hxxps://store2[.]gofile[.]io/download/96bc7856-5bef-437c-9a3d-9fb2b7ed3ea8/ImGL%20Image%20Logger[.]zip

Analysis

max time kernel
161s
max time network
159s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
18-03-2023 03:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://store2.gofile.io/download/96bc7856-5bef-437c-9a3d-9fb2b7ed3ea8/ImGL%20Image%20Logger.zip

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 4 IoCs

Processes:

MicrosoftEdgeCP.exeMicrosoftEdge.exeMicrosoftEdgeCP.exe

description	ioc	process
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

Processes:

MicrosoftEdgeCP.exeMicrosoftEdge.exebrowser_broker.exeMicrosoftEdgeCP.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

Processes:

MicrosoftEdgeCP.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "23"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "3043"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\Favorites	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 0000000000000000	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "395205405"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\Total\ = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\Certificates\AA549154B737EF29C = 030000000100000014000000aa549154b737ef29c55000081fdf1f8b3ebb40910400000001000000100000001e9b655c2563f0f8b7cf2fa979f89a920f00000001000000200000001c169fb8bea23cbb597a7d0330f5f2c6fb82969934da9d676058363ca94854c614000000010000001400000039c8e33fb6d4c223863e8a9838ee2fcbbe567a13190000000100000010000000baa9030082855b9e52cb543799fa36f35c0000000100000004000000000800001800000001000000100000002d581a49c8eb5b3b3c6ef9bb65314d702000000001000000e7050000308205e3308203cba003020102021333000001d92cb2c0c2c9e054b40000000001d9300d06092a864886f70d01010b0500307e310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e312830260603550403131f4d6963726f736f667420536563757265205365727665722043412032303131301e170d3232303630373138323634325a170d3233303930373138323634325a3081a5310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e310d300b060355040b130442696e67311b301906035504031312494520496e737472756d656e746174696f6e3123302106092a864886f70d0109011614777362657870406d6963726f736f66742e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d345fb3624263a3b1856614f76c90c184e75fc1ab123f51b38c31a32311a70bbec8667c0831a74b00255149eac86eb0b2e4bc21010346a0bfaed29bbba29ab5e69a8b707f955c12eeb575a70cfeccd7ca8de3de7c883dd7bb79e85c8062128750eba60d9bcb6e0a21a4e97deef8cdff249e7d7ed312b8ed769c00c80629fc31ffe942f792d67b8e360f084858065ca7c0114a231072d7380b9ee828b1e717bc81938d5c58b75f12f457d4320f90a11d1d326e0b24c69dcbb185054bf8ab0c136f8f38264911aca2edaa93754a9685eb0878b62800020838f656e4d7d3aa53a0cc07d76cfbc7d77f570346cd2bba3836d24428c2723dd6e39afd107c0f7889bdd0203010001a38201303082012c300e0603551d0f0101ff0404030204f030150603551d25040e300c060a2b0601040182374c0c01301d0603551d0e0416041439c8e33fb6d4c223863e8a9838ee2fcbbe567a13301f0603551d230418301680143656896549cb5b9b2f3cac4216504d91b933d79130530603551d1f044c304a3048a046a0448642687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b696f70732f63726c2f4d69635365635365724341323031315f323031312d31302d31382e63726c306006082b0601050507010104543052305006082b060105050730028644687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b696f70732f63657274732f4d69635365635365724341323031315f323031312d31302d31382e637274300c0603551d130101ff04023000300d06092a864886f70d01010b05000382020100c36cdc2a65c64372b6118a63a5c7ed1ecfa5b939531465ca9af136bd76d942a74ad37481be984496cd20deca7b469dc4f2e439db9e2e0eafd2b4dcab7c7b0d131a98a88e9c34787d209fe84fd1bf1031c31a63a794d8448654d9f6e1267ca9513f6d9bb17be844f225a15133665568503b50bdd2b74e1199b3afbb822dc3d9b07147f374427991b7d04234dfb77c7b4518a554b65b69b318ff2be7e541762de2726789d01f2f866523861aea19ff8ccbfaafc7d78fc242aca7f74d6ba335b4c3d7c7b5b1f5b8dbb6b3104f24dbb8f95b39ecfbdc1a4469ab254263371e8f231c32c68c574290c81c388c3148200344d9b9b3fa8bb6394ac2536f66803302873f3f857bbdbe279d9bf7d2df3422c9bf927ef7b8eb92e872fdfac7cd1fd185847555b4239740734d043b167098ede21a83d5b35431fbd4768905a474218801cf320084043f608133bc8c26752c6b15210859dad17f3cdb1f8546c8cde2b5ccb6634681aaf88339eeab1ad92b8e4babf96333a99e6ff7ada19433913a8101d63b36fcccade21ec6a41cdb44d3abad7c4065368e51eb46b5c237c37bbf04c89871e2e0da20d2e569eaf67b19787ed46c2038faf181bd00cd1d5ff1fee0ad70b457528415fce74f37c22e3bfb1b17d57e59200625989090a2bb1e3b238cb348768a98126537198be58282f64856420280d5858fc0575182dbc6d1fb4f7611b339babc	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main\OperationalData = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\Total	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\Certificates\83DA05A9886F7658	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\AllComplete = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 4985f13b5259d901	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "611"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = f01e3d6e5259d901	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\SmartScreenCompletedVersi = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CacheLimit = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\UUID = "{70941A15-6925-409D-A69A-E7465A6A6F30}"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "550"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\Content	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\Cookies	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscc_inventory	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\DatastoreSchemaVersion = "8"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\History\CacheLimit = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "659"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NTPFirstRun = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "550"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = 0100000082e4ad343c7955408866115f9f9975b7e20d71e3138d3687917b2e8f5d6c1d1ef1668cba1313ff0e673902428242bed05db28f443dbfda806f8492e296715c98a5f5614a6b86364fdd80a6f4a98c269edb730471d09a256b11928e3c21681507d8b1b333b071afeda55c081b17181df17e7270b749bfad1fe8c4c9c10bf0c5e4a2baa64add76af992ceea4de3f84061406cefc83b1cc4f6dd93c01c9d4a807e6ab30f8508b34298c0f54ceeb5171c5c7bda6d2725c637ee44b19c3721f32bf328533c92c804bcedd8baf6ac5e97fd34d571c8a2ec722f6376d7b8689322d6dc18be32ef3d75bbf6e462091bbf24ef981df4ea823e9aa662908821bbaab386bb6c260f5bd7d04bb5a4cc57f34ab7e5f04565e87fd6b9c9209ff4d111524f579d6e4ca7e570ce66501f3bf4ad964b0f875c36a19faca9686c5f9fedde698021707ed4114af70a1939caf2e49d84e82dac055942607753a5e8612b425d7d0012be7fce53a277ad519686933b96b2c95e974dbfa65b6ec269ddc5a8f55633991296a91d60ba86822c0540fec13b90289d22f44beb1f9fffb6d84bddad8f49512cedad35bbbae364c	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Rating Prompt Shown = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "659"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\bing.com\NumberOfSubdomai = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CTLs	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = 0100000053a38e9acbc0d5fd5d0439109465d50103be5ddaaf409c91b8148a8e9c843440fa7089c0d0f77d93557ff6a2bd94980e40502021422a3a3652788ae701fa0448d72f63b0d85b8dd63b73721c4a2a3958134d5058fc2750ecba40	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\ImageStoreRandomFolder = "8sv2jux"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

Processes:

powershell.exe

pid process

4536 powershell.exe
4536 powershell.exe
4536 powershell.exe
Suspicious behavior: MapViewOfSection 6 IoCs

Processes:

MicrosoftEdgeCP.exe

pid process

3980 MicrosoftEdgeCP.exe
3980 MicrosoftEdgeCP.exe
3980 MicrosoftEdgeCP.exe
3980 MicrosoftEdgeCP.exe
3980 MicrosoftEdgeCP.exe
3980 MicrosoftEdgeCP.exe

pid	process
4536	powershell.exe
4536	powershell.exe
4536	powershell.exe

pid	process
3980	MicrosoftEdgeCP.exe
3980	MicrosoftEdgeCP.exe
3980	MicrosoftEdgeCP.exe
3980	MicrosoftEdgeCP.exe
3980	MicrosoftEdgeCP.exe
3980	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 15 IoCs

Processes:

powershell.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	pid	process
Token: SeDebugPrivilege	4536	powershell.exe
Token: SeDebugPrivilege	1096	MicrosoftEdge.exe
Token: SeDebugPrivilege	1096	MicrosoftEdge.exe
Token: SeDebugPrivilege	1096	MicrosoftEdge.exe
Token: SeDebugPrivilege	1096	MicrosoftEdge.exe
Token: SeDebugPrivilege	2804	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2804	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2804	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2804	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3340	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3340	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4808	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4808	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4808	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4808	MicrosoftEdgeCP.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

pid process

1096 MicrosoftEdge.exe
3980 MicrosoftEdgeCP.exe
3980 MicrosoftEdgeCP.exe
4808 MicrosoftEdgeCP.exe

pid	process
1096	MicrosoftEdge.exe
3980	MicrosoftEdgeCP.exe
3980	MicrosoftEdgeCP.exe
4808	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 15 IoCs

Processes:

MicrosoftEdgeCP.exe

description	pid	process	target process
PID 3980 wrote to memory of 2804	3980	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3980 wrote to memory of 2804	3980	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3980 wrote to memory of 2804	3980	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3980 wrote to memory of 2804	3980	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3980 wrote to memory of 2804	3980	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3980 wrote to memory of 2804	3980	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3980 wrote to memory of 3704	3980	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3980 wrote to memory of 3704	3980	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3980 wrote to memory of 3704	3980	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3980 wrote to memory of 3704	3980	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3980 wrote to memory of 3704	3980	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3980 wrote to memory of 3704	3980	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3980 wrote to memory of 4808	3980	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3980 wrote to memory of 4808	3980	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3980 wrote to memory of 4808	3980	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell start shell:Appsfolder\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge https://store2.gofile.io/download/96bc7856-5bef-437c-9a3d-9fb2b7ed3ea8/ImGL%20Image%20Logger.zip
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4536

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1096

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:4784

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3980

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:2804

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:2188

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:3704

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:3340

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4808

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KIQVE9IA\edgecompatviewlist[1].xml
Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\8N67WAC4\www.bing[1].xml
Filesize
1KB

MD5
0aa8c34f91441f3df04fae09f749999d

SHA1
38960714bedaf787fcc5175989621719d7f8f258

SHA256
b630477564ae816f9b62f3ada243ca26f6709b3a54ead1d232121b2f218f3e29

SHA512
308729b8bfa7c027b06c168b33a50d0d0bb0a63f1ff23a936e18fcc484a3655bb5b88b5556461a730c3a7debf2b23568db228dc0008a05ccb218cabaf726c722

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\92OOFNP9\suggestions[1].en-US
Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\I74YILHM\favicon16[1].png
Filesize
503B

MD5
ad98355e85075a8ebc15a01f875e1aab

SHA1
de8398fdfeb3bbd48a58a8b12453e1fee61e5f2d

SHA256
6a437098dcbb8a0354ae28a5f7825685f471c13cecb83186cc950844df7c76c4

SHA512
1b5d5402256ec3ccc20f1b1b635a9ea16131c2aec49c94105c8b7d3e32c9bfd45e937bde8af35ced6b22f39526de2672ba145ec43f49aba4d7a66da79e13819a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\Windows\3720402701\2219095117.pri
Filesize
207KB

MD5
e2b88765ee31470114e866d939a8f2c6

SHA1
e0a53b8511186ff308a0507b6304fb16cabd4e1f

SHA256
523e419d2fa2e780239812d36caa37e92f8c3e6a5cd9f18f0d807c593effa45e

SHA512
462e8e6b4e63fc6781b6a9935b332a1dc77bfb88e1de49134f86fd46bd1598d2e842902dd9415a328e325bd7cdee766bd9473f2695acdfa769ffe7ba9ae1953d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0H4HE626\bootstrap-icons[1].css
Filesize
93KB

MD5
06cb502613f99040e534fec65fa725c7

SHA1
03006f32792e033497e9ca68373b6c3386305933

SHA256
e1172d3a0a208cf01dc066f0abeaf17f00264a966159a69f71947d6edcd4935f

SHA512
734faf4aff6d9c64b87f3c1320114f71d099d10c0ff9a4de3ef65e009918a5b8faecabd0e7e56b2630e1de58a5e3c2c82c9c6120241feba750f2dfc12723a8fe

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0H4HE626\bootstrap.min[1].css
Filesize
190KB

MD5
16b20908101acc6624cb9446fcac64a1

SHA1
b7cd57a4fd6a1fae6126150f427ef217397293e4

SHA256
2933c96348a4eae7cbbf8f280ca0981586a9b5c097ef952b996cad7d28f2fad0

SHA512
b22c1efe85cc8528c60b02e7fac72b68f396ac9c4795480c04c65774f7b64e7937234c771120a82f3ed66793531fa499af2c0c63e3c1d5c8f2a89e63025b823a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0H4HE626\dayjs.min[1].js
Filesize
6KB

MD5
fc50c4b32f73acd0ca4a31e0b94418b6

SHA1
4cd4b7159ca9e1de084a7d1ede12ad51a5d4651f

SHA256
11f24ea8272c8454bfd93c6102b511bb75a7f1bfd70c0e1f6cf58a4b067ed41f

SHA512
85c57a0d7df904a8224e2598ac980f6eedc5c52e82b028ca826aec3d1a543e45d66ef3e22b1bd2552761597d325dc3dcb4e236149e163fa375cc7fb5ec1fec00

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0H4HE626\qrcode.min[1].js
Filesize
19KB

MD5
b33682b5a531b8617d4ee248926fba84

SHA1
be527be38f28d55217b02f818ca67987f433cada

SHA256
85bd0e28180f06b7f944d35dd07ef1ce75d6d9b63c2d70cb8e65f8b566c43db4

SHA512
5eda51cdcceea9ec42c8f3a6e462decc5847e74aac8dce4c0c190c0434c2abead936b7c836c5f1c8c76aaa25050169381a01effba7cf7d7f8f8be304b439adc8

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0H4HE626\sha256.min[1].js
Filesize
8KB

MD5
e5a5b331cf54c474203628eb9398470e

SHA1
6d2e5b6a22edb7d95e0ac7523d74f5f7013cb344

SHA256
7157511697db744d384a5a2a8646af23f3c90560abf93bb240fdd690b29a898a

SHA512
b33279152a3d8449975deedbe40515b67fd69cbf1ae55a1f9c57980b68b6cf4dee4b62e101c87b7b034b6e5e5f96c1264d38a630dd1e9c1660ff7b10f98392cd

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GRAV6YV5\chart.umd.min[1].js
Filesize
194KB

MD5
0956511163142649b6cf52a819ca8641

SHA1
177174c1e7b5650cf3cf0c184077420f6b67abc7

SHA256
8706c07750059d4f474353cc469150fd09a539df6f8830ccf418c47709f25b36

SHA512
1828b09b30346cd195b29d68b734c9e0b5904f68e318910d2c6c8b95eae5cdc90d237d26a22d84413d007d123b7cb618603291fbb867ba1df9af7cb5b89cee83

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GRAV6YV5\defbade7-6258-4d72-9d8a-02e3080cf1b8[1].htm
Filesize
16KB

MD5
ffd552b0029f1f0260f47afc974b5dac

SHA1
a7b75ec13b84846b7b3c02c1d2e8fe6e37c09b34

SHA256
014898bd15c7d271b62c610b72fae95fdd9f3435f1b74bf2c4eb1cdf6832ad23

SHA512
861eb4027f68a6458a6893e9c0eff436a85d055bcbd85038142fa6f3d154cdddddf5a1baefdfa2482d72fe9fba7aa2d874eb414c3397d473716e9370e929ec61

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GRAV6YV5\marked.min[1].js
Filesize
43KB

MD5
a50d303b83ec6ced6c105da710623629

SHA1
04f3659d853b57d6e608909960d4f1f4c0f01c04

SHA256
d10fcd57fbc3eb87320fe1469bcb522ded6c480f48ed51c511ef6da20f165760

SHA512
84f825fdf56aa5b9b3dbd5af65d74609c3c34bcad4778193d837d1188437fbbac660540df01629dc1977f4e831f7731160854dfae617e088310cfe39a3d79c4d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GRAV6YV5\plyr[1].js
Filesize
108KB

MD5
49ae56a37a5b8dca563256fb605f6260

SHA1
24a8c5bf85c8d1bc7a9586d998308c462e28cb71

SHA256
6729042fecd6e011c0ba45f807dc93fa750169d7ac57c14daa01069f14430f73

SHA512
508eaa76781046d439eb85c706c9c7307827efc23a5b7ebe085c173b9a38a32ed343d8916d14df105203922dee0fbe123d74ec185e4ca12fe7cec6d679a2a9b2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IFZWY3JE\alljs[1].js
Filesize
177KB

MD5
3bfb9c70c61725ff2e725a2815ace984

SHA1
365844135f6203305ce9115246f6b552070c0fd5

SHA256
eff89a8c52d40de0c62d72f2109527cccf4f1fd3e4b6da2539ed91845c213e40

SHA512
7e427a5c04fd41c03310ac46dc354742782c2445cb96259950b6983b558947111b8a0f246ea262a07d7798aa183fb63d7d0c9baa1bf6703ec58c23a1751a6349

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IFZWY3JE\bootstrap-icons[1].woff2
Filesize
118KB

MD5
7f477633ddd12f84284654f2a2e89b8a

SHA1
17dad0776899ad1beadabd061c34e2a22b2cde74

SHA256
966620f9e3bec428663687f9e8d67a6b8e35d79adebf6fb204e9b139eada7599

SHA512
b46baa2a3ea38512f8b539774c751004cc866d085a9739f4c25f2ade9d97c10d6f4b20cf87dcbb6a003e0df0ca2df200f9036a4c76a013f24c57d365981f6e00

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IFZWY3JE\customParseFormat[1].js
Filesize
3KB

MD5
17f04d7e2386c3ceeca2758bd27321fe

SHA1
8ecc81c22b1fb7af251ae237f84b76ce5892662a

SHA256
cb72289f70690b272267a0741402cdc3f4099ae40c834a13cb60a59f99fdc091

SHA512
9e4a524f47fafe0bc4a5e61e96dcbdaae13deef24dbbe96dbe04ad714b13fcaced790ae6f6b5e6c5033ccece4042f712be153143be5d333d780cb765eee633f8

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IFZWY3JE\plyr[1].css
Filesize
33KB

MD5
e039a23ea465d2de0388937695a7e724

SHA1
68e95d5b4060761fc2b0b58a593ebe7d661c52f9

SHA256
bc3b9c09bf69ce51b930e86a23c6f249f9cc6dc98a84fd278d4131c9ddd78f43

SHA512
5fedf2fbff555599108ae7bdaa86cb9d22537e46ecda50cbd7a25199338fba4bef35bfa813eba76b1b367fb8b93e2c1ee9952a55deff9f49daa189f22b5e0336

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Y1EB5CCB\allcss[1].css
Filesize
1KB

MD5
a3dbc6fe7006cdc0adb85e13f06cfe2e

SHA1
f1bb8018105fe1cd8d30ad64fa6674743e2b7591

SHA256
dd03323db8b78ab71bbf4cc27f517ed48d19a5478f3f545a5b9fb7969e5913f6

SHA512
201d83f659f3c85165f8e7add5e8990e76844f595f988892ebd978368b6523ee7b0404d4bffc8bcec3632a35018a2294bd388da5cb63443b16530bb2d1fdbdfc

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Y1EB5CCB\bootstrap-nightfall[1].css
Filesize
50KB

MD5
84952f98cccb079b3f36f29c0f2f7d8d

SHA1
92a207064b6cb9cb6104bd8b3dd1e1e3e789b26c

SHA256
d9a98b67c7edffef7138d578788a1c25310cd3561b94d8bce6999f40b0073186

SHA512
a052abb5bfeb8ece88ce62b46ecc920db7db71467f1433d96fdc13072ec4dc4a67f13853f4d14e8f5794d9fbc58cbe1bf94e9f3a2afb7dfbdcecc2af2046bc37

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Y1EB5CCB\bootstrap.bundle.min[1].js
Filesize
78KB

MD5
9afc1e0eba9521f29775ad2f6ace3f1f

SHA1
77bcf0c882fa4be8fbead35052c39a944f9035e3

SHA256
a85b2fe307777c8eb47f06a1eec399fcbddfe83d252fd202d3e1358051fcf27d

SHA512
d532b8863098e7e13d1f7af9fb4e5b1066ca1b22b9d3a59a0cf7cf7b5b3f8a1c118ebe8eb4be37cc92f338543eff372238d11dfaca7b2f0adf3829f2ba43d2b2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Y1EB5CCB\logo-small-70[1].png
Filesize
2KB

MD5
9823eef0eed8a9166aa4bd86355bd908

SHA1
95259a972d3c0c7a5a97e9f7bd109dcdc50e5f27

SHA256
25f5229d2c05f4883245fe331033b79f2b77dd84296151ae8c59b1ed27e7fe5c

SHA512
5b71f2716f0edaf4864dd1e16961e453705104e22bbc0144495eb94e78fa2d829654f1a614d7b423b8f00f980f10743db39734cf86b73075deb7da9ffa3467ad

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
Filesize
717B

MD5
ec8ff3b1ded0246437b1472c69dd1811

SHA1
d813e874c2524e3a7da6c466c67854ad16800326

SHA256
e634c2d1ed20e0638c95597adf4c9d392ebab932d3353f18af1e4421f4bb9cab

SHA512
e967b804cbf2d6da30a532cbc62557d09bd236807790040c6bee5584a482dc09d724fc1d9ac0de6aa5b4e8b1fff72c8ab3206222cc2c95a91035754ac1257552

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E748DF9A3D57C804FB19B3A64B5DB144
Filesize
503B

MD5
5d9c7fc8874580e19dadd4dec4ddaac8

SHA1
ff44dea5879a01c31fa45af638c096be27553e86

SHA256
b2b45cb2fc7ae9ddbf0bc8565a98202c6aca67d3070f3f361cb5d635e7bb09c0

SHA512
3d1aa7b7760bb2b6a1112044979443162e49eb5659ea61554b2a6194de28feea0a1e69055d438ad6a5682313836e7e340f93e2d802b978f305ea0cb169d8f528

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
Filesize
192B

MD5
8d5207842aed777b7a7bfe9b00ebc0e6

SHA1
61baa1c907c4c2ebea0451d41e30e6ae82db42f4

SHA256
700249bc9110677e48fd0b82513a2829dd86891fe66b70bad22bbe6c4dc6d2b2

SHA512
9d3fa10010da008bc861353821edd29659da9315c29ef4b68ecc619e98a6fef5c482737220b308e9bca5e525d9a3496dd59cb0664d405eba68b00b41f548cb5c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E748DF9A3D57C804FB19B3A64B5DB144
Filesize
552B

MD5
8b10232b9c40935f2a2e913f0344741f

SHA1
b2365ce20ed803297bbe3447f0841842024d3f4a

SHA256
12f35863572557d54860e27bb46d255ae0c73b5560594acf7c6dc7b86006194f

SHA512
464f9302d9066e422baf5925d3a9728b4b150d404f3cac61c47e564ba74fad1f86da2b2c52fd5f444f3f6b4c31c1205d759298c0204f1390cfb836bd9f7ddaa1

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\Windows\3720402701\2219095117.pri
Filesize
207KB

MD5
e2b88765ee31470114e866d939a8f2c6

SHA1
e0a53b8511186ff308a0507b6304fb16cabd4e1f

SHA256
523e419d2fa2e780239812d36caa37e92f8c3e6a5cd9f18f0d807c593effa45e

SHA512
462e8e6b4e63fc6781b6a9935b332a1dc77bfb88e1de49134f86fd46bd1598d2e842902dd9415a328e325bd7cdee766bd9473f2695acdfa769ffe7ba9ae1953d

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_34f02nkj.0o2.ps1
Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
memory/1096-196-0x000002902E960000-0x000002902E962000-memory.dmp

Filesize
8KB

Download
memory/1096-285-0x0000029030520000-0x0000029030521000-memory.dmp

Filesize
4KB

Download
memory/1096-284-0x0000029030510000-0x0000029030511000-memory.dmp

Filesize
4KB

Download
memory/1096-154-0x0000029029E20000-0x0000029029E30000-memory.dmp

Filesize
64KB

Download
memory/1096-171-0x000002902A600000-0x000002902A610000-memory.dmp

Filesize
64KB

Download
memory/1096-191-0x0000029029FA0000-0x0000029029FA1000-memory.dmp

Filesize
4KB

Download
memory/1096-193-0x0000029029FE0000-0x0000029029FE2000-memory.dmp

Filesize
8KB

Download
memory/1096-195-0x000002902E900000-0x000002902E902000-memory.dmp

Filesize
8KB

Download
memory/2804-258-0x000002419BA50000-0x000002419BA52000-memory.dmp

Filesize
8KB

Download
memory/2804-209-0x0000024188E70000-0x0000024188E72000-memory.dmp

Filesize
8KB

Download
memory/2804-218-0x0000024188EC0000-0x0000024188EC2000-memory.dmp

Filesize
8KB

Download
memory/2804-227-0x0000024188EE0000-0x0000024188EE2000-memory.dmp

Filesize
8KB

Download
memory/2804-264-0x000002419BD00000-0x000002419BD02000-memory.dmp

Filesize
8KB

Download
memory/2804-273-0x000002419BF00000-0x000002419BF02000-memory.dmp

Filesize
8KB

Download
memory/4536-121-0x000001DFEFCA0000-0x000001DFEFCC2000-memory.dmp

Filesize
136KB

Download
memory/4536-134-0x000001DFEF6F0000-0x000001DFEF700000-memory.dmp

Filesize
64KB

Download
memory/4536-125-0x000001DFEF6F0000-0x000001DFEF700000-memory.dmp

Filesize
64KB

Download
memory/4536-124-0x000001DFEFE50000-0x000001DFEFEC6000-memory.dmp

Filesize
472KB

Download
memory/4808-436-0x0000029836B50000-0x0000029836B70000-memory.dmp

Filesize
128KB

Download