5
47703bed025228689a1032edae56b4c4

SHA1
a2aba33c7e8915025251574c81fe2e5ac6bc0893

SHA256
05fc9352b918a710d51f68873fc522528265455b77014e8b0cd66c5e7aa71dc3

SHA512
9d6eda9fc3be6116371d1b86b54b8b65ccd58c182105e0954870f75e2a6f4d7e8fc84462bfd3584175c0f849066e47d82cd18ae3bf1671e60cc237347b7cc00d

Download Submit
C:\6714060c5d2c32e5ef1b88ea02a8e166\1035\LocalizedData.xml

Filesize
84KB

MD5
ad67691b3b5474154f65400e53ddfef2

SHA1
dc8dc683bf9fee12a5ab7297789a5c087e98facc

SHA256
1e828840ae8728ac809624845597406d4025d6da7797b38f02946a30a48bfe7c

SHA512
64ee113f0c3e173fee6047cc41ff3e84181aba2eb2b02ca5cc717caaf1392e5e2f0eed7e7c469d821d86878443bc8ec64c66e2afb1d850fb4c7e9823c3a5ea73

Download Submit
C:\6714060c5d2c32e5ef1b88ea02a8e166\1036\LocalizedData.xml

Filesize
87KB

MD5
2c77cbaaf9c3ed0c4410c4b8c3c29c30

SHA1
110775ca1c6e252b4e8c8bf39b593dfb4d66206c

SHA256
ab3d5571b57b7bb705bffe13f37bd73894b0d12d09cc1fb1b438493a863c324c

SHA512
c1438b9b95bd16503f5a14d743e9c6c40cb46cd24a4bb48adf6f9162c61e8979c370e7e1eff8989db05ff5a496415a68b58cc16912a7c8215fecb72d252c5285

Download Submit
C:\6714060c5d2c32e5ef1b88ea02a8e166\1037\LocalizedData.xml

Filesize
78KB

MD5
631011d665ad08220fe248d9f8a103ba

SHA1
652c56998d0e8bf0c43f136fd90c69728bb0e111

SHA256
e9877973bef23498b586a9cf03230fc45a9ea8a3f75decfa062b03bd31974b06

SHA512
cf479c0c5167e011721bd6b0f5829a62c0c269b1e1be13e5bb750516b8441a1d8ca20fafd0d539066f84d669f6f5e9401c223b82e200501716c719d268c3c1a0

Download Submit
C:\6714060c5d2c32e5ef1b88ea02a8e166\1038\LocalizedData.xml

Filesize
86KB

MD5
28e8a2833f3d5302a1f5c2a84fa8990a

SHA1
08977251eb62c6df447c6754b2ec27a73d9071f1

SHA256
e4261c9b8c779d58883820a531a19594d238f0ca9ecac399505c569b0cccdbc7

SHA512
4a62afe84d4eb03bf2c65826b5765f270b3c9a3403b972bb00db66cb40b70d1809334fc3a8edf012c1ea31e4e3b8c6fed6423e9da14dd62ad76a12d525e515b9

Download Submit
C:\6714060c5d2c32e5ef1b88ea02a8e166\1040\LocalizedData.xml

Filesize
85KB

MD5
e74a35a00e0228de37ee911f93411ed2

SHA1
c1c0901eb552c21ce2817b7edb94af611b571a49

SHA256
2ec36fb871853f60085bc972e08156483384f8c1d6e000f5db1cc8cccad05f8c

SHA512
8876e39093448d1ae5a1f53499272323747789fbaefdf9bd852fee161fa9c18ce0721164473a5a2279643b34a2727d870e0b802635288f2e32b15c40660ad06f

Download Submit
C:\6714060c5d2c32e5ef1b88ea02a8e166\1041\LocalizedData.xml

Filesize
75KB

MD5
32e4d6f895a69bb2c373ff4c688d6b27

SHA1
57738235363c5f1a1c5651c65832396e3aef4414

SHA256
ae28910c1ef16ce70a5e97c5d02390ad8d64f80966e2be3c4a56db0c4038442d

SHA512
5052e8a218cf71b0e08de33665a58f9219282e00f2e4f6c19897a07863556a2408dc273ad3cc9257d98d6a57765321e0f1b051bed051f188947deda9d32dbdbe

Download Submit
C:\6714060c5d2c32e5ef1b88ea02a8e166\1042\LocalizedData.xml

Filesize
73KB

MD5
47f8082069c52d2f7db1fc6aac2886df

SHA1
4b5c371e9006c10685f2c59ca9a7ebfb4a597a0a

SHA256
e86656ef2092c0e6caf5b8b0bca2d6ce5def273609c22187ae91236605d2e273

SHA512
7bdaf721e561c46609054f6786624149fd824abb1e3126b2a6b6385b56c6fe11414af216fca3ee2b1fe6a4b42ca8a19f46186ab1d4e70fb81b6f9af013c40018

Download Submit
C:\6714060c5d2c32e5ef1b88ea02a8e166\1043\LocalizedData.xml

Filesize
85KB

MD5
e939717e7eaf1b7f53c4b752e62a22e7

SHA1
ca5a66c452ec6ca8bc04de95eac1616cf3980992

SHA256
8afdf3d2c0fd2370889e3fd96bc2742831cdc6041af0a407123c27f8d76d68a6

SHA512
ebfa725b8efc4448d669beea6f56eab9a317793ff1e21cbc51e015a1a31dfb8b1408e9df15023b878aca220465dbede09254f9a524ef7f6060877844994e17aa

Download Submit
C:\6714060c5d2c32e5ef1b88ea02a8e166\1044\LocalizedData.xml

Filesize
84KB

MD5
b0d9e4dac3935bb596bb83b7d8474f8f

SHA1
29ce971b1a3ccf6f09eced6bff8e778df13f3d35

SHA256
3c309a5509d42e6485e9123bc6af5ec43cf2faa8afead5062676e85ab7f96add

SHA512
af4e4032a3b4a1696a3f252c03c8f5364089320e4181ebccd39d569d7577b11b70b4ae694d4a74e09bb61505664a01733dccb2d80aed64cb7142225dddd997e2

Download Submit
C:\6714060c5d2c32e5ef1b88ea02a8e166\1045\LocalizedData.xml

Filesize
87KB

MD5
c3a238ffbf2dbb9f758e5c5b33948971

SHA1
56ceb241f3780dc4a9814332f44369188ded3e77

SHA256
2f0beba8a56cccaddfe6e0ecc3130d0efafb7f84cc0fa4e8db9d85c840e24241

SHA512
2def165951b958195a339f8b4a38aba310c428fbf89f0d7e708d44255f3cf59953550f8e4772626aa125e4a2cb3328601b5ca097f5e355423f4d5094cb8155ea

Download Submit
C:\6714060c5d2c32e5ef1b88ea02a8e166\1046\LocalizedData.xml

Filesize
84KB

MD5
4a892aa3fedbfe5991b6ff46c00af55c

SHA1
421fe8f80432c56d022ff2911c4a5708093184c3

SHA256
aadbd1df74fc82a43f86f1f40d5065a802b2db71652525a78d258fda3197a743

SHA512
9391096ad6c721b50a300f3c8285291086c0f302f77a7edee7283ec8eb7432171edde5998d5c76587c6431eb3c7e5cba176d0c31f6963acd8d954ea9c6a6e619

Download Submit
C:\6714060c5d2c32e5ef1b88ea02a8e166\1049\LocalizedData.xml

Filesize
86KB

MD5
d46f34e95e94fbfa4cb4a8dcc7ba3211

SHA1
3e2150c9dd44c4b3416051534ccf84968f2737cd

SHA256
a787b2f493c3248991877f61e210bb0231d357d06aa2671917d2ad4e528c9f67

SHA512
c740f7eba5187699b39265ba2238121a20d935d1320c0e344b767d537618cc2954bb7a6bacae12e7121cd1b4bca1ceb84e11bb80a347e7c2c79e87eb899adb7a

Download Submit
C:\6714060c5d2c32e5ef1b88ea02a8e166\1053\LocalizedData.xml

Filesize
83KB

MD5
cb2e2edf7d7fefde9b3894923407f8c0

SHA1
541ec570f26bb30f4be35f1a87d4ccf6bc660f67

SHA256
874e5d7e45603ad70ca353e8dc6bf42944594f911d17c79be8966dc01d27eb73

SHA512
045fadda432280ec961da53b914adc9d9a31d02140282b3b37e89f01723d64b5659e3c1a61e9344f4440813efb8b932cf45f859b97cfbdc158c0802d70c5ecda

Download Submit
C:\6714060c5d2c32e5ef1b88ea02a8e166\1055\LocalizedData.xml

Filesize
83KB

MD5
f020b0e38f1295924f1833e77859fc9a

SHA1
17467f2ebb8cbca89119d30b3ba7ae30691921e1

SHA256
8ce790eca06bae1b01f40f732580adea86d4c22b28d1e701e033c6c9983500c2

SHA512
bf01aea04827a46cb60cacf97993b319643e90aca82e1abc2c6750f01de0d638fc1b73931fe80e5441128eba70f364c1000b4ccd053b2e241c0a3916b75d670a

Download Submit
C:\6714060c5d2c32e5ef1b88ea02a8e166\2052\LocalizedData.xml

Filesize
69KB

MD5
6cc370b95c9f3e3d28315759b496e977

SHA1
09e4aad0a389f0f876d21e132123dbbd83dc1314

SHA256
93e519e8cc173a3f1aa8dd8113ad4a1be0b5b8d40e1d0a1563dba2054b50433a

SHA512
3b2f19f97cb07f5c845d85cee1a0932c19ddd0efc0433e4b6f092e0e7782e9454c6ff43eb54a943e1e85764ca2ce8ff36a239ac319b09fd8042669d24af27f91

Download Submit
C:\6714060c5d2c32e5ef1b88ea02a8e166\DHTMLHeader.html

Filesize
15KB

MD5
cd131d41791a543cc6f6ed1ea5bd257c

SHA1
f42a2708a0b42a13530d26515274d1fcdbfe8490

SHA256
e139af8858fe90127095ac1c4685bcd849437ef0df7c416033554703f5d864bb

SHA512
a6ee9af8f8c2c7acd58dd3c42b8d70c55202b382ffc5a93772af7bf7d7740c1162bb6d38a4307b1802294a18eb52032d410e128072af7d4f9d54f415be020c9a

Download Submit
C:\6714060c5d2c32e5ef1b88ea02a8e166\ParameterInfo.xml

Filesize
2.7MB

MD5
8e8c25b11ffe1d7bc70e2a31600eda7a

SHA1
1452b55ef634e4e5b002ce302702d0c50487ff6c

SHA256
a2bec4e2afd573422045c8c2f461166508535e67abd32942d4d6fbed77b9faf8

SHA512
4a622a5d3748ce412bf529b11d305a5a06dd381a9b972fa08d0528dc738d50a979307ce6dfb14c9b481952672ca9c3a1be43669796e5e178b23436b84bd0542a

Download Submit
C:\6714060c5d2c32e5ef1b88ea02a8e166\Setup.exe

Filesize
119KB

MD5
057ce4fb9c8e829af369afbc5c4dfd41

SHA1
094f9d5f107939250f03253cf6bb3a93ae5b2a10

SHA256
60dd7d10b3f88f1b17e39464bb2d7ca77c9267b846d90cf5728a518a117bd21b

SHA512
cae4df73a5b28863c14a5207fbbe4e0630e71215aa1271fe61117523cc32b8b82cd1ba63f698907fbfeb36d4007bb0f463828025957505cfcbb200f4ed5d3a52

Download Submit
C:\6714060c5d2c32e5ef1b88ea02a8e166\Setup.exe

Filesize
119KB

MD5
057ce4fb9c8e829af369afbc5c4dfd41

SHA1
094f9d5f107939250f03253cf6bb3a93ae5b2a10

SHA256
60dd7d10b3f88f1b17e39464bb2d7ca77c9267b846d90cf5728a518a117bd21b

SHA512
cae4df73a5b28863c14a5207fbbe4e0630e71215aa1271fe61117523cc32b8b82cd1ba63f698907fbfeb36d4007bb0f463828025957505cfcbb200f4ed5d3a52

Download Submit
C:\6714060c5d2c32e5ef1b88ea02a8e166\SetupEngine.dll

Filesize
893KB

MD5
f9618535477ddfef9fe8b531a44be1a3

SHA1
c137a4c7994032a6410ef0a7e6f0f3c5acb68e03

SHA256
236bf2b5cf6014b8ee22484afe172ace512cc99dba85080b082d47e9e189ea5c

SHA512
b85ae1a9cc334e9352c51aa94b2c74c6c067957e0e6021f7309a1c194fc64c0c50bb5efeaef7030e8689d75a22798f74cf719366a2fdcce26e23692510bfe064

Download Submit
C:\6714060c5d2c32e5ef1b88ea02a8e166\SplashScreen.bmp

Filesize
117KB

MD5
bc32088bfaa1c76ba4b56639a2dec592

SHA1
84b47aa37bda0f4cd196bd5f4bd6926a594c5f82

SHA256
b05141dbc71669a7872a8e735e5e43a7f9713d4363b7a97543e1e05dcd7470a7

SHA512
4708015aa57f1225d928bfac08ed835d31fd7bdf2c0420979fd7d0311779d78c392412e8353a401c1aa1885568174f6b9a1e02b863095fa491b81780d99d0830

Download Submit
C:\6714060c5d2c32e5ef1b88ea02a8e166\UiInfo.xml

Filesize
63KB

MD5
c99059acb88a8b651d7ab25e4047a52d

SHA1
45114125699fa472d54bc4c45c881667c117e5d4

SHA256
b879f9bc5b79349fa7b0bdbe63167be399c5278454c96773885bd70fbfe7c81d

SHA512
b23a7051f94d72d5a1a0914107e5c2be46c0ddee7ca510167065b55e2d1cb25f81927467370700b1cc7449348d152e9562566de501f3ea5673a2072248572e3b

Download Submit
C:\6714060c5d2c32e5ef1b88ea02a8e166\sqmapi.dll

Filesize
223KB

MD5
0c0e41efeec8e4e78b43d7812857269a

SHA1
846033946013f959e29cd27ff3f0eaa17cb9e33f

SHA256
048d51885874d62952e150d69489bcfb643a5131ce8b70a49f10dfb34832702c

SHA512
e11da01852a92833c1632e121a2f2b6588b58f4f2166339a28dd02dad6af231a2260a7e5fc92e415d05aa65b71e8bbda065e82a2db49bb94b6cf2fe82b646c28

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\ndp48-web.exe

Filesize
1.4MB

MD5
34a5c76979563918b953e66e0d39c7ef

SHA1
4181398aa1fd5190155ac3a388434e5f7ea0b667

SHA256
0bba3094588c4bfec301939985222a20b340bf03431563dec8b2b4478b06fffa

SHA512
642721c60d52051c7f3434d8710fe3406a7cfe10b2b39e90ea847719ed1697d7c614f2df44ad50412b1df8c98dd78fdc57ca1d047d28c81ac158092e5fb18040

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\ndp48-web.exe

Filesize
1.4MB

MD5
34a5c76979563918b953e66e0d39c7ef

SHA1
4181398aa1fd5190155ac3a388434e5f7ea0b667

SHA256
0bba3094588c4bfec301939985222a20b340bf03431563dec8b2b4478b06fffa

SHA512
642721c60d52051c7f3434d8710fe3406a7cfe10b2b39e90ea847719ed1697d7c614f2df44ad50412b1df8c98dd78fdc57ca1d047d28c81ac158092e5fb18040

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\ndp48-web.exe.cpx2c5r.partial

Filesize
1.4MB

MD5
34a5c76979563918b953e66e0d39c7ef

SHA1
4181398aa1fd5190155ac3a388434e5f7ea0b667

SHA256
0bba3094588c4bfec301939985222a20b340bf03431563dec8b2b4478b06fffa

SHA512
642721c60d52051c7f3434d8710fe3406a7cfe10b2b39e90ea847719ed1697d7c614f2df44ad50412b1df8c98dd78fdc57ca1d047d28c81ac158092e5fb18040

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4WZRHOPX\RE1Mu3b[1].png

Filesize
3KB

MD5
9f14c20150a003d7ce4de57c298f0fba

SHA1
daa53cf17cc45878a1b153f3c3bf47dc9669d78f

SHA256
112fec798b78aa02e102a724b5cb1990c0f909bc1d8b7b1fa256eab41bbc0960

SHA512
d4f6e49c854e15fe48d6a1f1a03fda93218ab8fcdb2c443668e7df478830831acc2b41daefc25ed38fcc8d96c4401377374fed35c36a5017a11e63c8dae5c487

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4WZRHOPX\mwfmdl2-v3.54[1].woff

Filesize
25KB

MD5
d0263dc03be4c393a90bda733c57d6db

SHA1
8a032b6deab53a33234c735133b48518f8643b92

SHA256
22b4df5c33045b645cafa45b04685f4752e471a2e933bff5bf14324d87deee12

SHA512
9511bef269ae0797addf4cd6f2fec4ad0c4a4e06b3e5bf6138c7678a203022ac4818c7d446d154594504c947da3061030e82472d2708149c0709b1a070fdd0e3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4WZRHOPX\open-sans-v34-latin-600[1].woff2

Filesize
16KB

MD5
603c99275486a11982874425a0bc0dd1

SHA1
ffeb62d105d2893d323574407b459fbae8cc90a6

SHA256
4ffc35ac4d5e3f1546a4c1a879f425f090ff3336e0fce31a39ae4973b5e8c127

SHA512
662dc53798ccda65ee972a1bb52959ca5f4c45066c1d500c2476c50ec537cb90a42d474d7dde2bec1ea8c312cc4a46e1d91ffb610130c2dc7914b65aef8a2615

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4WZRHOPX\wcp-consent[1].js

Filesize
272KB

MD5
5f524e20ce61f542125454baf867c47b

SHA1
7e9834fd30dcfd27532ce79165344a438c31d78b

SHA256
c688d3f2135b6b51617a306a0b1a665324402a00a6bceba475881af281503ad9

SHA512
224a6e2961c75be0236140fed3606507bca49eb10cb13f7df2bcfbb3b12ebeced7107de7aa8b2b2bb3fc2aa07cd4f057739735c040ef908381be5bc86e0479b2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\E79DQ873\analytics.min[1].js

Filesize
2KB

MD5
8ecefb1d281a6656cbfc10187c34dc98

SHA1
8f22955b673af83115a9635b22e5174fa166657a

SHA256
043815581e5875956e38c3277443a1b0f68432f97878dcd72f232974fd6e5ec1

SHA512
909952271cdfec0e6259048b6e61a04bc79a2fa4798fbb6f0c06336e1dae3558f437151b14f0a748b2f3e70a41fcbf740cdc5a1f6a7619ef05f106e690aeaeaa

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\E79DQ873\cda-tracker.min[1].js

Filesize
762B

MD5
dac957d8b23d6c49aa5e917f5c2505a0

SHA1
49bb19db449215dde7384578684b1704559f95e2

SHA256
04e0ac55a31e7481d75fc6a8f4198473c477c3620aa84051c39f5678b1e7694e

SHA512
b55b5d144e94b786ada89dedf1f617d5b47fe0071b857e56e12bf9e19a083ecd3375711b73029270332104e1eaca41cba364aa270fb9586466930b2ba10efe9a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\E79DQ873\cookie-consent.min[1].js

Filesize
956B

MD5
8e43b322c03693474b06d839837d4fa1

SHA1
c42c6458fa02771f4a0fc962bfb3cc14311e7638

SHA256
ea6c90c5174a8d235337db610bc3c84228c2e9c4a39b16701210fc375e82a18a

SHA512
6c3cce5847f2f460cfb812b484880ca583d42d9242ae5b3a1440daf7e0dca557b56c57edc460b4cf58e168f400dbfc0de164c2a846266dc61fd7db3cfd413174

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\E79DQ873\culture-selector.min[1].js

Filesize
302B

MD5
e886b9422ab1c9a296c220de289971ab

SHA1
457b23822d9c94d763c98b681afa778b1fb2c874

SHA256
a9c2b239f8f3164d84f6bec2ed1f04f84b257b516abfb791373658300e4f2ee7

SHA512
a56b6e665783e4a6769bdd1a19c732ee3e6d9f1be010b6ab5cc4a9b040eec3be34acd8ae6322c49318e438b03ff7e1712c3a577049a01dd73a5afa0024f585dd

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\E79DQ873\general.min[1].js

Filesize
172KB

MD5
c09f5d0b66835ebfe3a3a40be537f834

SHA1
612de9032d53362206ab56c04cb0ab2608e3b19c

SHA256
24ce903cdbfd82e0b4ad4564a341fc49d6458179820f93cc965ffb02963580db

SHA512
081e09878395ea203eddd31e6ec577814081cdeb1a801c5d0793c3336284b861f4778786bbebfdf7e1970a25aba931320c870d6444115e21865f27463b8cc0b6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\E79DQ873\main.min[1].js

Filesize
28KB

MD5
f65baf0aeb4e642925472561614bb06b

SHA1
79a56ef1313be37031d5add7d5267dc00ddcdd5f

SHA256
d2ba461795456e22e552fa372bc17d8c70eeba511d0df6c96bacc732c725941a

SHA512
66fc474bdd4e65d88767ad7a416bb6c34c576529d85b059422a93415b345b8eb85240098c598ac8f04457e7d2219297533efda758a20fb9d2025aeb6941cfc9c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\K7J4RW5R\37-8473b9[1].js

Filesize
133KB

MD5
d8b85b1b9a54c532f41ee3ad758450a6

SHA1
8311e13eb390700f93a0c3ee90bc617e0ed4301d

SHA256
f1464d6010ed2930cf906e7e4573940b4b247929c847e81d0fe866ecc4158d4f

SHA512
4ebdbd913f6eaacfb8e4086fc835a5139993659d53d181d25e18bc43f552a6abc06d7521eadf88926c892a49a6075d39e28bdd11438107aec6dda4a4988cc711

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\K7J4RW5R\ai.2.min[1].js

Filesize
117KB

MD5
f63d62b7f7a371f237e1c4d5d55b82cc

SHA1
fe5bde41271fa0c3b63c13c6ce823333500e91ac

SHA256
ac4f3a99557d9c17b6ded0c6d4f0b267f4879cde9baec07a83910ab8c7059f77

SHA512
9657d9f24a2dad3e0617ac323170a940fae7a85028d268b3d1710b6a7ff91fdb136c85b421cccfcc943ea235cff3201dd0e31e908d9e1f1ba4064849da089ddf

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\K7J4RW5R\ms.analytics-web-3.min[1].js

Filesize
136KB

MD5
c9d788ec9041717cdf9bbfbba4d3f395

SHA1
5eaca142c7ac5bb18fdb894d400bc99f640a6a09

SHA256
581e167dd3aa1f6bff67e7cbf1bed83dfa10ec04ad2989976f118dd5724de5a0

SHA512
cb8154674030b3aa033d2aaf432c30a2f96e21f4b270810c72e0300f74abb12369cc126ec7b5f0c2cccc8dbaeabd4966703ef446460a114907f86abdc460f0c5

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\K7J4RW5R\open-sans-v34-latin-700[1].woff2

Filesize
15KB

MD5
e45478d4d6f15dafda1f25d9e0fb5fa1

SHA1
52cb490cd0ee4442ede034085cda9652b206f91c

SHA256
d1a17abb1a999842fe425e1a4ace9d90f9c18f3595c21a63d89f0611b90cfd72

SHA512
2ac423249ec837efa35b29705f55a326dee83f727e867269b86005cce144ca8d435f7412bb0bc9babdb9ae17419e4a0314b2923bee6a5acc96c9909e9eb48645

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\K7J4RW5R\open-sans-v34-latin-regular[1].woff2

Filesize
16KB

MD5
e43b535855a4ae53bd5b07a6eeb3bf67

SHA1
6507312d9491156036316484bf8dc41e8b52ddd9

SHA256
b34551ae25916c460423b82beb8e0675b27f76a9a2908f18286260fbd6de6681

SHA512
955a4c3ea5df9d2255defc2c40555ac62eeafcc81f6fa688ba5e11a252b3ed59b4275e3e9a72c3f58e66be3a4d0e9952638932fa29eb9075463537910a8e0ce6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OJVGU5F6\74-888e54[1].css

Filesize
167KB

MD5
ba0d5ea1fac178bc129be5c94eebc013

SHA1
cdf9036d0a2cc4b57a278e48bce971e708e39aee

SHA256
cf186f15996f1f201512c3576307588ecbf1e4d62daa72aa678b8222d6c652f8

SHA512
a31ed800df0244da91ef08d8e2b262d8b9899ec5f64218e6a233ac9f178df15e642aa7476aa87c1f18228a64507850e2974025b77f7071c2e821d50e3c3ca08e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OJVGU5F6\bootstrap-custom.min[1].css

Filesize
228KB

MD5
370d10b510d38286d3c856fa520f7c41

SHA1
c9a89594af4bbc7102c1707945ae028b3456dad8

SHA256
3f9198fedd66d70d7033eb15bd9f2cb097ce026db3e43736ae8c0d306d7a728b

SHA512
99b1c8e6235c84e1815cafd30df2e54a06768befd22ce2bc6e52c08775bb7518ce7ff79282d4e715712450429d3d0a4b8651b5fb44711adfa0c1f85855aa9700

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OJVGU5F6\ndp48-web[1].exe

Filesize
32KB

MD5
e8a28793e8e446fa8c17029ec7e6d7f8

SHA1
12d1d69c7d8d92a4f2a24110fec758c13f375479

SHA256
47f48b63ea8390b8faa831e5beccadf863a62fb3b21dce69333aa5f2c41c7fb0

SHA512
3ce48c577afef8a1449b0c32ec0f01477f9972be7686ae98075854e0af48220100963b1069e0d4952a3316d1d955f6622f2b0ce4a44b60a4d714c121689c7c2b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OJVGU5F6\override[1].css

Filesize
1KB

MD5
a570448f8e33150f5737b9a57b6d889a

SHA1
860949a95b7598b394aa255fe06f530c3da24e4e

SHA256
0bd288d5397a69ead391875b422bf2cbdcc4f795d64aa2f780aff45768d78248

SHA512
217f971a8012de8fe170b4a20821a52fa198447fa582b82cf221f4d73e902c7e3aa1022cb0b209b6679c2eae0f10469a149f510a6c2132c987f46214b1e2bbbc

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OJVGU5F6\space-grotesk-v12-latin-700[1].woff2

Filesize
11KB

MD5
514360ed1b78e71aabe58ecd08f36706

SHA1
1062c179ea2f74b5db67f9d7822c556ed25637dd

SHA256
751851e72654508ca07678c61bdacd91b772d725f531dd8a6f62e6f941e11ecc

SHA512
1827c1a0189570e775bdcd07657e720e0bb27c2157ff46307cba551eaa16822645e388321081eb13cae7f4d024038b5279cff897a4c86c0ecd4428e60a5dac5e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\NV8Z0ZHT\dotnet.microsoft[1].xml

Filesize
948B

MD5
37d1ee8e06f3c08be97c92f72b2b6102

SHA1
79c48d0928469ed87b5fd17a34a75e3ab9f2ed7b

SHA256
7f5a1fe17a7b0b814a92d7e25d406513a4786087d3acf7846f023cf16c092cb7

SHA512
b2e2988af47cd993727620ad55baa2c487c5dfb3d2265e6262cd900329e438aa41c2520cdbdaec354a9a7dcc1971ae003392c724edf193d6863548bda7ac03c1

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177

Filesize
471B

MD5
04478c9c0a28df5a47138a5ae94c54db

SHA1
58004e024ba585136fec2c5951c02ee9ac3f15fb

SHA256
a614b92855b2dfefc605dad07fbe13df4e356e19a0e9d711072ebab4d25e1cb1

SHA512
03eb95c7eeac8efcbf9a913ff035a56be3cfed33d4053509af111c51c7d905e1a960219fdb989bbc62d5784646fcd1da866420f402034cd14c14eebb5b6deea8

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

Filesize
471B

MD5
7cb46b406d80401e9a314e86259cfdfa

SHA1
ff20e3e7b0896a0c5d60588e60cc561aa154a7d8

SHA256
154397a560c168ea2d255749461cf63b843b126834a3d3bccffffb6248ff8cd5

SHA512
8faa439253b6a8d4993c95c9c3bfe8d290f48f1d12437cf93818afd6404958635e82749620bccb1e814a6605ffcd1ed66ebeddb0e62508ec87955029f92ca5e9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE

Filesize
471B

MD5
514e54a2a697de01c7e4d15452aee5b1

SHA1
1d16f69cec41c17c049369be7a7fc4689f631598

SHA256
431811f4af0a314d1f2fbc5f49e6a4425b28b053e42a5ed9abc625a1a0c66eed

SHA512
82ff58111ee5cea89cf634c86f40dba9639cd3bf220c85786835bb67c5a2bbc7a67359ab1087ed4feabf146e8be47b128f959bdc85f7b99f041ff3b62891283c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177

Filesize
412B

MD5
1e83ac85d12f8b084e972d7c07dcf11a

SHA1
3e4d15a90c59251ffd5aa48dba259f55c6e65e1c

SHA256
c5793ce1529193ab840bbe6e6b33cfbf571773b50d7298d6107b3d49aa3fb973

SHA512
c55a80c9ae046f7db938f8832f08e92d9712cbea7f5080efaee9ece99413b8632ed6e945d6867e73704b9c6a0b4b1b9a4ab27969905d1a2e696ce1c41c606241

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

Filesize
412B

MD5
9197c34e706120b018a44dc2bb769ba3

SHA1
36d2ef630ea8323ed0b881af25a3a343ebad4bb1

SHA256
b887abd1d6a3307355260315549b8be381de331d02b4829c035531babea3ee5b

SHA512
a6aa00f7d4d579d5c8e48930da23229a573e5884cf92efc833d7a7cb1c23ff00382036ca12b7e8f2ff7e68d5490cc9f6b24259f27e8d662135df37c42470eafc

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE

Filesize
416B

MD5
6e271cf26d50a64d807fcdf1c73eb61b

SHA1
1f99c2e6b777280d9013d9668dfa34aa8b7739b1

SHA256
c38c0d00ff03b0c3b732731d9746bdc11e9b597858d7923cdf9617d2379f2b76

SHA512
45d4a893d5eb4856b9b6d410dc96b351d5320eb553c153ce00538296ee35740b7c28930486a6c775c2f1e9eec8dce88447d05a90edb7f040c2f67c657c269802

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\Windows\3720402701\2219095117.pri

Filesize
207KB

MD5
e2b88765ee31470114e866d939a8f2c6

SHA1
e0a53b8511186ff308a0507b6304fb16cabd4e1f

SHA256
523e419d2fa2e780239812d36caa37e92f8c3e6a5cd9f18f0d807c593effa45e

SHA512
462e8e6b4e63fc6781b6a9935b332a1dc77bfb88e1de49134f86fd46bd1598d2e842902dd9415a328e325bd7cdee766bd9473f2695acdfa769ffe7ba9ae1953d

Download Submit
C:\Users\Admin\AppData\Local\Temp\RBX Alt Manager.exe.config

Filesize
2KB

MD5
3af58cc4ea567ff23275857a7662903b

SHA1
14cc53e5aaf65da4315436c9b85768ae04e94569

SHA256
b19b7fdd8aa951e1ad15cf5f2c901f1c0a2c9b86a87added6268a72c97d1aa88

SHA512
6d277743a1ac3fd520aa3e9dc2d3b6c8346d7f0dc2742ed716ae55ebd660e1cbe9bb754639cbda0d31561982bb89efd44c2328f382c27eb092339d0709dad253

Download Submit
\6714060c5d2c32e5ef1b88ea02a8e166\SetupEngine.dll

Filesize
893KB

MD5
f9618535477ddfef9fe8b531a44be1a3

SHA1
c137a4c7994032a6410ef0a7e6f0f3c5acb68e03

SHA256
236bf2b5cf6014b8ee22484afe172ace512cc99dba85080b082d47e9e189ea5c

SHA512
b85ae1a9cc334e9352c51aa94b2c74c6c067957e0e6021f7309a1c194fc64c0c50bb5efeaef7030e8689d75a22798f74cf719366a2fdcce26e23692510bfe064

Download Submit
\6714060c5d2c32e5ef1b88ea02a8e166\sqmapi.dll

Filesize
223KB

MD5
0c0e41efeec8e4e78b43d7812857269a

SHA1
846033946013f959e29cd27ff3f0eaa17cb9e33f

SHA256
048d51885874d62952e150d69489bcfb643a5131ce8b70a49f10dfb34832702c

SHA512
e11da01852a92833c1632e121a2f2b6588b58f4f2166339a28dd02dad6af231a2260a7e5fc92e415d05aa65b71e8bbda065e82a2db49bb94b6cf2fe82b646c28

Download Submit
memory/2300-152-0x0000000005C60000-0x000000000615E000-memory.dmp

Filesize
5.0MB

Download
memory/2300-150-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-183-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-184-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-185-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-117-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-118-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-188-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-181-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-180-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-179-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-178-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-177-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-176-0x00000000062E0000-0x00000000063B6000-memory.dmp

Filesize
856KB

Download
memory/2300-175-0x0000000006160000-0x00000000061F2000-memory.dmp

Filesize
584KB

Download
memory/2300-174-0x0000000005A00000-0x0000000005B12000-memory.dmp

Filesize
1.1MB

Download
memory/2300-173-0x00000000056C0000-0x00000000056D0000-memory.dmp

Filesize
64KB

Download
memory/2300-172-0x00000000056B0000-0x00000000056C4000-memory.dmp

Filesize
80KB

Download
memory/2300-171-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-170-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-169-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-168-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-167-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-166-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-165-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-164-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-163-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-162-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-161-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-160-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-159-0x0000000005760000-0x00000000057A6000-memory.dmp

Filesize
280KB

Download
memory/2300-158-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-157-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-156-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-155-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-154-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-153-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-116-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-119-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-151-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-182-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-149-0x0000000000B40000-0x0000000000F0C000-memory.dmp

Filesize
3.8MB

Download
memory/2300-148-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-147-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-146-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-145-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-144-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-143-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-142-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-141-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-140-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-139-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-138-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-137-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-136-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-135-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-134-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-133-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-132-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-131-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-130-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-129-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-128-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-127-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-126-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-125-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-124-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-122-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-123-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-121-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/2300-120-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download
memory/4600-1097-0x00007FFA815E0000-0x00007FFA815F0000-memory.dmp

Filesize
64KB

Download
memory/4600-1365-0x00007FFA815E0000-0x00007FFA815F0000-memory.dmp

Filesize
64KB

Download
memory/4676-187-0x00000000779A0000-0x0000000077B2E000-memory.dmp

Filesize
1.6MB

Download