hxxps://www[.]dropbox[.]com/s/zj7cz5633tszjk3/Zafiro%20EA%20MFF%20v1[.]13%20%2B%20Zafiro%20EA%20FTMO%20v1[.]13[.]zip?dl=0

max time kernel
153s
max time network
148s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
08-06-2023 11:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.dropbox.com/s/zj7cz5633tszjk3/Zafiro%20EA%20MFF%20v1.13%20%2B%20Zafiro%20EA%20FTMO%20v1.13.zip?dl=0

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\LastClosedWidth = "800"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\MigrationTime = 3df8bf635a45d901	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Discuz!	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\Certificates\83DA05A9886F7658	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\Favorites\Order = 0c0000000a000000000000000c0000000100000000000000	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = 01000000daff9eca3487cddb1c1d479a57d77a6cba34eee18878983e2999fc2d4f73575ae330a1851f14e5d27416269d1e0b8f8929389f7b858d166c83f8533b9273ecd79ecef0eb075a08a0bae40566e28e9242a6d706616d551f618bd9	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscc_inventory\Extension = "{050C140D-E184-4934-AEDF-7CA0D73DE7B4}"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscc_inventory\Extension	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CacheLimit = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\NextUpdateDate = "393038332"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 06f194d9fe99d901	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url5 = "https://twitter.com/"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Roaming	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url3 = "https://signin.ebay.com/ws/ebayisapi.dll"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ReadingMode\SettingsVersion = "2"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\DatastoreSchemaVersion = "8"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url1 = "https://www.facebook.com/"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$MediaWiki	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$blogger	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = b3a8f8d3fe99d901	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Telligent	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\DatabaseComplete = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\InternetRegistry	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 04f6ece8fe99d901	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust	MicrosoftEdge.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
396	powershell.exe
396	powershell.exe
396	powershell.exe

Suspicious behavior: MapViewOfSection 4 IoCs

pid	Process
4604	MicrosoftEdgeCP.exe
4604	MicrosoftEdgeCP.exe
4604	MicrosoftEdgeCP.exe
4604	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 12 IoCs

description	pid	Process
Token: SeDebugPrivilege	396	powershell.exe
Token: SeDebugPrivilege	3712	MicrosoftEdge.exe
Token: SeDebugPrivilege	3712	MicrosoftEdge.exe
Token: SeDebugPrivilege	3712	MicrosoftEdge.exe
Token: SeDebugPrivilege	3712	MicrosoftEdge.exe
Token: SeDebugPrivilege	5008	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	5008	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	5008	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	5008	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1088	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1088	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3712	MicrosoftEdge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3712	MicrosoftEdge.exe
4604	MicrosoftEdgeCP.exe
4604	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4604 wrote to memory of 5008	4604	MicrosoftEdgeCP.exe	71
PID 4604 wrote to memory of 5008	4604	MicrosoftEdgeCP.exe	71
PID 4604 wrote to memory of 5008	4604	MicrosoftEdgeCP.exe	71
PID 4604 wrote to memory of 2060	4604	MicrosoftEdgeCP.exe	74
PID 4604 wrote to memory of 2060	4604	MicrosoftEdgeCP.exe	74
PID 4604 wrote to memory of 2060	4604	MicrosoftEdgeCP.exe	74

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell start shell:Appsfolder\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge https://www.dropbox.com/s/zj7cz5633tszjk3/Zafiro%20EA%20MFF%20v1.13%20%2B%20Zafiro%20EA%20FTMO%20v1.13.zip?dl=0
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:396

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3712

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:4760

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4604

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:5008

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1088

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2060

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:3540

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
f7dcb24540769805e5bb30d193944dce

SHA1
e26c583c562293356794937d9e2e6155d15449ee

SHA256
6b88c6ac55bbd6fea0ebe5a760d1ad2cfce251c59d0151a1400701cb927e36ea

SHA512
cb5ad678b0ef642bf492f32079fe77e8be20c02de267f04b545df346b25f3e4eb98bb568c4c2c483bb88f7d1826863cb515b570d620766e52476c8ee2931ea94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6FGHNCOX\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0NE3YRXG\c_browser_cookies-vflATv5ul[1].js

Filesize
2KB

MD5
013bf9ba569afdca42767633b4cfb7cb

SHA1
ae23f473930c0c1a062ff8dc95037cb929db1d34

SHA256
c4e37461074e8dcf396d4e2654aacef46b2c5ecd83c17c752c03e0ec86d8cbfe

SHA512
21bdc14638ecb8ba386b7a9c4964c5cdc83c2ddc85dcf1ee495f829389cf7216b726d7f6bf3e31b76503640d4ad004436036a6fd5b5ff4f6180708256c0f4154

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0NE3YRXG\c_core_xhr-vflbuoj7D[1].js

Filesize
634B

MD5
6eea23ec326f71a67807ea90cb1bbd09

SHA1
36543071ffc75af1672aab92f292c4b21da97a5e

SHA256
caffe2f247a8aa3c753a5fbaed5f2b505ab4367a08fad4c6a8004a306e7c4e5a

SHA512
9a5111eb3f54b4e472ac1d48ff1e4ad1a9a5fc80d51fd6c523c82d46ec7005932e53db68e06e8014944e689590a382450ccbf325f1542496f40639ed446028bd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0NE3YRXG\c_csrf-vflIk5-YD[1].js

Filesize
413B

MD5
224e7e6037eadec11bb80467d8e2d249

SHA1
d76eacd56e1a7ce044813b79eebfa9524fcf8c04

SHA256
5fc92785b01505a66eb99f814cd949fd8007b0d3dfdbf58567982586fa24e62d

SHA512
dc6d7688c06fac70360a8014ef6940d5372b76b1cc7a76c8c454458d3f4c349805a733e77daeffe2d7bd566fd82082d0594040a2e3439056deca11fb17383b0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0NE3YRXG\e_edison-vflsEQ4-c[1].js

Filesize
172KB

MD5
b04438f9c3f204f294c1a74aabee67f4

SHA1
15b0385aafa71c9f29d0d841a4350c68564d6fbd

SHA256
a870baf6ebc979ff0ce43fad59a98f1279e99a94ce3b44d29abd453c9763b6c7

SHA512
1706a85a37caa66747d768864305018c3853ce04f7cff26df38603006b304382a92bd168439a5cc663257a6ca27c730b41f396f58578433d0621e982e708c261

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0NE3YRXG\e_edison_init_edison_page-vflU1dCND[1].js

Filesize
993B

MD5
535742343838dd89421e371a25469632

SHA1
335a3d556bc85c0348b3e3b5321f5bd6e4f24705

SHA256
6f00f3f66a9d8513a4d7c005d9da26f76ddccd7373d483fe0d341d150cab8de7

SHA512
8f3c2567452749abf17e281f80c5976b747a9c8839d1f8b8daff8dc2d13a84df3774459b64402593548657f41acde0a44422dbe66478a3cde6d1706b73ea5c33

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KTV6GLQM\Zafiro%20EA%20MFF%20v1.13%20+%20Zafiro%20EA%20FTMO%20v1.13[2].htm

Filesize
129KB

MD5
d57972088d39e1a0149650209125d388

SHA1
b0dde5b37520dd6abb5e5dafb9cc86de9809aeb8

SHA256
3ae2506b9fed939ebc13893567acd5f8d07cf9af26c905f6b0e87f7d0a7f7255

SHA512
4abbce1501dcfb3baa77169908ea9a4a4ba1241345d07b81c8aadde4adb3cf9d033d2325937569d35cbbb60b71b0339cffde3bb17916f634cee3a47007e1cd27

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KTV6GLQM\e_core_exception_reporter-vfl5Rj62J[1].js

Filesize
1KB

MD5
e518fad891da17f58d4dad12af4ad40e

SHA1
473a3356a006ec44d3a0e2c91a6f9bcddf88eb24

SHA256
c48f638d3d4d373393cfe528f79dab002a6a390a34a38271f0e8b936ecda33aa

SHA512
c079ae867add7078899dddebe8ed36ce70242cc3af9812f157e3e63da5937eeb6b3f0c8b0a9493911ffe3eff3c2a3f26f57cd8114fb60612824dbd8c4934fa24

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KTV6GLQM\e_file_viewer_edison_shmodel_file-vflEsRvKS[1].js

Filesize
2.5MB

MD5
12c46f2923edd9fe1c32f3a1df3171db

SHA1
2491f46d5cfcf17a9bb4dff0a1523792ad4868e3

SHA256
ebf8e84fef62d5bc51fc9db8036d1bdfc78c273c1eb733b30a303f5e5521f9d7

SHA512
9f6538dcc340dc6118aaec05973d13c635d3fa12eb6457749d101cdf171b18a08d74b0beb27c241fb3fd7ebf36f827ea3fd94a50bda0ad775d148470d38f502b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M6S0YJAF\c_core_exception_info-vfl6y1Atd[1].js

Filesize
11KB

MD5
eb2d40b5dbf23e2c5c9123bcbe6607e8

SHA1
7ed8452ee8656c96a7e3ef3cfe34e8f85fc2e074

SHA256
0aca6b9d75eb96b10aa77310af7b38d002eae436d4266ca0fab77dc508153575

SHA512
bb6d409c1062ce8f00db8269bf814362578ac1e95645757634a98d5c8a64bd8dc89f87025ed34cab6c57d00caccdcf906f954cbf89eb57a834132c8decc0442a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M6S0YJAF\c_tslib-vflQeC0wS[1].js

Filesize
1KB

MD5
41e0b4c12ca5a0f50fb1e1970ee541d8

SHA1
0b31fb936a25c83a9920b9fe83a804076c7e9584

SHA256
6e55a17b891940a4029737ff5f47401da0ab044cf71dd2ffc3824029db096986

SHA512
2223d7b9663229ba1da45b6b8142c34fc13e84732ab40c95e2a1d41cad3c6700e4738c85a472b73bed76ec46ca995d11794084c8564e448fae2edb5fcb59057d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZBKP1W2N\alameda_bundle_ie_en-vflDZdWUo[1].js

Filesize
496KB

MD5
0d97565283f419c8329fc5dbf8a3065f

SHA1
482c9af12f2ea7b1ef0eeddb6f558b0571da5dbd

SHA256
e9d91eb3119a89b9e940b927fc8b95ae817fec28bc5586c1657fcc1d63e79bc6

SHA512
be2cb87e176614c8010f5d7c7b713f728bb9fc1679b12ddbf12bf20e1fbd37ad89cf871b59df57923e40124f226c362037725c7c7bc5090845b216b165570cb5

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZBKP1W2N\c__commonjsHelpers-vfl8VUhv3[1].js

Filesize
904B

MD5
f15521bf77f77aa68e795760b69488b0

SHA1
b7ab97556ff4db8768f73d226da320d499e1c120

SHA256
132810279f81a250089f37c10d1d08ce0a795938db48b6c5d1432d22e5b190ea

SHA512
ad4b2b0e92f7a4f58fbf112f571415311a1ae9207e6e12449e00914f5f384ebef0630d2b5bb484f48e044172bdad6d16b09aebbd94199a678a1f2d2733d7e228

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZBKP1W2N\c_apex-metrics_src_types-vflrxqU55[1].js

Filesize
80KB

MD5
af1a94e7983cc2baf64c947fa21195c4

SHA1
2de5fa0622b6686ebfef8489531bb815b2a14f2f

SHA256
9e21d421807d4ac0c2ab936d6690ba47e57d9fe3b1d0af4c2f64ec4dd87e52be

SHA512
c9da49f90212c1ffcfd09ffac4fb709359c642e02b5af2a80991510055cfd34c39c76da352b85e4702522bbd3c336394009731390564dffe7dad39db9b9feccc

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\I9TL60GY\favicon[1].ico

Filesize
4KB

MD5
f25511f4158c2dfab6aa11a07d026e4a

SHA1
99f63cf1694fa5e52f43eb967462ea0d9eef7513

SHA256
c0906d540d89dbe1f09b24f17b7f35b81350e8d381c1558b075c28ea913c450d

SHA512
0bfb19aec453a1c4d4b8f39602bf8bbf0a98182a98e29e1e1708eabfd99e3168855994a56061ed462c29b099137c226e25ddd274b46ed2f443c2c515a530b731

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\VUOX52YC\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\edb.chk

Filesize
8KB

MD5
c40ba6d597f06eb57aeced14e9c494be

SHA1
61a0cb7f46f1369ff5e2c7f5b1629f76b3908377

SHA256
51f348a80e813da3ca471452480255dc5ed822b9574dbf21b53f80e2fc7a4feb

SHA512
dff534a3d75349be21251b66c771d8da92bb442341b6a6877c7be93a5eb291fb9434e60793d50d8f664e732ed497e0505d6b6fc22220479d2b246b2e3f5e7b3f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\Windows\3720402701\2219095117.pri

Filesize
207KB

MD5
e2b88765ee31470114e866d939a8f2c6

SHA1
e0a53b8511186ff308a0507b6304fb16cabd4e1f

SHA256
523e419d2fa2e780239812d36caa37e92f8c3e6a5cd9f18f0d807c593effa45e

SHA512
462e8e6b4e63fc6781b6a9935b332a1dc77bfb88e1de49134f86fd46bd1598d2e842902dd9415a328e325bd7cdee766bd9473f2695acdfa769ffe7ba9ae1953d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0NE3YRXG\c_browser_cookies-vflATv5ul[1].js

Filesize
2KB

MD5
013bf9ba569afdca42767633b4cfb7cb

SHA1
ae23f473930c0c1a062ff8dc95037cb929db1d34

SHA256
c4e37461074e8dcf396d4e2654aacef46b2c5ecd83c17c752c03e0ec86d8cbfe

SHA512
21bdc14638ecb8ba386b7a9c4964c5cdc83c2ddc85dcf1ee495f829389cf7216b726d7f6bf3e31b76503640d4ad004436036a6fd5b5ff4f6180708256c0f4154

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0NE3YRXG\c_core_xhr-vflbuoj7D[1].js

Filesize
634B

MD5
6eea23ec326f71a67807ea90cb1bbd09

SHA1
36543071ffc75af1672aab92f292c4b21da97a5e

SHA256
caffe2f247a8aa3c753a5fbaed5f2b505ab4367a08fad4c6a8004a306e7c4e5a

SHA512
9a5111eb3f54b4e472ac1d48ff1e4ad1a9a5fc80d51fd6c523c82d46ec7005932e53db68e06e8014944e689590a382450ccbf325f1542496f40639ed446028bd

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0NE3YRXG\c_csrf-vflIk5-YD[1].js

Filesize
413B

MD5
224e7e6037eadec11bb80467d8e2d249

SHA1
d76eacd56e1a7ce044813b79eebfa9524fcf8c04

SHA256
5fc92785b01505a66eb99f814cd949fd8007b0d3dfdbf58567982586fa24e62d

SHA512
dc6d7688c06fac70360a8014ef6940d5372b76b1cc7a76c8c454458d3f4c349805a733e77daeffe2d7bd566fd82082d0594040a2e3439056deca11fb17383b0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0NE3YRXG\e_edison-vflsEQ4-c[1].js

Filesize
172KB

MD5
b04438f9c3f204f294c1a74aabee67f4

SHA1
15b0385aafa71c9f29d0d841a4350c68564d6fbd

SHA256
a870baf6ebc979ff0ce43fad59a98f1279e99a94ce3b44d29abd453c9763b6c7

SHA512
1706a85a37caa66747d768864305018c3853ce04f7cff26df38603006b304382a92bd168439a5cc663257a6ca27c730b41f396f58578433d0621e982e708c261

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0NE3YRXG\e_edison_init_edison_page-vflU1dCND[1].js

Filesize
993B

MD5
535742343838dd89421e371a25469632

SHA1
335a3d556bc85c0348b3e3b5321f5bd6e4f24705

SHA256
6f00f3f66a9d8513a4d7c005d9da26f76ddccd7373d483fe0d341d150cab8de7

SHA512
8f3c2567452749abf17e281f80c5976b747a9c8839d1f8b8daff8dc2d13a84df3774459b64402593548657f41acde0a44422dbe66478a3cde6d1706b73ea5c33

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KTV6GLQM\e_core_exception_reporter-vfl5Rj62J[1].js

Filesize
1KB

MD5
e518fad891da17f58d4dad12af4ad40e

SHA1
473a3356a006ec44d3a0e2c91a6f9bcddf88eb24

SHA256
c48f638d3d4d373393cfe528f79dab002a6a390a34a38271f0e8b936ecda33aa

SHA512
c079ae867add7078899dddebe8ed36ce70242cc3af9812f157e3e63da5937eeb6b3f0c8b0a9493911ffe3eff3c2a3f26f57cd8114fb60612824dbd8c4934fa24

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KTV6GLQM\e_file_viewer_edison_shmodel_file-vflEsRvKS[1].js

Filesize
2.5MB

MD5
12c46f2923edd9fe1c32f3a1df3171db

SHA1
2491f46d5cfcf17a9bb4dff0a1523792ad4868e3

SHA256
ebf8e84fef62d5bc51fc9db8036d1bdfc78c273c1eb733b30a303f5e5521f9d7

SHA512
9f6538dcc340dc6118aaec05973d13c635d3fa12eb6457749d101cdf171b18a08d74b0beb27c241fb3fd7ebf36f827ea3fd94a50bda0ad775d148470d38f502b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M6S0YJAF\c_core_exception_info-vfl6y1Atd[1].js

Filesize
11KB

MD5
eb2d40b5dbf23e2c5c9123bcbe6607e8

SHA1
7ed8452ee8656c96a7e3ef3cfe34e8f85fc2e074

SHA256
0aca6b9d75eb96b10aa77310af7b38d002eae436d4266ca0fab77dc508153575

SHA512
bb6d409c1062ce8f00db8269bf814362578ac1e95645757634a98d5c8a64bd8dc89f87025ed34cab6c57d00caccdcf906f954cbf89eb57a834132c8decc0442a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M6S0YJAF\c_tslib-vflQeC0wS[1].js

Filesize
1KB

MD5
41e0b4c12ca5a0f50fb1e1970ee541d8

SHA1
0b31fb936a25c83a9920b9fe83a804076c7e9584

SHA256
6e55a17b891940a4029737ff5f47401da0ab044cf71dd2ffc3824029db096986

SHA512
2223d7b9663229ba1da45b6b8142c34fc13e84732ab40c95e2a1d41cad3c6700e4738c85a472b73bed76ec46ca995d11794084c8564e448fae2edb5fcb59057d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZBKP1W2N\alameda_bundle_ie_en-vflDZdWUo[1].js

Filesize
496KB

MD5
0d97565283f419c8329fc5dbf8a3065f

SHA1
482c9af12f2ea7b1ef0eeddb6f558b0571da5dbd

SHA256
e9d91eb3119a89b9e940b927fc8b95ae817fec28bc5586c1657fcc1d63e79bc6

SHA512
be2cb87e176614c8010f5d7c7b713f728bb9fc1679b12ddbf12bf20e1fbd37ad89cf871b59df57923e40124f226c362037725c7c7bc5090845b216b165570cb5

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZBKP1W2N\c__commonjsHelpers-vfl8VUhv3[1].js

Filesize
904B

MD5
f15521bf77f77aa68e795760b69488b0

SHA1
b7ab97556ff4db8768f73d226da320d499e1c120

SHA256
132810279f81a250089f37c10d1d08ce0a795938db48b6c5d1432d22e5b190ea

SHA512
ad4b2b0e92f7a4f58fbf112f571415311a1ae9207e6e12449e00914f5f384ebef0630d2b5bb484f48e044172bdad6d16b09aebbd94199a678a1f2d2733d7e228

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZBKP1W2N\c_apex-metrics_src_types-vflrxqU55[1].js

Filesize
80KB

MD5
af1a94e7983cc2baf64c947fa21195c4

SHA1
2de5fa0622b6686ebfef8489531bb815b2a14f2f

SHA256
9e21d421807d4ac0c2ab936d6690ba47e57d9fe3b1d0af4c2f64ec4dd87e52be

SHA512
c9da49f90212c1ffcfd09ffac4fb709359c642e02b5af2a80991510055cfd34c39c76da352b85e4702522bbd3c336394009731390564dffe7dad39db9b9feccc

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
5f0490003c5a7c8d2ab10371c792caff

SHA1
f27f238e4f83831ec9c1ad7dd62342189188d713

SHA256
457079bec957558ed1ff45019da2986cbd1baae8eaf81a6ed364258c41e88505

SHA512
15ee2ab4ec50637d9f779a955937a09e07a977792d1380d7166431754817ea543cef7a3fff139dcf96cf4160600e24c768440f24f73e1e3f24317986d7be8d43

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E573CDF4C6D731D56A665145182FD759_0CEBF833D8869122FFACBB9972787B0D

Filesize
471B

MD5
59c94ce4f1a1d8fdc2466fd2d874c914

SHA1
55bd60f674601bf05ba8a9fa349847b63ca92cd6

SHA256
2f2a008b04856ea8c7b686477f55c0c632149145cd9da97ef1107606737a3eb4

SHA512
718e9dff6871c80f082fee281766600df7ef9ebef62c1a4f02524ad277effa74092018c51f2f017c000dc780635c2a84e979dcd1d77cfa3841a7eaaedb684802

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
400B

MD5
6e54410298c54953c5ca0da85dea58c8

SHA1
42d413ed77dd2c4052525b53a2c6a96de7867fa5

SHA256
16ebd9926fcdb16ffcdd6f2af265e82d2713265c59ac5ec6e96e37c6e8588dc5

SHA512
7c0ef581ece0dc4901f749f0265f945977981cc6a57a587596ec457415717242f7e46640f847702406f29dadb81982bc32ed197a8ef5d75358ab84a39f5a0921

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E573CDF4C6D731D56A665145182FD759_0CEBF833D8869122FFACBB9972787B0D

Filesize
400B

MD5
ae116bea559d1a6146c8dc31ea6f7854

SHA1
7362d56f981a4275190443111dec4407feea18bb

SHA256
beaef69acbc98c3315cf1f843260a9450b82557e51c76f13bb4cd08de1b01e83

SHA512
5fb45829f02530f4ee525114d3ad0e207c7573486884e3a0da24b53685343bab6c6484225b80babffd4c378958f72e3daa90f07e9ce81600417984e2401a5e9d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\Windows\3720402701\2219095117.pri

Filesize
207KB

MD5
e2b88765ee31470114e866d939a8f2c6

SHA1
e0a53b8511186ff308a0507b6304fb16cabd4e1f

SHA256
523e419d2fa2e780239812d36caa37e92f8c3e6a5cd9f18f0d807c593effa45e

SHA512
462e8e6b4e63fc6781b6a9935b332a1dc77bfb88e1de49134f86fd46bd1598d2e842902dd9415a328e325bd7cdee766bd9473f2695acdfa769ffe7ba9ae1953d

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_2ep5rdpr.p1w.ps1

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
memory/396-120-0x000001E557650000-0x000001E557672000-memory.dmp

Filesize
136KB

Download
memory/396-123-0x000001E56FD80000-0x000001E56FDF6000-memory.dmp

Filesize
472KB

Download
memory/396-124-0x000001E5575E0000-0x000001E5575F0000-memory.dmp

Filesize
64KB

Download
memory/396-125-0x000001E5575E0000-0x000001E5575F0000-memory.dmp

Filesize
64KB

Download
memory/2060-461-0x0000022C7C000000-0x0000022C7C100000-memory.dmp

Filesize
1024KB

Download
memory/2060-336-0x00007FFEC3B93000-0x00007FFEC3B94000-memory.dmp

Filesize
4KB

Download
memory/2060-495-0x0000022C7B740000-0x0000022C7B760000-memory.dmp

Filesize
128KB

Download
memory/3712-171-0x000001C2C5A20000-0x000001C2C5A30000-memory.dmp

Filesize
64KB

Download
memory/3712-300-0x000001C2CBE80000-0x000001C2CBE81000-memory.dmp

Filesize
4KB

Download
memory/3712-645-0x000001C2C5BA0000-0x000001C2C5BA1000-memory.dmp

Filesize
4KB

Download
memory/3712-641-0x000001C2CA200000-0x000001C2CA201000-memory.dmp

Filesize
4KB

Download
memory/3712-634-0x000001C2CA250000-0x000001C2CA252000-memory.dmp

Filesize
8KB

Download
memory/3712-299-0x000001C2CBE70000-0x000001C2CBE71000-memory.dmp

Filesize
4KB

Download
memory/3712-195-0x000001C2CA8C0000-0x000001C2CA8C2000-memory.dmp

Filesize
8KB

Download
memory/3712-194-0x000001C2CA890000-0x000001C2CA892000-memory.dmp

Filesize
8KB

Download
memory/3712-192-0x000001C2CA230000-0x000001C2CA232000-memory.dmp

Filesize
8KB

Download
memory/3712-190-0x000001C2CA200000-0x000001C2CA201000-memory.dmp

Filesize
4KB

Download
memory/3712-153-0x000001C2C5820000-0x000001C2C5830000-memory.dmp

Filesize
64KB

Download
memory/5008-393-0x000001A8693C0000-0x000001A8693E0000-memory.dmp

Filesize
128KB

Download
memory/5008-235-0x000001A867280000-0x000001A8672A0000-memory.dmp

Filesize
128KB

Download
memory/5008-230-0x000001A867F00000-0x000001A868000000-memory.dmp

Filesize
1024KB

Download
memory/5008-367-0x000001A867B00000-0x000001A867C00000-memory.dmp

Filesize
1024KB

Download
memory/5008-218-0x000001A866CE0000-0x000001A866CE2000-memory.dmp

Filesize
8KB

Download
memory/5008-220-0x000001A866E00000-0x000001A866E02000-memory.dmp

Filesize
8KB

Download
memory/5008-368-0x000001A856450000-0x000001A856550000-memory.dmp

Filesize
1024KB

Download
memory/5008-222-0x000001A866EC0000-0x000001A866EC2000-memory.dmp

Filesize
8KB

Download