hxxp://www[.]pdfconverterpower[.]net

Analysis

max time kernel
150s
max time network
149s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
10/05/2023, 19:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.pdfconverterpower.net

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 5 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pdfconverterpower.net\Total = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CacheLimit = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\Certificates\83DA05A9886F7658B	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B72164 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.pdfconverterpower.net\ = "483"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pdfconverterpower.net\Total = "37"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pdfconverterpower.net\Total = "98"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pdfconverterpower.net\Total = "509"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = c5e48cb28483d901	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "477"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pdfconverterpower.net\Total = "478"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\EnableNegotiate = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pdfconverterpower.net\Total = "191"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "- 0001 ! 0002 & 0003 , 0004 . 0005 ? 0006 _ 0007 1 0008 2 0009 a 000a e 000b i 000c o 000d u 000e t 000f d 0010 p 0011 b 0012 k 0013 g 0014 ch 0015 jj 0016 f 0017 s 0018 x 0019 m 001a n 001b nj 001c l 001d ll 001e r 001f rr 0020 j 0021 w 0022 th 0023"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "{0B3398EA-00F1-418b-AA31-6F2F9BE5809B}"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\ChromeMigration\MigrationTime = 84a3779c5945d901	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\Favorites	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "409"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "%windir%\\Speech_OneCore\\Engines\\TTS\\en-US\\M1033David"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.pdfconverterpower.net\ = "477"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\google.com\NumberOfSubdoma = "0"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "{37A9D401-0BF5-4366-9530-C75C6DC23EC9}"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "478"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "German Phone Converter"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\FlipAheadCompletedVersion = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.pdfconverterpower.net\ = "29"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = bf0a94b28483d901	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "2"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\TypedUrlsComplete = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PageSetup	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "{14E74C62-DC97-43B0-8F2F-581496A65D60}"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus	MicrosoftEdgeCP.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
3880	powershell.exe
3880	powershell.exe
3880	powershell.exe

Suspicious behavior: MapViewOfSection 6 IoCs

pid	Process
4448	MicrosoftEdgeCP.exe
4448	MicrosoftEdgeCP.exe
4448	MicrosoftEdgeCP.exe
4448	MicrosoftEdgeCP.exe
4448	MicrosoftEdgeCP.exe
4448	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 11 IoCs

description	pid	Process
Token: SeDebugPrivilege	3880	powershell.exe
Token: SeDebugPrivilege	3044	MicrosoftEdge.exe
Token: SeDebugPrivilege	3044	MicrosoftEdge.exe
Token: SeDebugPrivilege	3044	MicrosoftEdge.exe
Token: SeDebugPrivilege	3044	MicrosoftEdge.exe
Token: SeDebugPrivilege	356	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	356	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	356	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	356	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2412	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2412	MicrosoftEdgeCP.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3044	MicrosoftEdge.exe
4448	MicrosoftEdgeCP.exe
4448	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 57 IoCs

description	pid	Process	procid_target
PID 4448 wrote to memory of 356	4448	MicrosoftEdgeCP.exe	71
PID 4448 wrote to memory of 356	4448	MicrosoftEdgeCP.exe	71
PID 4448 wrote to memory of 356	4448	MicrosoftEdgeCP.exe	71
PID 4448 wrote to memory of 356	4448	MicrosoftEdgeCP.exe	71
PID 4448 wrote to memory of 356	4448	MicrosoftEdgeCP.exe	71
PID 4448 wrote to memory of 356	4448	MicrosoftEdgeCP.exe	71
PID 4448 wrote to memory of 356	4448	MicrosoftEdgeCP.exe	71
PID 4448 wrote to memory of 356	4448	MicrosoftEdgeCP.exe	71
PID 4448 wrote to memory of 356	4448	MicrosoftEdgeCP.exe	71
PID 4448 wrote to memory of 356	4448	MicrosoftEdgeCP.exe	71
PID 4448 wrote to memory of 356	4448	MicrosoftEdgeCP.exe	71
PID 4448 wrote to memory of 5020	4448	MicrosoftEdgeCP.exe	74
PID 4448 wrote to memory of 5020	4448	MicrosoftEdgeCP.exe	74
PID 4448 wrote to memory of 5020	4448	MicrosoftEdgeCP.exe	74
PID 4448 wrote to memory of 5020	4448	MicrosoftEdgeCP.exe	74
PID 4448 wrote to memory of 5020	4448	MicrosoftEdgeCP.exe	74
PID 4448 wrote to memory of 5020	4448	MicrosoftEdgeCP.exe	74
PID 4448 wrote to memory of 5020	4448	MicrosoftEdgeCP.exe	74
PID 4448 wrote to memory of 5020	4448	MicrosoftEdgeCP.exe	74
PID 4448 wrote to memory of 5020	4448	MicrosoftEdgeCP.exe	74
PID 4448 wrote to memory of 5020	4448	MicrosoftEdgeCP.exe	74
PID 4448 wrote to memory of 5020	4448	MicrosoftEdgeCP.exe	74
PID 4448 wrote to memory of 5020	4448	MicrosoftEdgeCP.exe	74
PID 4448 wrote to memory of 5020	4448	MicrosoftEdgeCP.exe	74
PID 4448 wrote to memory of 5020	4448	MicrosoftEdgeCP.exe	74
PID 4448 wrote to memory of 5020	4448	MicrosoftEdgeCP.exe	74
PID 4448 wrote to memory of 5020	4448	MicrosoftEdgeCP.exe	74
PID 4448 wrote to memory of 5020	4448	MicrosoftEdgeCP.exe	74
PID 4448 wrote to memory of 5020	4448	MicrosoftEdgeCP.exe	74
PID 4448 wrote to memory of 5020	4448	MicrosoftEdgeCP.exe	74
PID 4448 wrote to memory of 5020	4448	MicrosoftEdgeCP.exe	74
PID 4448 wrote to memory of 5020	4448	MicrosoftEdgeCP.exe	74
PID 4448 wrote to memory of 5020	4448	MicrosoftEdgeCP.exe	74
PID 4448 wrote to memory of 5020	4448	MicrosoftEdgeCP.exe	74
PID 4448 wrote to memory of 5020	4448	MicrosoftEdgeCP.exe	74
PID 4448 wrote to memory of 5020	4448	MicrosoftEdgeCP.exe	74
PID 4448 wrote to memory of 5020	4448	MicrosoftEdgeCP.exe	74
PID 4448 wrote to memory of 5020	4448	MicrosoftEdgeCP.exe	74
PID 4448 wrote to memory of 5020	4448	MicrosoftEdgeCP.exe	74
PID 4448 wrote to memory of 5020	4448	MicrosoftEdgeCP.exe	74
PID 4448 wrote to memory of 5020	4448	MicrosoftEdgeCP.exe	74
PID 4448 wrote to memory of 5020	4448	MicrosoftEdgeCP.exe	74
PID 4448 wrote to memory of 5020	4448	MicrosoftEdgeCP.exe	74
PID 4448 wrote to memory of 5020	4448	MicrosoftEdgeCP.exe	74
PID 4448 wrote to memory of 5020	4448	MicrosoftEdgeCP.exe	74
PID 4448 wrote to memory of 5020	4448	MicrosoftEdgeCP.exe	74
PID 4448 wrote to memory of 5020	4448	MicrosoftEdgeCP.exe	74
PID 4448 wrote to memory of 2040	4448	MicrosoftEdgeCP.exe	76
PID 4448 wrote to memory of 2040	4448	MicrosoftEdgeCP.exe	76
PID 4448 wrote to memory of 2040	4448	MicrosoftEdgeCP.exe	76
PID 4448 wrote to memory of 2040	4448	MicrosoftEdgeCP.exe	76
PID 4448 wrote to memory of 2040	4448	MicrosoftEdgeCP.exe	76
PID 4448 wrote to memory of 2040	4448	MicrosoftEdgeCP.exe	76
PID 4448 wrote to memory of 2040	4448	MicrosoftEdgeCP.exe	76
PID 4448 wrote to memory of 2040	4448	MicrosoftEdgeCP.exe	76
PID 4448 wrote to memory of 2040	4448	MicrosoftEdgeCP.exe	76
PID 4448 wrote to memory of 2040	4448	MicrosoftEdgeCP.exe	76

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell start shell:Appsfolder\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge http://www.pdfconverterpower.net
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3880

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3044

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:1220

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4448

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:356

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:2412

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5020

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:512

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2040

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6CI3IN3W\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JJNWMVAN\googleapis.proxy[1].js

Filesize
17KB

MD5
aca2920a8781143ecb67c051639cc27d

SHA1
92bb38b300e6fd4886ed96f2d920f7233ee8005a

SHA256
4b773ef75e8d64591d0c6187aef5fd7f6164c7684efe5add0a8547ebc143d76c

SHA512
0660464a43af0a7b9bad64554ebdc354a234fa7cdbc92f964c980f44dc951acff9a2fb11d7f217738fc8ae39bb1adeebd74dec03f5215ce5ac124ece6745a292

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JJNWMVAN\js[5].js

Filesize
116KB

MD5
179b8d3222cff981c685df3d65609556

SHA1
5730c71f97eb87719dd5f4583b8738ee7b8c1b6a

SHA256
99c6a38821e73c56d3fa1df40415e1e1f313744fe0c91b26b33da75d3f4dcca1

SHA512
00155e35599a07da589498d2171011ee6e49b165126ae4603a2830164171bd647bca7867c8ca21cdac60ccaa1700995514b1544c98129123b54003acc48e180e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KKL9LWRP\cb=gapi[2].js

Filesize
71KB

MD5
84adfd1bf3bd4853310629a0c1d1f1ac

SHA1
6b07a7782df6d28748828874e9cc0c25afb45fb1

SHA256
2af0416eefd30360c0ec1a6d8db512a017a155681001968f81b3138e3681b5a4

SHA512
9b3e3d09f2f406be28503adc6dbed15ebde46f27156a9db216fea45b114aca3d3e3a6586a0763f87ad2a39db85e63e07ccfdaf6070411403e55697870dea7a9d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\N60FO2Z5\main.min[1].css

Filesize
115KB

MD5
b4f2670110120ff0ad4eaa32a3259571

SHA1
5b2b8568baf1cc5d6368c3534cf7e923b842c0a0

SHA256
d8b1c1bd34c2f8d0d15cf3fe77ba1574e0472b0469e8dc889251a0fc1cdd443a

SHA512
875ea73a5f8c1512ebc42dcfc786d638527be5f5752396fa74f1e7bcc00a1422f632da3c93507a35ef1219e5f09f69d7ee358ec90f81b702b67f75c04373cdf5

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UJ67JE9N\collect[1].gif

Filesize
35B

MD5
28d6814f309ea289f847c69cf91194c6

SHA1
0f4e929dd5bb2564f7ab9c76338e04e292a42ace

SHA256
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

SHA512
1d68b92e8d822fe82dc7563edd7b37f3418a02a89f1a9f0454cca664c2fc2565235e0d85540ff9be0b20175be3f5b7b4eae1175067465d5cca13486aab4c582c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\MUO6H8L0\www.pdfconverterpower[1].xml

Filesize
320B

MD5
628bb5bda84364cde4a41eb98790e230

SHA1
f69d4d2e7ceea94f4ad0a3edd8f858021f18cf9d

SHA256
0a3a907f4c2a08a43c0a4c4d864c657f8800cbee9e70047d4f6d0bcd69e23900

SHA512
b29c241cc2830c9682c5fafe98868d4d370d1c8beb555f7913c72ebb9fd94f26192a181bcec24165bb1c54d99d52a431ae005a340a10f8f3618f74ff68123ba8

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\MUO6H8L0\www.pdfconverterpower[1].xml

Filesize
320B

MD5
628bb5bda84364cde4a41eb98790e230

SHA1
f69d4d2e7ceea94f4ad0a3edd8f858021f18cf9d

SHA256
0a3a907f4c2a08a43c0a4c4d864c657f8800cbee9e70047d4f6d0bcd69e23900

SHA512
b29c241cc2830c9682c5fafe98868d4d370d1c8beb555f7913c72ebb9fd94f26192a181bcec24165bb1c54d99d52a431ae005a340a10f8f3618f74ff68123ba8

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\MUO6H8L0\www.pdfconverterpower[1].xml

Filesize
722B

MD5
0009c04ca8c2ab5d993cbfe7446b22c1

SHA1
12ebecf015cff1ae1a55573a9741258362e8f71b

SHA256
5904cd56d8c11214ede568ed24f121ae8cd9ceace2d02728098b17f3bb833ec8

SHA512
78a280399f4e041716884cc1b5349253f98ecf054bd93682a17d002ec351000c492534167f7b7bb308bfbb1c54b02b92d3727f0d70e97fca92973912d83b73a4

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\MUO6H8L0\www.pdfconverterpower[1].xml

Filesize
837B

MD5
f33103da71fd344be6cf53024200a2b1

SHA1
a644add20b9cdcac60b595f973ca3dd08d5288ae

SHA256
5302fab03374be58380931f673af983f15c4bb678c5c6724ec27c93e43fc22f5

SHA512
65d4d3cd6bf0eb880055da52912c2f3921b3b2aa40d7f3a0ff22b7ef7a8a29dba005f961260c5438bf0148a4dae7dfab9fd7f4c24617ee9ac2af08b3175f205a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\MUO6H8L0\www.pdfconverterpower[1].xml

Filesize
758B

MD5
2a5ca41c32961e7459df63f682d2cd43

SHA1
36ee80ca340ccbf414a5e6d0f83da249d12c7d6a

SHA256
4e6148f1c52569f9a9fd8fe2d3298f406aff6e41f6127c070ed1b94bb4b4452c

SHA512
547dea665f1d5a344845196c62a716031e1f140408c4d3e8955bbb02f9f6c9580d8ced8b24ea69d027f8f3531f1e710e50e8d9304e31855da6045969051df77c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\MUO6H8L0\www.pdfconverterpower[1].xml

Filesize
758B

MD5
d12136c41db8e148ba6c2e4e6490155c

SHA1
27935bf011e3284eff1b1dfe306f01ed119fa849

SHA256
63b471d6ec322351e960c6bdd354bf7af864b410b2c9024be39648a1ee28f0e8

SHA512
5d411ea635c9cf8ef156affb937bf387781c8f875681eabffd9c6fac19783361c6a668bba846232c86aef87626f239797e90063b11253a0ff934e568aa10252c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\MUO6H8L0\www.pdfconverterpower[1].xml

Filesize
759B

MD5
1f08baeddde535391f99ce12bf611b66

SHA1
e2c3c138ee4da572efdac0ca58ab8e9fe1a9af19

SHA256
d976d45c2beed61ca6932d67c4e5af9d81e664d4058855734f02ecf1cfe0492b

SHA512
606a8e55188a0e619e457259c7e2f26956aaff6494dc2de7e64b02981d631fef472be732c07b373242e8b85174b8a77f5ef910821301c2ff8485bdbe0e1750ec

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\MUO6H8L0\www.pdfconverterpower[1].xml

Filesize
763B

MD5
c03357aa02ad250ce45a18d7484b15f1

SHA1
c5fcbef7ea749ea0f1902f338512408bad58ac03

SHA256
5c0097f17b97efe35931031c45b162f6114680ca68035a4665086ad3ee95da6c

SHA512
826709056c65c46e39a94dc2deb87308b83600b3a0c206867aa9b93e636f25d15330823241f9340caf42e152b25f2e67be198bfad487c8fadd45d49fe68b198d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\NB2VEOUU\chrome.google[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\9IUX4WI8\favicon[1].ico

Filesize
102KB

MD5
0f7d5dcd9dd7e7ca94c166e172fc670d

SHA1
a0613e4125e7b7bf35eb07ea7605fc4ba11cddeb

SHA256
a6b6b93e47e88b283e2e0536b2cb293895214796b9390ae1bb567b5c25e6a725

SHA512
a29a59f5895174f9ca773843f3a9c29396fcfff2cd117b7a6ba189ad0ebe5ef535c823f6938c765b5e470abe6ba65ef8d6237fc304a15ddd5055d91d82e101ab

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\GW39W4DP\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\OALTCWXH\chrome_web_store-32[1].png

Filesize
1KB

MD5
8f3804e7b360408654caa06bf4444ff5

SHA1
51502f93396c6b3d0a2909a8df00076c1a17b901

SHA256
931823b9d555a7fbfe52d23f28066f438ace619eececa7380309662e55164a75

SHA512
282fcd2bbcd315f0a96609da37abe3fbfb303e087c557bd823a6735daec1d298f4191b066baae6e196128dda35241c88578c461b4a8993c0d173cc58eca0866c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\OALTCWXH\favicon-16x16[1].png

Filesize
695B

MD5
7fc6324199de70f7cb355c77347f0e1a

SHA1
d94d173f3f5140c1754c16ac29361ac1968ba8e2

SHA256
97d4556f7e8364fb3e0f0ccf58ab6614af002dfca4fe241095cf645a71df0949

SHA512
09f44601fa449b1608eb3d338b68ea9fd5540f66ea4f3f21534e9a757355a6133ae8fb9b4544f943ca5c504e45a3431bf3f3d24de2302d0439d8a13a0f2d544f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\p6hoxac\imagestore.dat

Filesize
103KB

MD5
b12de68560338bb0c4b92230fb862cbb

SHA1
b9f4582827c8b331e7c9b129e85e58b07f9fda0f

SHA256
d0d31ddccff368501b11be693a2a55f2ab157eca4c583c55de544e6ddefb524d

SHA512
d08791e4b5ace72131e484949a4e0e38ee38bbd1c09aa159c76615b1b774af3f710c3af338825106763422269a4eb92ebc353acade0d9066c2bd01b2bbf32bd8

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\Windows\3720402701\2219095117.pri

Filesize
207KB

MD5
e2b88765ee31470114e866d939a8f2c6

SHA1
e0a53b8511186ff308a0507b6304fb16cabd4e1f

SHA256
523e419d2fa2e780239812d36caa37e92f8c3e6a5cd9f18f0d807c593effa45e

SHA512
462e8e6b4e63fc6781b6a9935b332a1dc77bfb88e1de49134f86fd46bd1598d2e842902dd9415a328e325bd7cdee766bd9473f2695acdfa769ffe7ba9ae1953d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\N60FO2Z5\analytics[1].js

Filesize
50KB

MD5
4507839525a19180914799b08fb5fa5b

SHA1
738d7e47e47a102e67d09efa63408d21aaf02245

SHA256
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44

SHA512
124bb24b26ede426ac7ef14db40ff894ddea6eb9c7a5bf408fd83b116bd55ec86b51b6839d5eec7ec0f481aab940795006005b4534dff6cc0f3a6560f7cf9bea

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
4f9b5ccb87cd841476a169cbced38b20

SHA1
1c50238d2944d9a1323e2e14200c8f7d1eb7d3ec

SHA256
bb3ca3ecc364a7344e1ca356f312362929a57065ca10f3e5d2bc09444f45ceac

SHA512
66045d9d51bfc82a0bb70246ca0835aa7d2244238dccd24305a5caa212530a578a916ea7f65f67ed0d11fbfd668e8807e3c4f0e8c345097ca3b47e16389a9f82

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_15968011F70DB2824F1334C20F0C2703

Filesize
472B

MD5
7f1e10a4c45468a7ae08a0ec82f6079c

SHA1
ade13c7d1bf1af4ba715bd63853212e2fc091f1d

SHA256
ea10f3ce32bc47bbb0b204236d54877d520adc08656812923ed88552dfcc74c7

SHA512
1cbe0134672291aa5cc9988abec3ac08b9600c2c133006b3dc31295b86cfda29992c307b4ae71ca231f2c21b87a6e26c4aec6d88ab79b8ef2e66571584519512

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_215473E3208E30A81B553185375E9740

Filesize
471B

MD5
5aca27f79350e17a099e50a140003fe7

SHA1
0eb4e961334d393301e1afef9173fbb992c6565c

SHA256
2a18b8afb82e151c3cb399307da3838b72f66b1f8b5d6593644227b889cc86c1

SHA512
c911581450b22afa71ba87d8b7c74988a587894b8747edc06b3ddf119fdb325216472221ca6f0e4a3c195086194feb7fd3c5460036a8fe58a993c936601f5fba

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
aa62f8ce77e072c8160c71b5df3099b0

SHA1
06b8c07db93694a3fe73a4276283fabb0e20ac38

SHA256
3eb4927c4d9097dc924fcde21b56d01d5d1ef61b7d22bfb6786e3b546b33e176

SHA512
71724e837286c5f0eb2ee4ad01ac0304d4c7597bb2d46169c342821b0da04d8597491bd27ef80e817bc77031cd29d2182ccc82ef8ea3860696875f89427c8e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_6C2CB05F92FA4E3C02578971626EE084

Filesize
472B

MD5
4a4e9200180bf1b74ad1cb1c578ddcab

SHA1
060652d18d5f2be3919396b98f83ba01e1b04f90

SHA256
bea7eb0781b8eff039f8cb869c2a3cd0d3e61f512264f85a439b3ed3a3e3a2b0

SHA512
8684597b5c94cfee2868de50c0e8caeef82b0a217bfb6a65635d9bc3e8d7e346535d3567ea3bac6b9297b4b5d71480287ad08c933bb9ec48d18048838b4408af

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_5BA17A2CB531BF840B50C3F38BA01D21

Filesize
471B

MD5
47272cb076c77e164e7570dd49d90025

SHA1
0039db810fa5c031bdab6e71925d197e50906041

SHA256
c87f1232b211dac41dd77de133a3017154e0d47ce5aa864a782b725a3b0f9b7f

SHA512
3f8fb0b3eb06c415434ce6e67c202bafb8cdd3a38c29c4503a294847431bfea3ac7b333685dda19d9f7d275cff71a52c6f191abe4492a99b1cba5b7a8c5f9f6b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_A954A9E707464BF50BFC4C596957609B

Filesize
471B

MD5
23bc9e4846c54c2f4f727b2b169c6cdd

SHA1
e25642bdce51340b969ca9dc845050ebfdf6576a

SHA256
c9986b4c373c2d2188721108274fb8628435b19359655a24251ea0c16f4935d6

SHA512
56a31842501b42be42ffc998751980cfa7eac582d2b771dc5af4bd773082a8b24ff3e942f8c891c4f93aeff385ab4ab210a3d82468660aafc5a5308a2d95f4e0

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_ABCF5BF94DF129F3524CB49268CB08C1

Filesize
472B

MD5
730c274b5b712b90e34214ebc6644b46

SHA1
a5f30db77c6b99a1926407426ffcd829ecf32529

SHA256
ef2ede10f3c7aa6892aac44d7758e7b6ed4645349d4fc488ad7b8c53cae44b95

SHA512
a0b8161724a0cf78e48d046de3a4f84a044220840b3742950bd2c144ad31e6299dedecd72e027d431f604f8327b7efe5ed3a07c9b2d9cf8f327e4010176b2d0d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
3ca7b37de7d23e7c5a0d3c06aa3e2042

SHA1
054276661f8c0e1e1d54b2d1deb191d0d0fffbb2

SHA256
1d19626e77db8dc5cc9d2a2641b9ef977aa597f17592a70c3e6b61d863d54943

SHA512
3a739eb8b4e0e74b4737488ee7252ed5f49eff80d6c9d64dd112b9b07b8403039c91640f7b9d6efc601bde2938516645bbc7c7cdcff267b1580173e9cbdb43ad

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_15968011F70DB2824F1334C20F0C2703

Filesize
402B

MD5
b13d9bc98f82acc00ce0f6f34c450de3

SHA1
9105e8f54869cb99ba5887bf2979d5133acab369

SHA256
2439c0bc7d37c18bcd61feae9ccfc428a77a601fbc5110d25bd376b353f3c3f2

SHA512
72e38e8121eac5387097645c7018e20afe64f1403b0e42d39e7aa01bcddfbea7c9dfdc49a38606ba6b4182c3fc2ee1b405a24630ea7b5c35c8ba19dc64da4065

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_215473E3208E30A81B553185375E9740

Filesize
406B

MD5
de548b00eef7c9b2cf9cc333fd78e963

SHA1
2f48b5ef252024b22e46d56781c6bc97b4540040

SHA256
396da1a6565ffea347f19212fd111c3fe3e29b7175dcb28a9dc14851bae74042

SHA512
102c16fbe7cab08a2d44b2a591529848496c053fe252f539276476c4808f30957f69102b2bdbfa637602f823311e0a7242fbdc132337208d043e4b63da23869d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
8d12466e488e8ad25575350f43c309ba

SHA1
3c30ea507d10a0ca147444d381b463de236bfb60

SHA256
014f3522429d6394bc3409d5606318d887152e1e7aa8a99d68bd5758eed4544b

SHA512
8c2ed923ebf5699f38db630831e57c83de6bbc1b6deb5c54084587035d629419b06a569ac471d9675d8e2332d319c6f2a4fe23a91588a0d9bae64d1c5df6a453

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_6C2CB05F92FA4E3C02578971626EE084

Filesize
406B

MD5
6e5c060d0b5e9e8acb56ce5fef8b44c1

SHA1
720c2174e268c2533106beb0a63e7eee983d972f

SHA256
5bfe47704ba893c886452dccfa58dfb969850d8127534c9a6f9086d382220e45

SHA512
957d9fd9e3e4151d402cb4a698ee4d741d8654053640f14b5ceec1d0c04874371ce46a829f23b2d6049dd209ada72574a807faad0bfa7640ce4298c872178539

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_5BA17A2CB531BF840B50C3F38BA01D21

Filesize
406B

MD5
d0d9dced3450f016c235a1fe200fee73

SHA1
d1647b58d6c4cc15e76a475e1bbbe0d39687c876

SHA256
94de9da6198ad534eda5d60d93ffccfff39acc0a127601c391775346a860a60a

SHA512
da44193efc1a27b75f13cf9e5752eb62c5cf2f179931494d83d4cc81391e5bcb8c7042cb6b990fc1a21da0481840664c1f65c14f014fb22f34591146cb4e8e49

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_A954A9E707464BF50BFC4C596957609B

Filesize
406B

MD5
f802b15662ec985fe9d662fd19da00a2

SHA1
937ca2b6dc83a7fff58eda793581f57216140055

SHA256
8014d826232070dcd8e683bcc2f5f1389467aa78f71c09ea7b711fef1a5dc3c7

SHA512
dd0ef778356750e5d0bd8c5246ce7d1325b0b9b3ea808e4eeb280db8470354ad28c48f2c6c4537c82439f512140d358af9d5524d2a0d6bd1f4675f6af9581a37

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_ABCF5BF94DF129F3524CB49268CB08C1

Filesize
406B

MD5
6dfa185263631269a1171fecc39c7558

SHA1
fb646e0751baf5680b7d00bdd3608910d906d5a1

SHA256
0a0e06636988231c88cc74b3cccc0954e07a3500ddea13db657ef59a8059f775

SHA512
96d4f47a94e12f118357469346700c579fa8f1e1ab512c4628521692c967e1c1463ad727807d4a2b2ecd97f0385916a800ad22f8a2424944802288ee55a458d6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\Windows\3720402701\2219095117.pri

Filesize
207KB

MD5
e2b88765ee31470114e866d939a8f2c6

SHA1
e0a53b8511186ff308a0507b6304fb16cabd4e1f

SHA256
523e419d2fa2e780239812d36caa37e92f8c3e6a5cd9f18f0d807c593effa45e

SHA512
462e8e6b4e63fc6781b6a9935b332a1dc77bfb88e1de49134f86fd46bd1598d2e842902dd9415a328e325bd7cdee766bd9473f2695acdfa769ffe7ba9ae1953d

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_yr3oftb0.orn.ps1

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
memory/356-342-0x000001867E0E0000-0x000001867E100000-memory.dmp

Filesize
128KB

Download
memory/356-359-0x0000017E11430000-0x0000017E11530000-memory.dmp

Filesize
1024KB

Download
memory/356-665-0x000001867C950000-0x000001867C960000-memory.dmp

Filesize
64KB

Download
memory/356-667-0x000001867C950000-0x000001867C960000-memory.dmp

Filesize
64KB

Download
memory/356-668-0x000001867C950000-0x000001867C960000-memory.dmp

Filesize
64KB

Download
memory/356-666-0x000001867C950000-0x000001867C960000-memory.dmp

Filesize
64KB

Download
memory/356-669-0x000001867C950000-0x000001867C960000-memory.dmp

Filesize
64KB

Download
memory/356-661-0x000001867C950000-0x000001867C960000-memory.dmp

Filesize
64KB

Download
memory/356-662-0x000001867C950000-0x000001867C960000-memory.dmp

Filesize
64KB

Download
memory/356-660-0x000001867C950000-0x000001867C960000-memory.dmp

Filesize
64KB

Download
memory/356-658-0x000001867C950000-0x000001867C960000-memory.dmp

Filesize
64KB

Download
memory/356-657-0x000001867C950000-0x000001867C960000-memory.dmp

Filesize
64KB

Download
memory/356-209-0x000001867C940000-0x000001867C942000-memory.dmp

Filesize
8KB

Download
memory/356-212-0x000001867C970000-0x000001867C972000-memory.dmp

Filesize
8KB

Download
memory/356-488-0x0000017E12CA0000-0x0000017E12CC0000-memory.dmp

Filesize
128KB

Download
memory/356-473-0x000001867D900000-0x000001867DA00000-memory.dmp

Filesize
1024KB

Download
memory/356-468-0x0000017E10920000-0x0000017E10A20000-memory.dmp

Filesize
1024KB

Download
memory/356-467-0x0000017E10920000-0x0000017E10A20000-memory.dmp

Filesize
1024KB

Download
memory/356-410-0x0000017E116F0000-0x0000017E116F2000-memory.dmp

Filesize
8KB

Download
memory/356-664-0x000001867C950000-0x000001867C960000-memory.dmp

Filesize
64KB

Download
memory/356-214-0x000001867C9A0000-0x000001867C9A2000-memory.dmp

Filesize
8KB

Download
memory/356-303-0x000001867DFB0000-0x000001867DFB2000-memory.dmp

Filesize
8KB

Download
memory/356-300-0x000001867DE70000-0x000001867DE72000-memory.dmp

Filesize
8KB

Download
memory/356-295-0x000001867DE60000-0x000001867DE62000-memory.dmp

Filesize
8KB

Download
memory/356-289-0x000001867DD70000-0x000001867DD72000-memory.dmp

Filesize
8KB

Download
memory/356-281-0x000001867DDC0000-0x000001867DDE0000-memory.dmp

Filesize
128KB

Download
memory/3044-493-0x00000228F08C0000-0x00000228F08C1000-memory.dmp

Filesize
4KB

Download
memory/3044-495-0x00000228F08D0000-0x00000228F08D1000-memory.dmp

Filesize
4KB

Download
memory/3044-197-0x00000228EF000000-0x00000228EF002000-memory.dmp

Filesize
8KB

Download
memory/3044-196-0x00000228EEFD0000-0x00000228EEFD2000-memory.dmp

Filesize
8KB

Download
memory/3044-194-0x00000228EA8F0000-0x00000228EA8F2000-memory.dmp

Filesize
8KB

Download
memory/3044-192-0x00000228EA830000-0x00000228EA831000-memory.dmp

Filesize
4KB

Download
memory/3044-173-0x00000228EA700000-0x00000228EA710000-memory.dmp

Filesize
64KB

Download
memory/3044-155-0x00000228EA320000-0x00000228EA330000-memory.dmp

Filesize
64KB

Download
memory/3880-122-0x000001DFE3EC0000-0x000001DFE3EE2000-memory.dmp

Filesize
136KB

Download
memory/3880-127-0x000001DFE4070000-0x000001DFE40E6000-memory.dmp

Filesize
472KB

Download
memory/3880-126-0x000001DFE3E80000-0x000001DFE3E90000-memory.dmp

Filesize
64KB

Download
memory/3880-125-0x000001DFE3E80000-0x000001DFE3E90000-memory.dmp

Filesize
64KB

Download