ec6df713446a8dd5efb376fbb7b444ed7e09f5cdd98c0494999b64af2e2d5537

Analysis

max time kernel
56s
max time network
72s
platform
windows10-1703_x64
resource
win10-20230220-es
resource tags

arch:x64arch:x86image:win10-20230220-eslocale:es-esos:windows10-1703-x64systemwindows
submitted
23-03-2023 17:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

krnl_beta (1).exe
Size

1.8MB
MD5

3701dc535fb395d6a1fb557a3aeec5e9
SHA1

ef517659229ddc6ecfc02481c3953ac9322dae35
SHA256

ec6df713446a8dd5efb376fbb7b444ed7e09f5cdd98c0494999b64af2e2d5537
SHA512

20dc14387138f913034bd2c265156dca1f36c128c040a99d6904fe6f1830d2f98afb3dcf0553817adb66e480be7d0fb0d7df58f0feb9b007a5a6bab648b081a2
SSDEEP

49152:+P1uB0SVp4+KSxyrRUzS65+x+rnxYr9PC:+Pk0ST4+RgRUzS65+x1ZPC

Score

8^/10

microsoft phishing

Malware Config

Signatures

Downloads MZ/PE file
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.

Query Registry
T1012

System Information Discovery
T1082

Processes:

KrnlUI.exe

description ioc process

Key value queried \REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Control Panel\International\Geo\Nation KrnlUI.exe
Executes dropped EXE 3 IoCs

Processes:

7za.exe7za.exeKrnlUI.exe

pid process

3964 7za.exe
4624 7za.exe
456 KrnlUI.exe
Loads dropped DLL 2 IoCs

Processes:

krnl_beta (1).exe

pid process

1384 krnl_beta (1).exe
1384 krnl_beta (1).exe
Detected potential entity reuse from brand microsoft.
phishing microsoft

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Control Panel\International\Geo\Nation	KrnlUI.exe

pid	process
3964	7za.exe
4624	7za.exe
456	KrnlUI.exe

pid	process
1384	krnl_beta (1).exe
1384	krnl_beta (1).exe

Drops file in Windows directory 5 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeSecHealthUI.exe

description	ioc	process
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\4272278488\3302449443.pri	SecHealthUI.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4376 4224 WerFault.exe SecHealthUI.exe

pid	pid_target	process	target process
4376	4224	WerFault.exe	SecHealthUI.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

Processes:

MicrosoftEdge.exebrowser_broker.exeMicrosoftEdgeCP.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 0100000013c1eda88b67df6f1d10a73e5442ead4c32702826f03068478cc47175c5d0a32bae6da429096101115a3a9f8fd29c20e809152dc82647aa492c76c5d410be5d517fdb5bf98f27b10fbaef192adcaedd52773aa3a106fcbb07a68	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B72164 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\ManagerHistoryComplete = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscc_inventory	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "501"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\LowRegistry	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\ChromeMigration\MigrationTime = 77d59bfe5145d901	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotnet.microsoft.com	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CacheLimit = "1"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\AllComplete = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotnet.microsoft.com	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\FirstRecoveryTime = 77d59bfe5145d901	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "379"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\LowRegistry\DOMStorage	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\microsoft.com\Total = "0"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url4 = "https://login.live.com/"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ReadingMode	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 4ea834caad5dd901	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotnet.microsoft.com	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url1 = "https://www.facebook.com/"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListFirstRun = "3"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com\Total = "122"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com\Total = "379"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\TypedUrlsComplete = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Zoom	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 5e1e2bcaad5dd901	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0"	MicrosoftEdge.exe

Suspicious behavior: MapViewOfSection 4 IoCs

Processes:

MicrosoftEdgeCP.exe

pid process

4216 MicrosoftEdgeCP.exe
4216 MicrosoftEdgeCP.exe
4216 MicrosoftEdgeCP.exe
4216 MicrosoftEdgeCP.exe

pid	process
4216	MicrosoftEdgeCP.exe
4216	MicrosoftEdgeCP.exe
4216	MicrosoftEdgeCP.exe
4216	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 19 IoCs

Processes:

krnl_beta (1).exe7za.exe7za.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	pid	process
Token: SeDebugPrivilege	1384	krnl_beta (1).exe
Token: SeRestorePrivilege	3964	7za.exe
Token: 35	3964	7za.exe
Token: SeSecurityPrivilege	3964	7za.exe
Token: SeSecurityPrivilege	3964	7za.exe
Token: SeRestorePrivilege	4624	7za.exe
Token: 35	4624	7za.exe
Token: SeSecurityPrivilege	4624	7za.exe
Token: SeSecurityPrivilege	4624	7za.exe
Token: SeDebugPrivilege	3220	MicrosoftEdge.exe
Token: SeDebugPrivilege	3220	MicrosoftEdge.exe
Token: SeDebugPrivilege	3220	MicrosoftEdge.exe
Token: SeDebugPrivilege	3220	MicrosoftEdge.exe
Token: SeDebugPrivilege	2796	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2796	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2796	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2796	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1732	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1732	MicrosoftEdgeCP.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

SecHealthUI.exeMicrosoftEdge.exeMicrosoftEdgeCP.exe

pid process

4224 SecHealthUI.exe
3220 MicrosoftEdge.exe
4216 MicrosoftEdgeCP.exe
4216 MicrosoftEdgeCP.exe

pid	process
4224	SecHealthUI.exe
3220	MicrosoftEdge.exe
4216	MicrosoftEdgeCP.exe
4216	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 29 IoCs

Processes:

krnl_beta (1).exeMicrosoftEdgeCP.exe

description	pid	process	target process
PID 1384 wrote to memory of 3964	1384	krnl_beta (1).exe	7za.exe
PID 1384 wrote to memory of 3964	1384	krnl_beta (1).exe	7za.exe
PID 1384 wrote to memory of 3964	1384	krnl_beta (1).exe	7za.exe
PID 1384 wrote to memory of 4624	1384	krnl_beta (1).exe	7za.exe
PID 1384 wrote to memory of 4624	1384	krnl_beta (1).exe	7za.exe
PID 1384 wrote to memory of 4624	1384	krnl_beta (1).exe	7za.exe
PID 1384 wrote to memory of 456	1384	krnl_beta (1).exe	KrnlUI.exe
PID 1384 wrote to memory of 456	1384	krnl_beta (1).exe	KrnlUI.exe
PID 1384 wrote to memory of 456	1384	krnl_beta (1).exe	KrnlUI.exe
PID 4216 wrote to memory of 2796	4216	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4216 wrote to memory of 2796	4216	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4216 wrote to memory of 2796	4216	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4216 wrote to memory of 2796	4216	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4216 wrote to memory of 2796	4216	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4216 wrote to memory of 2796	4216	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4216 wrote to memory of 2796	4216	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4216 wrote to memory of 2796	4216	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4216 wrote to memory of 2796	4216	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4216 wrote to memory of 2796	4216	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4216 wrote to memory of 4880	4216	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4216 wrote to memory of 4880	4216	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4216 wrote to memory of 4880	4216	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4216 wrote to memory of 4880	4216	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4216 wrote to memory of 4880	4216	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4216 wrote to memory of 4880	4216	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4216 wrote to memory of 4880	4216	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4216 wrote to memory of 4880	4216	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4216 wrote to memory of 4880	4216	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4216 wrote to memory of 4880	4216	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe

C:\Users\Admin\AppData\Local\Temp\krnl_beta (1).exe
"C:\Users\Admin\AppData\Local\Temp\krnl_beta (1).exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1384
- C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
  "C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe" x "C:\Users\Admin\AppData\Roaming\Krnl\krnl.7z" -o"C:\Users\Admin\AppData\Roaming\Krnl" -aoa -bsp1
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:3964
- C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe
  "C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe" x "C:\Users\Admin\AppData\Roaming\Krnl\Data\Community.7z" -o"C:\Users\Admin\AppData\Roaming\Krnl\Community" -aoa -bsp1
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:4624
- C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe
  "C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:456

C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
"C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe" -ServerName:SecHealthUI.AppXep4x2tbtjws1v9qqs0rmb3hxykvkpqtn.mca
1⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:4224
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4224 -s 1672
  2⤵
  - Program crash
  PID:4376

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3220

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:3384

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4216

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:2796

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:1732

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4880

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\IV9H23MJ\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\7A5VZUDK\dotnet.microsoft[1].xml

Filesize
1KB

MD5
c6e6f1e695271ec1600d3446eed0d20a

SHA1
0aa4e0217d7091bf2843fd0201326fb05533d8cf

SHA256
9e6897d19ac93f44d928868f400bde4304c984d80243936eaa6bad19e64512df

SHA512
17c58f38dc2ea0a3205f3589754e46bdbf3bdc0b10d79702ead4a025933cce9d7975a31d9d47deb8a08b83f89b701014bfe22b70250cd991ec14dc819764b7c7

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\7A5VZUDK\dotnet.microsoft[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\7A5VZUDK\dotnet.microsoft[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\7A5VZUDK\dotnet.microsoft[1].xml

Filesize
694B

MD5
6abba64460652e47bd669487703f7faf

SHA1
babd26d08e56f7e4d10c5d8f3f031240ad889ee9

SHA256
b4961ea4b0eb2c314e3c234ada89556663fcc29d51da303bba446885a0eb515d

SHA512
dc7bd5ef64dfdca6b4b5fd7aebb737bfdf649183bf141593799875684a1c72355bc09bbeb8ab4fffe02cc32c49d1547af56e7e5c8f0ccf96a7eef15c8e1ab09a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\GE33ERDS\favicon[1].ico

Filesize
16KB

MD5
12e3dac858061d088023b2bd48e2fa96

SHA1
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5

SHA256
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

SHA512
c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\8fmv1lg\imagestore.dat

Filesize
17KB

MD5
b758c6a30fc097a04949219606072730

SHA1
c60991dcd8631d68df2fc09b8861f68f1316d884

SHA256
9bf904703dc46d45e66d434964fefe296c443a737de3d7a3d18b9a4609f32d90

SHA512
e551673f387f1045d0fda68bb85e0092c51aaa841550d1e44a25545c14660ae24618a64692eda7c449a58b7c668db33b9e0169016ebc5bfcd726371af7f27014

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\80JKCHTJ\a2-598841[1].js

Filesize
134KB

MD5
2cc02dc1fb567abe4b05d266eb06d922

SHA1
6dcbdeb8033539e29ca4d11975bee63bfabbfdad

SHA256
14bc892aff22a1998743df7de326750231ec0592917c70c5a9e5478fea456409

SHA512
769ec7d320b0b5ebfe2affc562078f0de8c21a6157af32f50f577327d37c43fa7b121d09cbd2bf27471c4356e90b1d96b10b73aa31410532f3fc46255d28a315

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\80JKCHTJ\analytics.min[1].js

Filesize
892B

MD5
b4a1847f1be996c08716d3b97456d657

SHA1
49113ee2989496eb1858a45ffaa319863d8ccd69

SHA256
8a80172a7d4c7c65ad596f52ecc105d61c0b2b60368277fb4729767f54fec06a

SHA512
b0e4ab27c1db23cbcd13bda3bf488293985d76de6c4f51b2be140c7ca8562a0b8280360b2e628a097f7e5fe94508759aca5bec037a1b3d7a73d2d7d16fb63b93

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\80JKCHTJ\cda-tracker.min[1].js

Filesize
798B

MD5
a3827d5909344f41d270fc8475f7733c

SHA1
bb6cb83e4d2080ee02ea366699f487c7362d4934

SHA256
bcb1104af4aea1ba4be65f0e9669e2f5382df316635226ade340f6dc15f2866a

SHA512
5cbb021d1f0bf0b13583b966ed5bba971b770d3331f062beb2fd75b0d2d380c10bf62db64167f3e3b94f6f5bc05cb160e7d5dae8a5d85d99ed75181040764d18

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\80JKCHTJ\general.min[1].js

Filesize
174KB

MD5
0a51551c9a5fe36e372fc39eb9bf0b3a

SHA1
6c76d69df786828afad990a0144b5d27d56e7863

SHA256
124fceae66250916650ffa507fc9c2773714f98580b7110f98d20103cd983794

SHA512
7c1e3542d04731f54ccb0888fd3b30c39e97e01e0980508bee856cf4725aad04e987a629ef23d95b8c264216f1b825c1c58920e34b79800bdcc22e761b85e388

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\80JKCHTJ\override[1].css

Filesize
1KB

MD5
a570448f8e33150f5737b9a57b6d889a

SHA1
860949a95b7598b394aa255fe06f530c3da24e4e

SHA256
0bd288d5397a69ead391875b422bf2cbdcc4f795d64aa2f780aff45768d78248

SHA512
217f971a8012de8fe170b4a20821a52fa198447fa582b82cf221f4d73e902c7e3aa1022cb0b209b6679c2eae0f10469a149f510a6c2132c987f46214b1e2bbbc

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\QKNHT7JJ\clarity[1].js

Filesize
55KB

MD5
3b5143b6feebe815bcf0e545b79271a7

SHA1
954a5788b00b16d56cd4b702313391a657ef5332

SHA256
eb26f2d6058505cd1dbe32619149aee2b11f70bcf37c34cdf5ad879c68a9abc5

SHA512
a017e36aae72c7c21fe1c0397287e5536b77627d0ccb87cff5b36b271b9f5956c0da2e2387cba6ae360ecb4cbbacdac8cfca51525a7db22cdcea22bcc56c62f1

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\QKNHT7JJ\cookie-consent.min[1].js

Filesize
986B

MD5
276fadd25103db9ea780c1ab25dd42c8

SHA1
54483dc13e60306f87a0e4a4b16b47ffac51e097

SHA256
c9cb2eed50644985e9f73a6897d05d94b80b8c317ea3bb5524c28a16683a63f5

SHA512
174919bc2b37c379531819d3b2fea5097181b600b68b746afb8c52131db2bc05ac6d6c97821fe35f1c4018fb2b2982dcc1d542c568ed3bf0cff71e32b9408eca

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\QKNHT7JJ\ms.analytics-web-3.min[1].js

Filesize
136KB

MD5
6a5b990f8696eb7a67ecfe6b5b3cab0b

SHA1
108bbd600f0237e62112db3969c6f02be0a1c7cb

SHA256
8a13eda4650628c3b24edd6b407cfedf1821188701430545bc17ccf7fe0083ac

SHA512
ceabc9380d2e4166dca101fa8e7ad7fa7b176182a04294b41584c7c3a93c28510c2fa7633e40c0959c7f39382a6b0706f10c6ff87068c96e2f5b15f1353f6856

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\QKNHT7JJ\open-sans-v34-latin-regular[1].woff2

Filesize
16KB

MD5
e43b535855a4ae53bd5b07a6eeb3bf67

SHA1
6507312d9491156036316484bf8dc41e8b52ddd9

SHA256
b34551ae25916c460423b82beb8e0675b27f76a9a2908f18286260fbd6de6681

SHA512
955a4c3ea5df9d2255defc2c40555ac62eeafcc81f6fa688ba5e11a252b3ed59b4275e3e9a72c3f58e66be3a4d0e9952638932fa29eb9075463537910a8e0ce6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\QKNHT7JJ\space-grotesk-v12-latin-700[1].woff2

Filesize
11KB

MD5
514360ed1b78e71aabe58ecd08f36706

SHA1
1062c179ea2f74b5db67f9d7822c556ed25637dd

SHA256
751851e72654508ca07678c61bdacd91b772d725f531dd8a6f62e6f941e11ecc

SHA512
1827c1a0189570e775bdcd07657e720e0bb27c2157ff46307cba551eaa16822645e388321081eb13cae7f4d024038b5279cff897a4c86c0ecd4428e60a5dac5e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Z5I39G7K\ai.2.min[1].js

Filesize
118KB

MD5
ba7c8e27f0d90341d2717f62caaea574

SHA1
2955a4f237989547b8bf5fbeb901061d102bdcb6

SHA256
7e6eb5a9a8a048fbc98c8f37e104b59fdd19a077ece48b1ed11e6d4a54f93d38

SHA512
8af6b765a01ff1ad4002da9ee3ad055c13a5f161d335bde11fb7f0d2fb04427b692c6a82aef6f953bbb93cffaac23368ff4f0ce70a0214974212555e82200195

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Z5I39G7K\at-config.1.4.1[1].js

Filesize
5KB

MD5
72dcd95e1872e4e7dd4debd9363a3f23

SHA1
73e8f9c4dd8812ebc9c54abed3e50b68f21ad7e3

SHA256
d83130d74d82a31e8a653378f0051d57ef560bd85406c85404c0f7bd9801b0bf

SHA512
12c49158f980c09b5cf39becea6506126c9077639991607c6066a9906d5be39eff6d8b4c844ab3dd398d17131f5e00638e52ad7e6a272ca38ea6f2e41efe00a3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Z5I39G7K\at[1].js

Filesize
102KB

MD5
6b56d2bd5139bc5c00f412cd917a3bac

SHA1
7ebb960a86d15ba09b075265c6c098b9cdafc624

SHA256
cd976ec1ad0e64056080f75bd5bb81cc61b544c8f535ca2ca630a7f4aa5fda5b

SHA512
e716effb9d5b6bd49394e972d7307da7068bb03d536b975e03781c3ac9425117cc27e6a24a7aaf71e56f59341dce179184c88c3d4533fae99379a1c1a9e9f222

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Z5I39G7K\bootstrap-custom.min[1].css

Filesize
231KB

MD5
7dad72a4b609084ec79739e46694cfa6

SHA1
9f666798419e52986b737717e222341b162c9270

SHA256
535cc1d2753d7a07b944dcd3427282699f83bc6bfcee48477e021660e21fba1c

SHA512
54d4cc2d99ec3517b4fe9c9f829dd15f9b3c1d07127c71e81afe183a5d02e866e62f2b19b4ece267ccd0dda496732d93f644eed65acd70505cc3af189ff3f3c9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Z5I39G7K\mwfmdl2-v3.54[1].woff

Filesize
25KB

MD5
d0263dc03be4c393a90bda733c57d6db

SHA1
8a032b6deab53a33234c735133b48518f8643b92

SHA256
22b4df5c33045b645cafa45b04685f4752e471a2e933bff5bf14324d87deee12

SHA512
9511bef269ae0797addf4cd6f2fec4ad0c4a4e06b3e5bf6138c7678a203022ac4818c7d446d154594504c947da3061030e82472d2708149c0709b1a070fdd0e3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Z5I39G7K\ndp481-devpack-enu[1].exe

Filesize
32KB

MD5
9fed6ed9c53fd84d84d257fde0e92985

SHA1
85e0996bee6a16730708255ea2b02032f32ea60b

SHA256
8f13c83b0010a1abbae843180ac41f34218e6004a46873003c4a3c4584c7edfe

SHA512
73675fbf85052176d5920cf2050dff15373077d476900d10655e98ca605e23eb27b7e5379c9c4d42fb27255d69aae3ff6085535c37328683f264e1c09f7bd107

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Z5I39G7K\wcp-consent[1].js

Filesize
51KB

MD5
413fcc759cc19821b61b6941808b29b5

SHA1
1ad23b8a202043539c20681b1b3e9f3bc5d55133

SHA256
daf7759fedd9af6c4d7e374b0d056547ae7cb245ec24a1c4acf02932f30dc536

SHA512
e9bf8a74fef494990aafd15a0f21e0398dc28b4939c8f9f8aa1f3ffbd18056c8d1ab282b081f5c56f0928c48e30e768f7e347929304b55547f9ca8c1aabd80b8

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZI2ZGLKK\74-888e54[1].css

Filesize
167KB

MD5
ba0d5ea1fac178bc129be5c94eebc013

SHA1
cdf9036d0a2cc4b57a278e48bce971e708e39aee

SHA256
cf186f15996f1f201512c3576307588ecbf1e4d62daa72aa678b8222d6c652f8

SHA512
a31ed800df0244da91ef08d8e2b262d8b9899ec5f64218e6a233ac9f178df15e642aa7476aa87c1f18228a64507850e2974025b77f7071c2e821d50e3c3ca08e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZI2ZGLKK\RE1Mu3b[1].png

Filesize
3KB

MD5
9f14c20150a003d7ce4de57c298f0fba

SHA1
daa53cf17cc45878a1b153f3c3bf47dc9669d78f

SHA256
112fec798b78aa02e102a724b5cb1990c0f909bc1d8b7b1fa256eab41bbc0960

SHA512
d4f6e49c854e15fe48d6a1f1a03fda93218ab8fcdb2c443668e7df478830831acc2b41daefc25ed38fcc8d96c4401377374fed35c36a5017a11e63c8dae5c487

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZI2ZGLKK\culture-selector.min[1].js

Filesize
308B

MD5
4147b3bfb0a145eec758f0cb7292cefb

SHA1
8e02467706ce768bc9e68fea2a8d01b49513d631

SHA256
8f6f064a7a80641e434afc35b14fd8a01acda68f2ac01097e7dbbf0623edeb20

SHA512
49a661a2009c172df348aa83b2342f5cfdeea58026710bf139f847c1d9e6728b20a865bb81a980492186b7dd210ed1202c01a38757edfe77a4efa4945cd82477

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZI2ZGLKK\main.min[1].js

Filesize
31KB

MD5
b9b13a437cdee66d01ab9cb18d85d3e0

SHA1
6614ec983dc34b78eda8a8e3ada837a503541a92

SHA256
0d56c5660f9a5afc4b544798551201d14c6d222b658bb1bb0e3f40ca04cb7bb9

SHA512
987cc6da7ac9e739b70572464917b464c0f90b3ba795133d852d7eddea3de89db8e880a3fc05745f1f964e5770d7ab9736f50d241e3577705c80ecf088fc888d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZI2ZGLKK\open-sans-v34-latin-600[1].woff2

Filesize
16KB

MD5
603c99275486a11982874425a0bc0dd1

SHA1
ffeb62d105d2893d323574407b459fbae8cc90a6

SHA256
4ffc35ac4d5e3f1546a4c1a879f425f090ff3336e0fce31a39ae4973b5e8c127

SHA512
662dc53798ccda65ee972a1bb52959ca5f4c45066c1d500c2476c50ec537cb90a42d474d7dde2bec1ea8c312cc4a46e1d91ffb610130c2dc7914b65aef8a2615

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZI2ZGLKK\open-sans-v34-latin-700[1].woff2

Filesize
15KB

MD5
e45478d4d6f15dafda1f25d9e0fb5fa1

SHA1
52cb490cd0ee4442ede034085cda9652b206f91c

SHA256
d1a17abb1a999842fe425e1a4ace9d90f9c18f3595c21a63d89f0611b90cfd72

SHA512
2ac423249ec837efa35b29705f55a326dee83f727e867269b86005cce144ca8d435f7412bb0bc9babdb9ae17419e4a0314b2923bee6a5acc96c9909e9eb48645

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\7A5VZUDK\dotnet.microsoft[1].xml

Filesize
694B

MD5
6abba64460652e47bd669487703f7faf

SHA1
babd26d08e56f7e4d10c5d8f3f031240ad889ee9

SHA256
b4961ea4b0eb2c314e3c234ada89556663fcc29d51da303bba446885a0eb515d

SHA512
dc7bd5ef64dfdca6b4b5fd7aebb737bfdf649183bf141593799875684a1c72355bc09bbeb8ab4fffe02cc32c49d1547af56e7e5c8f0ccf96a7eef15c8e1ab09a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_AD319D6DA1A11BC83AC8B4E4D3638231

Filesize
1KB

MD5
8b78413052b56596375c8c05161dad89

SHA1
60781529029b97425b0833b5318d563470088cda

SHA256
0327af2f0030cfbb8ff3f880787b8b1037100d7fdbe6ec76432fbb07ef5f1d14

SHA512
4996fcfb3cdc6e0681e2a831dbb583a378a6e1b5e26c6e8053c79ef107bd64c915b1d81463be9bd30f34f7a515a44c5f0469882443b3dd4df5c16a7e3ec0b0bd

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177

Filesize
471B

MD5
d8bff2682585490e468b70a26c96e93c

SHA1
36cb7b1f1f667a9403c3c527742ad4878669da22

SHA256
c5eda645282685a7eaa063c781e7e0c1008580562519ecccb502c2d134e01fa7

SHA512
994a301ab4c4cfcfdeee5a5e58a8aea099d6ee5c5ee09dce635c81f1b29d7156fef69c59733b34c38f9013623b9e19d39fb30da669d2fd89fba0f82a942b6f4e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C5130A0BDC8C859A2757D77746C10868

Filesize
471B

MD5
eddd15a0935929b6c31b41bbe27e9114

SHA1
448876ed56419831eeb8e2a788a2a1522c4dd8d9

SHA256
259a38caf54e14fec4e1ab22ca0f8145fad3e9707d0843a1be705007e2e223bd

SHA512
e0e52c6e9130b5d8b2638792756eada09e0f7949ae1ab3d2304d0d886f19cce62c391aef772e7ec09a65fc728e5428d258ccc39b933ce8cd139221e7eb5f9950

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE

Filesize
471B

MD5
6e2b20f4b142e2f2852882149c2a9954

SHA1
cd0c805a8d909b44dcb37026f0eb3d6fe2758c9d

SHA256
0375f290268d72c1fa5bdba6a43c94284d84a817e076c1576b26bbe52bd1b2ed

SHA512
82d3eaa6295133fa4f0d2188a7312521fdf07093776be174157296a89b9fced20618e59a7fc265b46e89ada58ae9218bf41e83a66b0c879fb3e19709b34f93e4

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B363E346B43755F918E68AC3AA10D686_6D5DC573178B0888E38E901B96F4F561

Filesize
1KB

MD5
d564f7dd2885618ace5a8ab08e7f61d9

SHA1
06b798d3883954f7b33181e23086a822bb340960

SHA256
b6aaf7a2af361465b1300e17a71506357f4f7201d79b37ef77562cc4c23d3091

SHA512
4b13cf78f9672bca8ebe9808ab8564f7bb098fc0601305d356ede76b409638c1466def6a27316e98e6d6ae694fe74a748cb5191403ff65375c0e42788952e2b8

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
1d02d4e11497ca4a5f92dc3bae32ee84

SHA1
f55eecd6507be05f1cca74a6ca2083389a1b377f

SHA256
8fe53ba9ca8d213306d468e0343f14c0c1566960d1372a0871db8746ccf824a3

SHA512
4ffde7874089e20c278eca242f00fbe931b09aaeb1cabc9b38498db5dea05de57b312374987bb29f26abf7fea7576672d3c1c93d3a81757cdd0ff05865ab8922

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E573CDF4C6D731D56A665145182FD759_EAB4AEE2EA70916CD4B93BC9BD3B283A

Filesize
471B

MD5
8808f05d9a4b601fe7a211469a568d7a

SHA1
b1f69fb9aaf59d2fa8a454a8f847cf2c1ad8dac4

SHA256
5a5fd7b5028ad507535591d27513eeecb0e15d4fc1edd5d7465800151aeecb45

SHA512
1bb5270c5b0e9a471636a9bea90e04b7fb05a28e742ecee343abce6570fe57209648c4a2c140011ce5646b8115f4d8fcfa648aaf34661d143eb850cf68e7faf9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_AD319D6DA1A11BC83AC8B4E4D3638231

Filesize
404B

MD5
3ac35462e0413bff6f1cf8d799158adf

SHA1
98600c8110d0b967ae91bc894b46db671f9e51c3

SHA256
eaa3d18cc2266bf12393fd0a5a19308d079d2bd790cc1fbce6d95f9819e5dfb9

SHA512
1a58a99fbc275cc5e5e8c08555d47f9734136e54574e4f9cc5af40ae36ff6ad861df377c08f6d188168cda4663a8d1a9b020f13e94748d74553d06128dcb437e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177

Filesize
442B

MD5
a191a9f99647921eb1f9b2f3a0a5d075

SHA1
bf9a0b7180d8d449481a9810ff03b9c9629623fa

SHA256
26751779db74c3486211a8beeecbbce2df4dc6f2d6cc6c786b9d5dbd1d3a9315

SHA512
ccdcbf47fa012a12d5936db79f7ae70bd3adeaf085a2f69b7db19a74e62940b4317b1deaef94fa1e2bab41bf0433f37f7e918559cad180811403fc05c252fed6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C5130A0BDC8C859A2757D77746C10868

Filesize
442B

MD5
82d2870e2f94d6a8bb1c3ff90e31d24d

SHA1
52db5ce06a0796c876881ba65fa28ecaca495f39

SHA256
aa4c9c2e37318395b402e8ba3241c780b4ab7f8eacbf418513a4eda81a2e0d56

SHA512
dcda172df8808e80c62f01893e5504e825721cc8191275bfab97139a10d8ced8429ce5d8814661a0f702e4737bee9448ccc510505d0d26a74c43f695075f34c0

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE

Filesize
446B

MD5
4dfac8d878cb2879043bc9db12e30254

SHA1
37e8cdcfa1dba9ffc891b4b9cc9281eb7e4a07ee

SHA256
fa0c06aa858b75e8a50f670b52c766ce67f013a766eca40d1d3e8a37424c87c3

SHA512
247e4ca590e8cab1aeeca66201ef01ed8b052ede7172ee4a0d3dd3c6bb39ee8a12750d273654831691a7f5e83f5b2003cdb55500bca2f628f299ab4e9196f66d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B363E346B43755F918E68AC3AA10D686_6D5DC573178B0888E38E901B96F4F561

Filesize
556B

MD5
03f4cbaf6743a7c7851a0f70d6fd4f16

SHA1
aa8018522f42d0e6cddfdbe26df1adc83db25f21

SHA256
4ff4e17fd743cece8c9d3dc7d7aa5cebe4bc66a8ef64a62cd2f4589b85ee3f92

SHA512
5c00ab886b368795f207b59d7d4cd4bb5a747eda2adb82a9dd799ffe839fd331e53e006c2973c0e84fe71617b8d88885c1ce37f64439ad81bee1f3088458283f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
400B

MD5
2daf8d46e121db8dcfbe6c56c1648776

SHA1
6c9a4c62b432d8322eef0866ce85dc4b14e9147e

SHA256
71946df576b6b9e6f18bf7d960b8419675a701e15af1af61de60232d0227eca3

SHA512
657faa4bee2721bf8e59d2762f84b36de28c4dcc3fef14d339c697a2dea5584bae85a171f4e431f98c9a00796b2034a2b1ae815fed678079f15346b191d21dc3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E573CDF4C6D731D56A665145182FD759_EAB4AEE2EA70916CD4B93BC9BD3B283A

Filesize
426B

MD5
b37ddf7d88e84a0d7187b0f557ee9517

SHA1
b61d48295eb9c9ae22e20a01bfd9c5230151a185

SHA256
7420e67cb2886440c680ada42208b64cff6e303780e986be8fc6008780929ae8

SHA512
2b92bcffdb7cb66d5a64f2747cdf1b176d08ba90bbb277efbde2a0f5be46882628f17cb63ce1f508a757d37cfbf47d64a9ab0a7c91d4446aad49151a7f8cf861

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\Windows\3720402701\2219095117.pri

Filesize
207KB

MD5
e2b88765ee31470114e866d939a8f2c6

SHA1
e0a53b8511186ff308a0507b6304fb16cabd4e1f

SHA256
523e419d2fa2e780239812d36caa37e92f8c3e6a5cd9f18f0d807c593effa45e

SHA512
462e8e6b4e63fc6781b6a9935b332a1dc77bfb88e1de49134f86fd46bd1598d2e842902dd9415a328e325bd7cdee766bd9473f2695acdfa769ffe7ba9ae1953d

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe

Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe

Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\7za.exe

Filesize
628KB

MD5
ec79cabd55a14379e4d676bb17d9e3df

SHA1
15626d505da35bfdb33aea5c8f7831f616cabdba

SHA256
44a55f5d9c31d0990de47b9893e0c927478930cef06fbe2d1f520a6d6cba587d

SHA512
00bbb601a685cbfb3c51c1da9f3b77c2b318c79e87d88a31c0e215288101753679e1586b170ccc9c2cb0b5ce05c2090c0737a1e4a616ad1d9658392066196d47

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\Community.7z

Filesize
2.2MB

MD5
e7e69e3bb82e50d10e17fceb8851f1e3

SHA1
ac38d2c834b5ef30feb0b23272ee289779caf14c

SHA256
1f70e675fd69fa7d0efe44a2a6cbade8350ebb1cb3a9a18ff824cfd680b35ddd

SHA512
ba44f453d75ac413f404b89c5dfd1acbdf95aae10beb65599e7e52ecec7eb3ea82b95a6947fcda38e2cb878eb197714be3f3e3d93d5fc09e83ebb952117ded44

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\Data\krnl.config

Filesize
48B

MD5
2bf7b0f0d0485173c85ed257a7c2e8b4

SHA1
8f26700ad7fbb841ba2a49fe4ab93f791b1ce230

SHA256
6375b1b30e8efe5af82ce1fd0a1e62fad45e0c9cef226c00d32b945350d0c686

SHA512
b61b8462673e0900425a0ddcbf1e6b5b8dfbbf8d8ff18dbf3f9b1dddd66a4ccccdf688236921605d5f673de49a951ab12d8d8b98d86b4f284a37304ce8ec4b63

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe

Filesize
1.1MB

MD5
39ed86952a1e7926924a18802c0b75e4

SHA1
e7ad2a51e62fe68b1a82b17bcde347ab38c09ca3

SHA256
b84ceb86e9a8eba4d168f2cc6c9010c93779641e595f900aafe8cfef6165c126

SHA512
fe7b93af9bb2621148154389e6c7e1dca54c426df88fd09eab9b33763584a4eee837995d29f7dc1550acc4643c05f03a28b5a25e7019d7a4ceb70c238ae33bad

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe

Filesize
1.1MB

MD5
39ed86952a1e7926924a18802c0b75e4

SHA1
e7ad2a51e62fe68b1a82b17bcde347ab38c09ca3

SHA256
b84ceb86e9a8eba4d168f2cc6c9010c93779641e595f900aafe8cfef6165c126

SHA512
fe7b93af9bb2621148154389e6c7e1dca54c426df88fd09eab9b33763584a4eee837995d29f7dc1550acc4643c05f03a28b5a25e7019d7a4ceb70c238ae33bad

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\KrnlUI.exe.config

Filesize
438B

MD5
909df77c711b4133a8f8560483ec2bb3

SHA1
8df8505ec0a0dd670b4044c641e772f6ded485a1

SHA256
c49ed8da5765f33cc854cf13ee0c33ed65d4eba6843c24d05e321e3b40f4a68c

SHA512
0547bae72cd75ad753ddd95c12b7a42b8b3285a3384925cf738c4cc6835c6dd21d16a6206662c4a723fcf348da7e62db3585564782c7daad49b765b43accb28d

Download Submit
C:\Users\Admin\AppData\Roaming\Krnl\krnl.7z

Filesize
71.1MB

MD5
cb244bb2cbed782853d39042fd705b4b

SHA1
f9a69f8f2b87134579ca8c50b91a67bd596553fe

SHA256
d45f3cc6274717014136b6515c250a966f86cd3ecd3dc2c66b3c4c234831e015

SHA512
3d189aba28e8dd59e1e293ad8e962f38518ca11b8aa88b364e06f5ebcbc2626e9963594aa76a59971efbb5a34f6a99e23a1f090def1661abae95ebdd758bf73d

Download Submit
\Users\Admin\AppData\Roaming\Krnl\Data\7z.NET.dll

Filesize
15KB

MD5
982475050787051658abd42e890a2469

SHA1
d955e35355e33a9837d00e78c824f6e5792b47f3

SHA256
4e193ccda4ef7ec7fc1bc12d7abba225a9af5b4612aa0b67a02324b9da8b268c

SHA512
c97b40c82499759e8a11b581004252be618f967153b5a9ce425f9a385746f3a1bdc467686023f36ed11212ea23e1c6b03b4df32cc5dd2a8c4b1d4ab23541c1f6

Download Submit
\Users\Admin\AppData\Roaming\Krnl\Data\7z.NET.dll

Filesize
15KB

MD5
982475050787051658abd42e890a2469

SHA1
d955e35355e33a9837d00e78c824f6e5792b47f3

SHA256
4e193ccda4ef7ec7fc1bc12d7abba225a9af5b4612aa0b67a02324b9da8b268c

SHA512
c97b40c82499759e8a11b581004252be618f967153b5a9ce425f9a385746f3a1bdc467686023f36ed11212ea23e1c6b03b4df32cc5dd2a8c4b1d4ab23541c1f6

Download Submit
memory/1384-160-0x0000000005330000-0x0000000005340000-memory.dmp

Filesize
64KB

Download
memory/1384-197-0x0000000005330000-0x0000000005340000-memory.dmp

Filesize
64KB

Download
memory/1384-204-0x0000000005330000-0x0000000005340000-memory.dmp

Filesize
64KB

Download
memory/1384-147-0x0000000008170000-0x000000000817A000-memory.dmp

Filesize
40KB

Download
memory/1384-121-0x0000000000750000-0x000000000092A000-memory.dmp

Filesize
1.9MB

Download
memory/1384-127-0x0000000005330000-0x0000000005340000-memory.dmp

Filesize
64KB

Download
memory/1384-126-0x0000000005330000-0x0000000005340000-memory.dmp

Filesize
64KB

Download
memory/1384-125-0x0000000008970000-0x00000000089A8000-memory.dmp

Filesize
224KB

Download
memory/1384-124-0x0000000008200000-0x0000000008220000-memory.dmp

Filesize
128KB

Download
memory/1384-123-0x00000000081D0000-0x00000000081D8000-memory.dmp

Filesize
32KB

Download
memory/1384-122-0x0000000005330000-0x0000000005340000-memory.dmp

Filesize
64KB

Download
memory/2796-844-0x000001F5BA5F0000-0x000001F5BA610000-memory.dmp

Filesize
128KB

Download
memory/2796-587-0x000001F5A9270000-0x000001F5A9272000-memory.dmp

Filesize
8KB

Download
memory/2796-916-0x000001F5C1440000-0x000001F5C1540000-memory.dmp

Filesize
1024KB

Download
memory/2796-856-0x000001F5C0E90000-0x000001F5C0F90000-memory.dmp

Filesize
1024KB

Download
memory/2796-833-0x000001F5A8E50000-0x000001F5A8EE1000-memory.dmp

Filesize
580KB

Download
memory/2796-917-0x000001F5C1440000-0x000001F5C1540000-memory.dmp

Filesize
1024KB

Download
memory/2796-591-0x000001F5A92A0000-0x000001F5A92A2000-memory.dmp

Filesize
8KB

Download
memory/2796-593-0x000001F5A92C0000-0x000001F5A92C2000-memory.dmp

Filesize
8KB

Download
memory/2796-785-0x000001F5BC9D0000-0x000001F5BCAD0000-memory.dmp

Filesize
1024KB

Download
memory/2796-743-0x000001F5BFA30000-0x000001F5BFB30000-memory.dmp

Filesize
1024KB

Download
memory/2796-737-0x000001F5BB1E0000-0x000001F5BB1E2000-memory.dmp

Filesize
8KB

Download
memory/2796-731-0x000001F5BF820000-0x000001F5BF822000-memory.dmp

Filesize
8KB

Download
memory/2796-727-0x000001F5BF3E0000-0x000001F5BF3E2000-memory.dmp

Filesize
8KB

Download
memory/2796-722-0x000001F5BF3A0000-0x000001F5BF3A2000-memory.dmp

Filesize
8KB

Download
memory/2796-715-0x000001F5BF380000-0x000001F5BF382000-memory.dmp

Filesize
8KB

Download
memory/2796-699-0x000001F5BF340000-0x000001F5BF342000-memory.dmp

Filesize
8KB

Download
memory/2796-675-0x000001F5BB1A0000-0x000001F5BB1A2000-memory.dmp

Filesize
8KB

Download
memory/3220-814-0x0000017520C30000-0x0000017520C31000-memory.dmp

Filesize
4KB

Download
memory/3220-815-0x0000017520C40000-0x0000017520C41000-memory.dmp

Filesize
4KB

Download
memory/3220-830-0x0000017520A50000-0x0000017520AE1000-memory.dmp

Filesize
580KB

Download
memory/3220-577-0x000001751F000000-0x000001751F002000-memory.dmp

Filesize
8KB

Download
memory/3220-576-0x000001751EFB0000-0x000001751EFB2000-memory.dmp

Filesize
8KB

Download
memory/3220-574-0x000001751AC20000-0x000001751AC22000-memory.dmp

Filesize
8KB

Download
memory/3220-572-0x000001751A7B0000-0x000001751A7B1000-memory.dmp

Filesize
4KB

Download
memory/3220-551-0x000001751AE00000-0x000001751AE10000-memory.dmp

Filesize
64KB

Download