hxxps://yandex[.]ru/

Resubmissions

02/06/2023, 07:11

230602-h1bvssac99 6

02/06/2023, 07:02

230602-ht5jjaag4s 6

02/06/2023, 06:41

230602-hf5mdaaf8w 6

Analysis

max time kernel
1247s
max time network
1217s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
02/06/2023, 06:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://yandex.ru/

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\AllComplete = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\DatabaseComplete = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\Cookies	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\www.msn.com\ = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\DetectPhoneNumberCompleted = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscc_inventory\ExtensionI	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\NextUpdateDate = "392489333"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscc_inventory	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\msn.com\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\msn.com\Total = "16"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\NextBrowserDataLogTime = 00c79fa96095d901	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DomStorageState\EdpCleanupState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.msn.com\ = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Extensible Cache	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.msn.com\ = "23"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Extensible Cache	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 0100000052002769cc65bd2144e15f1baf6af7c9b2daa39aa0667546e12eec8f279275995a340025b7e91b3cb6f50573f27f222970bbe4ff2c91cf8be07fcea8f895	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url3 = "https://signin.ebay.com/ws/ebayisapi.dll"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url5 = "https://twitter.com/"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\Total	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\msn.com\Total = "46"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = 90836b5a2e95d901	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ReadingMode\SettingsVersion = "2"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\SharedCookie_MRACMigrationDone = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\LowRegistry	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-087602 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\UUID = "{745B2CF2-AE9A-4C37-9969-3A416D4D6D4F}"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\CIStatus	MicrosoftEdgeCP.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
1412	chrome.exe
1412	chrome.exe
1176	powershell.exe
1176	powershell.exe
1176	powershell.exe

Suspicious behavior: MapViewOfSection 4 IoCs

pid	Process
4876	MicrosoftEdgeCP.exe
4876	MicrosoftEdgeCP.exe
4876	MicrosoftEdgeCP.exe
4876	MicrosoftEdgeCP.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe

Suspicious use of AdjustPrivilegeToken 25 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeDebugPrivilege	4296	MicrosoftEdge.exe
Token: SeDebugPrivilege	4296	MicrosoftEdge.exe
Token: SeDebugPrivilege	4296	MicrosoftEdge.exe
Token: SeDebugPrivilege	4296	MicrosoftEdge.exe
Token: SeDebugPrivilege	1308	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1308	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1308	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1308	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2692	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2692	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2692	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2692	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2844	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2844	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1176	powershell.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4296	MicrosoftEdge.exe
4876	MicrosoftEdgeCP.exe
4876	MicrosoftEdgeCP.exe
2692	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1412 wrote to memory of 4960	1412	chrome.exe	66
PID 1412 wrote to memory of 4960	1412	chrome.exe	66
PID 1412 wrote to memory of 4136	1412	chrome.exe	69
PID 1412 wrote to memory of 4136	1412	chrome.exe	69
PID 1412 wrote to memory of 4136	1412	chrome.exe	69
PID 1412 wrote to memory of 4136	1412	chrome.exe	69
PID 1412 wrote to memory of 4136	1412	chrome.exe	69
PID 1412 wrote to memory of 4136	1412	chrome.exe	69
PID 1412 wrote to memory of 4136	1412	chrome.exe	69
PID 1412 wrote to memory of 4136	1412	chrome.exe	69
PID 1412 wrote to memory of 4136	1412	chrome.exe	69
PID 1412 wrote to memory of 4136	1412	chrome.exe	69
PID 1412 wrote to memory of 4136	1412	chrome.exe	69
PID 1412 wrote to memory of 4136	1412	chrome.exe	69
PID 1412 wrote to memory of 4136	1412	chrome.exe	69
PID 1412 wrote to memory of 4136	1412	chrome.exe	69
PID 1412 wrote to memory of 4136	1412	chrome.exe	69
PID 1412 wrote to memory of 4136	1412	chrome.exe	69
PID 1412 wrote to memory of 4136	1412	chrome.exe	69
PID 1412 wrote to memory of 4136	1412	chrome.exe	69
PID 1412 wrote to memory of 4136	1412	chrome.exe	69
PID 1412 wrote to memory of 4136	1412	chrome.exe	69
PID 1412 wrote to memory of 4136	1412	chrome.exe	69
PID 1412 wrote to memory of 4136	1412	chrome.exe	69
PID 1412 wrote to memory of 4136	1412	chrome.exe	69
PID 1412 wrote to memory of 4136	1412	chrome.exe	69
PID 1412 wrote to memory of 4136	1412	chrome.exe	69
PID 1412 wrote to memory of 4136	1412	chrome.exe	69
PID 1412 wrote to memory of 4136	1412	chrome.exe	69
PID 1412 wrote to memory of 4136	1412	chrome.exe	69
PID 1412 wrote to memory of 4136	1412	chrome.exe	69
PID 1412 wrote to memory of 4136	1412	chrome.exe	69
PID 1412 wrote to memory of 4136	1412	chrome.exe	69
PID 1412 wrote to memory of 4136	1412	chrome.exe	69
PID 1412 wrote to memory of 4136	1412	chrome.exe	69
PID 1412 wrote to memory of 4136	1412	chrome.exe	69
PID 1412 wrote to memory of 4136	1412	chrome.exe	69
PID 1412 wrote to memory of 4136	1412	chrome.exe	69
PID 1412 wrote to memory of 4136	1412	chrome.exe	69
PID 1412 wrote to memory of 4136	1412	chrome.exe	69
PID 1412 wrote to memory of 4128	1412	chrome.exe	68
PID 1412 wrote to memory of 4128	1412	chrome.exe	68
PID 1412 wrote to memory of 4200	1412	chrome.exe	70
PID 1412 wrote to memory of 4200	1412	chrome.exe	70
PID 1412 wrote to memory of 4200	1412	chrome.exe	70
PID 1412 wrote to memory of 4200	1412	chrome.exe	70
PID 1412 wrote to memory of 4200	1412	chrome.exe	70
PID 1412 wrote to memory of 4200	1412	chrome.exe	70
PID 1412 wrote to memory of 4200	1412	chrome.exe	70
PID 1412 wrote to memory of 4200	1412	chrome.exe	70
PID 1412 wrote to memory of 4200	1412	chrome.exe	70
PID 1412 wrote to memory of 4200	1412	chrome.exe	70
PID 1412 wrote to memory of 4200	1412	chrome.exe	70
PID 1412 wrote to memory of 4200	1412	chrome.exe	70
PID 1412 wrote to memory of 4200	1412	chrome.exe	70
PID 1412 wrote to memory of 4200	1412	chrome.exe	70
PID 1412 wrote to memory of 4200	1412	chrome.exe	70
PID 1412 wrote to memory of 4200	1412	chrome.exe	70
PID 1412 wrote to memory of 4200	1412	chrome.exe	70
PID 1412 wrote to memory of 4200	1412	chrome.exe	70
PID 1412 wrote to memory of 4200	1412	chrome.exe	70
PID 1412 wrote to memory of 4200	1412	chrome.exe	70
PID 1412 wrote to memory of 4200	1412	chrome.exe	70
PID 1412 wrote to memory of 4200	1412	chrome.exe	70

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://yandex.ru/
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd0,0xd4,0xd8,0xac,0xdc,0x7ff871f59758,0x7ff871f59768,0x7ff871f59778
  2⤵
  PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1688 --field-trial-handle=1740,i,15785970157730481103,5055203212006208948,131072 /prefetch:8
  2⤵
  PID:4128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1740,i,15785970157730481103,5055203212006208948,131072 /prefetch:2
  2⤵
  PID:4136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2100 --field-trial-handle=1740,i,15785970157730481103,5055203212006208948,131072 /prefetch:8
  2⤵
  PID:4200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3020 --field-trial-handle=1740,i,15785970157730481103,5055203212006208948,131072 /prefetch:1
  2⤵
  PID:3928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3028 --field-trial-handle=1740,i,15785970157730481103,5055203212006208948,131072 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4396 --field-trial-handle=1740,i,15785970157730481103,5055203212006208948,131072 /prefetch:1
  2⤵
  PID:4904

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3516

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4296

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:4312

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:4876

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:1308

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2692

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:2844

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:732

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:1228

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1176
- C:\Windows\system32\sfc.exe
  "C:\Windows\system32\sfc.exe" /scannow
  2⤵
  PID:3852

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
d5bacbf1d7ef69c09cdbd9969c60e618

SHA1
6674f1614860c4094f0ce47d18f277469a93c2ca

SHA256
4158a0b12d0beb0fbacda82659670fafd8dffb779c893776e10bb61f7e6d5f1b

SHA512
ee9e62a9089d8bf9f23ae0a5e1156e932b297ded234e33571dcac8e17d0353d426c68c75f9936926ee3e7f892bf13e3df44c316a1fab8e5c3babce59df0c8aaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
6e1ab5d266911346068f97e7b21a22c8

SHA1
9676b3251cb0a7d12679f95a96541926772a9c59

SHA256
bdc0e7c4af9e77a183dc83ece312ea8cff6b5d7a7d78b149096e4a01f30b54f7

SHA512
98b60b3060738ce58355fec07cedb14110184c3f4c18d2831393793a202cf3ca8e5c38295088e2205fbc308132dcf166be626384beb79590da9ce88e45bf5766

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8a2d8543d9478c5a05f7e43a866bd42e

SHA1
240aa54728ea1b550c50a28fe2a28c3be9c0846f

SHA256
9008082c56e578df83263179d6632b94f64a2377ecd6a3a10ad85a94371f7d4e

SHA512
f67c7d155cd50d67d4bb49dd1722589ed2109cd1a72d08b4f76710de81f3c5d79b8519ebbf855737473a4be66a36ac22a69f8869e1cfbe68a9718f1783be9107

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b0fdb083bc3e3ccdb00102cf86e14898

SHA1
e985520cdc8a7e61de7ee677360b3db8709ea880

SHA256
5cfed97cccb33f1a1eb609cbbf66684f207219a21fdf8146fc03712b50b8a211

SHA512
32f1f4ac4e84c0e13d4bfd37d95be2d0b541f81e778775a3f41e826bc4d59b6cd94842a2d17f9825c778cb2aec3a4a3bff312f17a7e658cbd36dce264e81e78b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
158KB

MD5
0a2d2cf2437a3942efd349ce06cf1845

SHA1
bf681fe3886cadadf0a431d743e99453645859a1

SHA256
781d14aeb16138ebd6e2ac070d6b258ce16ae97697762d8227058ab13e317e8f

SHA512
c226df9c8217b3fac3719b0e8e1b8b1fa2e138bbc8d6a794ab211fffa1a1344dbe2e47f2833cf5f0840c12c1511d014135e52f054c330af964e5afa9f9d1d1ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6CI3IN3W\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\Windows\3720402701\2219095117.pri

Filesize
207KB

MD5
e2b88765ee31470114e866d939a8f2c6

SHA1
e0a53b8511186ff308a0507b6304fb16cabd4e1f

SHA256
523e419d2fa2e780239812d36caa37e92f8c3e6a5cd9f18f0d807c593effa45e

SHA512
462e8e6b4e63fc6781b6a9935b332a1dc77bfb88e1de49134f86fd46bd1598d2e842902dd9415a328e325bd7cdee766bd9473f2695acdfa769ffe7ba9ae1953d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\DJL8O6IJ\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\VG8HJRNL\Favicon_EdgeStart[1].ico

Filesize
33KB

MD5
7fb4a1f2d92cec689e785fd076ae7281

SHA1
f3477f75f8d14dd3bcf5f50176f8cdfdcd3944f5

SHA256
8ffb08e22d8848b0dc64e13ef43a5db913a3b4c112f67b0346f1508f2811aeb1

SHA512
bfc68283080028dd1b93bf28600f2abd8cb3c375c6433649972485e027b6d72e81535221ff2c89c2e5b255dc24ef3a1db28129a95eb872f236ca624f1ca9d02c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\VG8HJRNL\favicon[1].png

Filesize
7KB

MD5
9e3fe8db4c9f34d785a3064c7123a480

SHA1
0f77f9aa982c19665c642fa9b56b9b20c44983b6

SHA256
4d755ac02a070a1b4bb1b6f1c88ab493440109a8ac1e314aaced92f94cdc98e9

SHA512
20d8b416bd34f3d80a77305c6fcd597e9c2d92ab1db3f46ec5ac84f5cc6fb55dfcdccd03ffdc5d5de146d0add6d19064662ac3c83a852f3be8b8f650998828d1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\560cyam\imagestore.dat

Filesize
42KB

MD5
2dd884a24743f1ff0a1e7adba30a855b

SHA1
a32edae2265ccdfcee997f53cab72f84ee42eea5

SHA256
b4af6fd2c9a8b6b9005a8f2e353c5dbd368075727f6921e2d60a6f1992c2f4d9

SHA512
6bd2c41f24fd822ea628498c1e63d88632fdaa96d83580300a1b1fdd51ebbf17a096459e1706e0955de20d12ab819551e54b3457dc77ab1d55ab68f51b999256

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
f7dcb24540769805e5bb30d193944dce

SHA1
e26c583c562293356794937d9e2e6155d15449ee

SHA256
6b88c6ac55bbd6fea0ebe5a760d1ad2cfce251c59d0151a1400701cb927e36ea

SHA512
cb5ad678b0ef642bf492f32079fe77e8be20c02de267f04b545df346b25f3e4eb98bb568c4c2c483bb88f7d1826863cb515b570d620766e52476c8ee2931ea94

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ga0kxdn0.exr.ps1

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
memory/1176-673-0x000001E8C1ED0000-0x000001E8C1EE0000-memory.dmp

Filesize
64KB

Download
memory/1176-634-0x000001E8DA1B0000-0x000001E8DA1D2000-memory.dmp

Filesize
136KB

Download
memory/1176-661-0x000001E8DA760000-0x000001E8DA79C000-memory.dmp

Filesize
240KB

Download
memory/1176-672-0x000001E8DA820000-0x000001E8DA896000-memory.dmp

Filesize
472KB

Download
memory/1176-674-0x000001E8C1ED0000-0x000001E8C1EE0000-memory.dmp

Filesize
64KB

Download
memory/1176-679-0x000001E8C1ED0000-0x000001E8C1EE0000-memory.dmp

Filesize
64KB

Download
memory/1176-680-0x000001E8C1ED0000-0x000001E8C1EE0000-memory.dmp

Filesize
64KB

Download
memory/1308-476-0x000002546F870000-0x000002546F872000-memory.dmp

Filesize
8KB

Download
memory/1308-340-0x000002545C1F0000-0x000002545C1F2000-memory.dmp

Filesize
8KB

Download
memory/1308-330-0x000002545C1A0000-0x000002545C1A2000-memory.dmp

Filesize
8KB

Download
memory/1308-338-0x000002545C1D0000-0x000002545C1D2000-memory.dmp

Filesize
8KB

Download
memory/1308-480-0x000002546F8D0000-0x000002546F8D2000-memory.dmp

Filesize
8KB

Download
memory/1308-485-0x000002546F8F0000-0x000002546F8F2000-memory.dmp

Filesize
8KB

Download
memory/2692-419-0x0000026330750000-0x0000026330770000-memory.dmp

Filesize
128KB

Download
memory/2692-564-0x0000026330D00000-0x0000026330E00000-memory.dmp

Filesize
1024KB

Download
memory/2692-389-0x0000026330D00000-0x0000026330E00000-memory.dmp

Filesize
1024KB

Download
memory/2692-392-0x0000026331100000-0x0000026331120000-memory.dmp

Filesize
128KB

Download
memory/4296-515-0x00000142716E0000-0x00000142716E1000-memory.dmp

Filesize
4KB

Download
memory/4296-513-0x00000142716D0000-0x00000142716D1000-memory.dmp

Filesize
4KB

Download
memory/4296-295-0x000001426E7A0000-0x000001426E7A2000-memory.dmp

Filesize
8KB

Download
memory/4296-294-0x000001426E770000-0x000001426E772000-memory.dmp

Filesize
8KB

Download
memory/4296-292-0x000001426A0E0000-0x000001426A0E2000-memory.dmp

Filesize
8KB

Download
memory/4296-290-0x000001426A090000-0x000001426A091000-memory.dmp

Filesize
4KB

Download
memory/4296-271-0x000001426A440000-0x000001426A450000-memory.dmp

Filesize
64KB

Download
memory/4296-253-0x0000014269E00000-0x0000014269E10000-memory.dmp

Filesize
64KB

Download