ec6df713446a8dd5efb376fbb7b444ed7e09f5cdd98c0494999b64af2e2d5537

Analysis

max time kernel
149s
max time network
152s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
30-01-2023 20:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

krnl_beta.exe
Size

1.8MB
MD5

3701dc535fb395d6a1fb557a3aeec5e9
SHA1

ef517659229ddc6ecfc02481c3953ac9322dae35
SHA256

ec6df713446a8dd5efb376fbb7b444ed7e09f5cdd98c0494999b64af2e2d5537
SHA512

20dc14387138f913034bd2c265156dca1f36c128c040a99d6904fe6f1830d2f98afb3dcf0553817adb66e480be7d0fb0d7df58f0feb9b007a5a6bab648b081a2
SSDEEP

49152:+P1uB0SVp4+KSxyrRUzS65+x+rnxYr9PC:+Pk0ST4+RgRUzS65+x1ZPC

Score

8^/10

microsoft phishing

Malware Config

Signatures

Downloads MZ/PE file
Executes dropped EXE 3 IoCs

Processes:

7za.exe7za.exeKrnlUI.exe

pid process

3540 7za.exe
4324 7za.exe
2980 KrnlUI.exe
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.

Query Registry
T1012

System Information Discovery
T1082

Processes:

KrnlUI.exe

description ioc process

Key value queried \REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Control Panel\International\Geo\Nation KrnlUI.exe
Loads dropped DLL 2 IoCs

Processes:

krnl_beta.exe

pid process

3176 krnl_beta.exe
3176 krnl_beta.exe
Detected potential entity reuse from brand microsoft.
phishing microsoft

pid	process
3540	7za.exe
4324	7za.exe
2980	KrnlUI.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Control Panel\International\Geo\Nation	KrnlUI.exe

pid	process
3176	krnl_beta.exe
3176	krnl_beta.exe

Drops file in Windows directory 5 IoCs

Processes:

MicrosoftEdgeCP.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

Processes:

MicrosoftEdge.exebrowser_broker.exeMicrosoftEdgeCP.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

Processes:

MicrosoftEdgeCP.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com\Total = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Discuz!	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotnet.microsoft.com\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotnet.microsoft.com\ = "121"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotnet.microsoft.com\ = "219"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\microsoft.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "206"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CTLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\en-US = "en-US.1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$blogger	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotnet.microsoft.com\ = "205"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "206"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "13"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com\Total = "40"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotnet.microsoft.com\ = "161"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\ChromeMigration\MigrationTime = 03bc80556daed801	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "205"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Extensible Cache	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotnet.microsoft.com\ = "325"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotnet.microsoft.com\ = "203"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 43f4485ef134d901	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 5a670374f134d901	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\MigrationTime = 03bc80556daed801	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Extensible Cache	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\LowRegistry\DontShowMeThisDialogAgain	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main\OperationalData = "1"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 0000000000000000	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url2 = "https://login.aliexpress.com/"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\SmartScreenCompletedVersio = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus	MicrosoftEdgeCP.exe

Suspicious behavior: MapViewOfSection 6 IoCs

Processes:

MicrosoftEdgeCP.exe

pid process

3820 MicrosoftEdgeCP.exe
3820 MicrosoftEdgeCP.exe
3820 MicrosoftEdgeCP.exe
3820 MicrosoftEdgeCP.exe
3820 MicrosoftEdgeCP.exe
3820 MicrosoftEdgeCP.exe

pid	process
3820	MicrosoftEdgeCP.exe
3820	MicrosoftEdgeCP.exe
3820	MicrosoftEdgeCP.exe
3820	MicrosoftEdgeCP.exe
3820	MicrosoftEdgeCP.exe
3820	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 19 IoCs

Processes:

krnl_beta.exe7za.exe7za.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	pid	process
Token: SeDebugPrivilege	3176	krnl_beta.exe
Token: SeRestorePrivilege	3540	7za.exe
Token: 35	3540	7za.exe
Token: SeSecurityPrivilege	3540	7za.exe
Token: SeSecurityPrivilege	3540	7za.exe
Token: SeRestorePrivilege	4324	7za.exe
Token: 35	4324	7za.exe
Token: SeSecurityPrivilege	4324	7za.exe
Token: SeSecurityPrivilege	4324	7za.exe
Token: SeDebugPrivilege	96	MicrosoftEdge.exe
Token: SeDebugPrivilege	96	MicrosoftEdge.exe
Token: SeDebugPrivilege	96	MicrosoftEdge.exe
Token: SeDebugPrivilege	96	MicrosoftEdge.exe
Token: SeDebugPrivilege	1016	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1016	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1016	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1016	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4244	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4244	MicrosoftEdgeCP.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exe

pid process

96 MicrosoftEdge.exe
3820 MicrosoftEdgeCP.exe
3820 MicrosoftEdgeCP.exe

pid	process
96	MicrosoftEdge.exe
3820	MicrosoftEdgeCP.exe
3820	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

krnl_beta.exeMicrosoftEdgeCP.exe

description	pid	process	target process
PID 3176 wrote to memory of 3540	3176	krnl_beta.exe	7za.exe
PID 3176 wrote to memory of 3540	3176	krnl_beta.exe	7za.exe
PID 3176 wrote to memory of 3540	3176	krnl_beta.exe	7za.exe
PID 3176 wrote to memory of 4324	3176	krnl_beta.exe	7za.exe
PID 3176 wrote to memory of 4324	3176	krnl_beta.exe	7za.exe
PID 3176 wrote to memory of 4324	3176	krnl_beta.exe	7za.exe
PID 3176 wrote to memory of 2980	3176	krnl_beta.exe	KrnlUI.exe
PID 3176 wrote to memory of 2980	3176	krnl_beta.exe	KrnlUI.exe
PID 3176 wrote to memory of 2980	3176	krnl_beta.exe	KrnlUI.exe
PID 3820 wrote to memory of 5072	3820	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3820 wrote to memory of 5072	3820	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3820 wrote to memory of 5072	3820	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3820 wrote to memory of 1016	3820	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3820 wrote to memory of 1016	3820	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3820 wrote to memory of 1016	3820	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3820 wrote to memory of 1016	3820	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3820 wrote to memory of 1016	3820	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3820 wrote to memory of 1016	3820	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3820 wrote to memory of 1016	3820	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3820 wrote to memory of 1016	3820	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3820 wrote to memory of 1016	3820	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3820 wrote to memory of 5072	3820	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3820 wrote to memory of 5072	3820	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3820 wrote to memory of 5072	3820	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3820 wrote to memory of 5072	3820	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3820 wrote to memory of 5072	3820	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3820 wrote to memory of 5072	3820	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3820 wrote to memory of 4344	3820	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3820 wrote to memory of 4344	3820	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3820 wrote to memory of 4344	3820	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3820 wrote to memory of 4344	3820	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3820 wrote to memory of 4344	3820	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3820 wrote to memory of 4344	3820	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3820 wrote to memory of 4344	3820	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3820 wrote to memory of 4344	3820	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3820 wrote to memory of 4344	3820	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3820 wrote to memory of 4344	3820	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3820 wrote to memory of 4344	3820	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3820 wrote to memory of 4344	3820	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3820 wrote to memory of 4344	3820	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3820 wrote to memory of 4344	3820	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3820 wrote to memory of 4344	3820	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3820 wrote to memory of 4344	3820	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3820 wrote to memory of 4344	3820	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3820 wrote to memory of 4344	3820	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3820 wrote to memory of 4344	3820	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3820 wrote to memory of 4344	3820	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3820 wrote to memory of 4344	3820	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3820 wrote to memory of 4344	3820	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3820 wrote to memory of 4344	3820	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3820 wrote to memory of 4344	3820	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3820 wrote to memory of 4344	3820	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3820 wrote to memory of 4344	3820	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3820 wrote to memory of 4344	3820	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3820 wrote to memory of 4344	3820	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3820 wrote to memory of 4344	3820	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3820 wrote to memory of 4344	3820	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3820 wrote to memory of 4344	3820	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3820 wrote to memory of 4344	3820	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3820 wrote to memory of 4344	3820	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3820 wrote to memory of 4344	3820	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3820 wrote to memory of 4344	3820	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3820 wrote to memory of 4344	3820	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3820 wrote to memory of 4344	3820	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe

C:\Users\Admin\AppData\Local\Temp\krnl_beta.exe
"C:\Users\Admin\AppData\Local\Temp\krnl_beta.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3176

C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
"C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe" x "C:\Users\Admin\AppData\Roaming\Krnl\krnl.7z" -o"C:\Users\Admin\AppData\Roaming\Krnl" -aoa -bsp1
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3540

C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
"C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe" x "C:\Users\Admin\AppData\Roaming\Krnl\Data\Community.7z" -o"C:\Users\Admin\AppData\Roaming\Krnl\Community" -aoa -bsp1
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4324

C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe
"C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe"
2⤵
- Executes dropped EXE
- Checks computer location settings
PID:2980

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:96

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:2172

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3820

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:1016

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5072

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:4244

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4344

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:4692

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3QROQQGX\ai.2.min[1].js
Filesize
117KB

MD5
f63d62b7f7a371f237e1c4d5d55b82cc

SHA1
fe5bde41271fa0c3b63c13c6ce823333500e91ac

SHA256
ac4f3a99557d9c17b6ded0c6d4f0b267f4879cde9baec07a83910ab8c7059f77

SHA512
9657d9f24a2dad3e0617ac323170a940fae7a85028d268b3d1710b6a7ff91fdb136c85b421cccfcc943ea235cff3201dd0e31e908d9e1f1ba4064849da089ddf

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3QROQQGX\gtm[1].js
Filesize
160KB

MD5
55a0626c46183c74088e67545708c8e5

SHA1
847fa4393216cb79452a8886f9d034e82e96ef80

SHA256
5ac4f41b511d4621ced8307abd1954f26e55413e86e178d0e0182dfe36181400

SHA512
0c5d0e166d321001bb46020d7852ceb56beb106daaa80e0b3f09787ea18602063cb338a04ab1be2fdd8ab83ac02e5e850b2a42f502a3206f2fc0fde7285bb9da

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3QROQQGX\open-sans-v34-latin-600[1].woff2
Filesize
16KB

MD5
603c99275486a11982874425a0bc0dd1

SHA1
ffeb62d105d2893d323574407b459fbae8cc90a6

SHA256
4ffc35ac4d5e3f1546a4c1a879f425f090ff3336e0fce31a39ae4973b5e8c127

SHA512
662dc53798ccda65ee972a1bb52959ca5f4c45066c1d500c2476c50ec537cb90a42d474d7dde2bec1ea8c312cc4a46e1d91ffb610130c2dc7914b65aef8a2615

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\X79HFMUF\analytics.min[1].js
Filesize
2KB

MD5
9627e7a25811f49802ae19db941d1fdc

SHA1
316014800c56fca4ea8d2e709f0985b845c30fb9

SHA256
c6aeb0be8c534e4efd353fecc97b3b522efd10d0d5c45b5db3bbd29cf128c815

SHA512
14bb27dd93d9d516949ad7339535ecb74185025c986ee7c80e07a6cf10870dd46f4b4611327bd9cc8bf15e5535111818e69a14eb7b2de53c4c18d5b35a21790b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\X79HFMUF\bootstrap-custom.min[1].css
Filesize
229KB

MD5
101b5523746e504fcaabd40df38e831a

SHA1
e033ba4ea2eaf6492f1569900fcc57cafb0f5248

SHA256
87fb159e2c45e66a69242ca8643dc1ca2c17af5cce7d230df65970d1162e17e3

SHA512
2ee6a20b99a95a5eab75026c1b993eefba9b4cdc2d39de6f1e15c9682bf0cd8caa25e1572aee13bd1abb21817bbf618e317049b1c9ffd551d958905e4cf22ca4

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\X79HFMUF\js[1].js
Filesize
110KB

MD5
3aa0fbe0a28e977d86a2970f0b90cefd

SHA1
c4ed566a3e79b5c42c3eeedd2322ec313b0c86ab

SHA256
5cc2156ef8a9104d2786f211fb0281be9328ed6963eb4457970963eb19adc1d0

SHA512
7998b46ccc467227f496edc967132ac4c4a8932e29476e29be041f9ab93c971a674ce1aef08343109ae550825fd56d38cbae57f4d54663d234d2da91e71b6d8c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\X79HFMUF\mwfmdl2-v3.54[1].woff
Filesize
25KB

MD5
d0263dc03be4c393a90bda733c57d6db

SHA1
8a032b6deab53a33234c735133b48518f8643b92

SHA256
22b4df5c33045b645cafa45b04685f4752e471a2e933bff5bf14324d87deee12

SHA512
9511bef269ae0797addf4cd6f2fec4ad0c4a4e06b3e5bf6138c7678a203022ac4818c7d446d154594504c947da3061030e82472d2708149c0709b1a070fdd0e3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\X79HFMUF\space-grotesk-v12-latin-700[1].woff2
Filesize
11KB

MD5
514360ed1b78e71aabe58ecd08f36706

SHA1
1062c179ea2f74b5db67f9d7822c556ed25637dd

SHA256
751851e72654508ca07678c61bdacd91b772d725f531dd8a6f62e6f941e11ecc

SHA512
1827c1a0189570e775bdcd07657e720e0bb27c2157ff46307cba551eaa16822645e388321081eb13cae7f4d024038b5279cff897a4c86c0ecd4428e60a5dac5e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YMLGGCH8\74-888e54[1].css
Filesize
167KB

MD5
ba0d5ea1fac178bc129be5c94eebc013

SHA1
cdf9036d0a2cc4b57a278e48bce971e708e39aee

SHA256
cf186f15996f1f201512c3576307588ecbf1e4d62daa72aa678b8222d6c652f8

SHA512
a31ed800df0244da91ef08d8e2b262d8b9899ec5f64218e6a233ac9f178df15e642aa7476aa87c1f18228a64507850e2974025b77f7071c2e821d50e3c3ca08e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YMLGGCH8\a2-598841[1].js
Filesize
134KB

MD5
2cc02dc1fb567abe4b05d266eb06d922

SHA1
6dcbdeb8033539e29ca4d11975bee63bfabbfdad

SHA256
14bc892aff22a1998743df7de326750231ec0592917c70c5a9e5478fea456409

SHA512
769ec7d320b0b5ebfe2affc562078f0de8c21a6157af32f50f577327d37c43fa7b121d09cbd2bf27471c4356e90b1d96b10b73aa31410532f3fc46255d28a315

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YMLGGCH8\culture-selector.min[1].js
Filesize
308B

MD5
4147b3bfb0a145eec758f0cb7292cefb

SHA1
8e02467706ce768bc9e68fea2a8d01b49513d631

SHA256
8f6f064a7a80641e434afc35b14fd8a01acda68f2ac01097e7dbbf0623edeb20

SHA512
49a661a2009c172df348aa83b2342f5cfdeea58026710bf139f847c1d9e6728b20a865bb81a980492186b7dd210ed1202c01a38757edfe77a4efa4945cd82477

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YMLGGCH8\dotnet-framework-runtime[1].svg
Filesize
42KB

MD5
5aaa8c37cd59979b920cd21c4a50a38d

SHA1
0ee61e3b2d58513b92cf4c6b5114c1beb55539e7

SHA256
db6c6f42e1d56092fb2c3d317968077cb29435139274faefbf4ab7681955bec6

SHA512
0fb4c45db9f29963fce195e79b4e9963e57a50ef0fcab74466d6034834e0099f1f344a8569973d4c1ece05d9b70b5938b42ead4fabaa08de7d24c911df28c235

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YMLGGCH8\general.min[1].js
Filesize
174KB

MD5
0a51551c9a5fe36e372fc39eb9bf0b3a

SHA1
6c76d69df786828afad990a0144b5d27d56e7863

SHA256
124fceae66250916650ffa507fc9c2773714f98580b7110f98d20103cd983794

SHA512
7c1e3542d04731f54ccb0888fd3b30c39e97e01e0980508bee856cf4725aad04e987a629ef23d95b8c264216f1b825c1c58920e34b79800bdcc22e761b85e388

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YMLGGCH8\main.min[1].js
Filesize
27KB

MD5
03c32c69d8e255f0c2c5aafa2eb96565

SHA1
c363838f3feb350bb6cebd90d12b752bd43c7b9d

SHA256
6ff807e79d2d72e7c93d08e8039a190304f4ec930a581265f4f94f23961fa1f1

SHA512
11b19399de76b633ab0206ecfbc8ad0ff06a118171cc80c6bd86ef87c1ab62f11e5babf4a18f0c2fd8ec21ca7e82d6bf4658055bf5aeda6f6d8a448783607ffc

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZBNBVVJ4\alert-info[1].svg
Filesize
726B

MD5
c7db49644f6bf1f50b3190ffba0516ed

SHA1
5bb312a0b6357ccb7e93158ac0f97b4e249e4696

SHA256
2d891fb5984d5f421055da7f5d7e4be525df4c973fdc4366057bc9dfd82ce281

SHA512
9b7f127443d517223a2a2cf6131a777f56aae3cd21dbcc1e87d847a0ad42e8c05a7f13347fec6d4df0582d486a57a9dc0d8121e6ca38371549f53e396cf6463a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZBNBVVJ4\analytics[1].js
Filesize
49KB

MD5
54e51056211dda674100cc5b323a58ad

SHA1
26dc5034cb6c7f3bbe061edd37c7fc6006cb835b

SHA256
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de

SHA512
e305d190287c28ca0cc2e45b909a304194175bb08351ad3f22825b1d632b1a217fb4b90dfd395637932307a8e0cc01da2f47831fa4eda91a18e49efe6685b74b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZBNBVVJ4\cda-tracker.min[1].js
Filesize
798B

MD5
a3827d5909344f41d270fc8475f7733c

SHA1
bb6cb83e4d2080ee02ea366699f487c7362d4934

SHA256
bcb1104af4aea1ba4be65f0e9669e2f5382df316635226ade340f6dc15f2866a

SHA512
5cbb021d1f0bf0b13583b966ed5bba971b770d3331f062beb2fd75b0d2d380c10bf62db64167f3e3b94f6f5bc05cb160e7d5dae8a5d85d99ed75181040764d18

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZBNBVVJ4\cookie-consent.min[1].js
Filesize
1003B

MD5
81c1422205aee78f367c372a2386385b

SHA1
8c4b12d5aeb7ebb218a4b3e71f1bb80bdd1fa35a

SHA256
aa6028d79a106c2b9b9820d10f2af36396306c8a81b833b0a795f9c91f5a7217

SHA512
3f16f44352f20d648a6114318b09987a382e74e7a16c4815f4f3d007dc668be5f7bc6b931c90c6b9632912b1c593795ec03b295e7c00c3cfcedd528b47e05482

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZBNBVVJ4\open-sans-v34-latin-700[1].woff2
Filesize
15KB

MD5
e45478d4d6f15dafda1f25d9e0fb5fa1

SHA1
52cb490cd0ee4442ede034085cda9652b206f91c

SHA256
d1a17abb1a999842fe425e1a4ace9d90f9c18f3595c21a63d89f0611b90cfd72

SHA512
2ac423249ec837efa35b29705f55a326dee83f727e867269b86005cce144ca8d435f7412bb0bc9babdb9ae17419e4a0314b2923bee6a5acc96c9909e9eb48645

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZBNBVVJ4\open-sans-v34-latin-regular[1].woff2
Filesize
16KB

MD5
e43b535855a4ae53bd5b07a6eeb3bf67

SHA1
6507312d9491156036316484bf8dc41e8b52ddd9

SHA256
b34551ae25916c460423b82beb8e0675b27f76a9a2908f18286260fbd6de6681

SHA512
955a4c3ea5df9d2255defc2c40555ac62eeafcc81f6fa688ba5e11a252b3ed59b4275e3e9a72c3f58e66be3a4d0e9952638932fa29eb9075463537910a8e0ce6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\3Z5HKHHM.cookie
Filesize
280B

MD5
cbcdb61d3912d6dff1e846773155db9a

SHA1
89191a6fdeab17fbc5e5e4154fdd23c96cf3c184

SHA256
97f4ed1171007166ecafb3e0afd454c2f1d9866da9433b1c7a08676859248ab4

SHA512
0f5b2047d36d1017a0be4368003c939a1854a9635f986a3b53531dff6dc7c340a50f41bd89c3a6e31f6fb1fcf1f66c5d42028403a3b612a2b749580876bf568a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\DJS1JDZC.cookie
Filesize
103B

MD5
4ebc2ff536bbd28cc132788661755455

SHA1
6d27edfa1fcb1f7d9fa444c3c0c5c45526c9dbe7

SHA256
4912459d253f908b4d7956d59af6ddb2ee477e22c6d4c1a571454a2d3829b729

SHA512
fb52051affb470617d42d67387264743041a28794aad77a26d38ab11ca00f9b8b75d25d4da60817281fd07de95266213c2be92b4ff4eb8e141fcb279e4c91964

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\ECVVVJHL.cookie
Filesize
407B

MD5
eb5e259639adf7ba3d38c520a45a4f5d

SHA1
88031ae762df790c98ee1b4c0526b11289afb319

SHA256
67907e6ed96c76ccd9fc458502d3d575163f718beaf1d49a4658cb164ca5528a

SHA512
ba2acdf64e47fc1a2eb2f4757391ad1f001b7f4bd8c0200938301e98787b2a4648409f4b505190ba41cfaca038e9290b72a4e228f3ae10de27ffccd2ada7a7e6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\HQEMP8BO.cookie
Filesize
563B

MD5
8b3a50b0908667449623b6c4c46f3dc9

SHA1
1c088ad018f0a7ec552277ba1fdb74945722b9bc

SHA256
4e028a378ea96d407c74fca7978bcf4f35048f74565e41121fe7075f85dd0ba3

SHA512
94bb6b15432e6c3182c2145a7fd9bbc3ef4c8cbc23aac90fc166a7584dfc5b56f5c7d0b75838a0c01a7df1e809200a9188b7c976863e165f66b262eee7446f78

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\ID9PHSP3.cookie
Filesize
280B

MD5
4ecaf45c672a24c76acf58f16ad91d64

SHA1
a363630bb28abc828187065e854b9efa86a5977d

SHA256
3627c2f9b39fca7ca41c912be51c034a292626b4905f1389ecbee0f54d61f07f

SHA512
c41fb2131de8c44d4493d9e259b96d0c5f3737a0c34777774f48cb6bba3ff7f53a518228b544fb4d4e3a18f112fcb4020bfda42259276d387307254c6fe0d361

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\IXY90W3P.cookie
Filesize
662B

MD5
ec4040d45f2d183702284531ec85129a

SHA1
b0278ba30ad819f595d27ff0d05aebc2e3525262

SHA256
23589d1d01a24dc9b42b8a4cf7cae7ca93148af97da3474e162c6752b464c854

SHA512
66f7aa96ac55f55538dabcc777badfaa104330ad9df2a0a48baffa329bf7be232d68c9ae2a06f1c6d0da8ede4aeac34b21fd6684e133a728b24f1f26a78e320e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\KGZ4ZJOI.cookie
Filesize
563B

MD5
ff8962a60d7a2c56f9dd87636c206044

SHA1
aaaafe23101a485b7464f1ffc398b16cc8f65dbc

SHA256
90903347ca7f9941e03322bc638efe1616415f6dd0046bc801fb3242ebadc1ae

SHA512
b7f5871e90c7b8acd270a1798c24a1343651d89ba4a77bad25d5d6b4165a00550d72dfbc7cc7074273f7a5e8c2ee9d4b88d45e58a12409cc7cf8087f157066b3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\LLOAX1A8.cookie
Filesize
125B

MD5
ca23951f7ce322f34329c457ac19a5a7

SHA1
fe0a3fb424c26ffd9d81d97effd3978c4cb09a61

SHA256
109843c02c92d9cc6e3cdacf8426fb264711fe75780c3985e779c5e08d434e06

SHA512
010cefadfb843f3cc30cd2008aca095424af1365a11d88f9154a9fcacc2b3042b749a131711762b7666ac35da739b87c2d671cde5ef1cfb8f703c7861289fb9b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\S9TXGGFL.cookie
Filesize
72B

MD5
03fe9e6e9132739667bee94f830057a6

SHA1
611a813ccbec87a91c476e0f5b2158e4ee1bab87

SHA256
5abdf0e6be5efb4b35dad5f53b2bdb8a30864c21daf61b155842efc87dcb4c9e

SHA512
b5055fe1df4a1217b76fd6928928dba54a726eda743017b8e6614794bf82a7c837638d9b12cb9b48ce2ff859c756f5eba970f0a6222c0c693628279558a4a147

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\W8O8FWY3.cookie
Filesize
305B

MD5
1b946e3e9e5bfc209e09347743c36cbb

SHA1
99c8aaa04b430be3faf6fa5500ba10c3d18f932b

SHA256
80e0c04ae51d5b765cacd8770b1e45f0b7d69ac99bf59bffcdc20f343ee2e54c

SHA512
00525ef2f253b3e2a5ef91539a3edf6ad30ea2ccdbad6e5fc06bb9f7636d39c81d79af17bc61481cdc6314c36a73c62434aa36466a4ef92c5218d6705749dcd1

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\WQURU8L7.cookie
Filesize
280B

MD5
1de56c96e5137bd5c568524340067617

SHA1
5ea1ad480e977d87a9e5b8eab957c9de922d0922

SHA256
cb3c446eaa7e80c9b4393eb6175022d28f8e83732cc06399b980cb0dda93342a

SHA512
2783c6245c738f6e95e6f7d8db08d82dd1b560408f976898a3edd20e8c63fcfaf2f09910f8246fa3d43b8a556cbaf3b12ad3d4bdacb8bb6a5e3ea504515bf7a3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\Z0WLS8MP.cookie
Filesize
219B

MD5
0d246bec9d0f06b642885a5c73b850a3

SHA1
2086850948c3e117315ab9199f42d775781547cb

SHA256
1ec4124c14503f1e9e1fdab6a3a448ee36cf5a3cbaa178723665e54dd56da1a3

SHA512
69bbd1fde949ef571e7169ceb671616337383b6e8efcf3dc527a49a64eb97fcec68d964978e631c0451a66971f0981e6b4eb800c7eef87a06f2816eea03c4bfb

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\ZUS4L66J.cookie
Filesize
407B

MD5
0e054bbe12d4f142ca23a9ea500682e3

SHA1
1af15fa02e4e4d29a9dc70f335246fb56995755e

SHA256
31c7eb29cb944a19be3b215765c38c659fd1df978d447c5de174584f18e637e4

SHA512
e59ff638882b7dacd03fbf186d274d42b3af43b97b924d1005eecc0ca1d8da5774e49943bfafe1da04fc8f54559fb39b0b1ee1d62cfcd929342a73c78ac0dd79

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\MTQ3VAS3\dotnet.microsoft[1].xml
Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\MTQ3VAS3\dotnet.microsoft[1].xml
Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\MTQ3VAS3\dotnet.microsoft[1].xml
Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\MTQ3VAS3\dotnet.microsoft[1].xml
Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize
1KB

MD5
966993a24f39be1e9effa32cd6628f4b

SHA1
70f72c402b73afda0ac44df32be8e6a251e4c16f

SHA256
4621192f78a18cef6e6bd4f89865ff42b674fd2773323c82f00d07084f64c593

SHA512
2f8dc9aa877c46cc396d876eed8bb2363165580544156d10033d9b6747f86dbde06c793c935fbcf1ba6ee451123991cd13b9d76ed3943912dbd55adfef6d9731

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_AD319D6DA1A11BC83AC8B4E4D3638231
Filesize
1KB

MD5
317ffa482fae63f26b3815090fffb0f1

SHA1
ae562169b97a4196f2302609764419aeb22f03dc

SHA256
1f5774c965c12afeb48670797c7699c8ffeaa2cf40b6f8758e4636f76e0e36c8

SHA512
6ef815abd5d6879b625e70abce7bd00d83505ff6e0f3398b128062df6ce938847ef69423caca49599c994ab39c5b77a3ef4bce481603c99d8c2b60de9038a24a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177
Filesize
471B

MD5
c86820ed39678a3a59775160622b916f

SHA1
7383803d7880b3223d1f3b863c10a231fd00a2ad

SHA256
0e593a0b08dd6da512112289e28ceeee01167cdbdb53fe9f010f157e4fc12a02

SHA512
8fa6eb7d980e7304052fb80c669730847863dbde50e88a989d3745508e5098cea4d608f21d978ed367e4d4f34f73530b4891683d25775e3b06d2b423bc2b2d65

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
Filesize
471B

MD5
3346f8d487463659749eb3f5ae8ee532

SHA1
a9775e9c229c89b545a28ecd21b242985e28d265

SHA256
e0432015822e889bd2778f39d1cd681ba469127309f1393451c5aa43a04bf688

SHA512
f89c8322e8606840cbc2245f478209f3defd3351016b28c7ec1471689e32dfccd9f8b2e4405640fbb1e4766e10a5353a053452dd625baa1d9812e3bf4956a0d5

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE
Filesize
471B

MD5
656133af9afc7a5ee45fa0b05b0a06ee

SHA1
c3cd7802472742681d0e319717023f276d3b6d1c

SHA256
6a10f2258fafea4d879ac21e74ab619c4fc8c21501587dc3f66d093a6e9c4e09

SHA512
90301d0d7cc026b3115ddfa140c1084900ee66e48baeedd427539f0f83aef7444caa3e293515154031f3c08cc63322e2c366b57d5d76ead49443414f899aca3f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_EC830A980969D746780C4373E1195F3B
Filesize
472B

MD5
d81f874741beb45c89de8bb5c6de438e

SHA1
a251ab903e654953631d84721479bbae55aa5cdf

SHA256
ec28dafa2a54818028d4dfe99218d9e4b507f3bd7efaabfba630d85f24d4d75d

SHA512
2eb997d4637c520cb3af0bee161896a4bae723a64f8080f7212b670316df63189775b7aba80fe25cfbb661add0506aac48e8cc15d29708071e04a323c82b1445

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
Filesize
471B

MD5
59c7d1c3e315494e116f2c507c82c767

SHA1
12a70b21e3d5d6f4aa8b9f06e115754d2ad47de6

SHA256
9164088264623e289af26a53f6aae4948e9190885685866c9c7675382406d50c

SHA512
a5dafd1fe7527b25a13de644ba43a79e1f2a50aed20f46c8b2b60af9926d08775480fb22f926f903231bf183da016b2dfebb0cc1195505e00b5ab7c84a0f9ac2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize
724B

MD5
f569e1d183b84e8078dc456192127536

SHA1
30c537463eed902925300dd07a87d820a713753f

SHA256
287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

SHA512
49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize
410B

MD5
06825f18a2ba6564bba5bba27ca62f4b

SHA1
1bde74f2b015652ef2acf9977d0a2acdd0abe2b9

SHA256
113c1a8440798a9dde05f8a8c4f7935dbe20d2749dbbb6b5278e30c1a7224868

SHA512
a35502bfa2f753f73668402c92ace63a859a00a3b7548857570ccee5d0831e1c80d5c4a42c64230043e70f262a34e27c1271791088587737c4735ac5c9b7f126

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_AD319D6DA1A11BC83AC8B4E4D3638231
Filesize
404B

MD5
fd545649c565d7949ba8afca5a177663

SHA1
e7ed8081f64eb84dcb085e7150a7122807ee3e9f

SHA256
1444a82c5c64994eae7f145792ed5d26c1245474255c029268681e8e64499cd3

SHA512
632021197b238224f316f20a9b5b2e70c1c9e86e83e6579d280f94986a3a4281fd470b7fb11c29832094b083948ba44e7614c58d3d017a13c891e9e2b675beb7

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177
Filesize
442B

MD5
029eed697ea3872bd434f6d9d102975c

SHA1
9c2819424048a00a277eb8060d2136a9d80876de

SHA256
eb6a798f51aff092713a2997ae90993b8e5579faaa86f4c880c5e074894eecb8

SHA512
eae6442f978f05ce591ddb9e00a67d22af5c6ffce3f5f11001446b797b6a269c007167a6dbcbcf21f53a45643efddca59bc4f41c5280b5f3bfd9b73e0815f33e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
Filesize
412B

MD5
e3ba37377b920423821167d377a68381

SHA1
9751a72c689dcad07ac043aac055b256eaf36ced

SHA256
333d84524c0ad75f04ac603cf94ffb9fecb0734b5cebf459d7bd8e0ebc66a0a6

SHA512
13f6026020f75be4cb8d179e9e1537652670da378629b9d5fdffea030dc4be61224c8fd55121d99bb782b022cbdffac7a13eab0488c31cdab689a7e1fb8817fb

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE
Filesize
416B

MD5
c6daf5cfc8628f00317d70d0468d670c

SHA1
b8fc1340f50c4f383845fc796cac86fe720126d8

SHA256
17a08e9d26175ec800d2ac41b599d7d4f1d78594587adbfe4e7c6799b8db4d90

SHA512
5a03cc54f5e7bad034a91956d9b77058168221404b8da7a1a1bf25e2ad4da3491fbc38e6a470e7895dff3859cda45d6af9b16b956dfb3b9d112a3dc0caba4063

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_EC830A980969D746780C4373E1195F3B
Filesize
402B

MD5
759888e1addc025e5c0df5c5fa066fc1

SHA1
a98085322c4227856104a5bac397945269729265

SHA256
4311d293f1fc08be33def419a0362e8e7e7a1289d74d376ee40492dfb24a501e

SHA512
0a938f3326380422e8b9856703c365d1806dcc070a03e9bccaa74c7df89b4e03843e7298289531932536f2c90a79cdf09217c026a9239cfd7d952519775d5200

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
Filesize
400B

MD5
1b2a4303d9414e48f5d1efe9986b8079

SHA1
dfd7edb719cc3184cfca345289de394c24445535

SHA256
1aadb4fd41d83cce49a5f8c8546d8adc97038fb357f2b9d46baba34f5f321df1

SHA512
b2acc3e23817bc991b00b8ec464013b90b8fdb5d5a33f372c81ce5d5d1d9ed43e950fdcfaf38abfe09715039948f10d793057359e5cbf1b7aa3c5acb0df09d43

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize
392B

MD5
1d147721e4769b19a0f02680aead6b5b

SHA1
896a93891024674a650e5d498bc5c5fc7afc3e83

SHA256
bc55ef49f16e09ea893f113a2576dd5d8edab783eddfa0c5ce0ab1457eb823ac

SHA512
9a67650ecbfbeac2d76264c41ac503cda7dc6807b8c5095c44cbfaec2efea29466d63b94e96c434da729050fd9dd1655daac64c13c1befbb15235d1612ee51da

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\Windows\3720402701\2219095117.pri
Filesize
207KB

MD5
e2b88765ee31470114e866d939a8f2c6

SHA1
e0a53b8511186ff308a0507b6304fb16cabd4e1f

SHA256
523e419d2fa2e780239812d36caa37e92f8c3e6a5cd9f18f0d807c593effa45e

SHA512
462e8e6b4e63fc6781b6a9935b332a1dc77bfb88e1de49134f86fd46bd1598d2e842902dd9415a328e325bd7cdee766bd9473f2695acdfa769ffe7ba9ae1953d

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\Community.7z
Filesize
2.2MB

MD5
e7e69e3bb82e50d10e17fceb8851f1e3

SHA1
ac38d2c834b5ef30feb0b23272ee289779caf14c

SHA256
1f70e675fd69fa7d0efe44a2a6cbade8350ebb1cb3a9a18ff824cfd680b35ddd

SHA512
ba44f453d75ac413f404b89c5dfd1acbdf95aae10beb65599e7e52ecec7eb3ea82b95a6947fcda38e2cb878eb197714be3f3e3d93d5fc09e83ebb952117ded44

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe
Filesize
1.1MB

MD5
39ed86952a1e7926924a18802c0b75e4

SHA1
e7ad2a51e62fe68b1a82b17bcde347ab38c09ca3

SHA256
b84ceb86e9a8eba4d168f2cc6c9010c93779641e595f900aafe8cfef6165c126

SHA512
fe7b93af9bb2621148154389e6c7e1dca54c426df88fd09eab9b33763584a4eee837995d29f7dc1550acc4643c05f03a28b5a25e7019d7a4ceb70c238ae33bad

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe
Filesize
1.1MB

MD5
39ed86952a1e7926924a18802c0b75e4

SHA1
e7ad2a51e62fe68b1a82b17bcde347ab38c09ca3

SHA256
b84ceb86e9a8eba4d168f2cc6c9010c93779641e595f900aafe8cfef6165c126

SHA512
fe7b93af9bb2621148154389e6c7e1dca54c426df88fd09eab9b33763584a4eee837995d29f7dc1550acc4643c05f03a28b5a25e7019d7a4ceb70c238ae33bad

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe.config
Filesize
438B

MD5
909df77c711b4133a8f8560483ec2bb3

SHA1
8df8505ec0a0dd670b4044c641e772f6ded485a1

SHA256
c49ed8da5765f33cc854cf13ee0c33ed65d4eba6843c24d05e321e3b40f4a68c

SHA512
0547bae72cd75ad753ddd95c12b7a42b8b3285a3384925cf738c4cc6835c6dd21d16a6206662c4a723fcf348da7e62db3585564782c7daad49b765b43accb28d

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\krnl.7z
Filesize
71.1MB

MD5
cb244bb2cbed782853d39042fd705b4b

SHA1
f9a69f8f2b87134579ca8c50b91a67bd596553fe

SHA256
d45f3cc6274717014136b6515c250a966f86cd3ecd3dc2c66b3c4c234831e015

SHA512
3d189aba28e8dd59e1e293ad8e962f38518ca11b8aa88b364e06f5ebcbc2626e9963594aa76a59971efbb5a34f6a99e23a1f090def1661abae95ebdd758bf73d

Download Submit
\Users\Admin\AppData\Roaming\Krnl\Data\7z.NET.dll
Filesize
15KB

MD5
982475050787051658abd42e890a2469

SHA1
d955e35355e33a9837d00e78c824f6e5792b47f3

SHA256
4e193ccda4ef7ec7fc1bc12d7abba225a9af5b4612aa0b67a02324b9da8b268c

SHA512
c97b40c82499759e8a11b581004252be618f967153b5a9ce425f9a385746f3a1bdc467686023f36ed11212ea23e1c6b03b4df32cc5dd2a8c4b1d4ab23541c1f6

Download Submit
\Users\Admin\AppData\Roaming\Krnl\Data\7z.NET.dll
Filesize
15KB

MD5
982475050787051658abd42e890a2469

SHA1
d955e35355e33a9837d00e78c824f6e5792b47f3

SHA256
4e193ccda4ef7ec7fc1bc12d7abba225a9af5b4612aa0b67a02324b9da8b268c

SHA512
c97b40c82499759e8a11b581004252be618f967153b5a9ce425f9a385746f3a1bdc467686023f36ed11212ea23e1c6b03b4df32cc5dd2a8c4b1d4ab23541c1f6

Download Submit
memory/2980-292-0x0000000000000000-mapping.dmp

Download
memory/3176-148-0x00000000005F0000-0x00000000007CA000-memory.dmp

Filesize
1.9MB

Download
memory/3176-150-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-190-0x0000000007F10000-0x0000000007F18000-memory.dmp

Filesize
32KB

Download
memory/3176-179-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-232-0x0000000008F50000-0x0000000008F5A000-memory.dmp

Filesize
40KB

Download
memory/3176-116-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-178-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-177-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-176-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-117-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-175-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-174-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-173-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-172-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-171-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-170-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-169-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-168-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-167-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-166-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-165-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-164-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-163-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-162-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-161-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-160-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-159-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-158-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-157-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-156-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-155-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-154-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-153-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-151-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-152-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-198-0x0000000008DD0000-0x0000000008E08000-memory.dmp

Filesize
224KB

Download
memory/3176-149-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-115-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-147-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-146-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-145-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-144-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-143-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-142-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-141-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-140-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-139-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-138-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-137-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-133-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-136-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-135-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-134-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-132-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-131-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-130-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-129-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-128-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-127-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-126-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-125-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-124-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-123-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-122-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-121-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-120-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-119-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3176-118-0x0000000077D30000-0x0000000077EBE000-memory.dmp

Filesize
1.6MB

Download
memory/3540-235-0x0000000000000000-mapping.dmp

Download
memory/4324-263-0x0000000000000000-mapping.dmp

Download