091833fb986ac8a78a9a33ae7852d2b02d510348bdcb915d4e2e51a6de27f64a

Analysis

max time kernel
1800s
max time network
1599s
platform
windows10-1703_x64
resource
win10-20230703-en
resource tags

arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
submitted
22-08-2023 10:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MMLo7 Rat.exe
Size

2.8MB
MD5

2dc24c81438806bd03b492b9a3f3c55c
SHA1

1b62f6d53570d7cd3c8d04e6ea7e349b5de5cc89
SHA256

3edd74d68dd78681ed9eae3973ee2fb878c60e6e24dfa313ea2b4547008b1149
SHA512

f03ef03ffd926c35a6c88be065a8b6174af323a9fc633fc8d0c1ee55bf8b2eb5ef824d9c9feda21104dd10ff7f0d8d0660e9d4ba0cd8a932dd5d8e342f023ce1
SSDEEP

49152:cTtjEoXzJndn324ktdDyXqimfg9vdsIvQBLjEWdK/EEj8iG/MRmJ:stnXzJ12lDyXJMsvGs8Ljc7oRR

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Drops file in Windows directory 5 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotnet.microsoft.com\ = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{81EE8C21-F198-481D-8F71-7D112DD54C7A} = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = fe8030c5e1d4d901	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 888876ace1d4d901	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListFirstRun = "3"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotnet.microsoft.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com\Total = "124"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "395205405"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 4	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com\NumberOfSubdom = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "268435456"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\MrtCache	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\NextPromptBuild = "15063"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = bc3111c0e1d4d901	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "124"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 5d1d4eb0e1d4d901	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotnet.microsoft.com	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Discuz!	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 1e3b84aae1d4d901	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\Certificates\83DA05A9886F7658	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\NextUpdateDate = "399550368"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\NextUpdateDate = "399489807"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 0000000000000000	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\microsoft.com\Total = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2767205360-3565838719-3800013281-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe

Suspicious behavior: MapViewOfSection 6 IoCs

pid	Process
3468	MicrosoftEdgeCP.exe
3468	MicrosoftEdgeCP.exe
3468	MicrosoftEdgeCP.exe
3468	MicrosoftEdgeCP.exe
3468	MicrosoftEdgeCP.exe
3468	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	1288	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1288	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1288	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1288	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1356	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1356	MicrosoftEdgeCP.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
5008	MicrosoftEdge.exe
3468	MicrosoftEdgeCP.exe
1288	MicrosoftEdgeCP.exe
3468	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 3468 wrote to memory of 4156	3468	MicrosoftEdgeCP.exe	73
PID 3468 wrote to memory of 4156	3468	MicrosoftEdgeCP.exe	73
PID 3468 wrote to memory of 4156	3468	MicrosoftEdgeCP.exe	73
PID 3468 wrote to memory of 4156	3468	MicrosoftEdgeCP.exe	73
PID 3468 wrote to memory of 4156	3468	MicrosoftEdgeCP.exe	73
PID 3468 wrote to memory of 4156	3468	MicrosoftEdgeCP.exe	73
PID 3468 wrote to memory of 4156	3468	MicrosoftEdgeCP.exe	73
PID 3468 wrote to memory of 4256	3468	MicrosoftEdgeCP.exe	74
PID 3468 wrote to memory of 4256	3468	MicrosoftEdgeCP.exe	74
PID 3468 wrote to memory of 4256	3468	MicrosoftEdgeCP.exe	74
PID 3468 wrote to memory of 4256	3468	MicrosoftEdgeCP.exe	74
PID 3468 wrote to memory of 4256	3468	MicrosoftEdgeCP.exe	74
PID 3468 wrote to memory of 4256	3468	MicrosoftEdgeCP.exe	74
PID 3468 wrote to memory of 4256	3468	MicrosoftEdgeCP.exe	74
PID 3468 wrote to memory of 4256	3468	MicrosoftEdgeCP.exe	74
PID 3468 wrote to memory of 4256	3468	MicrosoftEdgeCP.exe	74
PID 3468 wrote to memory of 4256	3468	MicrosoftEdgeCP.exe	74
PID 3468 wrote to memory of 4256	3468	MicrosoftEdgeCP.exe	74

C:\Users\Admin\AppData\Local\Temp\MMLo7 Rat.exe
"C:\Users\Admin\AppData\Local\Temp\MMLo7 Rat.exe"
1⤵
PID:4968

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5008

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:5028

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3468

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1288

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4156

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4256

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:1356

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:364

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:1012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
f7dcb24540769805e5bb30d193944dce

SHA1
e26c583c562293356794937d9e2e6155d15449ee

SHA256
6b88c6ac55bbd6fea0ebe5a760d1ad2cfce251c59d0151a1400701cb927e36ea

SHA512
cb5ad678b0ef642bf492f32079fe77e8be20c02de267f04b545df346b25f3e4eb98bb568c4c2c483bb88f7d1826863cb515b570d620766e52476c8ee2931ea94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WK479IGQ\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\4BN00RMG\dotnet.microsoft[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\3MII3O9O\favicon[1].ico

Filesize
16KB

MD5
12e3dac858061d088023b2bd48e2fa96

SHA1
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5

SHA256
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

SHA512
c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\SP591NHY\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\bu6pqk6\imagestore.dat

Filesize
25KB

MD5
3bd6643485c77da7490100f4487e1ead

SHA1
7c66579a1599b3a2d454151b2a1f7a1d6bd5fc0f

SHA256
fda011493f865a127ff6ba56c031e2c1e0563eaede469911d2840309bee11582

SHA512
88e77b4091dd69e0544916c1810c66d813a7d14fa0746d1ecee5a3ea61c392318eddf110c0229e387d3313f692ced943729ed60cd57e6af466ca553960752906

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\72ZIFNIU\a2-598841[1].js

Filesize
134KB

MD5
1a9b16e1a3ce074d6cab7b6844d49fad

SHA1
98db09786ab9b960ee250adabb301383566f4c1c

SHA256
d794f9bd321156a2a2bb02102ad0bdc09bdc8dedf71ec42683fa53c3725fdd72

SHA512
71a5cbb0b5c11ec80fe0d3ad751c3e7dd0b1fadf641f8c51a8c617048b6ccd80993018dca2e4eac28a2246725c326634eab165d6f3e9eb531aedc3f18fa8ba9a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\72ZIFNIU\cookie-consent.min[1].js

Filesize
986B

MD5
276fadd25103db9ea780c1ab25dd42c8

SHA1
54483dc13e60306f87a0e4a4b16b47ffac51e097

SHA256
c9cb2eed50644985e9f73a6897d05d94b80b8c317ea3bb5524c28a16683a63f5

SHA512
174919bc2b37c379531819d3b2fea5097181b600b68b746afb8c52131db2bc05ac6d6c97821fe35f1c4018fb2b2982dcc1d542c568ed3bf0cff71e32b9408eca

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\72ZIFNIU\main.min[1].js

Filesize
31KB

MD5
c9065bc0ec285de73863234aca0222aa

SHA1
0d5b34b68a84529bda487430980e54422594081b

SHA256
bf98927123b42eb45e6f48a456f1a23b9cdf1e64930ca142e535135dc312277f

SHA512
797c35292a959b996940f5cbb107ada2fac68e4478ffc3ce238a0b6be8b97f10955dcf67760ccf81498b0e2673daa6b35303cc738acc908664a6d4fb58698178

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\72ZIFNIU\open-sans-v34-latin-600[1].woff2

Filesize
16KB

MD5
603c99275486a11982874425a0bc0dd1

SHA1
ffeb62d105d2893d323574407b459fbae8cc90a6

SHA256
4ffc35ac4d5e3f1546a4c1a879f425f090ff3336e0fce31a39ae4973b5e8c127

SHA512
662dc53798ccda65ee972a1bb52959ca5f4c45066c1d500c2476c50ec537cb90a42d474d7dde2bec1ea8c312cc4a46e1d91ffb610130c2dc7914b65aef8a2615

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\72ZIFNIU\space-grotesk-v12-latin-700[1].woff2

Filesize
11KB

MD5
514360ed1b78e71aabe58ecd08f36706

SHA1
1062c179ea2f74b5db67f9d7822c556ed25637dd

SHA256
751851e72654508ca07678c61bdacd91b772d725f531dd8a6f62e6f941e11ecc

SHA512
1827c1a0189570e775bdcd07657e720e0bb27c2157ff46307cba551eaa16822645e388321081eb13cae7f4d024038b5279cff897a4c86c0ecd4428e60a5dac5e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CCP9J60J\74-888e54[1].css

Filesize
167KB

MD5
21d2e4bc29cc9ba690164f896a04c2f3

SHA1
b07f66e6b50916d4a636c2e91f633ac8f63e5b5d

SHA256
47e77d470102641070b066a5a73c34dbd14989f55a3d435efae0fdeaaff3ae6d

SHA512
8432b3b49c14ce2b2787c99f6b5c9d88cf147eb1308b13e01655b39b3677aff4010ec8549ab5100d31391df88a347c58e3b0f22211a48531f418b022b8f9ea11

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CCP9J60J\ai.2.min[1].js

Filesize
119KB

MD5
64f67d69f65f9601e57cc00353e642a9

SHA1
3a6ce649f05f3126800c55925b742f3c7c53d799

SHA256
0d31a69f7ae0d174b9e6054ebedb533ffa1c85de012409db3fc16fcdf9cc525b

SHA512
aaa21424b8663512045e39a68aea50131d952264dba86f7c6d22110e392ac341601e24e698151bc6e60e3733f165e042a35a85ea31a035c5bb866167db1058d9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CCP9J60J\cda-tracker.min[1].js

Filesize
798B

MD5
a3827d5909344f41d270fc8475f7733c

SHA1
bb6cb83e4d2080ee02ea366699f487c7362d4934

SHA256
bcb1104af4aea1ba4be65f0e9669e2f5382df316635226ade340f6dc15f2866a

SHA512
5cbb021d1f0bf0b13583b966ed5bba971b770d3331f062beb2fd75b0d2d380c10bf62db64167f3e3b94f6f5bc05cb160e7d5dae8a5d85d99ed75181040764d18

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CCP9J60J\ms.analytics-web-3.min[1].js

Filesize
137KB

MD5
2db45ed3ba267a1cea2fd88ef86b231a

SHA1
32e087bb7885a1882be6b915a50d7888bcb5402b

SHA256
9e10f4abf1ac62788e57d8672c28545603e9375d988d287b5fa9fe321a9b0972

SHA512
535ab5b943a933b949b81ab4672290c53ce11331479bc926edd2f7f090e3c591013bffab324b557e9fde9765e199081d8dd7b221902a018983bbe5c66fa5674f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CCP9J60J\mwfmdl2-v3.54[1].woff

Filesize
25KB

MD5
d0263dc03be4c393a90bda733c57d6db

SHA1
8a032b6deab53a33234c735133b48518f8643b92

SHA256
22b4df5c33045b645cafa45b04685f4752e471a2e933bff5bf14324d87deee12

SHA512
9511bef269ae0797addf4cd6f2fec4ad0c4a4e06b3e5bf6138c7678a203022ac4818c7d446d154594504c947da3061030e82472d2708149c0709b1a070fdd0e3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CCP9J60J\open-sans-v34-latin-regular[1].woff2

Filesize
16KB

MD5
e43b535855a4ae53bd5b07a6eeb3bf67

SHA1
6507312d9491156036316484bf8dc41e8b52ddd9

SHA256
b34551ae25916c460423b82beb8e0675b27f76a9a2908f18286260fbd6de6681

SHA512
955a4c3ea5df9d2255defc2c40555ac62eeafcc81f6fa688ba5e11a252b3ed59b4275e3e9a72c3f58e66be3a4d0e9952638932fa29eb9075463537910a8e0ce6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FBD7HLWA\RE1Mu3b[1].png

Filesize
3KB

MD5
9f14c20150a003d7ce4de57c298f0fba

SHA1
daa53cf17cc45878a1b153f3c3bf47dc9669d78f

SHA256
112fec798b78aa02e102a724b5cb1990c0f909bc1d8b7b1fa256eab41bbc0960

SHA512
d4f6e49c854e15fe48d6a1f1a03fda93218ab8fcdb2c443668e7df478830831acc2b41daefc25ed38fcc8d96c4401377374fed35c36a5017a11e63c8dae5c487

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FBD7HLWA\alert-promo[1].svg

Filesize
1KB

MD5
b119b49f7f799d680e0ade981c8c36e1

SHA1
b2134ee3d8a4669c4b93225c0b987be0c78b6e6e

SHA256
2dc041b9b132cef3af67e03ba98fa1b72a9e877699e7a1f4277e00556c78ada4

SHA512
c68439e082f0979de042cb8e6ca5fcf08f1debf62133272a8580334867b9a3309a023441ca315b604ab6867ea3b9efa8e8185067e288fd2c46e65a8eaafe2a86

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FBD7HLWA\dotnet-framework-runtime[1].svg

Filesize
42KB

MD5
5aaa8c37cd59979b920cd21c4a50a38d

SHA1
0ee61e3b2d58513b92cf4c6b5114c1beb55539e7

SHA256
db6c6f42e1d56092fb2c3d317968077cb29435139274faefbf4ab7681955bec6

SHA512
0fb4c45db9f29963fce195e79b4e9963e57a50ef0fcab74466d6034834e0099f1f344a8569973d4c1ece05d9b70b5938b42ead4fabaa08de7d24c911df28c235

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FBD7HLWA\open-sans-v34-latin-700[1].woff2

Filesize
15KB

MD5
e45478d4d6f15dafda1f25d9e0fb5fa1

SHA1
52cb490cd0ee4442ede034085cda9652b206f91c

SHA256
d1a17abb1a999842fe425e1a4ace9d90f9c18f3595c21a63d89f0611b90cfd72

SHA512
2ac423249ec837efa35b29705f55a326dee83f727e867269b86005cce144ca8d435f7412bb0bc9babdb9ae17419e4a0314b2923bee6a5acc96c9909e9eb48645

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FBD7HLWA\wcp-consent[1].js

Filesize
272KB

MD5
5f524e20ce61f542125454baf867c47b

SHA1
7e9834fd30dcfd27532ce79165344a438c31d78b

SHA256
c688d3f2135b6b51617a306a0b1a665324402a00a6bceba475881af281503ad9

SHA512
224a6e2961c75be0236140fed3606507bca49eb10cb13f7df2bcfbb3b12ebeced7107de7aa8b2b2bb3fc2aa07cd4f057739735c040ef908381be5bc86e0479b2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WBNPWCBH\alert-info[1].svg

Filesize
726B

MD5
c7db49644f6bf1f50b3190ffba0516ed

SHA1
5bb312a0b6357ccb7e93158ac0f97b4e249e4696

SHA256
2d891fb5984d5f421055da7f5d7e4be525df4c973fdc4366057bc9dfd82ce281

SHA512
9b7f127443d517223a2a2cf6131a777f56aae3cd21dbcc1e87d847a0ad42e8c05a7f13347fec6d4df0582d486a57a9dc0d8121e6ca38371549f53e396cf6463a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WBNPWCBH\analytics.min[1].js

Filesize
892B

MD5
b4a1847f1be996c08716d3b97456d657

SHA1
49113ee2989496eb1858a45ffaa319863d8ccd69

SHA256
8a80172a7d4c7c65ad596f52ecc105d61c0b2b60368277fb4729767f54fec06a

SHA512
b0e4ab27c1db23cbcd13bda3bf488293985d76de6c4f51b2be140c7ca8562a0b8280360b2e628a097f7e5fe94508759aca5bec037a1b3d7a73d2d7d16fb63b93

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WBNPWCBH\bootstrap-custom.min[1].css

Filesize
235KB

MD5
1af400d0fed425de3c569e31923064a4

SHA1
43d94413ac392eee3e3f047ef50223b9f6fcff0e

SHA256
57a35bb02543854308d9068e2de7265d98c82ce6d914a05e71bbd975daa317f4

SHA512
7c36fe54042f30a408b52a18358bee474ae846273a002227c0e33e0e22fa5f0160803bddcd8dbf8a73d4f3f7f05fe14b73201b876c4b906d241d12231289e2cc

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WBNPWCBH\culture-selector.min[1].js

Filesize
308B

MD5
4147b3bfb0a145eec758f0cb7292cefb

SHA1
8e02467706ce768bc9e68fea2a8d01b49513d631

SHA256
8f6f064a7a80641e434afc35b14fd8a01acda68f2ac01097e7dbbf0623edeb20

SHA512
49a661a2009c172df348aa83b2342f5cfdeea58026710bf139f847c1d9e6728b20a865bb81a980492186b7dd210ed1202c01a38757edfe77a4efa4945cd82477

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WBNPWCBH\general.min[1].js

Filesize
174KB

MD5
0a51551c9a5fe36e372fc39eb9bf0b3a

SHA1
6c76d69df786828afad990a0144b5d27d56e7863

SHA256
124fceae66250916650ffa507fc9c2773714f98580b7110f98d20103cd983794

SHA512
7c1e3542d04731f54ccb0888fd3b30c39e97e01e0980508bee856cf4725aad04e987a629ef23d95b8c264216f1b825c1c58920e34b79800bdcc22e761b85e388

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\BPGT8UOB.cookie

Filesize
279B

MD5
786fa778c323dea9b5ebb65b44746971

SHA1
62a97bbc9e290c783156ac0a65ba69f6cef8e07e

SHA256
8d16e28ced6f9926d2ae6013035290dcc5b9ef9cc320afdaf979afc74faf0e88

SHA512
6e76d3ff5ac2d3800dbcb19fdb57939bd40b6f7fa08506dc0f40d71de210333dbbbf068fcfdf4877c633a0d635382e354c0d7eefea57e468ca791c60a2024565

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\FFV5B22H.cookie

Filesize
405B

MD5
0fa2df30c8931d91d33e6d1a027b0798

SHA1
529c7b191dfa25baa69cd43adab56d6721ab8389

SHA256
cd977d1920fb860fe500a3f7bd5b7b0ed800343f789d385091006bdd5ce189e0

SHA512
b77708c196fac221fb2a149dc3b9e024823b95c58a8c7410438918a8ff346b2dcc8f3c78934b09d5e26d99f87d87303b7067345146d17c962635caeb196b0d86

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\HAK42JZP.cookie

Filesize
560B

MD5
0f053dcf4e4aa3d4ef31c5985cd7dd37

SHA1
5d33658b187cd99522f19060fe5765f2268298cc

SHA256
f8fcaeb146fe73bccb2535eed892eccfbd7661b7ae6c547f0bfded5bd1d25f6b

SHA512
4cd3efd5f4cf097248312bff318dd1a8937e86284a4b0f0e6a592df0707378d8c1a3ca614328c608dd1d448b0d7d9d2cbff56cfacfc40f1d74f694206d00d495

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\K4Y16M5D.cookie

Filesize
560B

MD5
cfb56db2d0a81822c22b98a56daa91f4

SHA1
b332b0b87761b12043ecd6fec6854f3e49df33ec

SHA256
a77448cef050ae3bec064150cf4de5da89dcdd7bcc1234ec9f1c53c98e91272c

SHA512
d9756eb158903b68a08796b4bebe50e138a008a241784886f5ca1ed0145cdf4bf095876c3386613612caea9e71df08215b3fe35e7733015e1e7e3ee4b5a7fb18

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\MUHQ0TXH.cookie

Filesize
560B

MD5
f916c7d075c3df9199ce0a2a3584c368

SHA1
08d474d73d7f0b159e29cf19e633f9c253db4670

SHA256
9fd4fdca3c65915b6b249d051b148e87fc3e698ca3b113ca2feaab00efd89f0a

SHA512
845a933e00ff92ee15e58d57b81e04e761799c17108f361bad3ae3b4b92918b748b7df96cba9c65a93a75332630cf909e3dc1c949700f0f9fcb0f4cc4f1c5a21

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\TVP0PJGG.cookie

Filesize
560B

MD5
559dfbf101aba9dcefd78133d492091d

SHA1
dafac4a4503171d8d5f1fa26f73982d4ff789c6f

SHA256
b68b4441d2558383bd5ee4a9a56859fc21f070cd79f149a94b9972dbfd34c0d3

SHA512
1bd9b052ba3fb1d5de2cebbce9f102f79601ee2968bdba828d1d55d05c3b1eb5f6ed9e2dad52550d5190f9bf9b3fd4c058164949cb32c5c8c75ad6a926d4c626

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\UZJRE7QZ.cookie

Filesize
247B

MD5
ee09b74701cbc3337b7c1c3048f29980

SHA1
2921d7115961ffb74c72ca4c14301b88223cd496

SHA256
f3fb7787689a37175505cf6c726a0fae825fd737d432434625a70994741f4e45

SHA512
73bc4f62932f29b78fc7ed24a55713805711aa83f302dff1dca85ca5d872d7dca58db2faaa15b2eb3a04094975ca6afe76f1341e4bc68d46c02c435f7b7e2102

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VD3YVTHV.cookie

Filesize
405B

MD5
5d8615b0f1ec72771d8950cef252c46c

SHA1
f0720c1970d1c57ba7c8fcc7337673c82903ed1a

SHA256
3c1f625e29dc98fb35691837db8256f9e5dd9fb71afb1f959d71b08d2156bef8

SHA512
06ce995076fd71c3979cd46b2d26774e802c5cbe325f2d6a36f86ad60a65cd4e4b189067694b1f66286f14b1273f295331bf44c4b2fd14ff3c17ecf2b20863f1

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\4BN00RMG\dotnet.microsoft[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\4BN00RMG\dotnet.microsoft[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\4BN00RMG\dotnet.microsoft[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177

Filesize
471B

MD5
d54095ab38491fb77bff59128435468a

SHA1
6aaeba2b1951d905553d172146215a3c38a6e679

SHA256
20036ec0b9149987e6741163646ef1a2e71cde7743f3659241f60f7c30aa47bb

SHA512
c9f9336067630d76d693900e9ac905b7037b760f417bc90c38baaeac1ba0d959f4623fef21111a3f481b56f0aaef262651b3310fbbe751f0f916d25da19fea34

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE

Filesize
471B

MD5
150c58b1542235dfc37e12c2ad858147

SHA1
de8dc75f4f95c8959d87403f21fd424e337b6fef

SHA256
2a2a2faa3320012ea084f9d61e87c41c68ecd8d1de21b0a4dc798c46c2e5a0f6

SHA512
d0eb785cea17f44c413de8af9dd755c3b03a3430cedea0c2cc6bb4575b6c177f0d18b7ebc362b627c0da8e64e06376403b952d773c4fda506e4d396f9c475135

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177

Filesize
412B

MD5
ef6a3a1f2806cd09aad1da75231ada83

SHA1
347677f25207542631351c5e5843938539c1a50c

SHA256
5c2c7184a805fd0552743d8241b14d2b1529f586da63216ba4af3a4812d6a3d1

SHA512
169f6a7a6bafe917950ac6fb60091eee5010bf8bd6c186c889d7dac1b068ebd46eaf937ba7579134e4cb85931de6cb3ac09410caafa18791355033bcdf8c2f3f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE

Filesize
416B

MD5
2b4c16e77e60190d7c544f86aa45e7bc

SHA1
327e3adada0189ff8e56cdcbc8ee91da92b90937

SHA256
eb5aebc9ed5d5e94c2c959fe529aa2ffae8afcdaf48650eccd83de52b927905e

SHA512
f5404933942b0b279c1d52961762a999f6a46c146b13d8db88295001fba736828318d301adf51b8fb0bd41ce7c23d0857c4be9cd1699b08c00b27d99712e9908

Download Submit
memory/4156-330-0x0000010F71E60000-0x0000010F71E62000-memory.dmp

Filesize
8KB

Download
memory/4156-316-0x0000010F718F0000-0x0000010F718F2000-memory.dmp

Filesize
8KB

Download
memory/4156-312-0x0000010F718B0000-0x0000010F718B2000-memory.dmp

Filesize
8KB

Download
memory/4156-314-0x0000010F718D0000-0x0000010F718D2000-memory.dmp

Filesize
8KB

Download
memory/4156-335-0x0000010F71E70000-0x0000010F71E72000-memory.dmp

Filesize
8KB

Download
memory/4156-346-0x0000010F6D2D0000-0x0000010F6D2F0000-memory.dmp

Filesize
128KB

Download
memory/4156-310-0x0000010F71890000-0x0000010F71892000-memory.dmp

Filesize
8KB

Download
memory/4156-325-0x0000010F71E40000-0x0000010F71E42000-memory.dmp

Filesize
8KB

Download
memory/4156-364-0x0000010F72080000-0x0000010F72180000-memory.dmp

Filesize
1024KB

Download
memory/4256-353-0x00000214054F0000-0x00000214054F2000-memory.dmp

Filesize
8KB

Download
memory/4256-508-0x000002141BF80000-0x000002141C080000-memory.dmp

Filesize
1024KB

Download
memory/4256-347-0x0000021405430000-0x0000021405432000-memory.dmp

Filesize
8KB

Download
memory/4256-478-0x000002141BC00000-0x000002141BD00000-memory.dmp

Filesize
1024KB

Download
memory/4256-494-0x00000214165E0000-0x0000021416600000-memory.dmp

Filesize
128KB

Download
memory/4256-450-0x000002141B530000-0x000002141B532000-memory.dmp

Filesize
8KB

Download
memory/4256-503-0x000002141B570000-0x000002141B670000-memory.dmp

Filesize
1024KB

Download
memory/4256-460-0x000002141B560000-0x000002141B562000-memory.dmp

Filesize
8KB

Download
memory/4256-510-0x0000021405060000-0x0000021405062000-memory.dmp

Filesize
8KB

Download
memory/4256-338-0x00000214051F0000-0x00000214051F2000-memory.dmp

Filesize
8KB

Download
memory/5008-317-0x0000028B38770000-0x0000028B38771000-memory.dmp

Filesize
4KB

Download
memory/5008-117-0x0000028B32020000-0x0000028B32030000-memory.dmp

Filesize
64KB

Download
memory/5008-319-0x0000028B38780000-0x0000028B38781000-memory.dmp

Filesize
4KB

Download
memory/5008-152-0x0000028B33490000-0x0000028B33492000-memory.dmp

Filesize
8KB

Download
memory/5008-133-0x0000028B32880000-0x0000028B32890000-memory.dmp

Filesize
64KB

Download