ced9be4b013de155b7b413926254b898dc3364e71d339893d3014c065dbf41b2

Resubmissions

20-03-2023 04:10

230320-erwl3abg47 8

20-03-2023 04:09

230320-eqz8vsdg9z 7

Analysis

max time kernel
299s
max time network
290s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
20-03-2023 04:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

KryxiviaInstaller.exe
Size

5.2MB
MD5

359e6b859b5c3d0714015952eef68f7d
SHA1

2c82924ccce46d992588ea88bea2ba7d48a1e4d5
SHA256

ced9be4b013de155b7b413926254b898dc3364e71d339893d3014c065dbf41b2
SHA512

0347a6ae8b1e72bf3f86e65d7b70ed6d94e794292040a79921b48142ae2e1309337aef04cb4f6251f93e88aaf9884a4ddaa58b725e6a85f05321acb078cd50fc
SSDEEP

98304:ST/yH02PyfKIRetXCnZsrr+Qeack4iHKpgJKHA3x1j5mLBrG5dkjC6:2yHpPX3eqGpa3KpgJKHevj5mLByzkW6

Score

8^/10

microsoft discovery phishing

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

KryxiviaUpdater.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Control Panel\International\Geo\Nation	KryxiviaUpdater.exe

Executes dropped EXE 3 IoCs

Processes:

KryxiviaUpdater.exendp481-web.exeSetup.exe

pid process

3080 KryxiviaUpdater.exe
5072 ndp481-web.exe
3400 Setup.exe
Loads dropped DLL 4 IoCs

Processes:

Setup.exe

pid process

3400 Setup.exe
3400 Setup.exe
3400 Setup.exe
3400 Setup.exe
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Detected potential entity reuse from brand microsoft.
phishing microsoft

pid	process
3080	KryxiviaUpdater.exe
5072	ndp481-web.exe
3400	Setup.exe

pid	process
3400	Setup.exe
3400	Setup.exe
3400	Setup.exe
3400	Setup.exe

Drops file in Program Files directory 27 IoCs

Processes:

KryxiviaInstaller.exe

description	ioc	process
File created	C:\Program Files (x86)\Kryxivia\Kryxivia Uplauncher Beta\Uninstall Kryxivia.exe	KryxiviaInstaller.exe
File created	C:\Program Files (x86)\Kryxivia\Kryxivia Uplauncher Beta\KryxiviaUpdater.Core.pdb	KryxiviaInstaller.exe
File created	C:\Program Files (x86)\Kryxivia\Kryxivia Uplauncher Beta\log4net.dll	KryxiviaInstaller.exe
File created	C:\Program Files (x86)\Kryxivia\Kryxivia Uplauncher Beta\Microsoft.WindowsAPICodePack.Sensors.dll	KryxiviaInstaller.exe
File created	C:\Program Files (x86)\Kryxivia\Kryxivia Uplauncher Beta\System.IdentityModel.Tokens.Jwt.dll	KryxiviaInstaller.exe
File created	C:\Program Files (x86)\Kryxivia\Kryxivia Uplauncher Beta\DotNetZip.dll	KryxiviaInstaller.exe
File created	C:\Program Files (x86)\Kryxivia\Kryxivia Uplauncher Beta\KryxiviaUpdater.exe	KryxiviaInstaller.exe
File created	C:\Program Files (x86)\Kryxivia\Kryxivia Uplauncher Beta\Microsoft.IdentityModel.Abstractions.dll	KryxiviaInstaller.exe
File created	C:\Program Files (x86)\Kryxivia\Kryxivia Uplauncher Beta\Microsoft.IdentityModel.JsonWebTokens.dll	KryxiviaInstaller.exe
File created	C:\Program Files (x86)\Kryxivia\Kryxivia Uplauncher Beta\Microsoft.WindowsAPICodePack.ShellExtensions.dll	KryxiviaInstaller.exe
File created	C:\Program Files (x86)\Kryxivia\Kryxivia Uplauncher Beta\Newtonsoft.Json.dll	KryxiviaInstaller.exe
File created	C:\Program Files (x86)\Kryxivia\Kryxivia Uplauncher Beta\KryxiviaUpdater.Core.dll	KryxiviaInstaller.exe
File created	C:\Program Files (x86)\Kryxivia\Kryxivia Uplauncher Beta\Microsoft.IdentityModel.Tokens.dll	KryxiviaInstaller.exe
File opened for modification	C:\Program Files (x86)\Kryxivia\Kryxivia Uplauncher Beta\Uninstall Kryxivia_lang.ifl	KryxiviaInstaller.exe
File created	C:\Program Files (x86)\Kryxivia\Kryxivia Uplauncher Beta\log4net.config	KryxiviaInstaller.exe
File created	C:\Program Files (x86)\Kryxivia\Kryxivia Uplauncher Beta\KryxiviaAutoUpdater.exe	KryxiviaInstaller.exe
File created	C:\Program Files (x86)\Kryxivia\Kryxivia Uplauncher Beta\KryxiviaAutoUpdater.exe.config	KryxiviaInstaller.exe
File created	C:\Program Files (x86)\Kryxivia\Kryxivia Uplauncher Beta\KryxiviaAutoUpdater.pdb	KryxiviaInstaller.exe
File created	C:\Program Files (x86)\Kryxivia\Kryxivia Uplauncher Beta\KryxiviaUpdater.pdb	KryxiviaInstaller.exe
File created	C:\Program Files (x86)\Kryxivia\Kryxivia Uplauncher Beta\Microsoft.WindowsAPICodePack.dll	KryxiviaInstaller.exe
File created	C:\Program Files (x86)\Kryxivia\Kryxivia Uplauncher Beta\Microsoft.WindowsAPICodePack.ExtendedLinguisticServices.dll	KryxiviaInstaller.exe
File created	C:\Program Files (x86)\Kryxivia\Kryxivia Uplauncher Beta\Microsoft.WindowsAPICodePack.Shell.dll	KryxiviaInstaller.exe
File created	C:\Program Files (x86)\Kryxivia\Kryxivia Uplauncher Beta\kryxivia.ico	KryxiviaInstaller.exe
File created	C:\Program Files (x86)\Kryxivia\Kryxivia Uplauncher Beta\KryxiviaUpdater.exe.config	KryxiviaInstaller.exe
File created	C:\Program Files (x86)\Kryxivia\Kryxivia Uplauncher Beta\Microsoft.IdentityModel.Logging.dll	KryxiviaInstaller.exe
File created	C:\Program Files (x86)\Kryxivia\Kryxivia Uplauncher Beta\Uninstall Kryxivia_lang.ifl	KryxiviaInstaller.exe
File created	C:\Program Files (x86)\Kryxivia\Kryxivia Uplauncher Beta\Uninstall Kryxivia.dat	KryxiviaInstaller.exe

Drops file in Windows directory 5 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Setup.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Setup.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

Processes:

browser_broker.exeMicrosoftEdgeCP.exeMicrosoftEdge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdge.exe

Modifies registry class 64 IoCs

Processes:

MicrosoftEdgeCP.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exebrowser_broker.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com\Total = "503"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 3af3c0ceea5ad901	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Next Rating Prompt = 003187f80d5cd901	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\ChromeMigration	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com\Total = "393"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\InternetRegistry	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com\Total = "518"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url3 = "https://signin.ebay.com/ws/ebayisapi.dll"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\DatabaseComplete = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotnet.microsoft.com\ = "14"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotnet.microsoft.com\ = "379"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\Certificates\AA549154B737EF29C	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\ChromeMigration\AllComplete = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = ec4c538cea5ad901	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = b1422c8dea5ad901	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\Certificates\AA549154B737EF29C = 030000000100000014000000aa549154b737ef29c55000081fdf1f8b3ebb40910400000001000000100000001e9b655c2563f0f8b7cf2fa979f89a920f00000001000000200000001c169fb8bea23cbb597a7d0330f5f2c6fb82969934da9d676058363ca94854c614000000010000001400000039c8e33fb6d4c223863e8a9838ee2fcbbe567a13190000000100000010000000baa9030082855b9e52cb543799fa36f35c0000000100000004000000000800001800000001000000100000002d581a49c8eb5b3b3c6ef9bb65314d702000000001000000e7050000308205e3308203cba003020102021333000001d92cb2c0c2c9e054b40000000001d9300d06092a864886f70d01010b0500307e310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e312830260603550403131f4d6963726f736f667420536563757265205365727665722043412032303131301e170d3232303630373138323634325a170d3233303930373138323634325a3081a5310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e310d300b060355040b130442696e67311b301906035504031312494520496e737472756d656e746174696f6e3123302106092a864886f70d0109011614777362657870406d6963726f736f66742e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d345fb3624263a3b1856614f76c90c184e75fc1ab123f51b38c31a32311a70bbec8667c0831a74b00255149eac86eb0b2e4bc21010346a0bfaed29bbba29ab5e69a8b707f955c12eeb575a70cfeccd7ca8de3de7c883dd7bb79e85c8062128750eba60d9bcb6e0a21a4e97deef8cdff249e7d7ed312b8ed769c00c80629fc31ffe942f792d67b8e360f084858065ca7c0114a231072d7380b9ee828b1e717bc81938d5c58b75f12f457d4320f90a11d1d326e0b24c69dcbb185054bf8ab0c136f8f38264911aca2edaa93754a9685eb0878b62800020838f656e4d7d3aa53a0cc07d76cfbc7d77f570346cd2bba3836d24428c2723dd6e39afd107c0f7889bdd0203010001a38201303082012c300e0603551d0f0101ff0404030204f030150603551d25040e300c060a2b0601040182374c0c01301d0603551d0e0416041439c8e33fb6d4c223863e8a9838ee2fcbbe567a13301f0603551d230418301680143656896549cb5b9b2f3cac4216504d91b933d79130530603551d1f044c304a3048a046a0448642687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b696f70732f63726c2f4d69635365635365724341323031315f323031312d31302d31382e63726c306006082b0601050507010104543052305006082b060105050730028644687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b696f70732f63657274732f4d69635365635365724341323031315f323031312d31302d31382e637274300c0603551d130101ff04023000300d06092a864886f70d01010b05000382020100c36cdc2a65c64372b6118a63a5c7ed1ecfa5b939531465ca9af136bd76d942a74ad37481be984496cd20deca7b469dc4f2e439db9e2e0eafd2b4dcab7c7b0d131a98a88e9c34787d209fe84fd1bf1031c31a63a794d8448654d9f6e1267ca9513f6d9bb17be844f225a15133665568503b50bdd2b74e1199b3afbb822dc3d9b07147f374427991b7d04234dfb77c7b4518a554b65b69b318ff2be7e541762de2726789d01f2f866523861aea19ff8ccbfaafc7d78fc242aca7f74d6ba335b4c3d7c7b5b1f5b8dbb6b3104f24dbb8f95b39ecfbdc1a4469ab254263371e8f231c32c68c574290c81c388c3148200344d9b9b3fa8bb6394ac2536f66803302873f3f857bbdbe279d9bf7d2df3422c9bf927ef7b8eb92e872fdfac7cd1fd185847555b4239740734d043b167098ede21a83d5b35431fbd4768905a474218801cf320084043f608133bc8c26752c6b15210859dad17f3cdb1f8546c8cde2b5ccb6634681aaf88339eeab1ad92b8e4babf96333a99e6ff7ada19433913a8101d63b36fcccade21ec6a41cdb44d3abad7c4065368e51eb46b5c237c37bbf04c89871e2e0da20d2e569eaf67b19787ed46c2038faf181bd00cd1d5ff1fee0ad70b457528415fce74f37c22e3bfb1b17d57e59200625989090a2bb1e3b238cb348768a98126537198be58282f64856420280d5858fc0575182dbc6d1fb4f7611b339babc	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\DetectPhoneNumberComplete = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\LowRegistry\DontShowMeThisDialogAgain	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\microsoft.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com\NumberOfSubdom = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\Certificates\83DA05A9886F7658	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\ChromeMigration\MigrationTime = 3df8bf635a45d901	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscc_inventory	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\NextUpdateDate = "386070664"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpCleanupState = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CRLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "518"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{76F8749E-C588-4FB8-928A-9B5FAB69A160} = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\PersistedStorageItemTable\System\{6A56B528-19CF-4AE4-8638-3DE396ECFD = "8320"	browser_broker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\FileVersion = "2016061511"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\microsoft.com\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "379"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "268435456"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CacheLimit = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\PersistedStorageItemTable\System	browser_broker.exe

NTFS ADS 1 IoCs

Processes:

browser_broker.exe

description	ioc	process
File opened for modification	C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\ndp481-web.exe.ieo541t.partial:Zone.Identifier	browser_broker.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

Setup.exe

pid process

3400 Setup.exe
3400 Setup.exe
3400 Setup.exe
3400 Setup.exe
3400 Setup.exe
3400 Setup.exe
3400 Setup.exe
3400 Setup.exe
Suspicious behavior: MapViewOfSection 6 IoCs

Processes:

MicrosoftEdgeCP.exe

pid process

3296 MicrosoftEdgeCP.exe
3296 MicrosoftEdgeCP.exe
3296 MicrosoftEdgeCP.exe
3296 MicrosoftEdgeCP.exe
3296 MicrosoftEdgeCP.exe
3296 MicrosoftEdgeCP.exe

pid	process
3400	Setup.exe
3400	Setup.exe
3400	Setup.exe
3400	Setup.exe
3400	Setup.exe
3400	Setup.exe
3400	Setup.exe
3400	Setup.exe

pid	process
3296	MicrosoftEdgeCP.exe
3296	MicrosoftEdgeCP.exe
3296	MicrosoftEdgeCP.exe
3296	MicrosoftEdgeCP.exe
3296	MicrosoftEdgeCP.exe
3296	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 11 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	pid	process
Token: SeDebugPrivilege	4404	MicrosoftEdge.exe
Token: SeDebugPrivilege	4404	MicrosoftEdge.exe
Token: SeDebugPrivilege	4404	MicrosoftEdge.exe
Token: SeDebugPrivilege	4404	MicrosoftEdge.exe
Token: SeDebugPrivilege	5048	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	5048	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	5048	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	5048	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3960	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3960	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4404	MicrosoftEdge.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

KryxiviaInstaller.exe

pid process

3144 KryxiviaInstaller.exe
Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exendp481-web.exe

pid process

4404 MicrosoftEdge.exe
3296 MicrosoftEdgeCP.exe
3296 MicrosoftEdgeCP.exe
5072 ndp481-web.exe

pid	process
3144	KryxiviaInstaller.exe

pid	process
4404	MicrosoftEdge.exe
3296	MicrosoftEdgeCP.exe
3296	MicrosoftEdgeCP.exe
5072	ndp481-web.exe

Suspicious use of WriteProcessMemory 35 IoCs

Processes:

KryxiviaInstaller.exeMicrosoftEdgeCP.exebrowser_broker.exendp481-web.exe

description	pid	process	target process
PID 3144 wrote to memory of 3080	3144	KryxiviaInstaller.exe	KryxiviaUpdater.exe
PID 3144 wrote to memory of 3080	3144	KryxiviaInstaller.exe	KryxiviaUpdater.exe
PID 3296 wrote to memory of 5048	3296	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3296 wrote to memory of 5048	3296	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3296 wrote to memory of 5048	3296	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3296 wrote to memory of 5048	3296	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3296 wrote to memory of 3024	3296	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3296 wrote to memory of 5048	3296	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3296 wrote to memory of 5048	3296	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3296 wrote to memory of 5048	3296	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3296 wrote to memory of 5048	3296	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3296 wrote to memory of 5048	3296	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3296 wrote to memory of 5048	3296	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3296 wrote to memory of 3024	3296	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3296 wrote to memory of 3024	3296	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3296 wrote to memory of 3024	3296	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3296 wrote to memory of 3024	3296	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3296 wrote to memory of 3024	3296	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3296 wrote to memory of 3024	3296	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3296 wrote to memory of 960	3296	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3296 wrote to memory of 960	3296	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3296 wrote to memory of 960	3296	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3296 wrote to memory of 960	3296	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3296 wrote to memory of 960	3296	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3296 wrote to memory of 960	3296	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3296 wrote to memory of 960	3296	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3296 wrote to memory of 960	3296	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3296 wrote to memory of 960	3296	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3296 wrote to memory of 960	3296	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2628 wrote to memory of 5072	2628	browser_broker.exe	ndp481-web.exe
PID 2628 wrote to memory of 5072	2628	browser_broker.exe	ndp481-web.exe
PID 2628 wrote to memory of 5072	2628	browser_broker.exe	ndp481-web.exe
PID 5072 wrote to memory of 3400	5072	ndp481-web.exe	Setup.exe
PID 5072 wrote to memory of 3400	5072	ndp481-web.exe	Setup.exe
PID 5072 wrote to memory of 3400	5072	ndp481-web.exe	Setup.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\KryxiviaInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\KryxiviaInstaller.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3144

C:\Program Files (x86)\Kryxivia\Kryxivia Uplauncher Beta\KryxiviaUpdater.exe
"C:\Program Files (x86)\Kryxivia\Kryxivia Uplauncher Beta\KryxiviaUpdater.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
PID:3080

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4404

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- NTFS ADS
- Suspicious use of WriteProcessMemory
PID:2628

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\ndp481-web.exe
"C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\ndp481-web.exe"
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5072

C:\0aecade803e92850158207\Setup.exe
C:\0aecade803e92850158207\\Setup.exe /x86 /x64 /web
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:3400

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3296

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:5048

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:3024

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3960

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:4960

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:4308

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:960

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:3064

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Kryxivia\Kryxivia Uplauncher Beta\KryxiviaUpdater.exe

Filesize
3.1MB

MD5
2602e822629da9ac2dc971fab4fb500d

SHA1
7e16896209adfdf0a483dc4698c9aaefbb9cc3d5

SHA256
39127a6180d8028c9559f1e7c6edc013137ed7e99e02213b713af507c66c2ec0

SHA512
f14981c94ea9a17867ce7dcc70d15f5d07c7a96be0d2aafc68e18694bfa701280652ea33cc76972ef40b0a9fd8d06cd303daed993063ebbbefa914a400a39e8d

Download Submit
C:\Program Files (x86)\Kryxivia\Kryxivia Uplauncher Beta\KryxiviaUpdater.exe

Filesize
3.1MB

MD5
2602e822629da9ac2dc971fab4fb500d

SHA1
7e16896209adfdf0a483dc4698c9aaefbb9cc3d5

SHA256
39127a6180d8028c9559f1e7c6edc013137ed7e99e02213b713af507c66c2ec0

SHA512
f14981c94ea9a17867ce7dcc70d15f5d07c7a96be0d2aafc68e18694bfa701280652ea33cc76972ef40b0a9fd8d06cd303daed993063ebbbefa914a400a39e8d

Download Submit
C:\Program Files (x86)\Kryxivia\Kryxivia Uplauncher Beta\KryxiviaUpdater.exe.config

Filesize
174B

MD5
2a2df45a07478a1c77d5834c21f3d7fd

SHA1
f949e331f0d75ba38d33a072f74e2327c870d916

SHA256
051099983b896673909e01a1f631b6652abb88da95c9f06f3efef4be033091fa

SHA512
1a6dd48f92ea6b68ee23b86ba297cd1559f795946ecda17ade68aea3dda188869bba380e3ea3472e08993f4ae574c528b34c3e25503ee6119fd4f998835e09d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0PBDMEPO\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\555UPOLW\bootstrap-custom.min[1].css

Filesize
231KB

MD5
7dad72a4b609084ec79739e46694cfa6

SHA1
9f666798419e52986b737717e222341b162c9270

SHA256
535cc1d2753d7a07b944dcd3427282699f83bc6bfcee48477e021660e21fba1c

SHA512
54d4cc2d99ec3517b4fe9c9f829dd15f9b3c1d07127c71e81afe183a5d02e866e62f2b19b4ece267ccd0dda496732d93f644eed65acd70505cc3af189ff3f3c9

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\555UPOLW\open-sans-v34-latin-600[1].woff2

Filesize
16KB

MD5
603c99275486a11982874425a0bc0dd1

SHA1
ffeb62d105d2893d323574407b459fbae8cc90a6

SHA256
4ffc35ac4d5e3f1546a4c1a879f425f090ff3336e0fce31a39ae4973b5e8c127

SHA512
662dc53798ccda65ee972a1bb52959ca5f4c45066c1d500c2476c50ec537cb90a42d474d7dde2bec1ea8c312cc4a46e1d91ffb610130c2dc7914b65aef8a2615

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\555UPOLW\override[2].css

Filesize
1KB

MD5
a570448f8e33150f5737b9a57b6d889a

SHA1
860949a95b7598b394aa255fe06f530c3da24e4e

SHA256
0bd288d5397a69ead391875b422bf2cbdcc4f795d64aa2f780aff45768d78248

SHA512
217f971a8012de8fe170b4a20821a52fa198447fa582b82cf221f4d73e902c7e3aa1022cb0b209b6679c2eae0f10469a149f510a6c2132c987f46214b1e2bbbc

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\555UPOLW\wcp-consent[1].js

Filesize
51KB

MD5
413fcc759cc19821b61b6941808b29b5

SHA1
1ad23b8a202043539c20681b1b3e9f3bc5d55133

SHA256
daf7759fedd9af6c4d7e374b0d056547ae7cb245ec24a1c4acf02932f30dc536

SHA512
e9bf8a74fef494990aafd15a0f21e0398dc28b4939c8f9f8aa1f3ffbd18056c8d1ab282b081f5c56f0928c48e30e768f7e347929304b55547f9ca8c1aabd80b8

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6QAYO13U\a2-598841[1].js

Filesize
134KB

MD5
2cc02dc1fb567abe4b05d266eb06d922

SHA1
6dcbdeb8033539e29ca4d11975bee63bfabbfdad

SHA256
14bc892aff22a1998743df7de326750231ec0592917c70c5a9e5478fea456409

SHA512
769ec7d320b0b5ebfe2affc562078f0de8c21a6157af32f50f577327d37c43fa7b121d09cbd2bf27471c4356e90b1d96b10b73aa31410532f3fc46255d28a315

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6QAYO13U\ai.2.min[1].js

Filesize
118KB

MD5
ba7c8e27f0d90341d2717f62caaea574

SHA1
2955a4f237989547b8bf5fbeb901061d102bdcb6

SHA256
7e6eb5a9a8a048fbc98c8f37e104b59fdd19a077ece48b1ed11e6d4a54f93d38

SHA512
8af6b765a01ff1ad4002da9ee3ad055c13a5f161d335bde11fb7f0d2fb04427b692c6a82aef6f953bbb93cffaac23368ff4f0ce70a0214974212555e82200195

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6QAYO13U\at[1].js

Filesize
102KB

MD5
6b56d2bd5139bc5c00f412cd917a3bac

SHA1
7ebb960a86d15ba09b075265c6c098b9cdafc624

SHA256
cd976ec1ad0e64056080f75bd5bb81cc61b544c8f535ca2ca630a7f4aa5fda5b

SHA512
e716effb9d5b6bd49394e972d7307da7068bb03d536b975e03781c3ac9425117cc27e6a24a7aaf71e56f59341dce179184c88c3d4533fae99379a1c1a9e9f222

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6QAYO13U\general.min[1].js

Filesize
174KB

MD5
0a51551c9a5fe36e372fc39eb9bf0b3a

SHA1
6c76d69df786828afad990a0144b5d27d56e7863

SHA256
124fceae66250916650ffa507fc9c2773714f98580b7110f98d20103cd983794

SHA512
7c1e3542d04731f54ccb0888fd3b30c39e97e01e0980508bee856cf4725aad04e987a629ef23d95b8c264216f1b825c1c58920e34b79800bdcc22e761b85e388

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6QAYO13U\open-sans-v34-latin-700[1].woff2

Filesize
15KB

MD5
e45478d4d6f15dafda1f25d9e0fb5fa1

SHA1
52cb490cd0ee4442ede034085cda9652b206f91c

SHA256
d1a17abb1a999842fe425e1a4ace9d90f9c18f3595c21a63d89f0611b90cfd72

SHA512
2ac423249ec837efa35b29705f55a326dee83f727e867269b86005cce144ca8d435f7412bb0bc9babdb9ae17419e4a0314b2923bee6a5acc96c9909e9eb48645

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6QAYO13U\open-sans-v34-latin-regular[1].woff2

Filesize
16KB

MD5
e43b535855a4ae53bd5b07a6eeb3bf67

SHA1
6507312d9491156036316484bf8dc41e8b52ddd9

SHA256
b34551ae25916c460423b82beb8e0675b27f76a9a2908f18286260fbd6de6681

SHA512
955a4c3ea5df9d2255defc2c40555ac62eeafcc81f6fa688ba5e11a252b3ed59b4275e3e9a72c3f58e66be3a4d0e9952638932fa29eb9075463537910a8e0ce6

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9M9JJI4R\analytics.min[1].js

Filesize
892B

MD5
b4a1847f1be996c08716d3b97456d657

SHA1
49113ee2989496eb1858a45ffaa319863d8ccd69

SHA256
8a80172a7d4c7c65ad596f52ecc105d61c0b2b60368277fb4729767f54fec06a

SHA512
b0e4ab27c1db23cbcd13bda3bf488293985d76de6c4f51b2be140c7ca8562a0b8280360b2e628a097f7e5fe94508759aca5bec037a1b3d7a73d2d7d16fb63b93

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9M9JJI4R\cda-tracker.min[1].js

Filesize
798B

MD5
a3827d5909344f41d270fc8475f7733c

SHA1
bb6cb83e4d2080ee02ea366699f487c7362d4934

SHA256
bcb1104af4aea1ba4be65f0e9669e2f5382df316635226ade340f6dc15f2866a

SHA512
5cbb021d1f0bf0b13583b966ed5bba971b770d3331f062beb2fd75b0d2d380c10bf62db64167f3e3b94f6f5bc05cb160e7d5dae8a5d85d99ed75181040764d18

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9M9JJI4R\cookie-consent.min[2].js

Filesize
986B

MD5
276fadd25103db9ea780c1ab25dd42c8

SHA1
54483dc13e60306f87a0e4a4b16b47ffac51e097

SHA256
c9cb2eed50644985e9f73a6897d05d94b80b8c317ea3bb5524c28a16683a63f5

SHA512
174919bc2b37c379531819d3b2fea5097181b600b68b746afb8c52131db2bc05ac6d6c97821fe35f1c4018fb2b2982dcc1d542c568ed3bf0cff71e32b9408eca

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9M9JJI4R\main.min[2].js

Filesize
31KB

MD5
b9b13a437cdee66d01ab9cb18d85d3e0

SHA1
6614ec983dc34b78eda8a8e3ada837a503541a92

SHA256
0d56c5660f9a5afc4b544798551201d14c6d222b658bb1bb0e3f40ca04cb7bb9

SHA512
987cc6da7ac9e739b70572464917b464c0f90b3ba795133d852d7eddea3de89db8e880a3fc05745f1f964e5770d7ab9736f50d241e3577705c80ecf088fc888d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\EQXMO199\74-888e54[2].css

Filesize
167KB

MD5
ba0d5ea1fac178bc129be5c94eebc013

SHA1
cdf9036d0a2cc4b57a278e48bce971e708e39aee

SHA256
cf186f15996f1f201512c3576307588ecbf1e4d62daa72aa678b8222d6c652f8

SHA512
a31ed800df0244da91ef08d8e2b262d8b9899ec5f64218e6a233ac9f178df15e642aa7476aa87c1f18228a64507850e2974025b77f7071c2e821d50e3c3ca08e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\EQXMO199\at-config.1.4.1[1].js

Filesize
5KB

MD5
72dcd95e1872e4e7dd4debd9363a3f23

SHA1
73e8f9c4dd8812ebc9c54abed3e50b68f21ad7e3

SHA256
d83130d74d82a31e8a653378f0051d57ef560bd85406c85404c0f7bd9801b0bf

SHA512
12c49158f980c09b5cf39becea6506126c9077639991607c6066a9906d5be39eff6d8b4c844ab3dd398d17131f5e00638e52ad7e6a272ca38ea6f2e41efe00a3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\EQXMO199\culture-selector.min[1].js

Filesize
308B

MD5
4147b3bfb0a145eec758f0cb7292cefb

SHA1
8e02467706ce768bc9e68fea2a8d01b49513d631

SHA256
8f6f064a7a80641e434afc35b14fd8a01acda68f2ac01097e7dbbf0623edeb20

SHA512
49a661a2009c172df348aa83b2342f5cfdeea58026710bf139f847c1d9e6728b20a865bb81a980492186b7dd210ed1202c01a38757edfe77a4efa4945cd82477

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\EQXMO199\ms.analytics-web-3.min[1].js

Filesize
136KB

MD5
6a5b990f8696eb7a67ecfe6b5b3cab0b

SHA1
108bbd600f0237e62112db3969c6f02be0a1c7cb

SHA256
8a13eda4650628c3b24edd6b407cfedf1821188701430545bc17ccf7fe0083ac

SHA512
ceabc9380d2e4166dca101fa8e7ad7fa7b176182a04294b41584c7c3a93c28510c2fa7633e40c0959c7f39382a6b0706f10c6ff87068c96e2f5b15f1353f6856

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\6TVSR53R\dotnet.microsoft[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\6TVSR53R\dotnet.microsoft[1].xml

Filesize
694B

MD5
7093035de4f5d64267152879d8722da4

SHA1
219bd3dc73446981744ce00bc7d2c5b39c733df1

SHA256
a0a84215ca2aac3a46c46782fba9957079982beb86ef4aa014a2b37f0e4fd853

SHA512
60027638e57650fefcef14aac78cd3bab517c9d0ec23ea1d299ab712f26b4b1750e6f67bbb2c3300dd3e93cca7cd7c8bd6125b955c2616257bf0c3a427172b13

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\JSE1A52Q\favicon[1].ico

Filesize
16KB

MD5
12e3dac858061d088023b2bd48e2fa96

SHA1
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5

SHA256
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

SHA512
c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\QRU3A7E0\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\reeumwl\imagestore.dat

Filesize
17KB

MD5
6dbd66fd14b0247bb9d71b8ae62b1ef6

SHA1
6ad0e12da8f100d1bb3c8b6922fdcb359846dcb1

SHA256
83f236c061180ab90076d886ece149f4a876cff637008efca50bee7848baa003

SHA512
0dc2f7f1d9d638ad882b5e205c2b450b623272e09ed789e1582a9a6e98d7f00fe960e07d57531512d9d5c729c24475db423cbca3485e75d9a7254a8260447891

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\Windows\3720402701\2219095117.pri

Filesize
207KB

MD5
e2b88765ee31470114e866d939a8f2c6

SHA1
e0a53b8511186ff308a0507b6304fb16cabd4e1f

SHA256
523e419d2fa2e780239812d36caa37e92f8c3e6a5cd9f18f0d807c593effa45e

SHA512
462e8e6b4e63fc6781b6a9935b332a1dc77bfb88e1de49134f86fd46bd1598d2e842902dd9415a328e325bd7cdee766bd9473f2695acdfa769ffe7ba9ae1953d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\ndp481-web.exe

Filesize
1.4MB

MD5
0f774e364b59d81f9396b075da92c10e

SHA1
8b5c78682e0fcc358dc37a24a8ad8e46847db1fd

SHA256
c46aa513b122786e133064af1b8d59293bcdedead298c6087f17d03a2ed096c5

SHA512
ab60a1f72a66d7cea5c85650d5b6fa182a88a5014549c1b94114b445b91e22af51e9fbf2693c967c7a7bca1a93f75a8b7673e371ec9037344bf095752b9bc214

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\555UPOLW\bootstrap-custom.min[2].css

Filesize
231KB

MD5
7dad72a4b609084ec79739e46694cfa6

SHA1
9f666798419e52986b737717e222341b162c9270

SHA256
535cc1d2753d7a07b944dcd3427282699f83bc6bfcee48477e021660e21fba1c

SHA512
54d4cc2d99ec3517b4fe9c9f829dd15f9b3c1d07127c71e81afe183a5d02e866e62f2b19b4ece267ccd0dda496732d93f644eed65acd70505cc3af189ff3f3c9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\555UPOLW\mwfmdl2-v3.54[1].woff

Filesize
25KB

MD5
d0263dc03be4c393a90bda733c57d6db

SHA1
8a032b6deab53a33234c735133b48518f8643b92

SHA256
22b4df5c33045b645cafa45b04685f4752e471a2e933bff5bf14324d87deee12

SHA512
9511bef269ae0797addf4cd6f2fec4ad0c4a4e06b3e5bf6138c7678a203022ac4818c7d446d154594504c947da3061030e82472d2708149c0709b1a070fdd0e3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\555UPOLW\override[2].css

Filesize
1KB

MD5
a570448f8e33150f5737b9a57b6d889a

SHA1
860949a95b7598b394aa255fe06f530c3da24e4e

SHA256
0bd288d5397a69ead391875b422bf2cbdcc4f795d64aa2f780aff45768d78248

SHA512
217f971a8012de8fe170b4a20821a52fa198447fa582b82cf221f4d73e902c7e3aa1022cb0b209b6679c2eae0f10469a149f510a6c2132c987f46214b1e2bbbc

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\555UPOLW\space-grotesk-v12-latin-700[1].woff2

Filesize
11KB

MD5
514360ed1b78e71aabe58ecd08f36706

SHA1
1062c179ea2f74b5db67f9d7822c556ed25637dd

SHA256
751851e72654508ca07678c61bdacd91b772d725f531dd8a6f62e6f941e11ecc

SHA512
1827c1a0189570e775bdcd07657e720e0bb27c2157ff46307cba551eaa16822645e388321081eb13cae7f4d024038b5279cff897a4c86c0ecd4428e60a5dac5e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\555UPOLW\wcp-consent[1].js

Filesize
51KB

MD5
413fcc759cc19821b61b6941808b29b5

SHA1
1ad23b8a202043539c20681b1b3e9f3bc5d55133

SHA256
daf7759fedd9af6c4d7e374b0d056547ae7cb245ec24a1c4acf02932f30dc536

SHA512
e9bf8a74fef494990aafd15a0f21e0398dc28b4939c8f9f8aa1f3ffbd18056c8d1ab282b081f5c56f0928c48e30e768f7e347929304b55547f9ca8c1aabd80b8

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6QAYO13U\RE1Mu3b[1].png

Filesize
3KB

MD5
9f14c20150a003d7ce4de57c298f0fba

SHA1
daa53cf17cc45878a1b153f3c3bf47dc9669d78f

SHA256
112fec798b78aa02e102a724b5cb1990c0f909bc1d8b7b1fa256eab41bbc0960

SHA512
d4f6e49c854e15fe48d6a1f1a03fda93218ab8fcdb2c443668e7df478830831acc2b41daefc25ed38fcc8d96c4401377374fed35c36a5017a11e63c8dae5c487

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6QAYO13U\at[1].js

Filesize
102KB

MD5
6b56d2bd5139bc5c00f412cd917a3bac

SHA1
7ebb960a86d15ba09b075265c6c098b9cdafc624

SHA256
cd976ec1ad0e64056080f75bd5bb81cc61b544c8f535ca2ca630a7f4aa5fda5b

SHA512
e716effb9d5b6bd49394e972d7307da7068bb03d536b975e03781c3ac9425117cc27e6a24a7aaf71e56f59341dce179184c88c3d4533fae99379a1c1a9e9f222

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6QAYO13U\open-sans-v34-latin-regular[2].woff2

Filesize
16KB

MD5
e43b535855a4ae53bd5b07a6eeb3bf67

SHA1
6507312d9491156036316484bf8dc41e8b52ddd9

SHA256
b34551ae25916c460423b82beb8e0675b27f76a9a2908f18286260fbd6de6681

SHA512
955a4c3ea5df9d2255defc2c40555ac62eeafcc81f6fa688ba5e11a252b3ed59b4275e3e9a72c3f58e66be3a4d0e9952638932fa29eb9075463537910a8e0ce6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9M9JJI4R\analytics.min[1].js

Filesize
892B

MD5
b4a1847f1be996c08716d3b97456d657

SHA1
49113ee2989496eb1858a45ffaa319863d8ccd69

SHA256
8a80172a7d4c7c65ad596f52ecc105d61c0b2b60368277fb4729767f54fec06a

SHA512
b0e4ab27c1db23cbcd13bda3bf488293985d76de6c4f51b2be140c7ca8562a0b8280360b2e628a097f7e5fe94508759aca5bec037a1b3d7a73d2d7d16fb63b93

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9M9JJI4R\cda-tracker.min[2].js

Filesize
798B

MD5
a3827d5909344f41d270fc8475f7733c

SHA1
bb6cb83e4d2080ee02ea366699f487c7362d4934

SHA256
bcb1104af4aea1ba4be65f0e9669e2f5382df316635226ade340f6dc15f2866a

SHA512
5cbb021d1f0bf0b13583b966ed5bba971b770d3331f062beb2fd75b0d2d380c10bf62db64167f3e3b94f6f5bc05cb160e7d5dae8a5d85d99ed75181040764d18

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9M9JJI4R\cookie-consent.min[2].js

Filesize
986B

MD5
276fadd25103db9ea780c1ab25dd42c8

SHA1
54483dc13e60306f87a0e4a4b16b47ffac51e097

SHA256
c9cb2eed50644985e9f73a6897d05d94b80b8c317ea3bb5524c28a16683a63f5

SHA512
174919bc2b37c379531819d3b2fea5097181b600b68b746afb8c52131db2bc05ac6d6c97821fe35f1c4018fb2b2982dcc1d542c568ed3bf0cff71e32b9408eca

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9M9JJI4R\general.min[1].js

Filesize
174KB

MD5
0a51551c9a5fe36e372fc39eb9bf0b3a

SHA1
6c76d69df786828afad990a0144b5d27d56e7863

SHA256
124fceae66250916650ffa507fc9c2773714f98580b7110f98d20103cd983794

SHA512
7c1e3542d04731f54ccb0888fd3b30c39e97e01e0980508bee856cf4725aad04e987a629ef23d95b8c264216f1b825c1c58920e34b79800bdcc22e761b85e388

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9M9JJI4R\main.min[1].js

Filesize
31KB

MD5
b9b13a437cdee66d01ab9cb18d85d3e0

SHA1
6614ec983dc34b78eda8a8e3ada837a503541a92

SHA256
0d56c5660f9a5afc4b544798551201d14c6d222b658bb1bb0e3f40ca04cb7bb9

SHA512
987cc6da7ac9e739b70572464917b464c0f90b3ba795133d852d7eddea3de89db8e880a3fc05745f1f964e5770d7ab9736f50d241e3577705c80ecf088fc888d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\EQXMO199\74-888e54[2].css

Filesize
167KB

MD5
ba0d5ea1fac178bc129be5c94eebc013

SHA1
cdf9036d0a2cc4b57a278e48bce971e708e39aee

SHA256
cf186f15996f1f201512c3576307588ecbf1e4d62daa72aa678b8222d6c652f8

SHA512
a31ed800df0244da91ef08d8e2b262d8b9899ec5f64218e6a233ac9f178df15e642aa7476aa87c1f18228a64507850e2974025b77f7071c2e821d50e3c3ca08e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\EQXMO199\a2-598841[1].js

Filesize
134KB

MD5
2cc02dc1fb567abe4b05d266eb06d922

SHA1
6dcbdeb8033539e29ca4d11975bee63bfabbfdad

SHA256
14bc892aff22a1998743df7de326750231ec0592917c70c5a9e5478fea456409

SHA512
769ec7d320b0b5ebfe2affc562078f0de8c21a6157af32f50f577327d37c43fa7b121d09cbd2bf27471c4356e90b1d96b10b73aa31410532f3fc46255d28a315

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\EQXMO199\alert-info[1].svg

Filesize
726B

MD5
c7db49644f6bf1f50b3190ffba0516ed

SHA1
5bb312a0b6357ccb7e93158ac0f97b4e249e4696

SHA256
2d891fb5984d5f421055da7f5d7e4be525df4c973fdc4366057bc9dfd82ce281

SHA512
9b7f127443d517223a2a2cf6131a777f56aae3cd21dbcc1e87d847a0ad42e8c05a7f13347fec6d4df0582d486a57a9dc0d8121e6ca38371549f53e396cf6463a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\EQXMO199\at-config.1.4.1[1].js

Filesize
5KB

MD5
72dcd95e1872e4e7dd4debd9363a3f23

SHA1
73e8f9c4dd8812ebc9c54abed3e50b68f21ad7e3

SHA256
d83130d74d82a31e8a653378f0051d57ef560bd85406c85404c0f7bd9801b0bf

SHA512
12c49158f980c09b5cf39becea6506126c9077639991607c6066a9906d5be39eff6d8b4c844ab3dd398d17131f5e00638e52ad7e6a272ca38ea6f2e41efe00a3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\EQXMO199\culture-selector.min[1].js

Filesize
308B

MD5
4147b3bfb0a145eec758f0cb7292cefb

SHA1
8e02467706ce768bc9e68fea2a8d01b49513d631

SHA256
8f6f064a7a80641e434afc35b14fd8a01acda68f2ac01097e7dbbf0623edeb20

SHA512
49a661a2009c172df348aa83b2342f5cfdeea58026710bf139f847c1d9e6728b20a865bb81a980492186b7dd210ed1202c01a38757edfe77a4efa4945cd82477

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\EQXMO199\ms.analytics-web-3.min[1].js

Filesize
136KB

MD5
6a5b990f8696eb7a67ecfe6b5b3cab0b

SHA1
108bbd600f0237e62112db3969c6f02be0a1c7cb

SHA256
8a13eda4650628c3b24edd6b407cfedf1821188701430545bc17ccf7fe0083ac

SHA512
ceabc9380d2e4166dca101fa8e7ad7fa7b176182a04294b41584c7c3a93c28510c2fa7633e40c0959c7f39382a6b0706f10c6ff87068c96e2f5b15f1353f6856

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\17U3DUAZ.cookie

Filesize
121B

MD5
4ac357158da686d4555d23cd0c3409af

SHA1
2edc0f2db5977c943d0c71da060ace1baaa5a19b

SHA256
300216d965cae28cb7c63ce1af9669da8f1b952bfa7d451d36bd7eb2aa430d2c

SHA512
d2a8e010b00389f2d3e2920ca7cb702042eb5856522518c670d3267335972d3a06c5f8c5d57ccbbda98abdf15e46a21b8a14f88fdf3824c3827e11ed883e0141

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\31C8BGNZ.cookie

Filesize
563B

MD5
aa8672c325702c2fda9d1a49442dd07c

SHA1
2562812aa8dfe62d0f05ef54600a5926db3b1f2d

SHA256
9414a69dbb909f3415905eb9db1230f7ca8994771c477e26ae5f47dbe31ed640

SHA512
ec3100bbba14b9359b1aadbb7f86cbd7066c0a30406361d02b21dd976af3471e0c7b73705946c6132358101e1376708b36ce5f4f0286501c25ab0ef163ca14c4

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\3JE5OGY6.cookie

Filesize
193B

MD5
eb5fc6ffd7f554d5f0324a9ea7df5732

SHA1
787819d5bd9c2b115a3a99a27b7376e6e5c5f234

SHA256
e762b552333ca70e929b60f7d5e5c68489008ed58bbd433a9b814e6fadf6d387

SHA512
58fa7b276463f6b8780a95b6e434007439835570c7e679d78a95e337af5d27f8c84e091a3a6777653ca8d7e9e4a2d581b467c25fb7d5a28a213265ce367b2470

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\5N422IZH.cookie

Filesize
407B

MD5
8844a208dc69a674c22298386f17640b

SHA1
4c0a19ea5e76559a1acf024a651c821e3f1c5ca9

SHA256
e99724da3f3c04310edac15b67db05a6f9d26537ac918ce2d82c84b29da2292e

SHA512
8c6a8a1cbd9770f3d5f7b1d1f8ffea79ea38637c8f586e4cc532a3489838a039a1d2d2d261e2e40309149acea1564a97137e047bbbaed94f90f0aef4425bed9c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\9GHPLCD1.cookie

Filesize
392B

MD5
2555f26f92cf3dd00dfb5f01537a1bf0

SHA1
5711a5daad134621e769a4d9c0ce5e62e268e56c

SHA256
b58dee03788d4aabe26f6011210f4ecd6a9e68964e79c13684483ffb631a1a31

SHA512
d1046abaa09742b20eee4059406ce5c558c334a1e59d8a2f53945fc439814cd58ccbfd96c52577eecd01774deac314e0ba188346dbb7bd29fe270454e1a60925

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\9TCS3OYR.cookie

Filesize
563B

MD5
ba83afb5ba495d58d726a3daded2f72e

SHA1
440f0e231d39322fe9a0abd5c10ae2db4f702698

SHA256
9a3f4f6715ccb150bae144612a9791531e94df25a9fbc52e81ae84e714342a99

SHA512
8551f14043ffbef43efc7a67dec236b2af84aae50ffb17dda3e74ac2547d75c8a3381f742320b1296f064ef4856b649bce9bd6eef3391a1d01c06015100f24f3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\9X8TD3AX.cookie

Filesize
72B

MD5
e18291e50e8e185ee0ca18e081005db0

SHA1
7e2ba70b5e387376b73607703cd482ee1d30bbba

SHA256
19e028282a6aeff2496e1216bfffb99ddd206d29c05b7409ef0a3d74b4b3492c

SHA512
3fc735b7216c56da6b16a823c5de8c5de5f93afbeeb6522e3d71ce7a24b76129e55c8369057104141f15a5a00a0d94cfd3073394132361105d54def249d4b215

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\AP9K1MID.cookie

Filesize
280B

MD5
7ba7bdbde764e3f1f5f9d30e1a72a464

SHA1
1fe09f46126b9c5230879c93eb583dd6b9465edb

SHA256
cc0d083b7b22c146bde8fbefb2183c6e13886a1d8e848e71dd9d4f6e1becb9de

SHA512
6a1d4a917a7989971a7c69b7d453cd8bdc6b7d397bf18728ce75c6c869c98b83d3103922351467b3f846eeca2b6b6bb304ba124979f686a7f1fa7b8dc208909e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\C4F9C9P8.cookie

Filesize
245B

MD5
160159e941b9633b66c9c051b98dc91d

SHA1
27b0078aedbe750fad7fa42f5ffaffe845de45ba

SHA256
0ee4ddabd9d460f90ee7397f73a1048d16428bb588deb664794fb544969969d3

SHA512
35508e9f1cade2c73ef1c48b830f46acf376defe6a1c0a34361e9e27fffecb089664c944cb5c0b8f4e50d5269775838b82941eea54e103cdb2d5480014257bc7

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\F7ZQ7O0E.cookie

Filesize
392B

MD5
c8932d8260fe65278d0736f742372825

SHA1
02d40b1f3c5cfddc20acdb1b39168c646148b32d

SHA256
497364b7ab2fe2acfb1d21eb44885827b1535393fd3abdd11612ee507ffbdfc7

SHA512
fab2cd57375a739e149887adf108b3a8b94d1b023733eca0d37474e0eeaab65cd1f46da42f3af4aeeb44ad1e889d1b01c99a0d697bcb9731c794f63e8cf82233

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\JWRGDDF7.cookie

Filesize
147B

MD5
9b8e0f1ee1e8926b405e88ab951e5b5b

SHA1
563ea0d8489b178c69a72d1aefda5de931701884

SHA256
4002e8550fda7e61187daccaf32c96a3df01a5aa507ba8ea32511fc67a3cd1bf

SHA512
afa9c78b4b7f0c898d8c2ff423afe28a497a86fdc9f93dc84eebad4592dee5d160b1944bceae0375711c1c29366731a9c893badf7b0b81f2e309a1874c42392a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\OWRBWPUT.cookie

Filesize
121B

MD5
ad32f85bd80e6548dbff5a3f92cda07a

SHA1
cbe988c9411f2ffe45da98ff80dd79a577c3a5cc

SHA256
3a96104f460b3f8d2875a81e19a6eb7e0b954ae466f9ea7dba47dcf64a9f55df

SHA512
c030ff9388a4c421d7ed6ea3903931dc90e85d6cbb09b3172e51da1666bf87c05cdcd0aab8e70dc277097de7dee6bfae3a665bef68232fcb065434fe9ba47cdb

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\RCYMOEO8.cookie

Filesize
407B

MD5
0ee6a009fb2c647d6f363f3b8ef14a41

SHA1
c154581a861fb20660f087a6f0f57f0843d0174f

SHA256
851a2b3c2cef81d0eebed192762c65264ae17f14d78b76c5a5bf87169182f05f

SHA512
8812fabf7c335bb56ed1cf03f022f5d90777d23b2b19ffe7479fcd6803d646f83f80de4133c5247774c1f767f8f47059bad46a761b91439473c1591ebabf0ecb

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\TBBT8N9T.cookie

Filesize
563B

MD5
eeb28c8b77bc9ffd9a41d3ab6daff252

SHA1
42e8e81da4a33a6ca76be2ad84ef211edf63a31a

SHA256
e7054c068a2b9a4d2d388674d7d885fe994cd717fd00b927ddaef4073fd0f6af

SHA512
52e57a45a0c0f80c1e430879b5b2e2234f8ac03293e08ad8478a3b9dec3cbb5074ef19e60ad0f636a5eb40a9fc8a06183d480c50e9d06271fc4dbddd3645110e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\U1LN682E.cookie

Filesize
563B

MD5
a3d3bec690c849f19ebd7ec7e84b4bc0

SHA1
1453aad34efb6ec18ffe049721415e77cdfc511f

SHA256
58180a3c4366a85163d3a981198fd04ab160d596bf4ddb25fe726cbff144f6ce

SHA512
95094c43f49fc2fe0016b30fa383a24a89201cb35d6442686ac1f60b82a8a8a70d46c09990d2e26d93290afc1326af97b386533a01f83d948a1b7702d8932e43

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\WDSF7IGD.cookie

Filesize
245B

MD5
810f80387d91479d2ab7770c9e5f003e

SHA1
8e3624c6f957f2ff7856dc537bd7f352410976bb

SHA256
8b775d9220ef6ebf545f27efc6fc4797cf4004e480eca34ed16f663b9cd8b10b

SHA512
6e1ab14dd360bbe8f27e4cc5fb0448a3197f3eb0c966df108f37cd1fa49320b33b83231652fb16d8ad2ce1031a263b3952d1ced22b25081d7c825995f0cb1392

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\6TVSR53R\dotnet.microsoft[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\6TVSR53R\dotnet.microsoft[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\6TVSR53R\dotnet.microsoft[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\6TVSR53R\dotnet.microsoft[1].xml

Filesize
694B

MD5
30e1277f3deeb9664b7af2ee79d1a0fa

SHA1
bd1ed7e2b9544919a387768b560bb72cc6e11f00

SHA256
799f8d91aad6c5f7e99529f0a0b9de1fae69bf555c17a4f6f4c534312cc71038

SHA512
6ab47ee41f93e59bc850cb390aee19e64d93daa73a91e4da2d2d36fec35670e1bed353334b677cca5f293b7d05dc8dab83bad85eac21330fab5a9ad2714655a7

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\6TVSR53R\dotnet.microsoft[1].xml

Filesize
694B

MD5
7093035de4f5d64267152879d8722da4

SHA1
219bd3dc73446981744ce00bc7d2c5b39c733df1

SHA256
a0a84215ca2aac3a46c46782fba9957079982beb86ef4aa014a2b37f0e4fd853

SHA512
60027638e57650fefcef14aac78cd3bab517c9d0ec23ea1d299ab712f26b4b1750e6f67bbb2c3300dd3e93cca7cd7c8bd6125b955c2616257bf0c3a427172b13

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\6TVSR53R\dotnet.microsoft[1].xml

Filesize
694B

MD5
7093035de4f5d64267152879d8722da4

SHA1
219bd3dc73446981744ce00bc7d2c5b39c733df1

SHA256
a0a84215ca2aac3a46c46782fba9957079982beb86ef4aa014a2b37f0e4fd853

SHA512
60027638e57650fefcef14aac78cd3bab517c9d0ec23ea1d299ab712f26b4b1750e6f67bbb2c3300dd3e93cca7cd7c8bd6125b955c2616257bf0c3a427172b13

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177

Filesize
471B

MD5
53972be50fd300126090b477db0c8ea7

SHA1
e39d8d736e827a465a57b139745c53bcefc53f8d

SHA256
bb3137e2dd394b96e10fc7a6d943322b7356a0c0f7b02e50bc489a0c84ac5de2

SHA512
7fdd991cb4c45b47f86b1cf5c54f4b76923d0c85d4650d07f86f7c49fdd7b3706f115988fca4ea700780a3fe5bdf606e98aeb49eb8c06181f9f49e602e7b5453

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177

Filesize
471B

MD5
53972be50fd300126090b477db0c8ea7

SHA1
e39d8d736e827a465a57b139745c53bcefc53f8d

SHA256
bb3137e2dd394b96e10fc7a6d943322b7356a0c0f7b02e50bc489a0c84ac5de2

SHA512
7fdd991cb4c45b47f86b1cf5c54f4b76923d0c85d4650d07f86f7c49fdd7b3706f115988fca4ea700780a3fe5bdf606e98aeb49eb8c06181f9f49e602e7b5453

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C5130A0BDC8C859A2757D77746C10868

Filesize
471B

MD5
70e349c8fab2ecac233bf304114f4284

SHA1
e7bde63eccd6fc001d684f04367d1f5d5f9d1b5a

SHA256
ca6e672803481a2bf099465879048b0c19972f051c7ae7d66622d6178681362c

SHA512
5ce30893aa651bafe9b59c41048d13b65640d3c5a00ac9c31b1ecfb8724aad059515a843fecaed5f4fa847ff3efe408dbf853d03be3a2992b5960c9c618ace09

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

Filesize
471B

MD5
a07e6941fea329a2f3184dfaac7977ab

SHA1
22714d908d2a53a2d954c778e609b371e93a1347

SHA256
cfa5a45a7a48834896f29383b931cfa36ed1965f8f9a4decd4b810abf6e3a7be

SHA512
127d7f10bd55c0f6ffb67398f63164a47c9fc95513a5efa8e464eece500a0d4fc3117a4ad82b567872abe37b0c1281a84a0de6ac9a945b568de57b9f8d728a76

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

Filesize
471B

MD5
a07e6941fea329a2f3184dfaac7977ab

SHA1
22714d908d2a53a2d954c778e609b371e93a1347

SHA256
cfa5a45a7a48834896f29383b931cfa36ed1965f8f9a4decd4b810abf6e3a7be

SHA512
127d7f10bd55c0f6ffb67398f63164a47c9fc95513a5efa8e464eece500a0d4fc3117a4ad82b567872abe37b0c1281a84a0de6ac9a945b568de57b9f8d728a76

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE

Filesize
471B

MD5
e54ccf3ff575fef5aaf7f021abf70e72

SHA1
7b538fdb5c4cdee7e7e8ff8ee5f51ef361760422

SHA256
4b6ff45c218ae3497ddd6ffca610bd24501a9819527f58326614d199e673c1dd

SHA512
df79a5f674c6568edf90801d3369102482d407e163cd14513dfd1814a8b4266c6b7b6da5b69241209d7f0fcb69c88de347763683e8735388e6ac05eaa30df3da

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
691538b2898e5d8740b8619e744c7b0c

SHA1
380c125a8c7d2127d5e10eb69a883e74c4d51693

SHA256
2e41c650d4d485f099c3ebf4c732e7c9cb98c577411af7ebe6577324699bffab

SHA512
59bf17c8f306c09c05a6e1bf8d66adbe79fea6c359d8a1f877f14311e54871ab384810fe1f5eb38951f53eff31c543d64667b5bb030a774d2df8e18e45e90db0

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E573CDF4C6D731D56A665145182FD759_EAB4AEE2EA70916CD4B93BC9BD3B283A

Filesize
471B

MD5
d91e5e061cfb2d21dd961d04c19244e9

SHA1
9f4311743a7d200d92950daa90c6be42d4095504

SHA256
8dc91e98deddefcd61910d852e944a507960416efe17b391f72e079d4bb04af5

SHA512
e0be022025ac662e3440dfab0ed18b8c73337c8d7eb4e3c5c5bb643a6f3dc845ecf6a41662e5ab2d573f537f79406b10745fb1920fb3682633a15ed89461c1f9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177

Filesize
412B

MD5
81bba203a0e56fd9795e7e466260d0f4

SHA1
6e8258c0e11be2581d5f58fe66cfbc9c21767cc0

SHA256
82789e68af1264bf75f75b2391aa21ad78744fa939c2b5391de471119b1eed56

SHA512
4de053078e9596655d5233049535c92bcb64444edef3bd32ad178479c654502df557bc653dbbff5d70e19e1c6df2f32b3a3086a9561f0b977f8544d6b088b65c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177

Filesize
412B

MD5
d676b0e8b49c7337b0c30b1a3b35a644

SHA1
1e4da5c727ad04da158e84510ed5818f5d3ae25b

SHA256
358b8defcc78fa46e3d7a8f033b1582844ed044215403ac5c61133ff301354e8

SHA512
885d90ef659c8caa6bd13290ee95f5706526960b63b58414911fd36fb8d75c7d26d8a65789fe8f052f3a7df95afb204ecbeda09fd67a9eae191592fdee01edcb

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C5130A0BDC8C859A2757D77746C10868

Filesize
412B

MD5
c079599990727514fd6c30c0f29753f5

SHA1
23a21f67a0bb744e74285d10f47c138c857d5cd8

SHA256
9ce931b32636dbb462b566858c1bc0fff3f754bc7003058c7c9226df524fd121

SHA512
be14e27c4c178b981400e585f16865bb94bf3ed4365bc9d03e26ce9754c93dc4813d4d52ada641738f4d68c62289e116eb61b47a89193c7a8fe543a5e028c275

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C5130A0BDC8C859A2757D77746C10868

Filesize
412B

MD5
4fbdae53dac6840b7d6ee052827609e4

SHA1
615c49472e0fc7a54e56ffae950b32424445a07c

SHA256
61609102803e137bb7158d24f9c60effde679a9aae9047ad8778101ffccd216b

SHA512
f6d6492c58ab61585807cd3d64ff14e0e0573e3f50f2d1fdbf4373fbfce6ab9425d08490fb04a5547ee5cb25a586e1bb5ba531ccf591ed5b842b35ebf7a57886

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

Filesize
412B

MD5
ee3d316ab244fee9aa64d88ac52a834a

SHA1
442b705b7678a90c7455d3de79cfd6472fa29cbb

SHA256
b77272f8563237ad7208f5b0d4a784729c31c9421ca7172172b7220c60849815

SHA512
efe60a14e9216ba9084c87bc9b7fa426737934eccab1438611a5ee603264d30c76def38b56733d7164d5836739bc4190250ddc7bbee73eef8a299c55f6c3ac27

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

Filesize
412B

MD5
8849aa1047e1c7372ffc41e21a878c82

SHA1
1525724be49ea941b3b918a0ca15bedcd86be64a

SHA256
1a8c70e2c66c2134b06fc9a2bfc2fd2f8471ea2afbd8fb406a97ad7b45b6013d

SHA512
5588e74ac327e62c74dd03c5cbf13380b60a1e1d2e32a531a50b71742fcd5302a9e965d333d534508880153ae562934d2ae6d8ed63758cd6cc721b360e2a3ecf

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE

Filesize
446B

MD5
a9f8ed63df0226b5f14402463ea10db0

SHA1
b0c93378dda1f3245d0fc4e521b9b29794425798

SHA256
9bf23bef5a31af9eb558812b3380fba862e15ccd660849b28c07f1e419dc0c52

SHA512
d7facea5bd1ed98381598ec0f4d204fd1f96a9ae1d7fd562bc10fb251b793192560ccbfd32d8cbde446fe02cab74ba6e0727c3e9923863cdd393b93ad53eb4f1

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE

Filesize
446B

MD5
a9f8ed63df0226b5f14402463ea10db0

SHA1
b0c93378dda1f3245d0fc4e521b9b29794425798

SHA256
9bf23bef5a31af9eb558812b3380fba862e15ccd660849b28c07f1e419dc0c52

SHA512
d7facea5bd1ed98381598ec0f4d204fd1f96a9ae1d7fd562bc10fb251b793192560ccbfd32d8cbde446fe02cab74ba6e0727c3e9923863cdd393b93ad53eb4f1

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE

Filesize
446B

MD5
a9f8ed63df0226b5f14402463ea10db0

SHA1
b0c93378dda1f3245d0fc4e521b9b29794425798

SHA256
9bf23bef5a31af9eb558812b3380fba862e15ccd660849b28c07f1e419dc0c52

SHA512
d7facea5bd1ed98381598ec0f4d204fd1f96a9ae1d7fd562bc10fb251b793192560ccbfd32d8cbde446fe02cab74ba6e0727c3e9923863cdd393b93ad53eb4f1

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
430B

MD5
f71a1978c603545d37661e0aeee21a67

SHA1
debce9332b32fcd8ddab57629d2d3012aada57f0

SHA256
92619c1ae90c4bdc0e3f6fe5dd3a5caa55729ea3d2917c2329866b0cdbf15116

SHA512
540455a0528c6481ccf31ce65fb478bbeecf2a04bc8d6c064274a3bfc7ca155ec2550b173a247e01f8ce51ca0aa974fc6aab098400999bd40e952c21f4d70544

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E573CDF4C6D731D56A665145182FD759_EAB4AEE2EA70916CD4B93BC9BD3B283A

Filesize
426B

MD5
2da53ca380757cab28b5dfa9227b56f5

SHA1
873e38c098b6f5b96c00f4a43db32163f7b92900

SHA256
1815c756e3f4d5c7020cd1eea1ade6ecdda7bce649a0815fdaf3249d448e5adb

SHA512
ab92be435e28f678fb112bacc458cf192f7efb40778e2fee92bade3474a078870e85edafef091ffef6985d7e94d7a531cde2fee03d01de88c112568826bf3832

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\Windows\3720402701\2219095117.pri

Filesize
207KB

MD5
e2b88765ee31470114e866d939a8f2c6

SHA1
e0a53b8511186ff308a0507b6304fb16cabd4e1f

SHA256
523e419d2fa2e780239812d36caa37e92f8c3e6a5cd9f18f0d807c593effa45e

SHA512
462e8e6b4e63fc6781b6a9935b332a1dc77bfb88e1de49134f86fd46bd1598d2e842902dd9415a328e325bd7cdee766bd9473f2695acdfa769ffe7ba9ae1953d

Download Submit
C:\Users\Admin\AppData\Local\Temp\HFIA16C.tmp.html

Filesize
15KB

MD5
cd131d41791a543cc6f6ed1ea5bd257c

SHA1
f42a2708a0b42a13530d26515274d1fcdbfe8490

SHA256
e139af8858fe90127095ac1c4685bcd849437ef0df7c416033554703f5d864bb

SHA512
a6ee9af8f8c2c7acd58dd3c42b8d70c55202b382ffc5a93772af7bf7d7740c1162bb6d38a4307b1802294a18eb52032d410e128072af7d4f9d54f415be020c9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IF{AD486A3D-8811-486A-AC23-875699F581C2}\default.ifl

Filesize
2KB

MD5
2922d0c758d9c3c10cbdc59f91979d0c

SHA1
feb69bdf58d06cca776db63036811af0764ca013

SHA256
20f6d12eac29bd6ddc6a99dd276c5e200fac25c976ab4293195b58ec164c253f

SHA512
d15e888bae4e23ce5d61becc3c47d9b5f61fbbe4612cf90677314570fe1df1f4fde6c519b789ad46cc50d19c2b3701bc9bd968e85bb618fb7127950d4ae92695

Download Submit
memory/3024-551-0x0000026D96640000-0x0000026D96740000-memory.dmp

Filesize
1024KB

Download
memory/3024-473-0x0000026D926F0000-0x0000026D926F2000-memory.dmp

Filesize
8KB

Download
memory/3024-513-0x0000026D96840000-0x0000026D96940000-memory.dmp

Filesize
1024KB

Download
memory/4404-198-0x0000018319F20000-0x0000018319F30000-memory.dmp

Filesize
64KB

Download
memory/4404-216-0x000001831A700000-0x000001831A710000-memory.dmp

Filesize
64KB

Download
memory/4404-235-0x000001831A0E0000-0x000001831A0E1000-memory.dmp

Filesize
4KB

Download
memory/4404-237-0x000001831A320000-0x000001831A322000-memory.dmp

Filesize
8KB

Download
memory/4404-718-0x0000018320720000-0x0000018320721000-memory.dmp

Filesize
4KB

Download
memory/4404-717-0x0000018320710000-0x0000018320711000-memory.dmp

Filesize
4KB

Download
memory/4404-239-0x000001831E9C0000-0x000001831E9C2000-memory.dmp

Filesize
8KB

Download
memory/4404-240-0x000001831E9F0000-0x000001831E9F2000-memory.dmp

Filesize
8KB

Download
memory/5048-492-0x000001D558E90000-0x000001D558E92000-memory.dmp

Filesize
8KB

Download
memory/5048-271-0x000001D542AA0000-0x000001D542AA2000-memory.dmp

Filesize
8KB

Download
memory/5048-892-0x000001D554BE0000-0x000001D554CE0000-memory.dmp

Filesize
1024KB

Download
memory/5048-453-0x000001D5584B0000-0x000001D5584B2000-memory.dmp

Filesize
8KB

Download
memory/5048-484-0x000001D558E70000-0x000001D558E72000-memory.dmp

Filesize
8KB

Download
memory/5048-507-0x000001D558F00000-0x000001D558F02000-memory.dmp

Filesize
8KB

Download
memory/5048-475-0x000001D558E50000-0x000001D558E52000-memory.dmp

Filesize
8KB

Download
memory/5048-498-0x000001D558EE0000-0x000001D558EE2000-memory.dmp

Filesize
8KB

Download
memory/5048-269-0x000001D542A80000-0x000001D542A82000-memory.dmp

Filesize
8KB

Download
memory/5048-266-0x000001D542A50000-0x000001D542A52000-memory.dmp

Filesize
8KB

Download
memory/5048-550-0x000001D554720000-0x000001D554820000-memory.dmp

Filesize
1024KB

Download
memory/5048-553-0x000001D5598E0000-0x000001D5599E0000-memory.dmp

Filesize
1024KB

Download
memory/5048-737-0x000001D558F60000-0x000001D558F80000-memory.dmp

Filesize
128KB

Download
memory/5048-741-0x000001D55A0D0000-0x000001D55A1D0000-memory.dmp

Filesize
1024KB

Download
memory/5048-758-0x000001D55A600000-0x000001D55A700000-memory.dmp

Filesize
1024KB

Download
memory/5048-895-0x000001D542A60000-0x000001D542A70000-memory.dmp

Filesize
64KB

Download