6448b0c8f932a4743aa387223f5ea0fbf08c5001f7b4c93b04fed8c58c4ba2af

Analysis

max time kernel
150s
max time network
159s
platform
windows10-1703_x64
resource
win10-20230915-en
resource tags

arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system
submitted
25-09-2023 03:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NetSpot Enterprise v3.0.405.0 Portable/NetSpot Enterprise.exe
Size

180KB
MD5

15c4b7ffd2232551a167bbfb9e017cf5
SHA1

6e50daaf707afe7d3af35aa01f6f512e697b81b5
SHA256

571c6ee487a76d204efa13ce9c19ec1a7b5773a4f62888ce6a1f70c2b624adbb
SHA512

936ba257a3ee624cfb9bcc50ce74650ff0bbd5b3233ae4791b8e68590c42d9855982e1500770a16954d3e96c89cf9da2895758ca2b25c1f18bcc92fc2f9a83c0
SSDEEP

3072:/ThRuiU7PEEuzNv6YvJNow4lfvzugJLCb+jItrCxiBTraQ+gY5vAh0wJxR3:/T5UzClvPodZvzugJOb+jIV9aQ+bExR3

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 4 IoCs

Processes:

NetSpot Enterprise.exe

pid process

3012 NetSpot Enterprise.exe
3012 NetSpot Enterprise.exe
3012 NetSpot Enterprise.exe
3012 NetSpot Enterprise.exe

pid	process
3012	NetSpot Enterprise.exe
3012	NetSpot Enterprise.exe
3012	NetSpot Enterprise.exe
3012	NetSpot Enterprise.exe

Drops file in Windows directory 5 IoCs

Processes:

MicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdge.exeMicrosoftEdgeCP.exe

description	ioc	process
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

browser_broker.exeMicrosoftEdgeCP.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

Processes:

MicrosoftEdgeCP.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotnet.microsoft.com\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotnet.microsoft.com\ = "124"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotnet.microsoft.com\ = "123"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\microsoft.com\NumberOfSubd = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "124"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 4	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com\NumberOfSubdoma = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\NextUpdateDate = "402376881"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\Certificates	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\NextUpdateDate = "402393475"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 24488af45eefd901	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotnet.microsoft.com\ = "40"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com\Total = "124"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$MediaWiki	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 0618cc0e5fefd901	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Rating Prompt Shown = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$http://www.typepad.com/	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 97b059fa5eefd901	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "268435456"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\MrtCache	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 909a3bf45eefd901	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "123"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-844837608-3875958368-2945961404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdge.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

NetSpot Enterprise.exe

pid process

3012 NetSpot Enterprise.exe
3012 NetSpot Enterprise.exe
3012 NetSpot Enterprise.exe
3012 NetSpot Enterprise.exe
Suspicious behavior: MapViewOfSection 6 IoCs

Processes:

MicrosoftEdgeCP.exe

pid process

4540 MicrosoftEdgeCP.exe
4540 MicrosoftEdgeCP.exe
4540 MicrosoftEdgeCP.exe
4540 MicrosoftEdgeCP.exe
4540 MicrosoftEdgeCP.exe
4540 MicrosoftEdgeCP.exe

pid	process
3012	NetSpot Enterprise.exe
3012	NetSpot Enterprise.exe
3012	NetSpot Enterprise.exe
3012	NetSpot Enterprise.exe

pid	process
4540	MicrosoftEdgeCP.exe
4540	MicrosoftEdgeCP.exe
4540	MicrosoftEdgeCP.exe
4540	MicrosoftEdgeCP.exe
4540	MicrosoftEdgeCP.exe
4540	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

MicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	pid	process
Token: SeDebugPrivilege	3564	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3564	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3564	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3564	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2568	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2568	MicrosoftEdgeCP.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

pid process

4680 MicrosoftEdge.exe
4540 MicrosoftEdgeCP.exe
3564 MicrosoftEdgeCP.exe
4540 MicrosoftEdgeCP.exe

pid	process
4680	MicrosoftEdge.exe
4540	MicrosoftEdgeCP.exe
3564	MicrosoftEdgeCP.exe
4540	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

NetSpot Enterprise.exeMicrosoftEdgeCP.exe

description	pid	process	target process
PID 3012 wrote to memory of 1060	3012	NetSpot Enterprise.exe	NetSpot.exe
PID 3012 wrote to memory of 1060	3012	NetSpot Enterprise.exe	NetSpot.exe
PID 4540 wrote to memory of 1188	4540	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4540 wrote to memory of 1188	4540	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4540 wrote to memory of 1188	4540	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4540 wrote to memory of 4592	4540	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4540 wrote to memory of 4592	4540	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4540 wrote to memory of 4592	4540	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4540 wrote to memory of 4592	4540	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4540 wrote to memory of 4592	4540	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4540 wrote to memory of 4592	4540	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4540 wrote to memory of 4592	4540	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4540 wrote to memory of 1188	4540	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4540 wrote to memory of 1188	4540	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4540 wrote to memory of 1188	4540	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4540 wrote to memory of 1188	4540	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4540 wrote to memory of 1188	4540	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4540 wrote to memory of 1188	4540	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4540 wrote to memory of 1188	4540	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4540 wrote to memory of 1188	4540	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe

C:\Users\Admin\AppData\Local\Temp\NetSpot Enterprise v3.0.405.0 Portable\NetSpot Enterprise.exe
"C:\Users\Admin\AppData\Local\Temp\NetSpot Enterprise v3.0.405.0 Portable\NetSpot Enterprise.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3012

C:\Users\Admin\AppData\Local\Temp\NetSpot Enterprise v3.0.405.0 Portable\App\NetSpot\NetSpot.exe
"C:\Users\Admin\AppData\Local\Temp\NetSpot Enterprise v3.0.405.0 Portable\App\NetSpot\NetSpot.exe"
2⤵
PID:1060

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4680

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:4152

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4540

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3564

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4592

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:1188

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:2568

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:3592

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:5016

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
Filesize
4KB

MD5
24be8a92460b5b7a555b1da559296958

SHA1
94147054e8a04e82fea1c185af30c7c90b194064

SHA256
77a3cfe6b7eb676af438d5de88c7efcb6abcc494e0b65da90201969e6d79b2a3

SHA512
ed8ef0453e050392c430fdcf556249f679570c130decd18057e077471a45ab0bc0fba513cb2d4d1c61f3d1935318113b3733dec2bc7828a169b18a1081e609a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\2RZQZMR9\edgecompatviewlist[1].xml
Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\JQZ70V9R\dotnet.microsoft[1].xml
Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\JQZ70V9R\dotnet.microsoft[1].xml
Filesize
316B

MD5
caffe6233f59879e10a05aa7c5f1d287

SHA1
8e939a53a4ec9e741e9b04ce2484e23b0604f00b

SHA256
6e24b5f2c6578d713f24a4e9d73029f7b7ae2c860742c7b145d6c278048b9611

SHA512
6f11a566fb85b545610b021fced647b406f0b6bd30fb1bca53b77de9c615f873f36bbab85a8326b277b7b4d094afbac6be1e580a691225c54bf80fc348b00e53

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\WD15JH2W\suggestions[1].en-US
Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\ZIEU9HIC\brand-dotnet[1].png
Filesize
2KB

MD5
4c4b4a9bb2d54db883702f949dc6fbe1

SHA1
7229b5becebbc51925aa2e08341ddb4bfb53f7ad

SHA256
8fcf6f6cd575c0f8c643691765a7db2a4b3b104bfbff34646555f5ccffdb2895

SHA512
6f4243cc295442eaca7a9358b8eaebfb9dd75a95d67ed25fbb4fa82315ac8e1496fa6a7df59fe7c3eea7be0341c48c3e5ffd76a8c9f4fcb9e2d433d32cac1158

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\AZR0VQLC\cda-tracker.min[1].js
Filesize
798B

MD5
a3827d5909344f41d270fc8475f7733c

SHA1
bb6cb83e4d2080ee02ea366699f487c7362d4934

SHA256
bcb1104af4aea1ba4be65f0e9669e2f5382df316635226ade340f6dc15f2866a

SHA512
5cbb021d1f0bf0b13583b966ed5bba971b770d3331f062beb2fd75b0d2d380c10bf62db64167f3e3b94f6f5bc05cb160e7d5dae8a5d85d99ed75181040764d18

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\AZR0VQLC\dotnet-framework-runtime[1].svg
Filesize
42KB

MD5
5aaa8c37cd59979b920cd21c4a50a38d

SHA1
0ee61e3b2d58513b92cf4c6b5114c1beb55539e7

SHA256
db6c6f42e1d56092fb2c3d317968077cb29435139274faefbf4ab7681955bec6

SHA512
0fb4c45db9f29963fce195e79b4e9963e57a50ef0fcab74466d6034834e0099f1f344a8569973d4c1ece05d9b70b5938b42ead4fabaa08de7d24c911df28c235

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\AZR0VQLC\footer.min[1].js
Filesize
338B

MD5
8b0450a2954a4eb56111e546efa8818a

SHA1
1ee33b143f4170bed1d39d8526dc6b06454ddd03

SHA256
af5953d08ed8d4bc6b04c3a03024bfb38a85e4a9295055011b5ed6f7adb06e9e

SHA512
ba05f046c52f80cd8322ba4d91a7bdfe8f6f34d6954e30b8b57d7d42caa0a643661ffb051181126d1325bc536a3a88a644555708960d6a30d74a0f7fe42336eb

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\AZR0VQLC\microsoft-net-button-bd8edd6aee4a2cdd05bc7f6ed668f1d6[1].png
Filesize
2KB

MD5
bd8edd6aee4a2cdd05bc7f6ed668f1d6

SHA1
c40d632f8a7000a0ab0dae9d6b5109fca259cf98

SHA256
9a784125893b64586eeacfbf714aaf1e4704807f5b6baaa23db4920e27212653

SHA512
c708134c14acea7371e913ba75f948fcfcab0976cfb89460ad98a8e79afc2f252f66f4749bab9d61d34b821ac550b1c97ff07d5248ce0859947fd1697a822cae

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\AZR0VQLC\open-sans-v34-latin-700[1].woff2
Filesize
15KB

MD5
e45478d4d6f15dafda1f25d9e0fb5fa1

SHA1
52cb490cd0ee4442ede034085cda9652b206f91c

SHA256
d1a17abb1a999842fe425e1a4ace9d90f9c18f3595c21a63d89f0611b90cfd72

SHA512
2ac423249ec837efa35b29705f55a326dee83f727e867269b86005cce144ca8d435f7412bb0bc9babdb9ae17419e4a0314b2923bee6a5acc96c9909e9eb48645

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\AZR0VQLC\space-grotesk-v12-latin-700[1].woff2
Filesize
11KB

MD5
514360ed1b78e71aabe58ecd08f36706

SHA1
1062c179ea2f74b5db67f9d7822c556ed25637dd

SHA256
751851e72654508ca07678c61bdacd91b772d725f531dd8a6f62e6f941e11ecc

SHA512
1827c1a0189570e775bdcd07657e720e0bb27c2157ff46307cba551eaa16822645e388321081eb13cae7f4d024038b5279cff897a4c86c0ecd4428e60a5dac5e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LLV2EYL1\74-888e54[1].css
Filesize
167KB

MD5
21d2e4bc29cc9ba690164f896a04c2f3

SHA1
b07f66e6b50916d4a636c2e91f633ac8f63e5b5d

SHA256
47e77d470102641070b066a5a73c34dbd14989f55a3d435efae0fdeaaff3ae6d

SHA512
8432b3b49c14ce2b2787c99f6b5c9d88cf147eb1308b13e01655b39b3677aff4010ec8549ab5100d31391df88a347c58e3b0f22211a48531f418b022b8f9ea11

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LLV2EYL1\ai.2.min[1].js
Filesize
119KB

MD5
393625d2cd565323f9ad9f264e6bdbc8

SHA1
0587dfce0dca45b29b882c0a8219ab74f880073d

SHA256
6c14d731b13bcdec4325028eb0d8d2cb0190b3b1e65e0fcb52907fe6f55c2707

SHA512
24f6a5e36377f5c552b296e9c8380aba8d445f10d35d0af5bf6ab19f857ba2c8c7fd130c2af5866534e1c130dfb9f88842a22f0ef15101377023cb6795ba882e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LLV2EYL1\alert-promo[1].svg
Filesize
1KB

MD5
b119b49f7f799d680e0ade981c8c36e1

SHA1
b2134ee3d8a4669c4b93225c0b987be0c78b6e6e

SHA256
2dc041b9b132cef3af67e03ba98fa1b72a9e877699e7a1f4277e00556c78ada4

SHA512
c68439e082f0979de042cb8e6ca5fcf08f1debf62133272a8580334867b9a3309a023441ca315b604ab6867ea3b9efa8e8185067e288fd2c46e65a8eaafe2a86

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LLV2EYL1\analytics.min[1].js
Filesize
892B

MD5
b4a1847f1be996c08716d3b97456d657

SHA1
49113ee2989496eb1858a45ffaa319863d8ccd69

SHA256
8a80172a7d4c7c65ad596f52ecc105d61c0b2b60368277fb4729767f54fec06a

SHA512
b0e4ab27c1db23cbcd13bda3bf488293985d76de6c4f51b2be140c7ca8562a0b8280360b2e628a097f7e5fe94508759aca5bec037a1b3d7a73d2d7d16fb63b93

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LLV2EYL1\ms.analytics-web-3.min[1].js
Filesize
137KB

MD5
81a5a96150cc8e1fa6b4b7c70bf10ad6

SHA1
e30156e4218432a853e8e54be1a2d1e4a8886b6a

SHA256
732e08f80d9a49e06b34040cef1f3501d3528eccc8d0cb3057e5a1e8a762ee78

SHA512
4459e69c1dc80e70141850eab3cc65498c2ab20aa5643e5c7aa3074f47c5a731c136d6308fb623446840bdcc98db5ff0e1655bd14af0b74d0fd2aa343b557287

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LLV2EYL1\open-sans-v34-latin-regular[1].woff2
Filesize
16KB

MD5
e43b535855a4ae53bd5b07a6eeb3bf67

SHA1
6507312d9491156036316484bf8dc41e8b52ddd9

SHA256
b34551ae25916c460423b82beb8e0675b27f76a9a2908f18286260fbd6de6681

SHA512
955a4c3ea5df9d2255defc2c40555ac62eeafcc81f6fa688ba5e11a252b3ed59b4275e3e9a72c3f58e66be3a4d0e9952638932fa29eb9075463537910a8e0ce6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LZNM0SEM\RE1Mu3b[1].png
Filesize
3KB

MD5
9f14c20150a003d7ce4de57c298f0fba

SHA1
daa53cf17cc45878a1b153f3c3bf47dc9669d78f

SHA256
112fec798b78aa02e102a724b5cb1990c0f909bc1d8b7b1fa256eab41bbc0960

SHA512
d4f6e49c854e15fe48d6a1f1a03fda93218ab8fcdb2c443668e7df478830831acc2b41daefc25ed38fcc8d96c4401377374fed35c36a5017a11e63c8dae5c487

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LZNM0SEM\bootstrap-custom.min[1].css
Filesize
236KB

MD5
81fc0b1f297c84e5dab6960903665e76

SHA1
3f90902f9595c44c810211e55bab34d12ceea035

SHA256
fb5e7bf5b796098671bdf45a62432cceb9a0b6a76050c394a29aa71d3bc40ebd

SHA512
1b57e8dd98d8d088daa6b99f71d77f392ca9c2feda5aef443d66acb5e3f8c9a7d2dd8687b46f031be4a371bb2de3a3ded15ab2552938a31a20e764a67da3b4af

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LZNM0SEM\cookie-consent.min[1].js
Filesize
1KB

MD5
790e48cbeac7a60b178a4cfa23e3d6f8

SHA1
dd0ed5e152f4ec0848d1682246faa5db958545be

SHA256
732752b90aed5b25aca32d985593b45fce136244e81fd4f02c84921597c789fe

SHA512
1b568bf923c2819c8549d4d16449092e2e3f7a1b8cded89b43e18696429046c10db5f90a6662df156140963bc77fc9b4243089b28955a10e839dd0b000f1acf8

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LZNM0SEM\general.min[1].js
Filesize
174KB

MD5
0a51551c9a5fe36e372fc39eb9bf0b3a

SHA1
6c76d69df786828afad990a0144b5d27d56e7863

SHA256
124fceae66250916650ffa507fc9c2773714f98580b7110f98d20103cd983794

SHA512
7c1e3542d04731f54ccb0888fd3b30c39e97e01e0980508bee856cf4725aad04e987a629ef23d95b8c264216f1b825c1c58920e34b79800bdcc22e761b85e388

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LZNM0SEM\main.min[1].js
Filesize
31KB

MD5
da37738c331850fd3b8abd8bcfee2727

SHA1
eccd5cb60bea462c793d25ef5339c160846c34fc

SHA256
d8a05d998bcc96ef8d72173bdda5f74c79a439c026ab991d629139825d9293af

SHA512
5326cab9dc1b84fe72b2a6aa00c38a9cc4959e94ad4daaaed06df12335f65d1eab6fec4e1922186bdaced52c327ed28c99319852384ced82add3fa7b3fedec81

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LZNM0SEM\theme-toggle.min[1].js
Filesize
1KB

MD5
0918d7f50e2f71b5ee886df11da9e482

SHA1
84e5897bdd7b998e3f21bb7895b2c4bf80f4b5c3

SHA256
5ca1abb02c357a005948f658f5f1d36e4625a894a75c3a9934044ddd27e5f331

SHA512
959edb09cee08c45f7fd5df18520243175b55ddb76101a7e1c378836ae4556aa309180053583ed68918b91e9830b1d5664b9e57374e746b76237af705de23243

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PNK5RPP2\a2-598841[1].js
Filesize
134KB

MD5
1a9b16e1a3ce074d6cab7b6844d49fad

SHA1
98db09786ab9b960ee250adabb301383566f4c1c

SHA256
d794f9bd321156a2a2bb02102ad0bdc09bdc8dedf71ec42683fa53c3725fdd72

SHA512
71a5cbb0b5c11ec80fe0d3ad751c3e7dd0b1fadf641f8c51a8c617048b6ccd80993018dca2e4eac28a2246725c326634eab165d6f3e9eb531aedc3f18fa8ba9a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PNK5RPP2\alert-info[1].svg
Filesize
726B

MD5
c7db49644f6bf1f50b3190ffba0516ed

SHA1
5bb312a0b6357ccb7e93158ac0f97b4e249e4696

SHA256
2d891fb5984d5f421055da7f5d7e4be525df4c973fdc4366057bc9dfd82ce281

SHA512
9b7f127443d517223a2a2cf6131a777f56aae3cd21dbcc1e87d847a0ad42e8c05a7f13347fec6d4df0582d486a57a9dc0d8121e6ca38371549f53e396cf6463a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PNK5RPP2\culture-selector.min[1].js
Filesize
308B

MD5
4147b3bfb0a145eec758f0cb7292cefb

SHA1
8e02467706ce768bc9e68fea2a8d01b49513d631

SHA256
8f6f064a7a80641e434afc35b14fd8a01acda68f2ac01097e7dbbf0623edeb20

SHA512
49a661a2009c172df348aa83b2342f5cfdeea58026710bf139f847c1d9e6728b20a865bb81a980492186b7dd210ed1202c01a38757edfe77a4efa4945cd82477

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PNK5RPP2\mwfmdl2-v3.54[1].woff
Filesize
25KB

MD5
d0263dc03be4c393a90bda733c57d6db

SHA1
8a032b6deab53a33234c735133b48518f8643b92

SHA256
22b4df5c33045b645cafa45b04685f4752e471a2e933bff5bf14324d87deee12

SHA512
9511bef269ae0797addf4cd6f2fec4ad0c4a4e06b3e5bf6138c7678a203022ac4818c7d446d154594504c947da3061030e82472d2708149c0709b1a070fdd0e3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PNK5RPP2\open-sans-v34-latin-600[1].woff2
Filesize
16KB

MD5
603c99275486a11982874425a0bc0dd1

SHA1
ffeb62d105d2893d323574407b459fbae8cc90a6

SHA256
4ffc35ac4d5e3f1546a4c1a879f425f090ff3336e0fce31a39ae4973b5e8c127

SHA512
662dc53798ccda65ee972a1bb52959ca5f4c45066c1d500c2476c50ec537cb90a42d474d7dde2bec1ea8c312cc4a46e1d91ffb610130c2dc7914b65aef8a2615

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PNK5RPP2\wcp-consent[1].js
Filesize
272KB

MD5
5f524e20ce61f542125454baf867c47b

SHA1
7e9834fd30dcfd27532ce79165344a438c31d78b

SHA256
c688d3f2135b6b51617a306a0b1a665324402a00a6bceba475881af281503ad9

SHA512
224a6e2961c75be0236140fed3606507bca49eb10cb13f7df2bcfbb3b12ebeced7107de7aa8b2b2bb3fc2aa07cd4f057739735c040ef908381be5bc86e0479b2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\IHHAJ0XV.cookie
Filesize
279B

MD5
de41b15c05829160bf7f101d6e36ffb3

SHA1
95e2db2289b984bb99df5570f1d0a89184ee9628

SHA256
c4df3a34148f4a7ed7c238813063ba5b92474ed01d2e75c55fb261d4474e455f

SHA512
494a97754ccdcd4cdbf2b0d3de5594188809d6638e96d707797d11a00f63278c169ecd7919cd9cfae7a086cd1fdb20051017c768760f3bceef907b3d016a355c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\OKY11USJ.cookie
Filesize
147B

MD5
1f6e24d339d7ea286f6aa69c4c5de28a

SHA1
be5494a0fa496ac86d7ac5900b1075daf8beaa6c

SHA256
5eef31cc8fb41de7a9ce462771c1c12654b93369aa6f1f4da4b7228a230793da

SHA512
70e3eda14386b9d9168fa4f9059be1c68f707dee0992eaa39a271bed85be558378bde10b3eab4490d92292eb5e754ddb6b4da92f63d2204133a0e1841d22d8b7

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\PTEJL1FA.cookie
Filesize
279B

MD5
4a28da43783e2a600da0a279655398e8

SHA1
3c0786f78775cd7eee938a559f59cbda63734eab

SHA256
13b377e3951861e06b80711dfccd5322b38d2cddfbd3bbb33aaa453a44a78050

SHA512
fd625af844cebb60e749ed2fa862139ff2393b0a8a266040f5bbec0ae1e0b415aa00813f9046ef8f43e0e2915ca66796810a99e9f0ca6095fecb2861b1796cc0

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\QW1422GL.cookie
Filesize
562B

MD5
9b71972b83cd120db90bbed071247b00

SHA1
0c19fb9a5a6de95522c192b9bcc35bc0995b40e4

SHA256
2633e95c15a8aaa2d81234b3c9f595fa499d6a2549266b89b146baf617244f00

SHA512
c0f546eb67ef2b5e897e2efc6ab4056db87393cdc09c4d4df2de128ee1d7bd45334cd3ba707195859e56b402ebbc561e39b3bc29e63f1f504b940d946ded410a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\QZO29QYN.cookie
Filesize
562B

MD5
e46d6d76e7e1766de9b2f7b0d021f91f

SHA1
5b6392ff500c62c97f417af227e8dcca10967bc0

SHA256
550e30f2e3337c33abefe4e47dac219b00549543dbd2c5359b07216db2850b5f

SHA512
5367bc93e7d704b6cbdd4eb4a7d0d77f0feeebb514d295ea9c895b7cbd859074fafd08ede3830968265303c31718fdbc8c7029b6399fc19b538b6ea333965e04

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\UIB0LTHR.cookie
Filesize
406B

MD5
fb9f6fae8c597e47e6eaa7c618d3551b

SHA1
3115759e23b475ee4447b8efe95a634c07d15ff0

SHA256
39ec7ce4681964f0918a7eda98627155325400da0ae3d04f4d06d10fc7f65df9

SHA512
c3e71b51584f321aad94cf219f47b0c735d22d170e8475e72df0b8ecdffba72730459c9c96f741338629d2a07b8c4cd600c87dd5bf5e582ec3672f381009dbfb

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\XR4ME4QA.cookie
Filesize
247B

MD5
ad3c97c36783d251ade2a02085119f2d

SHA1
8418c67378fb0c53042ab4f430708d0264962a36

SHA256
e406a6cf79db7178bf59d95e663bacbebd928acebd0cb5b3d20c2db7334ae172

SHA512
d7c70761e62adb0b34b0ae0e9c87ad755a125f29aaf5d324d992147d8eb9b28a625ac5ed41ef4907db7c172ca5cb3cf553d5d42fc6c15b09f0bcab8d621c40c5

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\ZQGB1H1B.cookie
Filesize
562B

MD5
42f8a406043f7d948deea2ed94e61b5c

SHA1
e37c935e41876a65275e28c7b36c01375ab39315

SHA256
d5e643dedfa17239996bc46a015b02c4c8fc6de414e9ec013ba160bfca61599f

SHA512
c7980535d2f74b14908da38e768cff480761a8f7dd6bfbfa722360c8dc09d31be02632bb28aaeccc3b02dc6da66b8b447eb691cd800709d4bd360a366116176e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\JQZ70V9R\dotnet.microsoft[1].xml
Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\JQZ70V9R\dotnet.microsoft[1].xml
Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\JQZ70V9R\dotnet.microsoft[1].xml
Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\JQZ70V9R\dotnet.microsoft[1].xml
Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\JQZ70V9R\dotnet.microsoft[1].xml
Filesize
316B

MD5
caffe6233f59879e10a05aa7c5f1d287

SHA1
8e939a53a4ec9e741e9b04ce2484e23b0604f00b

SHA256
6e24b5f2c6578d713f24a4e9d73029f7b7ae2c860742c7b145d6c278048b9611

SHA512
6f11a566fb85b545610b021fced647b406f0b6bd30fb1bca53b77de9c615f873f36bbab85a8326b277b7b4d094afbac6be1e580a691225c54bf80fc348b00e53

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\JQZ70V9R\dotnet.microsoft[1].xml
Filesize
316B

MD5
caffe6233f59879e10a05aa7c5f1d287

SHA1
8e939a53a4ec9e741e9b04ce2484e23b0604f00b

SHA256
6e24b5f2c6578d713f24a4e9d73029f7b7ae2c860742c7b145d6c278048b9611

SHA512
6f11a566fb85b545610b021fced647b406f0b6bd30fb1bca53b77de9c615f873f36bbab85a8326b277b7b4d094afbac6be1e580a691225c54bf80fc348b00e53

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\JQZ70V9R\dotnet.microsoft[1].xml
Filesize
319B

MD5
db5a43e173787fce171a6df3d0e12390

SHA1
998a974d7b8160d3eb67228495bd1c9cb45a0300

SHA256
813cb3e46c757651829e1cdadb562d75e8a3941c1fb323ca5df25b84277201d3

SHA512
e44612684d3d89f559adbc20bf2bc044ae1056d162ef4a7d4d41876304a4d49b512a492885ff7152519483b9558f9357c75ef1b072070790163d3a886505cb52

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8
Filesize
1KB

MD5
efbb829b568e561ddc515e0ac444fb3e

SHA1
06e3e3b6c3c05062a521c3e22319491b5c623ce5

SHA256
0d1b8397125190d726d4a0d3f298334b24d82c41cc06cab8e79444be11b59098

SHA512
fd9f17f94cde8d1f0409387006a54de9c6c0adba7ae0865cb2cab9ad539b8a799ef1f31d8606008995a33f431f0115330e86919393ac778bafb19b1063913748

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177
Filesize
471B

MD5
3537ff8df3da2b210933a0356530301e

SHA1
6e67f248034b108084b0f1ecbd582f2686e8260f

SHA256
e5e8c8b4866d8cbbba0fc776a6c97b766fe3a83a7b950366a7a2b44a4b980bfe

SHA512
bebcb1c01979da28ece0873d5f4e9efc3bf22d77e5a720fe6b699f42e58115156f143a5bc958f7cb3d16cd9743d113e353f7294a24c0b2ea927943fbcbc7c69f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE
Filesize
471B

MD5
b537a98d111f579486343fa99658c465

SHA1
60ba9ede52ec546896bdbb38ac037eaaab2d33e4

SHA256
ffa8c16f00d943d51460e62f670bc5ad5df1658c17df2362cac9ea2ded2d2127

SHA512
6c5f6fa1208562077388830b3c1eb53cc8e2cccc91a93b30d4108f181e55c0944ebee056d678f57c7a7f75a138272f9814f7ee69d454cbc140faef92e127a8d9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
Filesize
2KB

MD5
d627f44b3b84ebb63060502b409f2c48

SHA1
544c6d1e3c8a29bafcd2d33f24e89bd20c5e78e0

SHA256
a2f07e5def90cf14af6c2dca06cbb9c78b140c2168055011466378015bcc57e2

SHA512
6fb9d2f7d81ab0f9d832a873e1d2c0ec05a3442844c1e27853cc7b5452e8be1daa48bfe4b12005b4d07cc3c9675a3bfe35434ffb44ccecb3f1212235a7a31563

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
Filesize
1KB

MD5
f1e58f6863839d5c6e73e586b8f3949a

SHA1
d2fcca34c2127c69a7f093818524d103fd88ac13

SHA256
c96df3113f2a946fac6c58fb4c157efe0a3218d3415200df65f0f737d76dcd93

SHA512
f2915122e58c333656386d248d974c0a9b4f4194023d7c4052144b4fb0226dda65517dd26586e18b92479a09104dcd4f6077e7bbf54a781411e725270059ecba

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\D03E46CD585BBE111C712E6577BC5F07_A78F5D6DAF8DF65F2932E3DC8AABBED6
Filesize
471B

MD5
746ddf04728d3bf75f9b8ada901ac03e

SHA1
a2ebcd20ed0192212d2801a5aecd78e4639d3ddd

SHA256
18658ef14d8c126e59473aaa8d5fb3ebcfffdda6f1fccd012d1af21401219572

SHA512
474f1c5957540015b2786438bc4aaeff0c733244b0cc1226608cee2fa61a4b1c18b18336e4dd40804eb4a59ffefe97fc8e25dfeb78a7a297e8f6f85c8f994b79

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187
Filesize
471B

MD5
1b71e8b9709421c76b340f97307e4672

SHA1
0a8552efbc748a916f6ab1186fda4486a2092a28

SHA256
0cbd195bb0107f6c0019756a0bb2c1c40cc5008472b6b1ee37e38f8bb4ca2fc5

SHA512
668fb7e73580e47fd8a75ed81b15f79944a728d658acad474a431d73e5c2f762881dbf0568e10f129ca7ee3658a3112dc3a79be61726f5d39254985b41e57c00

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8
Filesize
438B

MD5
f31fcd781835d5c46575ea755ec6364e

SHA1
f55510e0d2eb6c86232d6187be0bf12570d0ad8a

SHA256
e859885abfcc7d8b82f3fa255373b73c579a55194cf4cc65b76b385ff0442e62

SHA512
c2a1825bf6b98c48a74c154cc04d862f963a5a1f18686293017b8de95e10e6fad62e49b3c965e3b1df9ed399756f6537918dfda9b983bcfed93bd654a2a3c1f9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177
Filesize
412B

MD5
8f8872d35fd33740cbce04d9cc56504b

SHA1
3a03ba4e0e0e4d4089e78fc601b0907b49a3ed9d

SHA256
cfeb633ae2ebfb07972353512bde9d358e0bdc31b1495d4e690fcf96f558687c

SHA512
29b8ef5115d5c0d99b2c2283b19b567dfdb77eb45e874ac7ad09866b49c290250bd9f71d51ac463c2972b02b6b2f527761f6161fa4e1e302188bfd9f3c8e06f0

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE
Filesize
416B

MD5
b73e525ae44f5f87a493e15354f9783f

SHA1
1f3b8a7311de94eea86e5a144ad353407394ef0b

SHA256
e64e70bff03fc8f19be9a5c5b6c6ff52b57d377b9ad0d9e6ced3fa913f3c7ba4

SHA512
d4dbdd4f4fd80c72dfb21af4cf0d15d906ba1c187403a3fa0902e8e10c3f4a0f24174e2665f2c2534d96dbf604d78ec89b2ec7f7486857c0dfd9ddb15cd7f35e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
Filesize
458B

MD5
e3acbd0060277e569c05a3c15fd2347b

SHA1
d11feefceecf52dacb01da8ade077703aac045e6

SHA256
27a097927eb1f4432a4fd0f51a2c40ad654ffffbe4c7b27f8af9f0073c7de339

SHA512
c3240b72b1cb39b64905511a6ae300feed24613253b756c4bc39c6f71c67fcaa580bce4424bff5b30493fe111eac36ca18c88ac1f0c0556e92b6fa7178b93d78

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
Filesize
432B

MD5
5025b907b228c7bc5ff7a7448e9132c4

SHA1
5fd1e1b3871ba37f55db40711c9267d63dd824d0

SHA256
4f56fd90f52a84f7cd70089f486ba45e6dc5f50c1df46903960f0557c3007faa

SHA512
3329426b2cf8c22df1f6f82ff9d98a11dec0513240959ca2bed6e97006728ee1d45ba705cc615835b6ee035974acef11f83baadb2a566b5914084aa7e9dd416e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\D03E46CD585BBE111C712E6577BC5F07_A78F5D6DAF8DF65F2932E3DC8AABBED6
Filesize
422B

MD5
20ceff6206ea1c2c078bdfe3e2b4b95c

SHA1
a1951e6b201a05761421361cb225ffcbf7482a0c

SHA256
ac76753bac806d88d378599278e64e9b5c904eb5ec70838f5a1522acaa218687

SHA512
268f8b6c5fae01cd9920a3bd01ded408bcd4fb4f0996b15dad6b986ecf86e53d5db444dcc7b4303445e887a84ec171c88a3a9956cafe5a610ff97f1861c0e9c7

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187
Filesize
412B

MD5
75b3fb4659486b1c19749502e6fd8217

SHA1
b16d37298955ba6158fc7852fc80a08d9f20e43a

SHA256
d6931ed2fbf8a08fd04b48d53c611377582d372dbf5b88e76a6ac6f89068b2af

SHA512
975efae33c9611d5ec3c7400a6b15f453ee7695e1d30a6d838e7c0c94cef034f7f35a3f693661bde470a931493b6574671e5155b8f627821f25758cf113390c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\NetSpot Enterprise v3.0.405.0 Portable\Data\PortableApps.comLauncherRuntimeData-NetSpot Enterprise.ini
Filesize
86B

MD5
0a160d64fc7068123fa048ad6d423c1e

SHA1
a9373592a2d0fc7335d1eb95cbcc15235d908417

SHA256
21190460988842150430badaa4ea1c2b5c121aad4ade871ac6d0d7c4344c847b

SHA512
36ef2e224af5954be8cd815a5effb0812625d50b662ce3291b498e26085a7193225cedbf065067f2a5ff71d4bdafb65acb3021e38ba613c2c2135d71c07d8137

Download Submit
C:\Users\Admin\AppData\Local\Temp\nscD90C.tmp\launcher.ini
Filesize
247B

MD5
c23b0b322b0dae46ca38b10905868a2a

SHA1
01d2f76dedf9c5b4ee65ce6df73d9904178d13d8

SHA256
d9c2295d648a963d612863ce8e6f343d47ea8b69049c96cccee67c7c309a0ff3

SHA512
9a3c287043993da8d17453ccdca91e6519db318d68ebe6b4c6477f451cfcfafa733e22d4e563405f0a69e0e4a22f5860cbee1cf0a098b9ef762b4440d05055de

Download Submit
C:\Users\Admin\AppData\Local\Temp\nscD90C.tmp\newadvsplash.dll
Filesize
8KB

MD5
55a723e125afbc9b3a41d46f41749068

SHA1
01618b26fec6b8c6bdb866e6e4d0f7a0529fe97c

SHA256
0a70cc4b93d87ecd93e538cfbed7c9a4b8b5c6f1042c6069757bda0d1279ed06

SHA512
559157fa1b3eb6ae1f9c0f2c71ccc692a0a0affb1d6498a8b8db1436d236fd91891897ac620ed5a588beba2efa43ef064211a7fcadb5c3a3c5e2be1d23ef9d4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nscD90C.tmp\splash.bmp
Filesize
86KB

MD5
b039ad3ed4073de94f93bb7b1f0d7bbb

SHA1
6f3069d52e3fb1451f69a80a19d8a1fbec342771

SHA256
d7df404deb6eedeefea7c6e0c4137749fc188b73ded655b798dc45d54eb08cfa

SHA512
0cf1fb45304ae769d643449e5012b4ce110412495a62ac159494970045ab3cf422dbd68db0925497152b7392f193a7ad883dab2a46a8ea771e9f69a03c31b277

Download Submit
\Users\Admin\AppData\Local\Temp\nscD90C.tmp\System.dll
Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
\Users\Admin\AppData\Local\Temp\nscD90C.tmp\UAC.dll
Filesize
13KB

MD5
a88baad3461d2e9928a15753b1d93fd7

SHA1
bb826e35264968bbc3b981d8430ac55df1e6d4a6

SHA256
c5ab2926c268257122d0342739e73573d7eeda34c861bc7a68a02cbc69bd41af

SHA512
5edcf46680716930da7fd1a41b8b0426f057cf4becefb3ee84798ec8b449726afb822fb626c4942036a1ae3bb937184d1f71d0e45075abb5bf167f5d833df43a

Download Submit
\Users\Admin\AppData\Local\Temp\nscD90C.tmp\newadvsplash.dll
Filesize
8KB

MD5
55a723e125afbc9b3a41d46f41749068

SHA1
01618b26fec6b8c6bdb866e6e4d0f7a0529fe97c

SHA256
0a70cc4b93d87ecd93e538cfbed7c9a4b8b5c6f1042c6069757bda0d1279ed06

SHA512
559157fa1b3eb6ae1f9c0f2c71ccc692a0a0affb1d6498a8b8db1436d236fd91891897ac620ed5a588beba2efa43ef064211a7fcadb5c3a3c5e2be1d23ef9d4c

Download Submit
\Users\Admin\AppData\Local\Temp\nscD90C.tmp\newadvsplash.dll
Filesize
8KB

MD5
55a723e125afbc9b3a41d46f41749068

SHA1
01618b26fec6b8c6bdb866e6e4d0f7a0529fe97c

SHA256
0a70cc4b93d87ecd93e538cfbed7c9a4b8b5c6f1042c6069757bda0d1279ed06

SHA512
559157fa1b3eb6ae1f9c0f2c71ccc692a0a0affb1d6498a8b8db1436d236fd91891897ac620ed5a588beba2efa43ef064211a7fcadb5c3a3c5e2be1d23ef9d4c

Download Submit
memory/1188-510-0x000001EEF0420000-0x000001EEF0440000-memory.dmp

Filesize
128KB

Download
memory/1188-277-0x000001EED9680000-0x000001EED9682000-memory.dmp

Filesize
8KB

Download
memory/1188-445-0x000001EEEF8A0000-0x000001EEEF8A2000-memory.dmp

Filesize
8KB

Download
memory/1188-502-0x000001EEF05C0000-0x000001EEF06C0000-memory.dmp

Filesize
1024KB

Download
memory/1188-443-0x000001EEEF880000-0x000001EEEF882000-memory.dmp

Filesize
8KB

Download
memory/1188-267-0x000001EED9630000-0x000001EED9632000-memory.dmp

Filesize
8KB

Download
memory/1188-524-0x000001EED95E0000-0x000001EED95E2000-memory.dmp

Filesize
8KB

Download
memory/1188-603-0x000001EEF0090000-0x000001EEF00B0000-memory.dmp

Filesize
128KB

Download
memory/1188-468-0x000001EEF0200000-0x000001EEF0300000-memory.dmp

Filesize
1024KB

Download
memory/1188-275-0x000001EED9660000-0x000001EED9662000-memory.dmp

Filesize
8KB

Download
memory/4592-360-0x00000234555B0000-0x00000234556B0000-memory.dmp

Filesize
1024KB

Download
memory/4592-352-0x0000023444070000-0x0000023444090000-memory.dmp

Filesize
128KB

Download
memory/4592-274-0x00000234560D0000-0x00000234561D0000-memory.dmp

Filesize
1024KB

Download
memory/4592-387-0x0000023459F60000-0x000002345A060000-memory.dmp

Filesize
1024KB

Download
memory/4592-304-0x0000023459E50000-0x0000023459E52000-memory.dmp

Filesize
8KB

Download
memory/4592-300-0x0000023459E40000-0x0000023459E42000-memory.dmp

Filesize
8KB

Download
memory/4592-296-0x00000234598F0000-0x00000234598F2000-memory.dmp

Filesize
8KB

Download
memory/4592-291-0x00000234598D0000-0x00000234598D2000-memory.dmp

Filesize
8KB

Download
memory/4592-287-0x00000234598B0000-0x00000234598B2000-memory.dmp

Filesize
8KB

Download
memory/4592-577-0x0000023459F60000-0x000002345A060000-memory.dmp

Filesize
1024KB

Download
memory/4592-278-0x0000023459870000-0x0000023459872000-memory.dmp

Filesize
8KB

Download
memory/4592-283-0x0000023459890000-0x0000023459892000-memory.dmp

Filesize
8KB

Download
memory/4592-356-0x00000234560D0000-0x00000234561D0000-memory.dmp

Filesize
1024KB

Download
memory/4592-374-0x0000023459F60000-0x000002345A060000-memory.dmp

Filesize
1024KB

Download
memory/4680-318-0x00000233F81B0000-0x00000233F81B1000-memory.dmp

Filesize
4KB

Download
memory/4680-321-0x00000233F81C0000-0x00000233F81C1000-memory.dmp

Filesize
4KB

Download
memory/4680-80-0x00000233F1FF0000-0x00000233F1FF2000-memory.dmp

Filesize
8KB

Download
memory/4680-61-0x00000233F1E00000-0x00000233F1E10000-memory.dmp

Filesize
64KB

Download
memory/4680-45-0x00000233F1A20000-0x00000233F1A30000-memory.dmp

Filesize
64KB

Download