hxxps://www[.]certifiedpro[.]net/login/LogonRRE[.]aspx?EmailNotificationID=5279263

Analysis

max time kernel
840s
max time network
619s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
22/05/2023, 11:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.certifiedpro.net/login/LogonRRE.aspx?EmailNotificationID=5279263

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 5 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3829149121\806280961.pri	PickerHost.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	PickerHost.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	PickerHost.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\New Windows	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	PickerHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	PickerHost.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	PickerHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	PickerHost.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\Favorites\Order = 0c0000000a000000000000000c0000000100000000000000	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscc_inventory\ExtensionI = "{96ECB46C-2EFD-49BE-A759-24D298A688E2}"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	PickerHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	PickerHost.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscc_inventory	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\certifiedpro.net\Total = "4"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	PickerHost.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings	powershell.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\FlipAheadCompletedVersion = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 176fb84da18cd901	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	PickerHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	PickerHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\ChromeMigration\AllComplete = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 01000000350927cd2597c2124f69703dbe7ed55f8d9a8a1229332e694aa5aaa3e69aef581cd6216b6ed0f73d71dddf8a0398a9039aa34e8083b5eac8c081	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CTLs	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe11000000a857f4fb5145d901d0098cfd5145d901378082fd5145d90114000000	PickerHost.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	PickerHost.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\PersistedPickerData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEd = 14001f50e04fd020ea3a6910a2d808002b30309d3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe11000000a857f4fb5145d901a121e0b55c45d901a121e0b55c45d90114000000	PickerHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\Certificates\AA549154B737EF29C5 = 030000000100000014000000aa549154b737ef29c55000081fdf1f8b3ebb40910400000001000000100000001e9b655c2563f0f8b7cf2fa979f89a920f00000001000000200000001c169fb8bea23cbb597a7d0330f5f2c6fb82969934da9d676058363ca94854c614000000010000001400000039c8e33fb6d4c223863e8a9838ee2fcbbe567a13190000000100000010000000baa9030082855b9e52cb543799fa36f35c0000000100000004000000000800001800000001000000100000002d581a49c8eb5b3b3c6ef9bb65314d702000000001000000e7050000308205e3308203cba003020102021333000001d92cb2c0c2c9e054b40000000001d9300d06092a864886f70d01010b0500307e310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e312830260603550403131f4d6963726f736f667420536563757265205365727665722043412032303131301e170d3232303630373138323634325a170d3233303930373138323634325a3081a5310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e310d300b060355040b130442696e67311b301906035504031312494520496e737472756d656e746174696f6e3123302106092a864886f70d0109011614777362657870406d6963726f736f66742e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d345fb3624263a3b1856614f76c90c184e75fc1ab123f51b38c31a32311a70bbec8667c0831a74b00255149eac86eb0b2e4bc21010346a0bfaed29bbba29ab5e69a8b707f955c12eeb575a70cfeccd7ca8de3de7c883dd7bb79e85c8062128750eba60d9bcb6e0a21a4e97deef8cdff249e7d7ed312b8ed769c00c80629fc31ffe942f792d67b8e360f084858065ca7c0114a231072d7380b9ee828b1e717bc81938d5c58b75f12f457d4320f90a11d1d326e0b24c69dcbb185054bf8ab0c136f8f38264911aca2edaa93754a9685eb0878b62800020838f656e4d7d3aa53a0cc07d76cfbc7d77f570346cd2bba3836d24428c2723dd6e39afd107c0f7889bdd0203010001a38201303082012c300e0603551d0f0101ff0404030204f030150603551d25040e300c060a2b0601040182374c0c01301d0603551d0e0416041439c8e33fb6d4c223863e8a9838ee2fcbbe567a13301f0603551d230418301680143656896549cb5b9b2f3cac4216504d91b933d79130530603551d1f044c304a3048a046a0448642687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b696f70732f63726c2f4d69635365635365724341323031315f323031312d31302d31382e63726c306006082b0601050507010104543052305006082b060105050730028644687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b696f70732f63657274732f4d69635365635365724341323031315f323031312d31302d31382e637274300c0603551d130101ff04023000300d06092a864886f70d01010b05000382020100c36cdc2a65c64372b6118a63a5c7ed1ecfa5b939531465ca9af136bd76d942a74ad37481be984496cd20deca7b469dc4f2e439db9e2e0eafd2b4dcab7c7b0d131a98a88e9c34787d209fe84fd1bf1031c31a63a794d8448654d9f6e1267ca9513f6d9bb17be844f225a15133665568503b50bdd2b74e1199b3afbb822dc3d9b07147f374427991b7d04234dfb77c7b4518a554b65b69b318ff2be7e541762de2726789d01f2f866523861aea19ff8ccbfaafc7d78fc242aca7f74d6ba335b4c3d7c7b5b1f5b8dbb6b3104f24dbb8f95b39ecfbdc1a4469ab254263371e8f231c32c68c574290c81c388c3148200344d9b9b3fa8bb6394ac2536f66803302873f3f857bbdbe279d9bf7d2df3422c9bf927ef7b8eb92e872fdfac7cd1fd185847555b4239740734d043b167098ede21a83d5b35431fbd4768905a474218801cf320084043f608133bc8c26752c6b15210859dad17f3cdb1f8546c8cde2b5ccb6634681aaf88339eeab1ad92b8e4babf96333a99e6ff7ada19433913a8101d63b36fcccade21ec6a41cdb44d3abad7c4065368e51eb46b5c237c37bbf04c89871e2e0da20d2e569eaf67b19787ed46c2038faf181bd00cd1d5ff1fee0ad70b457528415fce74f37c22e3bfb1b17d57e59200625989090a2bb1e3b238cb348768a98126537198be58282f64856420280d5858fc0575182dbc6d1fb4f7611b339babc	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	PickerHost.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	PickerHost.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	PickerHost.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.certifiedpro.net\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "4"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = eae0dc7aa18cd901	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	PickerHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic"	PickerHost.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\certifiedpro.net\NumberOfS = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\Certificates	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main\OperationalData = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6"	MicrosoftEdgeCP.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Desktop\RREImages_20230522043723.zip.v39ixgl.partial:Zone.Identifier	browser_broker.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2424	powershell.exe
2424	powershell.exe
2424	powershell.exe

Suspicious behavior: MapViewOfSection 4 IoCs

pid	Process
4516	MicrosoftEdgeCP.exe
4516	MicrosoftEdgeCP.exe
4516	MicrosoftEdgeCP.exe
4516	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 11 IoCs

description	pid	Process
Token: SeDebugPrivilege	2424	powershell.exe
Token: SeDebugPrivilege	1520	MicrosoftEdge.exe
Token: SeDebugPrivilege	1520	MicrosoftEdge.exe
Token: SeDebugPrivilege	1520	MicrosoftEdge.exe
Token: SeDebugPrivilege	1520	MicrosoftEdge.exe
Token: SeDebugPrivilege	4036	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4036	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4036	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4036	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2960	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2960	MicrosoftEdgeCP.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
212	AcroRd32.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
1520	MicrosoftEdge.exe
4516	MicrosoftEdgeCP.exe
4516	MicrosoftEdgeCP.exe
3872	PickerHost.exe
212	AcroRd32.exe
212	AcroRd32.exe
212	AcroRd32.exe
212	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4516 wrote to memory of 4036	4516	MicrosoftEdgeCP.exe	71
PID 4516 wrote to memory of 4036	4516	MicrosoftEdgeCP.exe	71
PID 4516 wrote to memory of 4036	4516	MicrosoftEdgeCP.exe	71
PID 4516 wrote to memory of 4036	4516	MicrosoftEdgeCP.exe	71
PID 4516 wrote to memory of 4036	4516	MicrosoftEdgeCP.exe	71
PID 4516 wrote to memory of 4036	4516	MicrosoftEdgeCP.exe	71
PID 4516 wrote to memory of 4036	4516	MicrosoftEdgeCP.exe	71
PID 4516 wrote to memory of 4036	4516	MicrosoftEdgeCP.exe	71
PID 4516 wrote to memory of 4036	4516	MicrosoftEdgeCP.exe	71
PID 4516 wrote to memory of 3752	4516	MicrosoftEdgeCP.exe	74
PID 4516 wrote to memory of 3752	4516	MicrosoftEdgeCP.exe	74
PID 4516 wrote to memory of 3752	4516	MicrosoftEdgeCP.exe	74
PID 4516 wrote to memory of 3752	4516	MicrosoftEdgeCP.exe	74
PID 4516 wrote to memory of 3752	4516	MicrosoftEdgeCP.exe	74
PID 4516 wrote to memory of 3752	4516	MicrosoftEdgeCP.exe	74
PID 4516 wrote to memory of 3752	4516	MicrosoftEdgeCP.exe	74
PID 4516 wrote to memory of 3752	4516	MicrosoftEdgeCP.exe	74
PID 4516 wrote to memory of 3752	4516	MicrosoftEdgeCP.exe	74
PID 4516 wrote to memory of 3752	4516	MicrosoftEdgeCP.exe	74
PID 4516 wrote to memory of 3752	4516	MicrosoftEdgeCP.exe	74
PID 4516 wrote to memory of 3752	4516	MicrosoftEdgeCP.exe	74
PID 4516 wrote to memory of 3752	4516	MicrosoftEdgeCP.exe	74
PID 4516 wrote to memory of 3752	4516	MicrosoftEdgeCP.exe	74
PID 4516 wrote to memory of 3752	4516	MicrosoftEdgeCP.exe	74
PID 4516 wrote to memory of 3752	4516	MicrosoftEdgeCP.exe	74
PID 4516 wrote to memory of 3752	4516	MicrosoftEdgeCP.exe	74
PID 4516 wrote to memory of 3752	4516	MicrosoftEdgeCP.exe	74
PID 4516 wrote to memory of 3752	4516	MicrosoftEdgeCP.exe	74
PID 212 wrote to memory of 4904	212	AcroRd32.exe	82
PID 212 wrote to memory of 4904	212	AcroRd32.exe	82
PID 212 wrote to memory of 4904	212	AcroRd32.exe	82
PID 4904 wrote to memory of 2136	4904	RdrCEF.exe	83
PID 4904 wrote to memory of 2136	4904	RdrCEF.exe	83
PID 4904 wrote to memory of 2136	4904	RdrCEF.exe	83
PID 4904 wrote to memory of 2136	4904	RdrCEF.exe	83
PID 4904 wrote to memory of 2136	4904	RdrCEF.exe	83
PID 4904 wrote to memory of 2136	4904	RdrCEF.exe	83
PID 4904 wrote to memory of 2136	4904	RdrCEF.exe	83
PID 4904 wrote to memory of 2136	4904	RdrCEF.exe	83
PID 4904 wrote to memory of 2136	4904	RdrCEF.exe	83
PID 4904 wrote to memory of 2136	4904	RdrCEF.exe	83
PID 4904 wrote to memory of 2136	4904	RdrCEF.exe	83
PID 4904 wrote to memory of 2136	4904	RdrCEF.exe	83
PID 4904 wrote to memory of 2136	4904	RdrCEF.exe	83
PID 4904 wrote to memory of 2136	4904	RdrCEF.exe	83
PID 4904 wrote to memory of 2136	4904	RdrCEF.exe	83
PID 4904 wrote to memory of 2136	4904	RdrCEF.exe	83
PID 4904 wrote to memory of 2136	4904	RdrCEF.exe	83
PID 4904 wrote to memory of 2136	4904	RdrCEF.exe	83
PID 4904 wrote to memory of 2136	4904	RdrCEF.exe	83
PID 4904 wrote to memory of 2136	4904	RdrCEF.exe	83
PID 4904 wrote to memory of 2136	4904	RdrCEF.exe	83
PID 4904 wrote to memory of 2136	4904	RdrCEF.exe	83
PID 4904 wrote to memory of 2136	4904	RdrCEF.exe	83
PID 4904 wrote to memory of 2136	4904	RdrCEF.exe	83
PID 4904 wrote to memory of 2136	4904	RdrCEF.exe	83
PID 4904 wrote to memory of 2136	4904	RdrCEF.exe	83
PID 4904 wrote to memory of 2136	4904	RdrCEF.exe	83
PID 4904 wrote to memory of 2136	4904	RdrCEF.exe	83
PID 4904 wrote to memory of 2136	4904	RdrCEF.exe	83
PID 4904 wrote to memory of 2136	4904	RdrCEF.exe	83
PID 4904 wrote to memory of 2136	4904	RdrCEF.exe	83
PID 4904 wrote to memory of 2136	4904	RdrCEF.exe	83
PID 4904 wrote to memory of 2136	4904	RdrCEF.exe	83

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell start shell:Appsfolder\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge https://www.certifiedpro.net/login/LogonRRE.aspx?EmailNotificationID=5279263
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2424

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1520

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
- NTFS ADS
PID:1164

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4516

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:4036

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2960

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:3752

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:4676

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:3920

C:\Windows\System32\PickerHost.exe
C:\Windows\System32\PickerHost.exe -Embedding
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3872

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1008

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_RREImages_20230522043723.zip\RREImage_1_9314869904300108045945.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:212
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4904
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=9E65A93D8CAC7E613AA8BBA274EFB8E5 --mojo-platform-channel-handle=1640 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2136
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=33CBCBE9E26B9C0549653791B5142172 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=33CBCBE9E26B9C0549653791B5142172 --renderer-client-id=2 --mojo-platform-channel-handle=1664 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1600
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=949C58C2F08CE9A753701B620F948B8F --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=949C58C2F08CE9A753701B620F948B8F --renderer-client-id=4 --mojo-platform-channel-handle=2072 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4072
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=5BBBD4E5EA29F80312BFDBB12AA0400D --mojo-platform-channel-handle=2496 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:356
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=0199D18C5501ADED354611C19FA30DAA --mojo-platform-channel-handle=2652 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2856
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A331D79380B5BB55EC3909B25D031ED5 --mojo-platform-channel-handle=1956 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3176

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\IV9H23MJ\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\39Q2JXXS\Startup-Icons[1].ttf

Filesize
16KB

MD5
64495926c2595a44cb95f04a9398f5ae

SHA1
e17f02c9c0d9f9c8c7dc6c59b2a5649026053582

SHA256
58cbf5adca0cf49d8c252e92148c02cf20d171232612930de5abd186965b2a6b

SHA512
6010968832e7666cbda094c4fa6c458915629e6d3be6f8a5f14c231dda6764170825af22d7d03b85736e7c7d278ecdbe93f3f350cefb405a48fe12cd5852c9ad

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\39Q2JXXS\flat-ui-pro-icons-regular[1].ttf

Filesize
25KB

MD5
71b22c7da4697bc0680e3f603929faba

SHA1
38c2162ef6eee02be3299ceaddab4f2c4b486aa1

SHA256
aca6115ee08865d1d7b1bb84fa4c243f8b9facda0366f599872ae9383944ba6a

SHA512
a6e9e7af0e3400552adfc1f11f7db53b318cbf880d9705b93abe2a0004014a58ea2d17c34fbf2fc577208e556223c94da7fd6cb4a91e99a6e8d569b1cf822460

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7EI7IR97\LogonRRE[2].htm

Filesize
13KB

MD5
ba577d83e360b3ec789489d1818fca9d

SHA1
2c885b972f4ab715a54babff589ea958da5d091e

SHA256
001b52c1260978da0d82d6b81542262b54522b4fa323edb1fc8fac4ae657bbd6

SHA512
2e51164f0f370366781a381ee8c67dd12630a01e4a57f4bc70964a316b20bd3303310f9057a8a4c093dfe43698582a6fe6f1f37c6cb344819f24fd5829267824

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IH1P7458\style[1].css

Filesize
119KB

MD5
2a0fbb39ee4a01cf06365c067f3af5b4

SHA1
903006bdf921f5754fc4e03571dbf358a979d757

SHA256
cec1abd093d4f1fb3535ab938fee35e7e505a3cdf12e81107d2b36d9b8b43877

SHA512
37282888453386faaff209d111fd7890b67af2e969414f170c1f7374caf4dcdb171f9842c13df92542f2647c84b155c6848a702ea6974cd9835607c5b11192e0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\B3KIMWFC\www.certifiedpro[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\4T01I2IN\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\VLSI86DK\favicon[1].ico

Filesize
1KB

MD5
7d5e7ee1d6464ae0a6dc171d29b97a25

SHA1
5fce078492902543fca880a868f73b4f1b74fa75

SHA256
fd5d9f6f8850b93d3fe16dbf470acd049f1d52cf2331765d3181dd7f7ec3b803

SHA512
a4e58858122bdff414320fac4d1e6b2fdc497d1b685d31d7a60c54d90c0f7b0f815d33877421b0ff8a27dc22d0d52f07925c16c469a1da09acd7a3e39cc0d9ed

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\Windows\3720402701\2219095117.pri

Filesize
207KB

MD5
e2b88765ee31470114e866d939a8f2c6

SHA1
e0a53b8511186ff308a0507b6304fb16cabd4e1f

SHA256
523e419d2fa2e780239812d36caa37e92f8c3e6a5cd9f18f0d807c593effa45e

SHA512
462e8e6b4e63fc6781b6a9935b332a1dc77bfb88e1de49134f86fd46bd1598d2e842902dd9415a328e325bd7cdee766bd9473f2695acdfa769ffe7ba9ae1953d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\39Q2JXXS\TRACK_ICON[1].png

Filesize
4KB

MD5
84918bf50eff8484f512717f20b0e93e

SHA1
7614b76e674e6b3a4b417501b3d29a6f0c513d38

SHA256
a5a5b9786355f2c829f908393c2fb53df0f883ae5f7796a140ab384b6ed33994

SHA512
0171c4876f83c2c0473ceefc1ebcba1d07c77132d8692e488c9d3229da02fc665886f9ca7b1792d02a4dfe5d12267db6ca785ee51a26730c3dd35785cd81b232

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\39Q2JXXS\application-min[1].js

Filesize
15KB

MD5
88e55410fef627b647d50e5e0b30acb6

SHA1
2f0a86a615ae9ee7f4e7cd61b06b6885547b3781

SHA256
53ae3a35a6c7a420c5371704c5af08f1fcafcb9b7d8b2204e121359b1aead318

SHA512
a8bc4f5acbdef95b198b1fc6596900df3f818d593be7668a93a18eb40fde7a2d8e275bfd5f437a003491049e437310a52c40a9a5ff0a03aff31d00bc27185a90

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\39Q2JXXS\custom-min[1].js

Filesize
970B

MD5
b351e595a748db9b653e9b32570c718e

SHA1
fb42dc800a2f7a07d515450adcf7f4fea32226df

SHA256
b4b8ad0fcdd1b2de4cd3b20d32170360843fd8fa687fe78a26431081c94fa4c0

SHA512
bebee1c981e879dcdd591c96e98f1dcfa0cfb99b68f060575cba75aac7f20eb3c7c04d6e6c4d603d575a64d968b364105275c9af3a9ffc70a4cf3839e19e1238

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\39Q2JXXS\flat-ui-pro-min[1].js

Filesize
408KB

MD5
065567c28e43d877169bdd5f4bdcfb5e

SHA1
2e0ea67b62ca71c531027da32197d42c749cdf1c

SHA256
b5e2e9025fce6c1060af55a93381b02fe9c1d2995361fc8167e1603bed9220f2

SHA512
0f3b9c403f116b418ebb006b7b46d6883cd642c7d61c889b1a59d0ce15d3553360fc752a7aae3cb5067f4a51b3b59981e2ac1bf1ce93995ab0fd9508105a4e45

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\39Q2JXXS\font-awesome.min[1].css

Filesize
21KB

MD5
feda974a77ea5783b8be673f142b7c88

SHA1
b71d1c7c315b67c614563382d1c2a868ac14d729

SHA256
0fb1bbca73646e8e2b93c82e8d8b219647b13d4b440c48e338290b9a685b8de1

SHA512
e64cd0c0ff8d301c0f6bd9fe60934362dce7be85af57c9c3e1c719e42f8784cf707bc9025b58fd1f341a6deeb27490e3fa8164aed9cc76605323a602544c8220

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\39Q2JXXS\startup-kit-min[1].js

Filesize
29KB

MD5
e8dd5f98a567e585ab85b2ed37d5c7b7

SHA1
6c65bea3f044dcdc77fa198996e16e82d92e36e2

SHA256
7f0cbc77792350632e2ade0f0b22a4af0b5c3f200bbe58748a1a95da738eed02

SHA512
95c7874c985bc1bcb5507441130178b0bc91402b427cdb9f800e18081aa0848e98639c1b224f0d23e4ad119e415dbbd712b2eb4dc85ff4ee87425a0e1b655aac

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3PDO3TET\RREImages_20230522043723[1].zip

Filesize
12KB

MD5
af239bb947d2468a770c1c4c870cdfcb

SHA1
9d55823abfb0d5edd988b037c51bc4949133b0a1

SHA256
f89e77dce2c5336b15895a7728799b7371e0187b8fe9dee35f48bff65d655e65

SHA512
e022e611da612af3fe56aff87ebcb1da7b2b5fc1ee4f36ede5db5c0feb9bf94230009004bd599512a815b5b24f84701eb1cafac4e55cc1e91f40d89102c726af

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3PDO3TET\animate[1].css

Filesize
48KB

MD5
cc28fb0a6f17813ea121a431f5d05d35

SHA1
d91f433916cc8c09327988012c16836981329df8

SHA256
1c32e3abcfbe1415ffe7cc1ef512b465665fc73eb8e155a5c74194e0a4b36d64

SHA512
fa773ee5051184ece5f73c953a6a347b039a0ed2e227d574ef998a6d82114c12a84e0984136a312112df7ff2dad0bc25d3d9d8ad1acf65d6de6b6f0533566bf2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3PDO3TET\css[1].css

Filesize
466B

MD5
ccc0bd708c3fc8285babe7e8c51a054c

SHA1
088a9902c582ef747aca1df2553c7cfeed5ec698

SHA256
98dbff1458893c7dbb660b03038363bd82912505c150959a2061937fc8ea18f7

SHA512
860a638117892136d13e5cc3c00e27df331ef2b037fa8194fbf72e45e8a268011c3f6f8b63abde62f6f5bb8246f21a92f9c5bdae81739c94dc776bd676137155

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3PDO3TET\jquery-1.10.2.min[1].js

Filesize
90KB

MD5
841dc30647f93349b7d8ef61deebe411

SHA1
e0f962936599a6cd266f004b9d04b29d46811483

SHA256
c3a7b608ebfa8d1dfe658bc119e6236a6aaf878a779e7c560aa11dd30881a56a

SHA512
4e92de2b1cbfdf790914d9cfcd6d1d4736226e90c6b69557d7eb465149f2d0ce6bd37c7612a30eadbb1e6c52ef9b6bf6dff47a7698f152702a4f4402bc4e48b8

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3PDO3TET\jquery.scrollTo-1.4.3.1-min[1].js

Filesize
2KB

MD5
3a36066a518a568212c35e9c192df7f9

SHA1
932d49391d9d2dbe008a969165f300a6aebec475

SHA256
364b4fc8b43a9fd547bb6ca03af671502dcea1bad9f669f9c512e7ee12e204b2

SHA512
39ad8ff574cb59968e834e10666236b23f5e62edbb9164c494fb94835d6e5077fed89b13c81e70b1b127d5e46d029d8fbb30ad784ecc303b3aeaa9eae3b2b206

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3PDO3TET\lato-black[1].ttf

Filesize
63KB

MD5
5f46f9c0e2c988893b80b2717d764dd0

SHA1
76fcc1e06710cf49e7c4b5a435f0c4a18b6b3285

SHA256
81361ef6f4fdb6c2f660ef2f040348af87f686e369a8651a95107b9c802f6f4c

SHA512
f7df381ef05f4dca3f71887e0facb54048f1a715b54b3fdfb9d2ea27b9a4e23d381b59ef0af444ebdb07f8156127b6365bc92b93397df87e522af5076eee8dff

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3PDO3TET\lato-bold[1].ttf

Filesize
66KB

MD5
eaa09e151bae74b7370a99a460962d93

SHA1
b836e7b5a9a9973f47bbd7714bfaa0b24684b0de

SHA256
7cd24ceb5e2b8019a267a798d7b6f942583faacc4b56fb4c21fb8741cf2b1b0e

SHA512
181e079986562fba67ddb666f3349a0b6579c2e3b8cc5640fea1c7722ec1aeb6a1375c7fac951607d82337e13cb8fd892b2e89228c1ec1a4948452cf19ecd80b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3PDO3TET\lato-bolditalic[1].ttf

Filesize
57KB

MD5
d7345403c917d48e835afe1186ac85fd

SHA1
de900af6d62fcaef2cb604d889e351293263915e

SHA256
54b68a3e2eb7f68a67f3a1a4fe69754c18339105ffc31d61a9bb758a42109186

SHA512
7a90d088af7f3332c63994b337b231566e69a0159ed72acc1181fe1edd0c22728c712b70cd6b13bca5e63c3c460d35734574bc576bebbfda21ee79ea5ab1cede

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3PDO3TET\lato-italic[1].ttf

Filesize
55KB

MD5
aadadb6c2547baa7d95dc820b621a020

SHA1
4e4dccd23d9b32b634bc9cfa1069b4315587f951

SHA256
fc0e5e3b187730b11c5933478fd62d45beafb81f5478c89dba79b818dc9e5311

SHA512
22f0cf1351e657351e8956c48f0f60ce98e23b3c4fa228875c49d6a048d3012e4cf9e5dace4edf0cf690edf3ed9c147b3f4446ca3f8fdd6b0836df8af33c5943

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3PDO3TET\lato-light[1].ttf

Filesize
63KB

MD5
f652f5451f853d5b29949248ad7613e9

SHA1
49aad70d7ac99db7b855b59f650450cc1e435ad4

SHA256
074a7067788d2498e321a161f25d6ce3b7df7558091cac499b9e74f6eec88b02

SHA512
446e1eb61175b25daa5365bda9915d37bd7b6bb9c6c2f924c326da3fdb5861d5d7a7983094e0e659c6a076c353dc22920baacada04f5ca6700a881b023f0542c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3PDO3TET\lato-regular[1].ttf

Filesize
64KB

MD5
544d96974bf484f5a128a29d20a0f279

SHA1
698cd2698a05804d3a028c514d2a071e6fa393ce

SHA256
61490880361b0085aef9e205df3e82607feacb4f62120978da65dce3a3a0d30e

SHA512
7620d60143f593fed5a000273a825643dd97b2cc0400b0c3f7d69457aa7aaee91a86bf1e9eaba110e46c51156c328af2268558d79496e35c8de35a4da9dcdbae

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3PDO3TET\style[1].css

Filesize
119KB

MD5
2a0fbb39ee4a01cf06365c067f3af5b4

SHA1
903006bdf921f5754fc4e03571dbf358a979d757

SHA256
cec1abd093d4f1fb3535ab938fee35e7e505a3cdf12e81107d2b36d9b8b43877

SHA512
37282888453386faaff209d111fd7890b67af2e969414f170c1f7374caf4dcdb171f9842c13df92542f2647c84b155c6848a702ea6974cd9835607c5b11192e0

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7EI7IR97\CP.Net%20PRINT_ICON[1].png

Filesize
1KB

MD5
59b5b8911a06c8ebc25fc41ae9a851ca

SHA1
3bfa67e1e39b37a33e9e34cec89688dd432ca750

SHA256
7778d5adf0583d228b49263895a2c94046f0bceb30b6b7435fce04cfeeef38df

SHA512
76fd6d220ae8fa9d5166f46a7974ce564665bbb001287996faa34ce2e52226f9534ff6b9af069702048122cfe575abf06bca211927c84a8bd0a635532c9d5906

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7EI7IR97\JS_PopupDoNotShow[1].js

Filesize
1KB

MD5
1e727b3988ac3a8ca11759058a4d51e1

SHA1
7438a9c1ad40fab32ccd49b021ca17e4aeed5dd8

SHA256
16efdc7679b9d4fda4ad75f6fce8a91a8ff64da3f4f026886d0e5c7664eb6dec

SHA512
3ad64bc682fe9b85eb3a85700e42e5c18a3645987905d9ddc221ad42d1e1899a9a206176b175c5a65788b1430e49ee0d1be31be142a5c414b291c2523c54c815

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7EI7IR97\WALZ-CertifiedMailAuto[1].png

Filesize
5KB

MD5
5e673d236d35f9468c6de114abe6416e

SHA1
307483f47b98b514f8f091e6e03e9584f6dcb929

SHA256
b6cac9ca1a63b6e6c6cfa5005d1f9e250def1b5b775177608b891810655724a3

SHA512
a5504f4f52dab5d76e43c32983d1cb2a7eea95d3864f6d8e98c46e6ebdc4eab1f229fdbea3631cf8cbf36e4ec784c161b3e727ec924169a0804be8a33734287e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7EI7IR97\bootstrap.min[1].css

Filesize
110KB

MD5
3ab3438f85ad9f9e27e1af1facf0a9c4

SHA1
8bec1bba3e23ecba22cffb197a2d440af410b15d

SHA256
d699f303990ce9bd7d7c97e9bd3cad6a46ecf2532f475cf22ae58213237821b9

SHA512
33ef4238e401589c3d86c4f0b1b4d325a91015c1807b0f223c5cafa5562b3cc758151bbaef80f5fe0a3044ab9de9b8c7423f3549b7c270a692f0b798239f93ce

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7EI7IR97\flat-ui-pro[1].css

Filesize
203KB

MD5
6c17e426949e84fd34eb2dd3d6b20e95

SHA1
258c4e93fe126fd7c460db34a8444b079992016e

SHA256
cae770074e5e52b5922e083ce967010b3ebb7bd781b047c357155034bc7225ef

SHA512
15b6a1d9535164602cbd3614e195835f4635cf0bd702ea12465a3aefea75d46b3a9c8367b0d018b003b2b9b30e90e0e8b3b8d795e1b94fed3aec37ddc82638fc

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7EI7IR97\u-4X0qWljRw-PfU81xCKCpdpbgZJl6XFpfEd7eA9BIxxkV2EH7alxw[1].woff2

Filesize
15KB

MD5
083f5cafe748b8ac91823b36986d7fda

SHA1
0d763699e5bce633aa6adc03370b8630b87c1b31

SHA256
a3d8afcbc68d3ae65312e50ce252f5eb4cb817d3fe39452bd37a76f896ab5921

SHA512
420e737a07874609415ed082df56538cfbdf17d9285d3ce4afb47e0b90e818a398244dd6b9df2ff3f393d503ecbb00d70c8835b8484e9f289e446baac36dac04

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7EI7IR97\u-4X0qWljRw-PfU81xCKCpdpbgZJl6XFpfEd7eA9BIxxkbqDH7alxw[1].woff2

Filesize
14KB

MD5
1598ebfa232c5514a99a8af0405cc9a6

SHA1
d81db409924496627326925cffa27d465c24de3d

SHA256
45a8badf06824c87461905a8b1871fc3ca3eb5934cee490deadad743ebf99661

SHA512
7fc448fcab2ee8158daa9fee63b0f9febf31a0901512b1b4f76cfb96eb23947355f933c637199d7b596b66b12853e6ec13641e6f40a7f5237c07841e971c252e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IH1P7458\CP.Net%20SEND_ICON[1].png

Filesize
2KB

MD5
dfccd285ccf07dbaf09872ff49a4e569

SHA1
8b93baa84af02077b160bba3b0de051457e1c9ba

SHA256
83240a2ac21398133769f6e4f9280cb4647706054e96fcc5bb37abffb43bb338

SHA512
03e8cb3341d518ec8d633dcc0c351b9609e688740985900759c1e5022e611d46ca9112cdd3724f853fbebd3e16043a29356b4fa19a324a2a62d6a187fc00dd0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IH1P7458\CP.Net%20Sidebar_Background[1].jpg

Filesize
139KB

MD5
80013e742f0a9341eb61ae55094a0a01

SHA1
3457a7d39c73e2e61558fb0055c7fca8db671b05

SHA256
61bb2426aeb860faab1046637f593622a2cd5d17c096304d1186653b16218592

SHA512
1194fa4b66d198906355bbd0c4d06510c157bf495b6d34622214a0ab5d1d53d538b0c37831baf44f7c86fd52ca52042407bf99a50bb082be9a2f8b0be792014f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IH1P7458\icon-font[1].css

Filesize
6KB

MD5
91699c95e71d641a6af79ca2de8702b7

SHA1
f88bee90bf374af89e814f85dd0830498caa6eb4

SHA256
12e292a7e28818b146ecd0dcb24d8b5bc59866c1e1ab9d856630045404acb80f

SHA512
b958503f33203477b0d49f5d5c0fc7a5aafbe27d69cecad8dc3e43f7b0c507182cf9527bec517420ec7bb2691cc751ed277c05948fa5f21685158b251238dff8

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IH1P7458\jquery.inview-min[1].js

Filesize
684B

MD5
0fe05722d4b4a373907e3d079f1689c7

SHA1
21cd3f6ebf4dabe94edc88ea2cc2d9befc9e35c7

SHA256
c85bbfd49f05527090cc7e877e80ebdccd6f25de3ce0eac33eabcd02f86131f7

SHA512
2ca4b1ef3ca30cd98ed43c908a1dead18fbdc215a16b2c893efd26e7acd03a7f595e7f7b701cbbda7a8a97aa1773a7658221016e6fa82c0a275f56db24f98f9b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IH1P7458\modernizr.custom[1].js

Filesize
8KB

MD5
3cc5ef14eaaca61a6ea6d88346815fb4

SHA1
0e9e0351361ab97b669408c06d32608634f07259

SHA256
4970ceae713369b74c3adc1c51d906f161b2a91f3bbcfd4dabd4309042488ac9

SHA512
5e6fb3bfb9b323d07c029071bd702e1033857731811cda0dbbfac7f97b5c77e70f43a0505fa01a70c2b6ce6217e7a674d4943dd268f416f16f43a8f039ea2b76

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IH1P7458\notifications-min[1].js

Filesize
6KB

MD5
d3ac50da336c5a8888758b851a5a8817

SHA1
c9c46e3c9607a4a516c63a99b6847d9f501a2ff0

SHA256
0af73503dfa11511f0db21f44480ce9c54dac8223aa1c18f21c6139669c27c04

SHA512
a63c96650f88fc3f5c0572433a69d8d7aa20af8ece8c1554550706a76e32e0721ca4b3ca522f185d2e8759bd9545ef841c5ce377794447af3100ba9903ea58d5

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\B3KIMWFC\www.certifiedpro[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
8388ae9be607497640c50c9fd749fdae

SHA1
cb106ae7b845ac70e154e63d4c195fcad8eb35b0

SHA256
ca70193cfa90d45c02c33fffdf917b5a49fcc56451b4ffe6a32b1664f7426330

SHA512
240c3efb86017b6baf92c950bd419774ae79f0bac49d74350b801c62c24eef1b11a5f6bb1e9c1551f089c25f26ff164415f2d7203d00aa5aa5dd8e07dd962aed

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_A30EA9B4E1BC5DBF09A8EF399E086D27

Filesize
471B

MD5
8fc465ff5331da7c0a9c6cbeafebc19b

SHA1
6c18d5f34c86da6653cec5cb63b66c7416621415

SHA256
f119262a75bf35736cb583c979bf0a47ff6d0be0b46edecd816e341ca75c5f06

SHA512
fc03f54917c6d0c7d62a40e7de6be0bb4bf80bb205589e51668bfea82f4313c93435641b3fd5eede779fd25c134879082a94d370120192dd2e6b0856cb8aca82

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
aa62f8ce77e072c8160c71b5df3099b0

SHA1
06b8c07db93694a3fe73a4276283fabb0e20ac38

SHA256
3eb4927c4d9097dc924fcde21b56d01d5d1ef61b7d22bfb6786e3b546b33e176

SHA512
71724e837286c5f0eb2ee4ad01ac0304d4c7597bb2d46169c342821b0da04d8597491bd27ef80e817bc77031cd29d2182ccc82ef8ea3860696875f89427c8e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E573CDF4C6D731D56A665145182FD759_D4158B61F94BF204C507DA9EC170579E

Filesize
471B

MD5
698ae26aae0177061c8e0aa85d07ab61

SHA1
9a030029add9325c5b503b80abc503462e7dd26b

SHA256
38897d178d959856142824a29dfb0d15214bcd93b89811ea5c1f0498e1829e44

SHA512
a71ed1f0c19b0bb7167f74785a7c8f4fda8910449335b87a3c69db4fd87fa7fcfb501d08ab4ac53ed8f78894ebe8abba6377376578261135290790f97c709e52

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
437bbd96154e5c0648a2340b5ee632a8

SHA1
c757be2028dcd6211695c560aa22c8ff2303d3e2

SHA256
2c9bced6a1257cc5af489e413c403c53188d088b2779867cac77a246fb9e7b7b

SHA512
a0f259eb743a807c0bd7ca0116c26f0340150f4015221567e7523397c2457d60039bb33eccdba48f91c25bc12a1696a2a40c177a2305b3a0c64328ccfa5b515f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_A30EA9B4E1BC5DBF09A8EF399E086D27

Filesize
404B

MD5
77e131410ab732f9334545a172ffbd95

SHA1
61542bdb5d64f681f6a7aab6569e791d2b43d8cf

SHA256
e61625158487c4f3f98de09ef01082ee2be9b84df5d40ec532afd8b8183988fa

SHA512
8163ad6d0c705da001175599fccd4c3969b42d1e4f73a707886349d64d66f7c6c1a9e60bc732d778074e7c91eeda06e5258a4393e68dea40f7be0b964e6ef06a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
c511980ddbf3d9669fcda60c24139f3f

SHA1
d5a5eae89bdb1964db5bca952f655be1db23be36

SHA256
b43119f7effe1973447d6e6b5b8812281aae345f210b001a89c55c06396b7934

SHA512
20c9ebc4ee56959d355f0a3b33048851de4075c3a9e09332ef42461d7b36afb64adf24fe0e61263494f95be54c5d26a112d4b1c1d3be8112c2448201341a91c8

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E573CDF4C6D731D56A665145182FD759_D4158B61F94BF204C507DA9EC170579E

Filesize
396B

MD5
9ec7ccf1ab456d3b989f844197bb2991

SHA1
f2dc9e38ea574483186351e2e7822600bd03564d

SHA256
f8472c7c97a9cca04269f9a1f9ec9b31faa0b8beb8538e58f9f96662c0503f20

SHA512
a439995480f316dee982088037b2f146bb767c1e547b54e2079659caf4500cd1a58ab47341749bc87893fd85a46acd3460628fc2b50f54d096ec4e5ef6cca231

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\Windows\3720402701\2219095117.pri

Filesize
207KB

MD5
e2b88765ee31470114e866d939a8f2c6

SHA1
e0a53b8511186ff308a0507b6304fb16cabd4e1f

SHA256
523e419d2fa2e780239812d36caa37e92f8c3e6a5cd9f18f0d807c593effa45e

SHA512
462e8e6b4e63fc6781b6a9935b332a1dc77bfb88e1de49134f86fd46bd1598d2e842902dd9415a328e325bd7cdee766bd9473f2695acdfa769ffe7ba9ae1953d

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_1slsvb4c.pba.ps1

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
C:\Users\Admin\Desktop\RREImages_20230522043723.zip

Filesize
12KB

MD5
af239bb947d2468a770c1c4c870cdfcb

SHA1
9d55823abfb0d5edd988b037c51bc4949133b0a1

SHA256
f89e77dce2c5336b15895a7728799b7371e0187b8fe9dee35f48bff65d655e65

SHA512
e022e611da612af3fe56aff87ebcb1da7b2b5fc1ee4f36ede5db5c0feb9bf94230009004bd599512a815b5b24f84701eb1cafac4e55cc1e91f40d89102c726af

Download Submit
C:\Users\Admin\Desktop\RREImages_20230522043723.zip

Filesize
12KB

MD5
af239bb947d2468a770c1c4c870cdfcb

SHA1
9d55823abfb0d5edd988b037c51bc4949133b0a1

SHA256
f89e77dce2c5336b15895a7728799b7371e0187b8fe9dee35f48bff65d655e65

SHA512
e022e611da612af3fe56aff87ebcb1da7b2b5fc1ee4f36ede5db5c0feb9bf94230009004bd599512a815b5b24f84701eb1cafac4e55cc1e91f40d89102c726af

Download Submit
C:\Users\Admin\Desktop\RREImages_20230522043723.zip.v39ixgl.partial

Filesize
12KB

MD5
af239bb947d2468a770c1c4c870cdfcb

SHA1
9d55823abfb0d5edd988b037c51bc4949133b0a1

SHA256
f89e77dce2c5336b15895a7728799b7371e0187b8fe9dee35f48bff65d655e65

SHA512
e022e611da612af3fe56aff87ebcb1da7b2b5fc1ee4f36ede5db5c0feb9bf94230009004bd599512a815b5b24f84701eb1cafac4e55cc1e91f40d89102c726af

Download Submit
memory/1520-375-0x000001A2F27D0000-0x000001A2F27D1000-memory.dmp

Filesize
4KB

Download
memory/1520-197-0x000001A2F0C90000-0x000001A2F0C92000-memory.dmp

Filesize
8KB

Download
memory/1520-200-0x000001A2F0E40000-0x000001A2F0E42000-memory.dmp

Filesize
8KB

Download
memory/1520-195-0x000001A2ECA10000-0x000001A2ECA11000-memory.dmp

Filesize
4KB

Download
memory/1520-176-0x000001A2ECA80000-0x000001A2ECA90000-memory.dmp

Filesize
64KB

Download
memory/1520-199-0x000001A2F0DE0000-0x000001A2F0DE2000-memory.dmp

Filesize
8KB

Download
memory/1520-158-0x000001A2EC220000-0x000001A2EC230000-memory.dmp

Filesize
64KB

Download
memory/1520-373-0x000001A2F27C0000-0x000001A2F27C1000-memory.dmp

Filesize
4KB

Download
memory/2424-129-0x000001AB283C0000-0x000001AB283D0000-memory.dmp

Filesize
64KB

Download
memory/2424-125-0x000001AB40A90000-0x000001AB40AB2000-memory.dmp

Filesize
136KB

Download
memory/2424-130-0x000001AB40BC0000-0x000001AB40C36000-memory.dmp

Filesize
472KB

Download
memory/2424-128-0x000001AB283C0000-0x000001AB283D0000-memory.dmp

Filesize
64KB

Download
memory/3752-507-0x00000187FA3C0000-0x00000187FA3C2000-memory.dmp

Filesize
8KB

Download
memory/3752-549-0x00000187FA580000-0x00000187FA582000-memory.dmp

Filesize
8KB

Download
memory/3752-527-0x00000187FD000000-0x00000187FD100000-memory.dmp

Filesize
1024KB

Download
memory/3752-677-0x00000187FD000000-0x00000187FD100000-memory.dmp

Filesize
1024KB

Download
memory/3752-510-0x00000187FA3D0000-0x00000187FA3D2000-memory.dmp

Filesize
8KB

Download
memory/3752-809-0x00000187E9300000-0x00000187E9400000-memory.dmp

Filesize
1024KB

Download
memory/3752-823-0x00000187FA5E0000-0x00000187FA600000-memory.dmp

Filesize
128KB

Download
memory/4036-306-0x0000024980ED0000-0x0000024980ED2000-memory.dmp

Filesize
8KB

Download
memory/4036-284-0x00000249808B0000-0x00000249808B2000-memory.dmp

Filesize
8KB

Download
memory/4036-289-0x0000024980E40000-0x0000024980E42000-memory.dmp

Filesize
8KB

Download
memory/4036-294-0x0000024980E50000-0x0000024980E52000-memory.dmp

Filesize
8KB

Download
memory/4036-297-0x0000024980E70000-0x0000024980E72000-memory.dmp

Filesize
8KB

Download
memory/4036-301-0x0000024980E90000-0x0000024980E92000-memory.dmp

Filesize
8KB

Download
memory/4036-304-0x0000024980EB0000-0x0000024980EB2000-memory.dmp

Filesize
8KB

Download
memory/4036-323-0x0000024980CF0000-0x0000024980DF0000-memory.dmp

Filesize
1024KB

Download
memory/4036-359-0x0000024981320000-0x0000024981322000-memory.dmp

Filesize
8KB

Download
memory/4036-371-0x0000024980CA0000-0x0000024980CA2000-memory.dmp

Filesize
8KB

Download