hxxps://fluxteam[.]net

Analysis

max time kernel
1050s
max time network
865s
platform
windows10-1703_x64
resource
win10-20230915-en
resource tags

arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system
submitted
12/10/2023, 18:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://fluxteam.net

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 5 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B72164C = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$blogger	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData\RulesFileNextUpdateDate = "403298260"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify.	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListFirstRun = "3"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Next Rating Prompt = 801a0f1b25fed901	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$http://www.typepad.com/	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\en-US = "en-US.1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 7ebb12dc3bfdd901	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = 402f44053cfdd901	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. = 010000008a1e21f124eb7d544cb19136c7da87236aea003c7817b349597cb4fbbf89187392ada3c80f5e0c2992f823e8b91dcf8ba6e99cd295909cee13ee	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\NextPromptBuild = "15063"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CRLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListInPrivateBrowsingAllowed = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "268435456"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\MrtCache	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\Certificates	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 23facfdb3bfdd901	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe

Suspicious behavior: MapViewOfSection 6 IoCs

pid	Process
4764	MicrosoftEdgeCP.exe
4764	MicrosoftEdgeCP.exe
4764	MicrosoftEdgeCP.exe
4764	MicrosoftEdgeCP.exe
4764	MicrosoftEdgeCP.exe
4764	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	1516	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1516	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1516	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1516	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3140	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3140	MicrosoftEdgeCP.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2636	MicrosoftEdge.exe
4764	MicrosoftEdgeCP.exe
1516	MicrosoftEdgeCP.exe
4764	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 4764 wrote to memory of 5000	4764	MicrosoftEdgeCP.exe	74
PID 4764 wrote to memory of 5000	4764	MicrosoftEdgeCP.exe	74
PID 4764 wrote to memory of 5000	4764	MicrosoftEdgeCP.exe	74
PID 4764 wrote to memory of 5000	4764	MicrosoftEdgeCP.exe	74
PID 4764 wrote to memory of 5000	4764	MicrosoftEdgeCP.exe	74
PID 4764 wrote to memory of 4060	4764	MicrosoftEdgeCP.exe	77
PID 4764 wrote to memory of 4060	4764	MicrosoftEdgeCP.exe	77
PID 4764 wrote to memory of 4060	4764	MicrosoftEdgeCP.exe	77
PID 4764 wrote to memory of 4060	4764	MicrosoftEdgeCP.exe	77
PID 4764 wrote to memory of 4060	4764	MicrosoftEdgeCP.exe	77

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://fluxteam.net"
1⤵
PID:2296

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2636

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:2556

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4764

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1516

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5000

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:3140

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4060

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:4948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9TVXN1W7\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\517VI074\8f9fe7798a[2].js

Filesize
11KB

MD5
d7a7a7d3549a69b46963e0566ee54037

SHA1
a14a489d3662183375f7964ed13c1b18868c1816

SHA256
9a507bc8bc6c59e13665ecd8f09282d3636e347046c36dc32bb5e8c29e8072ae

SHA512
e6b12968d1cd91bf500be91a10d6aa186ba3c99505a88088abad71fd2846c51dfbd8d07ce81c8127a0cdd027618425cf9ddf1b60559efcdf716b63ba0405f112

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\X3T3ZCI9\css2[1].css

Filesize
21KB

MD5
60a8c859816053a79cb38d1e9559198a

SHA1
4bdf11a5a902f8eada58a804657a0129d2daa6c5

SHA256
9c46cd866bb394892b75ddbc47e826a39cfdb41d3f4897c4099173a0bd00d40c

SHA512
66f71da6f89b64c38bf0f4e0e8dd79e4f145b0f50d3ed7b1a29ba1f236c352f50c8f73c13b01d80a6ad65c2e93e74c12e0a3e679bc6329405de2b21e66e03d6b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\X3T3ZCI9\css2[2].css

Filesize
1KB

MD5
0e9039dc598062579d51dc2797d96788

SHA1
fb41a23c3c3e839ccea153593c923b0076f35c73

SHA256
6faa1ec8b0d4267af2f2532cd744f4f941c2d75227bf3d0ad53a1a0107bfc579

SHA512
45f76a014d03f6ff0a0d870129715c6fdbfc9ae3bb6d057110396f948188e6219cffb7679f31d3ab3599bf61e22acafcc0c0eca1dcbd8105c22a7bcb6f279e2b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\FJHUDGHH\favicon[1].ico

Filesize
102KB

MD5
308521a9a1ab808a2b7affbba2521370

SHA1
26225d9d2567121e7444db58baf64c04a763ef44

SHA256
badda0c5f861f4a2b8b85400ca27ea78bbc7a5db9c1ca3a49880ddc2c4464ce0

SHA512
c92f508ed5833f4db5836168b5403a28908735c1680452eb89ef56be2bebaeb4e2c5d1247aee7e7f79094521abe623f97f6690dc679141b2bfbd0f988c1c1ee5

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\NVRJJTHL\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\nngcan1\imagestore.dat

Filesize
111KB

MD5
ebb1c38e06148e130abe056ee046b93b

SHA1
9201a357a591f712805e997ffa701504ae773ad4

SHA256
9e7f9fee5963253daa6c2166c36f662467b4be7656b404a49d226d09e6be8cc0

SHA512
810dfb02aed94528840cceb2c7203e90bbaff6b95e8a9b2faf6ca28e8589800c6596775b4c28edd70f56edc19c82cbef40bc7c01d125b2e36568250665891d88

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF70E45BC23EF0C389.TMP

Filesize
16KB

MD5
2ce8bf2d3a4ea6199989e78227d845e1

SHA1
66296c36835f84504bf0430c4362307f7ff023c2

SHA256
648f3584fa47793a9234fdbff3ef2ce1a971c6509b4aa0cb66b385cf2bf37dc5

SHA512
15a77038ddb56685cbd6df132a64f046ce8b8657ff2f1ff8e7ea19a25d724c35aeec261fda18498e5860cebb1e27ef0c91ccd6e7e6fd421ba80a6ba6f972a7dd

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\517VI074\OINSODDS.htm

Filesize
1KB

MD5
adef1414e9654f34819a9481145579ad

SHA1
ae10ce1cf1fe2f4d6f6849701c567d7cb06c39de

SHA256
3eabb120dc9c64e92f4fa04cd3fef19d222b7b6b346af2ad6924093a4e1408be

SHA512
c55089d2566a2ecb641f1cdb92b2d758169920432946c6c70454d07c3a1b671c55900158462371c3072387f8e3e31587b9c83d75269ef229599a57ee33c2347a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7CZN4MI7\UcCO3FwrK3iLTeHuS_fvQtMwCp50KnMw2boKoduKmMEVuBWYMZ0[1].woff2

Filesize
99KB

MD5
25f253412fc2cb9cf463bbe71abdc573

SHA1
792a100f63363ea00100b46c6750545fc90f13d4

SHA256
34ba84702fcfd4268600a183a5fc11447d971db2e09ff58803a0d991c9a15cb5

SHA512
fb81a4b0b2b6056a519488157818697acbe76d9dd3ca0ef858455758839f2d6a0e3afc4ccc1b1beefce141ef9e9edbeccb67c6ae64093d62a62af410305682d4

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7CZN4MI7\UcCO3FwrK3iLTeHuS_fvQtMwCp50KnMw2boKoduKmMEVuDyYMZ0[1].woff2

Filesize
103KB

MD5
40dc820e2cb8a294478c35911f7efef6

SHA1
c5ecfe689276307f88d53cdac967c0296209eb12

SHA256
68e9291ae2aa66df48fd6e3f80cbf55e3df008ba0444e641fdf283ca87c4981c

SHA512
00dd82d9920a6a43966684fe4c5b95decd0a880166fe07924347282a437f4337cc07e87013c1586d22e024bd4043b3394fc5aa9e4e0df8b0917150e2dd4d90bc

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7CZN4MI7\UcCO3FwrK3iLTeHuS_fvQtMwCp50KnMw2boKoduKmMEVuFuYMZ0[1].woff2

Filesize
103KB

MD5
444dea0b2ef8b63a1147e1a8e9dba8cd

SHA1
0a48d4e03b6839c6bcb6f84eeb2ef38f98357d7b

SHA256
a95f31be1f5f63002b25eb8834cfd6d66c08b2b48377abb2d5c1b487f790051b

SHA512
a908053cef6072c63a58b144471b185793e7678693ea492ded05662e3ac79c400138a2c8a3b6e8b1002e1ca4fe63758d6b67fe74b15528b2b65224043b149ad0

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7CZN4MI7\UcCO3FwrK3iLTeHuS_fvQtMwCp50KnMw2boKoduKmMEVuGKYMZ0[1].woff2

Filesize
103KB

MD5
80dd17c80a2863bf032bd8928029a360

SHA1
a692305f47fcbf32b14b1c04398b40e328bae27e

SHA256
8b3ba2928df00c497da2b6600321a4228a9ae72d37ba918e564a90a0e204169f

SHA512
b504f61143d6bdb7959528266b74b1ae30edcce91343ac36c395f9350b46e30bad05457a6a945151236b2a0245ab567d71e23893a0be3864cd5abdecef0d2645

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7CZN4MI7\UcCO3FwrK3iLTeHuS_fvQtMwCp50KnMw2boKoduKmMEVuI6fMZ0[1].woff2

Filesize
102KB

MD5
d06069283fcae3819c65ebadf61f25ff

SHA1
c9cbb863db179293625d9117f88396c7a03bd065

SHA256
3a75a00b9656faae40520f6c952107e1fba1b74c43da0c6be5933f25752f3d1d

SHA512
195c49b5ddeb10f65b1dfcaad7232d38288d006f3038e9710fe1defa9197b02bb9768b2d30377a801004d196b182332d719daade46bf3f72604c3a2279f611ff

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7CZN4MI7\UcCO3FwrK3iLTeHuS_fvQtMwCp50KnMw2boKoduKmMEVuLyfMZ0[1].woff2

Filesize
94KB

MD5
576363e652ea6b3b67d64133543bc612

SHA1
6d33bde9b7463fb3fb36cd6b509f3809050c511b

SHA256
2d69f30adf4767819199a4f9ef4004b7e4fd1431d87323259f631da307db57c8

SHA512
4c10c8a9b2622ccffc541a4b5c480e1558cf0a085e9c486d282f2bcc9559401a0a757c0cc10ad5bbca561f1b0809e14967200ee3a23efef77ffcc9d3ce978b2a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7CZN4MI7\UcCO3FwrK3iLTeHuS_fvQtMwCp50KnMw2boKoduKmMEVuOKfMZ0[1].woff2

Filesize
101KB

MD5
0cf57719be470c0b9b2d4f3b4271d4fe

SHA1
695138180ed1d3e4df989694b29c8e2419e76251

SHA256
3cc6f450e5fe63acf0dcab8497f7755ad0868cfec15011b9bd696ea71d56c513

SHA512
86bec6df636513979f9ec55ad6437b1963d980a26477a4fcd112e1f560af18bb0996720097e9d1ce31724307f0f765b04dca7546cc218fd341c91b75cc070b24

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JNXTQOZ8\index.7862ca55[1].js

Filesize
103KB

MD5
7bceb16a11efabd644f33b060b6e42f0

SHA1
eb74a0e81f7dd6b3a8297df251d43589f4e961c3

SHA256
59032c5415ae4f6997c47ff098047bef00a9f9093ce99c97d7ea7f8960a4f864

SHA512
d7c3aa5fd84216158f8e5cda751c76a0750e3864c9ffd9de6911e985c58114a1016fe5684980660129d5c44124537eff359b954059720c7a92995dc33375dc2f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JNXTQOZ8\index.abc34fc1[1].css

Filesize
17KB

MD5
8fade399c9e1cdf4c4a9febae17adee2

SHA1
533bec34a15918db0cc4d50e83de0ed78871f5c6

SHA256
abc34fc15448e03fb3861738ee0db051c59b2f170f6c1eeb4157e6ca8294512a

SHA512
86fe5d6ff19c6422ad584cdb7fb5cbf368d9eb94de3e2ca14ac7c5fb5606eb5899d8537e4eb095250dd7aacc64720672ce3aff3cb3e6361470c8ef56c1c83aad

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\X3T3ZCI9\css2[1].css

Filesize
21KB

MD5
60a8c859816053a79cb38d1e9559198a

SHA1
4bdf11a5a902f8eada58a804657a0129d2daa6c5

SHA256
9c46cd866bb394892b75ddbc47e826a39cfdb41d3f4897c4099173a0bd00d40c

SHA512
66f71da6f89b64c38bf0f4e0e8dd79e4f145b0f50d3ed7b1a29ba1f236c352f50c8f73c13b01d80a6ad65c2e93e74c12e0a3e679bc6329405de2b21e66e03d6b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\X3T3ZCI9\css2[2].css

Filesize
1KB

MD5
0e9039dc598062579d51dc2797d96788

SHA1
fb41a23c3c3e839ccea153593c923b0076f35c73

SHA256
6faa1ec8b0d4267af2f2532cd744f4f941c2d75227bf3d0ad53a1a0107bfc579

SHA512
45f76a014d03f6ff0a0d870129715c6fdbfc9ae3bb6d057110396f948188e6219cffb7679f31d3ab3599bf61e22acafcc0c0eca1dcbd8105c22a7bcb6f279e2b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

Filesize
717B

MD5
60fe01df86be2e5331b0cdbe86165686

SHA1
2a79f9713c3f192862ff80508062e64e8e0b29bd

SHA256
c08ccbc876cd5a7cdfa9670f9637da57f6a1282198a9bc71fc7d7247a6e5b7a8

SHA512
ef9f9a4dedcbfe339f4f3d07fb614645596c6f2b15608bdccdad492578b735f7cb075bdaa07178c764582ee345857ec4665f90342694e6a60786bb3d9b3a3d23

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\190D1EA549B8547946655FE322173A11

Filesize
503B

MD5
da8cf01c69bcc0c9aae84e5d4cb5e06f

SHA1
d73c9e1f038fa8ee813b7f777596887deffadf5b

SHA256
49edd77977247ff76cc277e48ec43a07628cee4fe34b118c90c142859bd156dd

SHA512
215ae73c41e81344b5ff0f8d0f86425a19be64a5cae0f6a8edd545d314f616fb8613944a521a08d992acff5bd7a2c5709a357fc0397504aa319c60b1e959cf00

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
c4b0aa1472c981cbeca8bb8f23a22185

SHA1
0a9e767877773566b42f9d9158e52cb2935fcdb4

SHA256
e66113c55b77ac505f4cc6a5d4768e8dc2f71720e605393e59083257f8e098fe

SHA512
5e819eee5cd16ff5e885aaa8aa7dca477f9e24cbed866fd2bd918a1094fc5ec4c1f0b97a5d148be3ebaa2686534e6d89e29f9cf399d0070c93ea15a381ba3b4e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
adb9a15d0c059298a198417d914178b2

SHA1
09e4e8b2f8bbeff5ef69d8bc9364fd41022b895d

SHA256
ab4856ae1b7e3f408509291c76c50e70d780d68b964bb1621114f31860f397df

SHA512
0d0d0bc3ff06614882b30ef86aba1a544c827b8da190e6058ee55d32466b29e8f0ab8f4d557da14978fcc40806a574622fb2435672550791a54c01b042f72b52

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
724B

MD5
8202a1cd02e7d69597995cabbe881a12

SHA1
8858d9d934b7aa9330ee73de6c476acf19929ff6

SHA256
58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5

SHA512
97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_9EBD80E624B865607A21974E30809640

Filesize
471B

MD5
86dd6d9049c9126ed4d892019fe202f7

SHA1
0a8c428748a264457cb0d21dd0446c781091ec0f

SHA256
3e37edfb573c2be91caa2a0d41fa3dbb8c7f5d459c685cac67407e9c980b4dd5

SHA512
22ee938c84a2c67ba5c61f327f2cf624dbcd2dab3eb69a7151e57762f09e2c031f5d85c4730e1c671d6a5fbf1ac8e274b1e1853f76ee67cac4334545ae984c43

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_ECD931CC6FBF9F061BE09F2505FD40C3

Filesize
472B

MD5
2ce1eb0a081cc326c64f59c2515473ef

SHA1
62a9f26be5d03b1726da755369b6eeb814150c56

SHA256
78d8522a7548edf4ccd533df3a8cf44749f249661f626befcc441c31b6630908

SHA512
b49ca05f1b93995cde510d42d2ef9d43924a680a211b391901e16670008bb9d21e13d9395d0758675b5c65168e43b3af139fe33576a010ab7ae6040e1fb87adf

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

Filesize
192B

MD5
fef06e647f18c042a9ec74a288d52902

SHA1
bba56336344accbf1bb478100db0b15345964e91

SHA256
35d4507ece4df66067197986bc45c390c4c42633d7e3129ce77c76819e9da73d

SHA512
8f42fbc2f0ed5c5e92e0682bbccf105fc3173e8d8c39910e5342958baea319ad91e9e717be3a4d41c8eb8071ad351645accf0bb47fa7a9c6158f747944e68059

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\190D1EA549B8547946655FE322173A11

Filesize
548B

MD5
181cb6f608193c365720d6339907cc67

SHA1
5dcec504b3575215daed692566108b7652c547e2

SHA256
2e29cf6296cccf158c0023a0a777ee911f2b24e6881cf8544d7d228ea74855b0

SHA512
cc6718f0d23246923c4b8155db3686ddea3daacccf36f7d7d868326d4d502dadfb2226cf1ec64a98026a63ee2ce4b267c99b0fafa0b7819440fb9e36edab5c13

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
d29c40d7291ecc14197f29a2e7fde653

SHA1
0c5aa75601d68af9b02ab95d5cbd9ba1622390d0

SHA256
257f150bf0a01513d1c57d13545064bf6a796ba91e5e322ac64ab03b4a7f4644

SHA512
ffd774a4c017154951e53c50cc05d2867375b5636e4c000bdc50d5d98fba85c79593453aaf9951c85e867faf736086d70ccc51bc5fa7333b810a5102a5ba049d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
400B

MD5
03d88bc279d11deeb715e2ea52f69aeb

SHA1
b47363d6b5c5143f16f81145a837934106eccbc2

SHA256
e7d60449d71ffa48d82ffd5e5439d539dc88289ddfbb6c7574c460536fb3af92

SHA512
92677fd8d8989342df31d3a7d0328625b5ff9df75f1d4e685d189b1876fc420c181b0dbe43db3103c487beeb17532ede0ed59f5dbe446c6145bc1be14705bc7e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
035b82f00ae6e4002a4ea6972ed0f65f

SHA1
5eaaf7e3addb6b2980217d7c8ebd0c076dbcc4a3

SHA256
111e36de78ac24f75c9d175d8eb002a63bd3bfcf7ed764875a1672adeabcf6e2

SHA512
c982f757bc241f1330fbc7e47e3ed8a72e5ccf1abbbdd5aa49133df14935ee8f19912adf2c2c2b3d284be6c2c5792300c7509541b24a04fb5148f4da700ef7a9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
392B

MD5
5f2b9f24110ca709350bb78780c7ca4d

SHA1
d2852ad5fe8a17ad249b74a969a8a08b337cbc6f

SHA256
80702d86adb5eed68396f63342ea97af6134b313fda66b66c53be5520b7761b4

SHA512
cb2b4f50d769005998b2c4bd97556da9074b79b3d02c54a658a60997a5a4d354025658c95890f3b5ca048545bd4a7f957e8c8a79cc721e819230200eef843838

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_9EBD80E624B865607A21974E30809640

Filesize
406B

MD5
c2eccbb9440c31c600f374828be3b9a3

SHA1
cf856e17949b8e11ddee90c889453a8912979273

SHA256
ca964f3f9deb8f05bff012482178823e6c36e52648ec90d455126cea06061567

SHA512
56a90c4cd4c96a1ee00b349978a76e11c72390325596edf8e71f3dcfb0889dbd2f0d5d21bd1dd821e1d240563bd609734f512ccfba01b04b8a223333029b1cdc

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_ECD931CC6FBF9F061BE09F2505FD40C3

Filesize
402B

MD5
e5438cc934c63ea6e9b63efc1e4f67f4

SHA1
9125ae58063c1ba7b6b175a257a50f0221a7cb55

SHA256
20c059844926eb2befbb21f20a4dc24d7d4516dd9e5d98ad99b79134cc51636b

SHA512
15d6532ded99da17b7f061e68198071d2110e4bad8fec8b721172423dac977d13e2aec808ceaf5c32abec0a4881d3b19f7bb2d1a8b3f2d66527b61280808b07c

Download Submit
memory/2636-129-0x0000023193A50000-0x0000023193A51000-memory.dmp

Filesize
4KB

Download
memory/2636-128-0x0000023193A40000-0x0000023193A41000-memory.dmp

Filesize
4KB

Download
memory/2636-0-0x000002318D420000-0x000002318D430000-memory.dmp

Filesize
64KB

Download
memory/2636-35-0x000002318D6F0000-0x000002318D6F2000-memory.dmp

Filesize
8KB

Download
memory/2636-16-0x000002318DC00000-0x000002318DC10000-memory.dmp

Filesize
64KB

Download
memory/5000-99-0x000001ECF1E00000-0x000001ECF1E02000-memory.dmp

Filesize
8KB

Download
memory/5000-97-0x000001ECF1DC0000-0x000001ECF1DC2000-memory.dmp

Filesize
8KB

Download
memory/5000-86-0x000001ECE0EB0000-0x000001ECE0EB2000-memory.dmp

Filesize
8KB

Download
memory/5000-84-0x000001ECE0E90000-0x000001ECE0E92000-memory.dmp

Filesize
8KB

Download
memory/5000-81-0x000001ECE0E60000-0x000001ECE0E62000-memory.dmp

Filesize
8KB

Download