654a286d076e81869399959d8700c68883300e07ef5f8ad7ef4f38ee15b02221

Resubmissions

17/12/2023, 10:14

231217-l96cjsebfp 8

05/11/2023, 05:36

05/11/2023, 05:32

05/11/2023, 05:30

05/11/2023, 05:28

Analysis

max time kernel
209s
max time network
213s
platform
windows10-1703_x64
resource
win10-20231020-en
resource tags

arch:x64arch:x86image:win10-20231020-enlocale:en-usos:windows10-1703-x64system
submitted
05/11/2023, 05:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cgsetup_en_52vCnuXs6nskn3wQwksK.exe
Size

119KB
MD5

92afa514c40cbcfab9380561b127f657
SHA1

eea59b3b1ba3ec27d80968aec0642956647dc047
SHA256

654a286d076e81869399959d8700c68883300e07ef5f8ad7ef4f38ee15b02221
SHA512

adff54cfc926474012e8ea02a7a76dec486f299142ddb643d636250d9e69bffb902d252956fd4a82e0b395de2a470e201f9d1f10a60384563121be0b6ae78da6
SSDEEP

3072:3SojD9bzGtzJShh8N7q5AdYGgbVileLxBp/B6:CojxOzPtq5di0L3FB6

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000\Control Panel\International\Geo\Nation	Dashboard.exe

Executes dropped EXE 7 IoCs

pid	Process
3104	tmpA335.tmp.exe
220	Dashboard.exe
2512	Dashboard.exe
956	NDP481-Web.exe
5216	Setup.exe
1664	Dashboard.exe
4800	Dashboard.exe

Loads dropped DLL 4 IoCs

pid	Process
5216	Setup.exe
5216	Setup.exe
5216	Setup.exe
5216	Setup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Temp\KAPE\Update\466669b8-c1ae-468c-9bb1-2dcb0cb351cf\3257ca8d-43e2-408e-a238-c78991609000.zip	tmpA335.tmp.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\CyberGhost 8\Applications\VPN\Data\Assets\Default\Flags\64\PH.png	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Data\Assets\CyberGhost\Ghosties\Progress.svg	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Data\Assets\CyberGhost\Licenses\XamlBehaviors.Wpf.txt	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Data\Assets\Default\Flags\64\IT.png	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Data\OpenVPN\x64\openvpn.exe	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\VPN\Data\Assets\Default\Flags\64\MD.png	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\VPN\Data\Assets\Default\Flags\64\SI.png	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\VPN\Data\Assets\Default\Flags\64\TR.png	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\Updater\Svg2Xaml.dll	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Data\Assets\CyberGhost\Ghosties\[email protected]	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Data\Assets\Default\Flags\64\AD.png	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Data\Assets\Default\Flags\64\BA.png	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\VPN\Data\Assets\Default\Flags\64\KW.png	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Data\Assets\Default\Flags\64\CM.png	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Data\Assets\Default\Flags\64\GQ.png	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Data\Assets\Default\Flags\64\LT.png	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Data\Assets\Default\Flags\64\YT.png	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\ARSoft.Tools.Net.dll	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\Updater\Microsoft.Bcl.AsyncInterfaces.dll	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Data\Assets\CyberGhost\Ghosties\ghostie_protect.svg	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Data\Assets\Default\Flags\64\LB.png	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Data\Assets\Default\Flags\64\AM.png	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Data\Assets\Default\Flags\64\MX.png	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\VPN\Data\Assets\Default\Flags\64\MM.png	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\WPFLocalizeExtension.dll	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\Updater\es\Updater.resources.dll	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\VPN\es\CyberGhost.VPN.resources.dll	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Data\Assets\CyberGhost\Ghosties\[email protected]	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Data\Assets\Default\Icons\ic_help_chat_win.ico	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Data\Assets\Default\Flags\64\LR.png	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Data\Assets\Default\Flags\64\PW.png	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\VPN\Data\Assets\Default\Flags\64\JO.png	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\VPN\Data\Assets\Default\Flags\64\VI.png	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\it\CyberGhost.Controls.resources.dll	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Data\Assets\Default\Logos\shield+[email protected]	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Data\Assets\Default\Flags\64\DK.png	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\PrivacyGuard\Data\Assets\Default\Logos\privacyguardYellow.svg	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\VPN\Data\Assets\Default\Flags\64\AR.png	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Data\Assets\CyberGhost\Ghosties\ghostie_devices.png	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Data\Assets\CyberGhost\Ghosties\[email protected]	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Data\Assets\CyberGhost\Licenses\DotRas.txt	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\VPN\Data\Assets\Default\Flags\64\AO.png	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Data\Assets\Default\Flags\64\MC.png	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Data\Assets\Default\Flags\64\ML.png	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Data\Assets\Default\Flags\64\TF.png	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\VPN\Data\Assets\Default\Flags\64\MV.png	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\VPN\Data\Assets\Default\Flags\64\PN.png	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\VPN\Data\Assets\Default\Flags\64\SH.png	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\VPN\Svg2Xaml.dll	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Data\Assets\CyberGhost\Backgrounds\splash.png	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Data\Assets\Default\Flags\64\GF.png	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Data\Assets\Default\Flags\64\MT.png	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Data\Assets\Default\Flags\64\AN.png	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\VPN\Data\Assets\Default\Flags\64\AE.png	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\ko\Dashboard.resources.dll	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\Updater\Castle.Core.dll	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\AntiVirus\es\Microsoft.Win32.TaskScheduler.resources.dll	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Data\Assets\CyberGhost\Logos\cg8.svg	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\VPN\LaunchDarkly.EventSource.dll	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Applications\VPN\Data\Assets\Default\Flags\64\TT.png	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Data\WireGuard\x86\wireguard.dll	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Data\Assets\Default\Logos\[email protected]	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Data\Assets\Default\Logos\shield+[email protected]	tmpA335.tmp.exe
File created	C:\Program Files\CyberGhost 8\Data\Assets\Default\Flags\64\RW.png	tmpA335.tmp.exe

Drops file in Windows directory 7 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Setup.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 415557bba90fda01	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotnet.microsoft.com\ = "1005"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$WordPress	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData\RulesFileNextUpdateDate = "405324570"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com\NumberOfSubdoma = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotnet.microsoft.com\ = "392"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com\Total = "1002"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\PersistedStorageItemTable\System\{F9FA8965-1F3C-4EAC-A1F1-DCDF011A70E = "8320"	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\microsoft.com\Total = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "395205405"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\FileVersion = "2016061511"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 56ca1abba90fda01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 92e63cc4a90fda01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\microsoft.com\ = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "528"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$MediaWiki	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 03ba7fcaa90fda01	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\PersistedStorageItemTable\System\{F9FA8965-1F3C-4EAC-A1F1-DCDF011A70E = 0114020000000000c0000000000000464c0000000114020000000000c0000000000000468300000020000000a2dc06d7a90fda01a2dc06d7a90fda01082723d7a90fda01286116000000000001000000000000000000000000000000a10314001f50e04fd020ea3a6910a2d808002b30309d19002f433a5c0000000000000000000000000000000000000050003100000000000000000010005573657273003c0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000005500730065007200730000001400500031000000000000000000100041646d696e003c0009000400efbe00000000000000002e0000000000000000000000000000000000000000000000000000000000410064006d0069006e000000140056003100000000000000000010004170704461746100400009000400efbe00000000000000002e000000000000000000000000000000000000000000000000000000000041007000700044006100740061000000160050003100000000000000000010004c6f63616c003c0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000004c006f00630061006c00000014005a003100000000000000000010005061636b616765730000420009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000005000610063006b00610067006500730000001800b0003100000000000000000010004d6963726f736f66742e4d6963726f736f6674456467655f3877656b796233643862627765007c0009000400efbe00000000000000002e00000000000000000000000000000000000000000000000000000000004d006900630072006f0073006f00660074002e004d006900630072006f0073006f006600740045006400670065005f003800770065006b00790062003300640038006200620077006500000034005c0031000000000000000000100054656d70537461746500440009000400efbe00000000000000002e0000000000000000000000000000000000000000000000000000000000540065006d00700053007400610074006500000018005c00310000000000000000001000446f776e6c6f61647300440009000400efbe00000000000000002e000000000000000000000000000000000000000000000000000000000044006f0077006e006c006f00610064007300000018006a003200286116006557652c20004e44503438317e312e45584500004e0009000400efbe6557652c6557652c2e00000000000000000000000000000000000000000000000000f85359004e00440050003400380031002d005700650062002e0065007800650000001c000000a40000001c000000010000001c0000003400000000000000a30000001800000003000000eaaade6f1000000057696e646f777300433a5c55736572735c41646d696e5c417070446174615c4c6f63616c5c5061636b616765735c4d6963726f736f66742e4d6963726f736f6674456467655f3877656b7962336438626277655c54656d7053746174655c446f776e6c6f6164735c4e44503438312d5765622e657865000010000000050000a028000000cd0000001c0000000b0000a08f856c5e220e60479afeea3317b67173cd00000060000000030000a0580000000000000065777778677278640000000000000000de3a4513050b8247a79cc6221c85fac3b16eacdf666fee118f7af2f61c8a9aacde3a4513050b8247a79cc6221c85fac3b16eacdf666fee118f7af2f61c8a9aacce000000090000a08900000031535053e28a5846bc4c3843bbfc139326986dce6d00000004000000001f0000002e00000053002d0031002d0035002d00320031002d0032003500300038003000390037003300360037002d003300360034003600360035003600300035002d0031003200300031003300300039003300310032002d0031003000300030000000000000003900000031535053b1166d44ad8d7048a748402ea43d788c1d000000680000000048000000f7076062000000000000d01200000000000000000000000000000000	browser_broker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPublisher	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = c0bf35e7a90fda01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B72164 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Discuz!	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListFirstRun = "3"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "623"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotnet.microsoft.com\ = "623"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\NextUpdateDate = "405927435"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "268435456"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdgeCP.exe

Modifies system certificate store 2 TTPs 7 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c000000010000000400000000080000040000000100000010000000497904b0eb8719ac47b0bc11519b74d0030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d578112861900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	cgsetup_en_52vCnuXs6nskn3wQwksK.exe
Key created	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000\Software\Microsoft\SystemCertificates\CA\Certificates\D89E3BD43D5D909B47A18977AA9D5CE36CEE184C	cgsetup_en_52vCnuXs6nskn3wQwksK.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000\Software\Microsoft\SystemCertificates\CA\Certificates\D89E3BD43D5D909B47A18977AA9D5CE36CEE184C\Blob = 030000000100000014000000d89e3bd43d5d909b47a18977aa9d5ce36cee184c1400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb040000000100000010000000285ec909c4ab0d2d57f5086b225799aa0f000000010000003000000013baa039635f1c5292a8c2f36aae7e1d25c025202e9092f5b0f53f5f752dfa9c71b3d1b8d9a6358fcee6ec75622fabf9190000000100000010000000ea6089055218053dd01e37e1d806eedf5c0000000100000004000000001000001800000001000000100000002aa1c05e2ae606f198c2c5e937c97aa22000000001000000850500003082058130820469a00302010202103972443af922b751d7d36c10dd313595300d06092a864886f70d01010c0500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3139303331323030303030305a170d3238313233313233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a381f23081ef301f0603551d23041830168014a0110a233e96f107ece2af29ef82a57fd030a4b4301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010c05000382010100188751dc74213d9c8ae027b733d02eccecf0e6cb5e11de226f9b758e9e72fee4d6feaa1f9c962def034a7eaef48d6f723c433bc03febb8df5caaa9c6aef2fcd8eea37b43f686367c14e0cdf4f73ffedeb8b48af09196fefd43647efdccd201a17d7df81919c9422b13bf588bbaa4a266047688914e0c8914cea24dc932b3bae8141abc71f15bf0410b98000a220310e50cb1f9cd923719ed3bf1e43ab6f945132675afbbaaef3f7b773bd2c402913d1900d3175c39db3f7b180d45cd9385962f5ddf59164f3f51bdd545183fed4a8ee80661742316b50d50732744477f105d892a6b853114c4e8a96a4c80bc6a78cfb87f8e7672990c9dfed7910816a1a35f95	cgsetup_en_52vCnuXs6nskn3wQwksK.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	cgsetup_en_52vCnuXs6nskn3wQwksK.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	cgsetup_en_52vCnuXs6nskn3wQwksK.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d0030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	cgsetup_en_52vCnuXs6nskn3wQwksK.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa20f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	cgsetup_en_52vCnuXs6nskn3wQwksK.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\NDP481-Web.exe.mo1dzca.partial:Zone.Identifier	browser_broker.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
3104	tmpA335.tmp.exe
3104	tmpA335.tmp.exe
3104	tmpA335.tmp.exe
3104	tmpA335.tmp.exe
3104	tmpA335.tmp.exe
5216	Setup.exe
5216	Setup.exe
5216	Setup.exe
5216	Setup.exe
5216	Setup.exe
5216	Setup.exe
5216	Setup.exe
5216	Setup.exe

Suspicious behavior: MapViewOfSection 8 IoCs

pid	Process
5012	MicrosoftEdgeCP.exe
5012	MicrosoftEdgeCP.exe
5012	MicrosoftEdgeCP.exe
5012	MicrosoftEdgeCP.exe
5012	MicrosoftEdgeCP.exe
5012	MicrosoftEdgeCP.exe
5012	MicrosoftEdgeCP.exe
5012	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 11 IoCs

description	pid	Process
Token: SeDebugPrivilege	2564	cgsetup_en_52vCnuXs6nskn3wQwksK.exe
Token: SeDebugPrivilege	3104	tmpA335.tmp.exe
Token: SeSecurityPrivilege	3104	tmpA335.tmp.exe
Token: SeDebugPrivilege	4060	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4060	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4060	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4060	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4200	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4200	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1852	MicrosoftEdge.exe
Token: SeDebugPrivilege	1852	MicrosoftEdge.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3104	tmpA335.tmp.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
1852	MicrosoftEdge.exe
5012	MicrosoftEdgeCP.exe
4060	MicrosoftEdgeCP.exe
5012	MicrosoftEdgeCP.exe
956	NDP481-Web.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2564 wrote to memory of 3104	2564	cgsetup_en_52vCnuXs6nskn3wQwksK.exe	72
PID 2564 wrote to memory of 3104	2564	cgsetup_en_52vCnuXs6nskn3wQwksK.exe	72
PID 3104 wrote to memory of 220	3104	tmpA335.tmp.exe	75
PID 3104 wrote to memory of 220	3104	tmpA335.tmp.exe	75
PID 5012 wrote to memory of 4256	5012	MicrosoftEdgeCP.exe	82
PID 5012 wrote to memory of 4256	5012	MicrosoftEdgeCP.exe	82
PID 5012 wrote to memory of 4256	5012	MicrosoftEdgeCP.exe	82
PID 5012 wrote to memory of 4256	5012	MicrosoftEdgeCP.exe	82
PID 5012 wrote to memory of 4256	5012	MicrosoftEdgeCP.exe	82
PID 5012 wrote to memory of 4256	5012	MicrosoftEdgeCP.exe	82
PID 5012 wrote to memory of 4256	5012	MicrosoftEdgeCP.exe	82
PID 5012 wrote to memory of 4256	5012	MicrosoftEdgeCP.exe	82
PID 5012 wrote to memory of 4256	5012	MicrosoftEdgeCP.exe	82
PID 5012 wrote to memory of 4256	5012	MicrosoftEdgeCP.exe	82
PID 5012 wrote to memory of 4256	5012	MicrosoftEdgeCP.exe	82
PID 5012 wrote to memory of 4256	5012	MicrosoftEdgeCP.exe	82
PID 5012 wrote to memory of 4256	5012	MicrosoftEdgeCP.exe	82
PID 5012 wrote to memory of 4256	5012	MicrosoftEdgeCP.exe	82
PID 5012 wrote to memory of 4256	5012	MicrosoftEdgeCP.exe	82
PID 5012 wrote to memory of 4256	5012	MicrosoftEdgeCP.exe	82
PID 5012 wrote to memory of 4256	5012	MicrosoftEdgeCP.exe	82
PID 5012 wrote to memory of 4256	5012	MicrosoftEdgeCP.exe	82
PID 5012 wrote to memory of 4256	5012	MicrosoftEdgeCP.exe	82
PID 5012 wrote to memory of 4256	5012	MicrosoftEdgeCP.exe	82
PID 5012 wrote to memory of 4256	5012	MicrosoftEdgeCP.exe	82
PID 5012 wrote to memory of 4256	5012	MicrosoftEdgeCP.exe	82
PID 5012 wrote to memory of 4616	5012	MicrosoftEdgeCP.exe	87
PID 5012 wrote to memory of 4616	5012	MicrosoftEdgeCP.exe	87
PID 5012 wrote to memory of 4616	5012	MicrosoftEdgeCP.exe	87
PID 5012 wrote to memory of 4616	5012	MicrosoftEdgeCP.exe	87
PID 5012 wrote to memory of 4616	5012	MicrosoftEdgeCP.exe	87
PID 5012 wrote to memory of 4616	5012	MicrosoftEdgeCP.exe	87
PID 5012 wrote to memory of 4616	5012	MicrosoftEdgeCP.exe	87
PID 5012 wrote to memory of 4616	5012	MicrosoftEdgeCP.exe	87
PID 5012 wrote to memory of 4616	5012	MicrosoftEdgeCP.exe	87
PID 5012 wrote to memory of 4616	5012	MicrosoftEdgeCP.exe	87
PID 5012 wrote to memory of 4256	5012	MicrosoftEdgeCP.exe	82
PID 5012 wrote to memory of 4256	5012	MicrosoftEdgeCP.exe	82
PID 5012 wrote to memory of 4256	5012	MicrosoftEdgeCP.exe	82
PID 5012 wrote to memory of 2292	5012	MicrosoftEdgeCP.exe	89
PID 5012 wrote to memory of 2292	5012	MicrosoftEdgeCP.exe	89
PID 5012 wrote to memory of 2292	5012	MicrosoftEdgeCP.exe	89
PID 5012 wrote to memory of 2292	5012	MicrosoftEdgeCP.exe	89
PID 5012 wrote to memory of 2292	5012	MicrosoftEdgeCP.exe	89
PID 5012 wrote to memory of 2292	5012	MicrosoftEdgeCP.exe	89
PID 5012 wrote to memory of 2292	5012	MicrosoftEdgeCP.exe	89
PID 5012 wrote to memory of 2292	5012	MicrosoftEdgeCP.exe	89
PID 5012 wrote to memory of 2292	5012	MicrosoftEdgeCP.exe	89
PID 5012 wrote to memory of 2292	5012	MicrosoftEdgeCP.exe	89
PID 5012 wrote to memory of 2292	5012	MicrosoftEdgeCP.exe	89
PID 5012 wrote to memory of 2292	5012	MicrosoftEdgeCP.exe	89
PID 5012 wrote to memory of 2292	5012	MicrosoftEdgeCP.exe	89
PID 5012 wrote to memory of 2292	5012	MicrosoftEdgeCP.exe	89
PID 5012 wrote to memory of 2292	5012	MicrosoftEdgeCP.exe	89
PID 5012 wrote to memory of 2292	5012	MicrosoftEdgeCP.exe	89
PID 5012 wrote to memory of 2292	5012	MicrosoftEdgeCP.exe	89
PID 5012 wrote to memory of 2292	5012	MicrosoftEdgeCP.exe	89
PID 5012 wrote to memory of 2292	5012	MicrosoftEdgeCP.exe	89
PID 5012 wrote to memory of 2292	5012	MicrosoftEdgeCP.exe	89
PID 5012 wrote to memory of 2292	5012	MicrosoftEdgeCP.exe	89
PID 656 wrote to memory of 956	656	browser_broker.exe	91
PID 656 wrote to memory of 956	656	browser_broker.exe	91
PID 656 wrote to memory of 956	656	browser_broker.exe	91
PID 956 wrote to memory of 5216	956	NDP481-Web.exe	92

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\cgsetup_en_52vCnuXs6nskn3wQwksK.exe
"C:\Users\Admin\AppData\Local\Temp\cgsetup_en_52vCnuXs6nskn3wQwksK.exe"
1⤵
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2564
- C:\Users\Admin\AppData\Local\Temp\tmpA335.tmp.exe
  "C:\Users\Admin\AppData\Local\Temp\tmpA335.tmp.exe" "C:\Users\Admin\AppData\Local\Temp\cgsetup_en_52vCnuXs6nskn3wQwksK.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:3104
- - C:\Program Files\CyberGhost 8\Dashboard.exe
    "C:\Program Files\CyberGhost 8\Dashboard.exe" /install
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    PID:220

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1852

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- NTFS ADS
- Suspicious use of WriteProcessMemory
PID:656
- C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\NDP481-Web.exe
  "C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\NDP481-Web.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:956
- - F:\f721d6b5805a672e662fe21417f76983\Setup.exe
    F:\f721d6b5805a672e662fe21417f76983\\Setup.exe /x86 /x64 /web
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Suspicious behavior: EnumeratesProcesses
    PID:5216

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5012

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4060

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4256

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:1756

C:\Program Files\CyberGhost 8\Dashboard.exe
"C:\Program Files\CyberGhost 8\Dashboard.exe" /firststart
1⤵
- Executes dropped EXE
PID:2512

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4200

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4616

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2292

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:3436

C:\Program Files\CyberGhost 8\Dashboard.exe
"C:\Program Files\CyberGhost 8\Dashboard.exe"
1⤵
- Executes dropped EXE
PID:1664

C:\Program Files\CyberGhost 8\Dashboard.exe
"C:\Program Files\CyberGhost 8\Dashboard.exe"
1⤵
- Executes dropped EXE
PID:4800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\CyberGhost 8\Applications\VPN\Data\Assets\Default\Flags\64\CP.png

Filesize
136B

MD5
30bea326e5024b6a9b0136a000403d75

SHA1
0b6e65e87f670af6fbc4a28171aedf4db4daa0a5

SHA256
e58c331133d8f780738133e2aa966c8bcb5b17a07c860a990bc401afd6382e1a

SHA512
43362cef837497bc264a46dd70a67c3129d854cf7a9866bee4a33a4f62acb833ba96b4720441c6d6db56301c9b49f8c29f1465363b5c057ec6e16a213f06caac

Download Submit
C:\Program Files\CyberGhost 8\Applications\VPN\Data\Assets\Default\Flags\64\FR.png

Filesize
114B

MD5
42c4c4ecb4448888421a7c1180b4cd08

SHA1
bb515751cc2f7616fe41929d2577fc965c69b51a

SHA256
1ef1946b6e352f2d5a4b003367b968374d6af122c5b645c6b4d9577645fb819d

SHA512
0e8d4b1c124b86d696e979d9b3aae007c80258672202f66fe3d2ea72e64d205f8dace52333d6749feab74abbd090173f6811490e9b09c3a06682f58b14e5fcbf

Download Submit
C:\Program Files\CyberGhost 8\Dashboard.exe

Filesize
1.3MB

MD5
5644dad29341ea97cea10ae623b2714d

SHA1
99ddd99f8d396fac56dd5f308d8739cda6fe0e7b

SHA256
c07973f1217df8612b8dc7b3a08ce76015057fd1e07aa8b5e05ca3536c4bac07

SHA512
85419d4c84c15cebc7d34be9bfda5a962c0bbf18e8a0f69493a9a7f3c33b55f9c2e89b84e38f58f01f7871dfa91a13ecb8b12a2504f28d0d0a013f6a4d282cd1

Download Submit
C:\Program Files\CyberGhost 8\Dashboard.exe

Filesize
1.3MB

MD5
5644dad29341ea97cea10ae623b2714d

SHA1
99ddd99f8d396fac56dd5f308d8739cda6fe0e7b

SHA256
c07973f1217df8612b8dc7b3a08ce76015057fd1e07aa8b5e05ca3536c4bac07

SHA512
85419d4c84c15cebc7d34be9bfda5a962c0bbf18e8a0f69493a9a7f3c33b55f9c2e89b84e38f58f01f7871dfa91a13ecb8b12a2504f28d0d0a013f6a4d282cd1

Download Submit
C:\Program Files\CyberGhost 8\Dashboard.exe

Filesize
1.3MB

MD5
5644dad29341ea97cea10ae623b2714d

SHA1
99ddd99f8d396fac56dd5f308d8739cda6fe0e7b

SHA256
c07973f1217df8612b8dc7b3a08ce76015057fd1e07aa8b5e05ca3536c4bac07

SHA512
85419d4c84c15cebc7d34be9bfda5a962c0bbf18e8a0f69493a9a7f3c33b55f9c2e89b84e38f58f01f7871dfa91a13ecb8b12a2504f28d0d0a013f6a4d282cd1

Download Submit
C:\Program Files\CyberGhost 8\Dashboard.exe.config

Filesize
3KB

MD5
dbad1342429edce620d2e96b1e44e179

SHA1
38ae22086e612f3b8f5e1f48d725799bebaa71c9

SHA256
0a44b47433ae1cfd272368b9bfc8e963aae80a833cf094a2a8136879c41cd1f1

SHA512
89965204168dc28556838d9cc392f2aa10eed06f60aeda0a3a189b34a01bb6c9236a63f01fba67093ba3f4f092677507f9dfeaa38fe039aec3368deb2ae9508f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\SU6W8964\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6IEPVOFP\download.min[1].js

Filesize
1KB

MD5
54d616fd952779702bf68ac507b22163

SHA1
5fd2fffe93b25271124207dad7541fbf02521ab0

SHA256
1a5a549de251d462acd915be44fc379ff895e0086e6666ca367339ee87340902

SHA512
3a944f7c4c86e1e3dbc871756c468d3109fb461818f6ef81976674d677040e0115606f0cb5c604b8a72baf7f66d12db886fbbb06c66f05ebeea2687e60d12855

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\82M8XC1F\net481[1].htm

Filesize
212KB

MD5
6b7f17df2a1754687e23c79be603b566

SHA1
8c4785da353c55ce25eb12124f3a31188bafe454

SHA256
060961097d9a1b03b43cef74ced10d07765d68b5f251a917eeec342b8903cc4d

SHA512
9b50f2c2acaccec1ad9c8afbc1968f3712de2c96570e30f590b1c9ede29b08a6f134e0cf55836b7b94c95bb2113ae80d77089b39923658db0231ae1e5a6d81fb

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HU8P6T6J\NDP481-Web[1].exe

Filesize
1.4MB

MD5
39304ce18d93eeeb6efa488387adaed8

SHA1
22c974f3865cce3f0ec385dd9c0b291ca045bc2c

SHA256
05e9ada305fd0013a6844e7657f06ed330887093e3df59c11cb528b86efa3fbf

SHA512
4cf7f831fc1316dd36ed562a9bd1fda8cca223d64d662f3da0ade5fddc04be48c2d40333ba3320ee2d6c900e54c4f7e4f503897793e86666eac7e242d8194f5b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\JV822S6T\dotnet.microsoft[1].xml

Filesize
17B

MD5
3ff4d575d1d04c3b54f67a6310f2fc95

SHA1
1308937c1a46e6c331d5456bcd4b2182dc444040

SHA256
021a5868b6c9e8beba07848ba30586c693f87ac02ee2ccaa0f26b7163c0c6b44

SHA512
2b26501c4bf86ed66e941735c49ac445d683ad49ed94c5d87cc96228081ae2c8f4a8f44a2a5276b9f4b0962decfce6b9eeee38e42262ce8d865d5df0df7ec3d6

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\JV822S6T\dotnet.microsoft[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\JV822S6T\dotnet.microsoft[1].xml

Filesize
694B

MD5
944dd546e9672330854352865be95d64

SHA1
8d2935a906c53ca1fbc0df8f7bb7d9248f8b90ca

SHA256
959fb1e95693d0f41c966a340448dd91f38834919d865c94903b207166c63f2c

SHA512
d1ee482b038029c6bbef0dffcfe2c53e0edd55cee7a43521f78a6aafefec30b594b25b4f95a8a65b794faa93293bb16a8093ef64ddc97db7393e7660c28deccd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\JV822S6T\dotnet.microsoft[1].xml

Filesize
997B

MD5
e941f3e44db643fcd78252aa934f2156

SHA1
bdf1750ff25f69aa4ef2a386779b607c39020c32

SHA256
8fef877fbb87283326517196f1978b74636f0fe0345ecde621a59a4b2a17fbb3

SHA512
e9cdc16ef48dad05e16aabb3463b53e9a9cfd36ebaf74393fb4b0e6c14ceff81ef6cd569b3ab05cc93a2b69482606284d44974d817787bd53a528a1e4720095a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\JV822S6T\dotnet.microsoft[1].xml

Filesize
1KB

MD5
f8d9581a96ffa672ce47be4d2e097fe9

SHA1
dca95dc7091bf7caa1b34805286720c36b2a2fa9

SHA256
786ab3bf5d72e5d4b27215996d5a5cb7e3905fe2a214daba23f4ff0019c6e628

SHA512
fa24aca85b9f7b71b6612f457aba770fa02e0bb42d4dde2858b51e730f4eaab06734b244e3cef8cf454a9b350b71d43fc7c390c2c19bb8aea8f22dfc1259fde6

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\JV822S6T\dotnet.microsoft[1].xml

Filesize
1KB

MD5
8f67e0a62363f56fca91483d542c5f0c

SHA1
73b39f598aba6ca5bfda8875fe7efe80e99416e5

SHA256
70421de9c7ce46e5634b7237f2e09eba912085dd1c64f0d879bca595cd38dec3

SHA512
f88d5567a3dcefd5da926955478db0831351d19f4dd8e7109ba19a14d09a0c398d47224e3ab06104a9faf40f2e7188e7ca8b3f3c8779f5dadb4c8c285cbec93a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\JV822S6T\dotnet.microsoft[1].xml

Filesize
643B

MD5
d10dfe1675b1139aac1b95f945bc20e9

SHA1
d8c92efda9df8a61524a3a8e0b7beb3721d36800

SHA256
5112f02c522f7d37dee22788a428e48b54a0a0656910382c8adb776c49b3e4c4

SHA512
b8e3bf2f5db509633cb66f77a55fc9ff2ad4fb517125b1404d91929b05f7d655a73655601b6e26b5145bfe6f92005a87ca261b6c93ee2abc3607cc0e1f7d247a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\JV822S6T\dotnet.microsoft[1].xml

Filesize
1KB

MD5
aa34f8d006f158f0d1ad1fec84e2682e

SHA1
41b0d6b6bac3f080658125c67eaa5d5258a916c5

SHA256
9f9994ec33beb9c2d831fd0da0e58ee58cdaa83c04d6c37655fdd88cf0b5b038

SHA512
43731fdcf4440bf2ce1b8a9282391d4ef03fc23703ea6a589ee59e36e5e6c199eb746fe5f984e459ca93f7118f17fa8356de4b591603a5192c518b85e7195624

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\JV822S6T\dotnet.microsoft[1].xml

Filesize
1KB

MD5
7bb706ddb56a734977f4b7981f2a25b4

SHA1
9c18703eac842488f8629261fb3a6f7147bd2152

SHA256
940d383f7a12235c4e3a7bbbda4a5b0a0977cf88429088a40a5ed7d8e5294e34

SHA512
4b4c7e6259d43ea5512f8ecef3fe73e81a40b4dab9f13f07e8b051e9c3299b9e1a8b873fe3f0516513f08f52d7c83e3d7a991d3fdab1bfdf5721ea6e6f0bac53

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\FUU08J21\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\V9MHHG2H\brand-dotnet[1].png

Filesize
2KB

MD5
4c4b4a9bb2d54db883702f949dc6fbe1

SHA1
7229b5becebbc51925aa2e08341ddb4bfb53f7ad

SHA256
8fcf6f6cd575c0f8c643691765a7db2a4b3b104bfbff34646555f5ccffdb2895

SHA512
6f4243cc295442eaca7a9358b8eaebfb9dd75a95d67ed25fbb4fa82315ac8e1496fa6a7df59fe7c3eea7be0341c48c3e5ffd76a8c9f4fcb9e2d433d32cac1158

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\NDP481-Web.exe:Zone.Identifier

Filesize
267B

MD5
3deff6793687c22988020bd4a96ffb23

SHA1
d0e554709c69ee83cea37f9eedc3a3b1ffb49adc

SHA256
a1786c9a28b6162457b32d426017379645c9948f05dc1f9f52b2be39d6f863e1

SHA512
d6e25f3e31e87d93f0a5255580977e539c3a3573b85b6110e37e2c1431ed076ef909bbd2d2c25513677a12e02486fe95d3e33129f65b914b92f93bcc1383c63f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4N45BX0K\at-config.1.4.1[1].js

Filesize
5KB

MD5
72dcd95e1872e4e7dd4debd9363a3f23

SHA1
73e8f9c4dd8812ebc9c54abed3e50b68f21ad7e3

SHA256
d83130d74d82a31e8a653378f0051d57ef560bd85406c85404c0f7bd9801b0bf

SHA512
12c49158f980c09b5cf39becea6506126c9077639991607c6066a9906d5be39eff6d8b4c844ab3dd398d17131f5e00638e52ad7e6a272ca38ea6f2e41efe00a3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4N45BX0K\cda-tracker.min[1].js

Filesize
798B

MD5
a3827d5909344f41d270fc8475f7733c

SHA1
bb6cb83e4d2080ee02ea366699f487c7362d4934

SHA256
bcb1104af4aea1ba4be65f0e9669e2f5382df316635226ade340f6dc15f2866a

SHA512
5cbb021d1f0bf0b13583b966ed5bba971b770d3331f062beb2fd75b0d2d380c10bf62db64167f3e3b94f6f5bc05cb160e7d5dae8a5d85d99ed75181040764d18

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4N45BX0K\culture-selector.min[1].js

Filesize
308B

MD5
4147b3bfb0a145eec758f0cb7292cefb

SHA1
8e02467706ce768bc9e68fea2a8d01b49513d631

SHA256
8f6f064a7a80641e434afc35b14fd8a01acda68f2ac01097e7dbbf0623edeb20

SHA512
49a661a2009c172df348aa83b2342f5cfdeea58026710bf139f847c1d9e6728b20a865bb81a980492186b7dd210ed1202c01a38757edfe77a4efa4945cd82477

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4N45BX0K\general.min[1].js

Filesize
174KB

MD5
0a51551c9a5fe36e372fc39eb9bf0b3a

SHA1
6c76d69df786828afad990a0144b5d27d56e7863

SHA256
124fceae66250916650ffa507fc9c2773714f98580b7110f98d20103cd983794

SHA512
7c1e3542d04731f54ccb0888fd3b30c39e97e01e0980508bee856cf4725aad04e987a629ef23d95b8c264216f1b825c1c58920e34b79800bdcc22e761b85e388

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4N45BX0K\main.min[1].js

Filesize
32KB

MD5
3174cb57a45c6bff5d6eb36764578dab

SHA1
5e535db24d9dacce9856417271dfc2a55427ec7c

SHA256
d1786024efc496ddf468c58766768895ce472875f9cfdaf39a996ee69f7ebce2

SHA512
bb3a0e75630e691e15f6e34bbdf2a2b09c6a9edade2c3e49621a8fcf0e9715845c1b58db2210203a69220f125a3d052243f39d0120c83ad75487b81a9088fa48

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4N45BX0K\theme-toggle.min[1].js

Filesize
1KB

MD5
b09e63dc3ce49bad46fb9a325135325b

SHA1
d8485770774dacccebd43e84175e4144f4e645dc

SHA256
ab16b3270188477d3a5907ad1d97d5c69cd5c71e5d0918bcfd0ffeb4273f815d

SHA512
23216d04853647c3677922f02ba62e18fbc4785b4be2548a7f66400afc541273ef2a11135617cb988d90e7bd40d9a8ca70c531e425fbbf7546d55ef49cfaf15c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6IEPVOFP\RE1Mu3b[1].png

Filesize
3KB

MD5
9f14c20150a003d7ce4de57c298f0fba

SHA1
daa53cf17cc45878a1b153f3c3bf47dc9669d78f

SHA256
112fec798b78aa02e102a724b5cb1990c0f909bc1d8b7b1fa256eab41bbc0960

SHA512
d4f6e49c854e15fe48d6a1f1a03fda93218ab8fcdb2c443668e7df478830831acc2b41daefc25ed38fcc8d96c4401377374fed35c36a5017a11e63c8dae5c487

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6IEPVOFP\ai.2.min[1].js

Filesize
119KB

MD5
393625d2cd565323f9ad9f264e6bdbc8

SHA1
0587dfce0dca45b29b882c0a8219ab74f880073d

SHA256
6c14d731b13bcdec4325028eb0d8d2cb0190b3b1e65e0fcb52907fe6f55c2707

SHA512
24f6a5e36377f5c552b296e9c8380aba8d445f10d35d0af5bf6ab19f857ba2c8c7fd130c2af5866534e1c130dfb9f88842a22f0ef15101377023cb6795ba882e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6IEPVOFP\alert-info[1].svg

Filesize
726B

MD5
c7db49644f6bf1f50b3190ffba0516ed

SHA1
5bb312a0b6357ccb7e93158ac0f97b4e249e4696

SHA256
2d891fb5984d5f421055da7f5d7e4be525df4c973fdc4366057bc9dfd82ce281

SHA512
9b7f127443d517223a2a2cf6131a777f56aae3cd21dbcc1e87d847a0ad42e8c05a7f13347fec6d4df0582d486a57a9dc0d8121e6ca38371549f53e396cf6463a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6IEPVOFP\analytics.min[1].js

Filesize
892B

MD5
b4a1847f1be996c08716d3b97456d657

SHA1
49113ee2989496eb1858a45ffaa319863d8ccd69

SHA256
8a80172a7d4c7c65ad596f52ecc105d61c0b2b60368277fb4729767f54fec06a

SHA512
b0e4ab27c1db23cbcd13bda3bf488293985d76de6c4f51b2be140c7ca8562a0b8280360b2e628a097f7e5fe94508759aca5bec037a1b3d7a73d2d7d16fb63b93

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6IEPVOFP\at[1].js

Filesize
102KB

MD5
6b56d2bd5139bc5c00f412cd917a3bac

SHA1
7ebb960a86d15ba09b075265c6c098b9cdafc624

SHA256
cd976ec1ad0e64056080f75bd5bb81cc61b544c8f535ca2ca630a7f4aa5fda5b

SHA512
e716effb9d5b6bd49394e972d7307da7068bb03d536b975e03781c3ac9425117cc27e6a24a7aaf71e56f59341dce179184c88c3d4533fae99379a1c1a9e9f222

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6IEPVOFP\mwfmdl2-v3.54[1].woff

Filesize
25KB

MD5
d0263dc03be4c393a90bda733c57d6db

SHA1
8a032b6deab53a33234c735133b48518f8643b92

SHA256
22b4df5c33045b645cafa45b04685f4752e471a2e933bff5bf14324d87deee12

SHA512
9511bef269ae0797addf4cd6f2fec4ad0c4a4e06b3e5bf6138c7678a203022ac4818c7d446d154594504c947da3061030e82472d2708149c0709b1a070fdd0e3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\82M8XC1F\74-888e54[1].css

Filesize
167KB

MD5
21d2e4bc29cc9ba690164f896a04c2f3

SHA1
b07f66e6b50916d4a636c2e91f633ac8f63e5b5d

SHA256
47e77d470102641070b066a5a73c34dbd14989f55a3d435efae0fdeaaff3ae6d

SHA512
8432b3b49c14ce2b2787c99f6b5c9d88cf147eb1308b13e01655b39b3677aff4010ec8549ab5100d31391df88a347c58e3b0f22211a48531f418b022b8f9ea11

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\82M8XC1F\bootstrap-custom.min[1].css

Filesize
237KB

MD5
8528842bea85406f603a32e9257794f9

SHA1
e2e8e6069ecfd81d9dd0ce2280848deeef6440ff

SHA256
b9c040c05bd17a24e909716c56c049c267e4973857e07b5db32cfb2d38d7a5fa

SHA512
32fb60ddc89023226cab651bf932ad35918665ee245f974caba7d5906fa07d050fd17dee07c3d845ad9230061772b820387e65b3433dd7592f054474803c8558

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\82M8XC1F\cookie-consent.min[1].js

Filesize
1KB

MD5
790e48cbeac7a60b178a4cfa23e3d6f8

SHA1
dd0ed5e152f4ec0848d1682246faa5db958545be

SHA256
732752b90aed5b25aca32d985593b45fce136244e81fd4f02c84921597c789fe

SHA512
1b568bf923c2819c8549d4d16449092e2e3f7a1b8cded89b43e18696429046c10db5f90a6662df156140963bc77fc9b4243089b28955a10e839dd0b000f1acf8

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\82M8XC1F\ms.analytics-web-3.min[1].js

Filesize
137KB

MD5
81a5a96150cc8e1fa6b4b7c70bf10ad6

SHA1
e30156e4218432a853e8e54be1a2d1e4a8886b6a

SHA256
732e08f80d9a49e06b34040cef1f3501d3528eccc8d0cb3057e5a1e8a762ee78

SHA512
4459e69c1dc80e70141850eab3cc65498c2ab20aa5643e5c7aa3074f47c5a731c136d6308fb623446840bdcc98db5ff0e1655bd14af0b74d0fd2aa343b557287

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\82M8XC1F\open-sans-v34-latin-600[1].woff2

Filesize
16KB

MD5
603c99275486a11982874425a0bc0dd1

SHA1
ffeb62d105d2893d323574407b459fbae8cc90a6

SHA256
4ffc35ac4d5e3f1546a4c1a879f425f090ff3336e0fce31a39ae4973b5e8c127

SHA512
662dc53798ccda65ee972a1bb52959ca5f4c45066c1d500c2476c50ec537cb90a42d474d7dde2bec1ea8c312cc4a46e1d91ffb610130c2dc7914b65aef8a2615

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\82M8XC1F\open-sans-v34-latin-700[1].woff2

Filesize
15KB

MD5
e45478d4d6f15dafda1f25d9e0fb5fa1

SHA1
52cb490cd0ee4442ede034085cda9652b206f91c

SHA256
d1a17abb1a999842fe425e1a4ace9d90f9c18f3595c21a63d89f0611b90cfd72

SHA512
2ac423249ec837efa35b29705f55a326dee83f727e867269b86005cce144ca8d435f7412bb0bc9babdb9ae17419e4a0314b2923bee6a5acc96c9909e9eb48645

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\82M8XC1F\open-sans-v34-latin-regular[1].woff2

Filesize
16KB

MD5
e43b535855a4ae53bd5b07a6eeb3bf67

SHA1
6507312d9491156036316484bf8dc41e8b52ddd9

SHA256
b34551ae25916c460423b82beb8e0675b27f76a9a2908f18286260fbd6de6681

SHA512
955a4c3ea5df9d2255defc2c40555ac62eeafcc81f6fa688ba5e11a252b3ed59b4275e3e9a72c3f58e66be3a4d0e9952638932fa29eb9075463537910a8e0ce6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HU8P6T6J\a2-598841[1].js

Filesize
134KB

MD5
1a9b16e1a3ce074d6cab7b6844d49fad

SHA1
98db09786ab9b960ee250adabb301383566f4c1c

SHA256
d794f9bd321156a2a2bb02102ad0bdc09bdc8dedf71ec42683fa53c3725fdd72

SHA512
71a5cbb0b5c11ec80fe0d3ad751c3e7dd0b1fadf641f8c51a8c617048b6ccd80993018dca2e4eac28a2246725c326634eab165d6f3e9eb531aedc3f18fa8ba9a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HU8P6T6J\alert-promo[1].svg

Filesize
1KB

MD5
b119b49f7f799d680e0ade981c8c36e1

SHA1
b2134ee3d8a4669c4b93225c0b987be0c78b6e6e

SHA256
2dc041b9b132cef3af67e03ba98fa1b72a9e877699e7a1f4277e00556c78ada4

SHA512
c68439e082f0979de042cb8e6ca5fcf08f1debf62133272a8580334867b9a3309a023441ca315b604ab6867ea3b9efa8e8185067e288fd2c46e65a8eaafe2a86

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HU8P6T6J\dotnet-framework-runtime[1].svg

Filesize
42KB

MD5
5aaa8c37cd59979b920cd21c4a50a38d

SHA1
0ee61e3b2d58513b92cf4c6b5114c1beb55539e7

SHA256
db6c6f42e1d56092fb2c3d317968077cb29435139274faefbf4ab7681955bec6

SHA512
0fb4c45db9f29963fce195e79b4e9963e57a50ef0fcab74466d6034834e0099f1f344a8569973d4c1ece05d9b70b5938b42ead4fabaa08de7d24c911df28c235

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HU8P6T6J\footer.min[1].js

Filesize
338B

MD5
8b0450a2954a4eb56111e546efa8818a

SHA1
1ee33b143f4170bed1d39d8526dc6b06454ddd03

SHA256
af5953d08ed8d4bc6b04c3a03024bfb38a85e4a9295055011b5ed6f7adb06e9e

SHA512
ba05f046c52f80cd8322ba4d91a7bdfe8f6f34d6954e30b8b57d7d42caa0a643661ffb051181126d1325bc536a3a88a644555708960d6a30d74a0f7fe42336eb

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HU8P6T6J\microsoft-net-button-bd8edd6aee4a2cdd05bc7f6ed668f1d6[1].png

Filesize
2KB

MD5
bd8edd6aee4a2cdd05bc7f6ed668f1d6

SHA1
c40d632f8a7000a0ab0dae9d6b5109fca259cf98

SHA256
9a784125893b64586eeacfbf714aaf1e4704807f5b6baaa23db4920e27212653

SHA512
c708134c14acea7371e913ba75f948fcfcab0976cfb89460ad98a8e79afc2f252f66f4749bab9d61d34b821ac550b1c97ff07d5248ce0859947fd1697a822cae

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HU8P6T6J\space-grotesk-v12-latin-700[1].woff2

Filesize
11KB

MD5
514360ed1b78e71aabe58ecd08f36706

SHA1
1062c179ea2f74b5db67f9d7822c556ed25637dd

SHA256
751851e72654508ca07678c61bdacd91b772d725f531dd8a6f62e6f941e11ecc

SHA512
1827c1a0189570e775bdcd07657e720e0bb27c2157ff46307cba551eaa16822645e388321081eb13cae7f4d024038b5279cff897a4c86c0ecd4428e60a5dac5e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HU8P6T6J\wcp-consent[1].js

Filesize
272KB

MD5
5f524e20ce61f542125454baf867c47b

SHA1
7e9834fd30dcfd27532ce79165344a438c31d78b

SHA256
c688d3f2135b6b51617a306a0b1a665324402a00a6bceba475881af281503ad9

SHA512
224a6e2961c75be0236140fed3606507bca49eb10cb13f7df2bcfbb3b12ebeced7107de7aa8b2b2bb3fc2aa07cd4f057739735c040ef908381be5bc86e0479b2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\EYR03K9P.cookie

Filesize
148B

MD5
9323b9c52512f573639ffd77c81eb620

SHA1
2eea37c75b0126998d85df0098781655c71b1acb

SHA256
e206c2e4109304560c1f21e3f6174aa446ede61571bb63f55c9372cf5f77b141

SHA512
524e33452a5096ccc411e2d262b70956addcbe4cf7c9b4f82e77d4290d523c48160c8817616ab06c501e4de29f3b30d5d8b744817ae147109814f7d12162d75c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\JWFM35OS.cookie

Filesize
420B

MD5
1115eb79603c6a725623f15f208c138a

SHA1
4b81d0affd134a17abf44f34228b5bc8710eb1eb

SHA256
761608b869efe80e8034ede0eedfa60c2c6534742badf076c61c0fc4aacd613e

SHA512
ddbd9cfd7d8c57147e19addc9b6b9cb36eb04d542afb35ba3eb5fc84b683e24efc52daaf4deecedd33326bf7944e701e8e3800ebdcdb0966e0f247fbbeb2a28a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\YJHD2DH2.cookie

Filesize
741B

MD5
20c00d0088e7d1c02794a14ac78dec53

SHA1
0e9c4df33e676ca5cf35f62bf1c537bb7e1e3325

SHA256
9911959c5d5611857e0c3b55796c54194805fc2a7fc4d6e75613f23b193d8281

SHA512
a10aba6c45cb6ae08d7074643f32c01d63daaf4fcb8afbf1d8092af48c631af64f63c8839a19ee52a9a0c8667b7be7558548ecf2928e9ab0c61eee03667f00de

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\JV822S6T\dotnet.microsoft[1].xml

Filesize
1KB

MD5
936b19971330dbd4937504a31dcb24b2

SHA1
a260ae13fac752116251bb2c6ed4af5a2876c447

SHA256
ddb8a5e1c44a36820a4fdff16c4520231a521f22c192bda59a51a0b54589a2a0

SHA512
e433621bfcd05337777988e6f1c56d1b86759078788c699c3d2ceb31d38b0253c8da6b16ef50b42647edfe17e54233704f4fc396947e6933610edac09b141403

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\JV822S6T\dotnet.microsoft[1].xml

Filesize
997B

MD5
e941f3e44db643fcd78252aa934f2156

SHA1
bdf1750ff25f69aa4ef2a386779b607c39020c32

SHA256
8fef877fbb87283326517196f1978b74636f0fe0345ecde621a59a4b2a17fbb3

SHA512
e9cdc16ef48dad05e16aabb3463b53e9a9cfd36ebaf74393fb4b0e6c14ceff81ef6cd569b3ab05cc93a2b69482606284d44974d817787bd53a528a1e4720095a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\JV822S6T\dotnet.microsoft[1].xml

Filesize
1KB

MD5
6086400a8ffd8691633fdbbbd1f992ef

SHA1
cc8b6e2965a44d8c9ed893951030bf191364639c

SHA256
0321b2ea8f27fea8087c8c828d1bc1f35b4aefc8b09daac4d04ebf6f70f9ac49

SHA512
7fac8a1c01fbcba408c2076907f1686d28a0baf33610015638358a65e44e8d24f040712b3cec56717a19010f5f88e8706751cc19d486190a30f3ffb77f597bef

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\JV822S6T\dotnet.microsoft[1].xml

Filesize
1KB

MD5
54ee527e3eff8f4b4fb8d199268a41a0

SHA1
b80a16337d0a51434cd569d0188609e84c8803a8

SHA256
9bca6143823f3de2af71d96989f32ed56e64e388ba856c73729f2504c5d2caf8

SHA512
e84f1062599a102026191433ae8b8e7d237a368590272099bf0e50f93f6bad436fd7f6d33cb8ddddda9a1c354381e696fdb12cffa10c1e2fb103fe7f2e50daf5

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\JV822S6T\dotnet.microsoft[1].xml

Filesize
1KB

MD5
f8d9581a96ffa672ce47be4d2e097fe9

SHA1
dca95dc7091bf7caa1b34805286720c36b2a2fa9

SHA256
786ab3bf5d72e5d4b27215996d5a5cb7e3905fe2a214daba23f4ff0019c6e628

SHA512
fa24aca85b9f7b71b6612f457aba770fa02e0bb42d4dde2858b51e730f4eaab06734b244e3cef8cf454a9b350b71d43fc7c390c2c19bb8aea8f22dfc1259fde6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\JV822S6T\dotnet.microsoft[1].xml

Filesize
1KB

MD5
f8d9581a96ffa672ce47be4d2e097fe9

SHA1
dca95dc7091bf7caa1b34805286720c36b2a2fa9

SHA256
786ab3bf5d72e5d4b27215996d5a5cb7e3905fe2a214daba23f4ff0019c6e628

SHA512
fa24aca85b9f7b71b6612f457aba770fa02e0bb42d4dde2858b51e730f4eaab06734b244e3cef8cf454a9b350b71d43fc7c390c2c19bb8aea8f22dfc1259fde6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\JV822S6T\dotnet.microsoft[1].xml

Filesize
1KB

MD5
305d2427ce28328c654fc17620047148

SHA1
94c0a3822a9c5fbcaf7be683d33922887163041c

SHA256
a530fc36be97c02c62f7646f9300a4dcc97497038461f33c7ca0b48bcd616e17

SHA512
f5aee46edc77de02a12874f8839ebe4d37ccbd882ce0e8fa356a2e7ea193f93e3c2baa81fac6be0cd06c92969fb1dfd40269b3cf2da96c61c4e0a9aa1ce2949d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\JV822S6T\dotnet.microsoft[1].xml

Filesize
1KB

MD5
305d2427ce28328c654fc17620047148

SHA1
94c0a3822a9c5fbcaf7be683d33922887163041c

SHA256
a530fc36be97c02c62f7646f9300a4dcc97497038461f33c7ca0b48bcd616e17

SHA512
f5aee46edc77de02a12874f8839ebe4d37ccbd882ce0e8fa356a2e7ea193f93e3c2baa81fac6be0cd06c92969fb1dfd40269b3cf2da96c61c4e0a9aa1ce2949d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\JV822S6T\dotnet.microsoft[1].xml

Filesize
469B

MD5
24b33c916b518de30eb2dfc3acfad627

SHA1
d7ea3bdf89eaed178eac1624fa2fa598573d83bd

SHA256
5f0bec0047b05bd6f905c9914c76da48e3f31bbb942a5f7673921b1a6f19f773

SHA512
5b541721b1b0e98714a81d124f7ce4fd26cc46181f81ef7cf05c0d37ea79e5ce28ac524f1a1455b799c89890511f60807ec501f401939f1d4ef5b5b7265f7710

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\JV822S6T\dotnet.microsoft[1].xml

Filesize
1KB

MD5
8f67e0a62363f56fca91483d542c5f0c

SHA1
73b39f598aba6ca5bfda8875fe7efe80e99416e5

SHA256
70421de9c7ce46e5634b7237f2e09eba912085dd1c64f0d879bca595cd38dec3

SHA512
f88d5567a3dcefd5da926955478db0831351d19f4dd8e7109ba19a14d09a0c398d47224e3ab06104a9faf40f2e7188e7ca8b3f3c8779f5dadb4c8c285cbec93a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\JV822S6T\dotnet.microsoft[1].xml

Filesize
1KB

MD5
8f67e0a62363f56fca91483d542c5f0c

SHA1
73b39f598aba6ca5bfda8875fe7efe80e99416e5

SHA256
70421de9c7ce46e5634b7237f2e09eba912085dd1c64f0d879bca595cd38dec3

SHA512
f88d5567a3dcefd5da926955478db0831351d19f4dd8e7109ba19a14d09a0c398d47224e3ab06104a9faf40f2e7188e7ca8b3f3c8779f5dadb4c8c285cbec93a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\JV822S6T\dotnet.microsoft[1].xml

Filesize
1KB

MD5
8f67e0a62363f56fca91483d542c5f0c

SHA1
73b39f598aba6ca5bfda8875fe7efe80e99416e5

SHA256
70421de9c7ce46e5634b7237f2e09eba912085dd1c64f0d879bca595cd38dec3

SHA512
f88d5567a3dcefd5da926955478db0831351d19f4dd8e7109ba19a14d09a0c398d47224e3ab06104a9faf40f2e7188e7ca8b3f3c8779f5dadb4c8c285cbec93a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8

Filesize
1KB

MD5
f3014b19607c1113fd60ebb39c625047

SHA1
30104411f2e95e2617bcfaae83440de029158b2d

SHA256
3682765b478100b029ee67027b5ee86358e210d860a1d7bbad376bc428686a80

SHA512
2736d2a5b61e54b1c1c8ce128c2d1e06ac3635c4a34cf660cbc3daf1d5b913b9ab67de4afad4815ee61a354d02fb0ea04c6eaec0a950705ac24c6e29c47008fb

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177

Filesize
471B

MD5
dbd5ae7cb2bb5a839467cbfde4cdf504

SHA1
3d5614579dc4a96d776b8d27d72275c7283ccb2d

SHA256
ef5da841dd5035beb36b86958ecea7bcfd791aad4e1ab7609a815d7dac50056c

SHA512
6d7dbf9e56093f0ec61a3892107cf15f44f73df0769b77f52448d12e624e185789ac466c1679541af867aed8feae979c07c1b26aacec41d7cdaa6855d34f2a1d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

Filesize
2KB

MD5
363eace0374b5737082d955b800b6c51

SHA1
5215cba47a7971b6ac919108772dd97501080c89

SHA256
7583c1a339bbca91e7168f3ee20cf11e45fc82bacc2ffd984eabdaa56a181d68

SHA512
865ef55375a8bb32ebe2ee3a09b3943d584d573fd11a144c99bb2572ff6c8189a3e31d1b578dd640d95b5e42b437873eb4797bd967dd9896ded1fb131c2a880e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

Filesize
1KB

MD5
e349dd247ad5c6bdf197f7227f1c8123

SHA1
6e5ac61acd6d9076b7421f404a183a2ac8e07297

SHA256
b918a6e75ab25993cf648cedaa4b5029cbed6841558ba74fc0914c7582026f40

SHA512
5565b1def8976b6c3af36327b318aa0c5f14dccd734f223be82ca15d1736f69613f39bb2e99f41229ed7188d0c9c29b81d6d84436ff206dad743842800f87dcb

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\C389FD106AACA95B265CC81A85B3522B_CF0A9AE2FF2173C0835A64A39EB71991

Filesize
1KB

MD5
9673735ba17615d7924e3d2ca525ecef

SHA1
3ffb6687e77bcce8d6f7292bac1815e698e5ecf5

SHA256
81ee1192bbe247d8777c66ab8d0efe2606d83a2ed898251e6f62b8b5c0450f79

SHA512
8af3b627e6b654a2dc7d30775a02e178ddd040d0819f7e1c7e40302327ef5d506a3273012942531c5f06a62cbceabf11fabbaca05cd94b36ad49802a834f7092

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\D03E46CD585BBE111C712E6577BC5F07_055C1277D03B1EDCAD9F85DFDC5303AE

Filesize
471B

MD5
efb1ae92cb170aa53a75886dc6614145

SHA1
dfe5e01a5a9e2ea526dc7b88d02d324c2af77f1e

SHA256
f00ed91432fe60b41380a8e5bc956f575b54398e937df9cd2cc1f68d245be788

SHA512
f0f6abca632ef8b1e7a9961a3d3907bdcf4ab4f2f66b76bb56e4cbe5c1b9e2f525c35d8d5127f638b0db75b187a53245d52faf72dacb8cff130b1a370d943d46

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A

Filesize
471B

MD5
c6fa9f58cce1a2ab4802ea78729140b5

SHA1
e76522632a8068f260b3ab8a0df3a9adfcf58b57

SHA256
a60d30f9737514f793ab3e7939c97ab27d54b548f566baeb5e60b97bfeb3a577

SHA512
a5e789dd097962ada7663b8046054e0fe84d6fe46013867e77ab206d6ffb9d4e0981ca4b0f28da451ff38e31cbb25ed455e2060c5859d816cded88baf129e70f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187

Filesize
471B

MD5
1b71e8b9709421c76b340f97307e4672

SHA1
0a8552efbc748a916f6ab1186fda4486a2092a28

SHA256
0cbd195bb0107f6c0019756a0bb2c1c40cc5008472b6b1ee37e38f8bb4ca2fc5

SHA512
668fb7e73580e47fd8a75ed81b15f79944a728d658acad474a431d73e5c2f762881dbf0568e10f129ca7ee3658a3112dc3a79be61726f5d39254985b41e57c00

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

Filesize
471B

MD5
7f72074c707c2853af1226457262ad8f

SHA1
5914ea3182f5c45e2515a9a10c84e0d9a4fc7e12

SHA256
fff7f02c89a64c5c66c6f697a0c83ddf0195b4371436c02becc7d921c50a2558

SHA512
611c3aefb714a0b2be6bb910dc2f2c5d2904162022b5b0f33e10394093c1744884495e7c9f766bcbd00d1adc25a8974e3c70c04d718f018502559e9d0f348c11

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8

Filesize
438B

MD5
23f8588376680a36726a8a296df1ea32

SHA1
5236d8f191369cb1160b4f08d443b9ff9d383994

SHA256
9585f88b466da32845cabcc7b41ba0ecff435fcddbdd880fc30b0208009b7dbb

SHA512
12e8f3301e863a84d76b32dbf8e85b9c4ac0543c34c39b3f1b2aebe994c611e6df5c886240c6140f617da9ba1d3e51e6d1170e2c6293065147a3bca634347dcf

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177

Filesize
412B

MD5
b68ccfe0b8b23796ca196c6206411a6a

SHA1
9db5fb87adc8e8d2f6f329fba190fd0a33172c62

SHA256
5fd510382c3caba95eabb91c87cbe64c380f8b52e6deb0a7498e722c5ec0d27f

SHA512
143dc6ebfa44568780a5e56143d91c332f45970e7096f0390ea1eab0d5b7898b2636d494eed40f3468372d5e10ad6702cda7db45f9143a90d07ab8958e8c406a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

Filesize
458B

MD5
a0b92c9a5d7f434544fea5c6a96c397d

SHA1
6610c76a6af8351bb7e9115753465d4600b65e59

SHA256
83a2b7e6acb6169535c9fa48d1fded1a823440f96428a510cd650ba5b8748fee

SHA512
a4f5b5917753c4eb6d490ac2a75459b8a23c0e3b51394ce09ae4a20397609fe1898c59ca2cbc182cf09a6a7f7a936a5c4da4fc2b7052634f501a4e75946887b5

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

Filesize
432B

MD5
38b09e0c393a28da6427651c7bb38df8

SHA1
139973cd0d0ebb6ce0ccabf129954f5b13567d12

SHA256
c6413efbc489ebe2aaee660f5d2be124855ca04308c83452ea8e183c92e30cdd

SHA512
1227172c8a364d7a668c59948c6f0a2b184ec8a3706a0b9080ea6732597842ffe1f93e14f745ba629d3c8b9dcec46f29a83b1f8cb40a979daa732fe6e9f5177a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\C389FD106AACA95B265CC81A85B3522B_CF0A9AE2FF2173C0835A64A39EB71991

Filesize
572B

MD5
92943fd5c4dc8a93445dd903c096b763

SHA1
6664bab33ea804c4292de747f17be442421692a2

SHA256
271998b030874fedc84d26e8a46232a90f2cdf2a2fc413237f08c85fa5da17f8

SHA512
b3c733cb6cb4272d980c74fc677137fa74ed18429d66ed43e80599acaf62518d63896dac2a4e8df5e8825e7be3801cd2c43cb60465d9d2466093ee68a7cb57a2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\D03E46CD585BBE111C712E6577BC5F07_055C1277D03B1EDCAD9F85DFDC5303AE

Filesize
426B

MD5
986362abb7fd182d7eccdd26b4d6e743

SHA1
98129e7a3fa3980e200d4cc4eb69afacd84e280b

SHA256
05eb5f03cbc3de424a1fbe207c4cc7cf7eb542aa81c82be2483d7884f726df53

SHA512
00857b715aec8781cc1f6db9a0c6791f8d9cdca8a23b43bdd579e6f71295b35ea2ad48610aa4dafab368befbc95f6307ad090a31d175193817cee5e286a0cb5c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A

Filesize
412B

MD5
7174a9bf1f740311793e5e7644ff4e98

SHA1
7383a34d555c8d7ba7702d3c301744f4d962ec4d

SHA256
95a599eefc2121c60f230c2e125466c44d42f21e78979efb23f706140fc656b7

SHA512
8a18b8418bf940e7e7126e20179829220f9b7c072e72dbbcdb12aee134d6f876e427a6b0e012b8835ba2c112c89afdb69abe3eb7893eb7fb78b8c168e5871ae4

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187

Filesize
412B

MD5
f456521f97c4828cca4255cc83925bae

SHA1
a072063759467ef50c141d8b1dd1bc88a2d93335

SHA256
7bc1578671a5ceda8d9d27e9e19fc53784b63c243b5eea856608f04d805a01c6

SHA512
14d064300f59fb0a19ceee752fd759cb524afd1e7d943642bedfd96e5ace9f7b88fdb6f045c1f868a383814677a3c3050b9f07c10d3671c98bd516d438c9a69f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

Filesize
412B

MD5
37a2e911ee9608ce7458fe9be298641f

SHA1
9e1dbf5dae4347b47b13ee47b58f749cc2ab8853

SHA256
9991ec341ab886bc1d331ff20c2eb871b0c21ed203d398468288b7120e62a15b

SHA512
eef515b95fb6e4f3b9e2490db5b03406e2e63dcff791b34ea1c9f2f267f68fe4a3b9efb871aa6518b44273a41fe0bb02ef5a48d77a8a415cf6b31878cef69f5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\HFI2107.tmp.html

Filesize
16KB

MD5
5b1c2a43fd93a114d1922100ec6af4df

SHA1
6779846e8a176a6ddc229890fefd6aaec6e936f6

SHA256
1a7c4c0a5a3bfd34445d24e1e047788a11414cd1cb686c18e1ba3563d58cc07f

SHA512
64cb0d93c647f46ce57c17ed166fdd4769c15225e5802589511e488be8722a558d337f12df1887b1fcf7cb8e331c65cfe302ab1180de6bf79989ec034a174024

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpC0FE.tmp

Filesize
2KB

MD5
647f843626b023aaaa748f924f95ac25

SHA1
652cacf99409e3dcd39b6eb8839c16d22b1800e8

SHA256
732dee732e0261afbfba21eca43008a5009cfc9e4c405ece8826a9746564cceb

SHA512
61093dcbe07efa5bdffec4933243168bf40b8159bc5a9840552bc3ea8e7c129156276a8548c658e5267bf0b8c4448dcb5c8ab10140c72ed48eb8910c075022fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpA335.tmp.exe

Filesize
5.0MB

MD5
72540194bd451dac050609406eb50a56

SHA1
57c33ec10f90f81f6abc612b4d251510c36ebd6b

SHA256
3a18d5fd76abcfe537d78457dab4797231af313028b5594231f019245c5f7a74

SHA512
ec9b24c877e82269aba78701a9828879e8b91580c4d3002227ee18868b8db76b6c0fba08e687aba1ea3127eea05e37124e2b615c224b33e4dac2512dbefb3444

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpA335.tmp.exe

Filesize
5.0MB

MD5
72540194bd451dac050609406eb50a56

SHA1
57c33ec10f90f81f6abc612b4d251510c36ebd6b

SHA256
3a18d5fd76abcfe537d78457dab4797231af313028b5594231f019245c5f7a74

SHA512
ec9b24c877e82269aba78701a9828879e8b91580c4d3002227ee18868b8db76b6c0fba08e687aba1ea3127eea05e37124e2b615c224b33e4dac2512dbefb3444

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpA335.tmp.exe

Filesize
5.0MB

MD5
72540194bd451dac050609406eb50a56

SHA1
57c33ec10f90f81f6abc612b4d251510c36ebd6b

SHA256
3a18d5fd76abcfe537d78457dab4797231af313028b5594231f019245c5f7a74

SHA512
ec9b24c877e82269aba78701a9828879e8b91580c4d3002227ee18868b8db76b6c0fba08e687aba1ea3127eea05e37124e2b615c224b33e4dac2512dbefb3444

Download Submit
memory/1852-1546-0x0000019A54780000-0x0000019A54781000-memory.dmp

Filesize
4KB

Download
memory/1852-1547-0x0000019A54790000-0x0000019A54791000-memory.dmp

Filesize
4KB

Download
memory/1852-1280-0x0000019A4EF00000-0x0000019A4EF10000-memory.dmp

Filesize
64KB

Download
memory/1852-1629-0x0000019A4F500000-0x0000019A4F68A000-memory.dmp

Filesize
1.5MB

Download
memory/1852-1299-0x0000019A53780000-0x0000019A53782000-memory.dmp

Filesize
8KB

Download
memory/2564-45-0x00007FF897990000-0x00007FF89837C000-memory.dmp

Filesize
9.9MB

Download
memory/2564-4-0x000000001C4E0000-0x000000001CA06000-memory.dmp

Filesize
5.1MB

Download
memory/2564-3-0x000000001BDE0000-0x000000001BFA2000-memory.dmp

Filesize
1.8MB

Download
memory/2564-2-0x000000001AF90000-0x000000001AFA0000-memory.dmp

Filesize
64KB

Download
memory/2564-1-0x00007FF897990000-0x00007FF89837C000-memory.dmp

Filesize
9.9MB

Download
memory/2564-0-0x0000000000090000-0x00000000000B0000-memory.dmp

Filesize
128KB

Download
memory/3104-100-0x0000016975F70000-0x0000016975F80000-memory.dmp

Filesize
64KB

Download
memory/3104-207-0x0000016975F70000-0x0000016975F80000-memory.dmp

Filesize
64KB

Download
memory/3104-44-0x00007FF897990000-0x00007FF89837C000-memory.dmp

Filesize
9.9MB

Download
memory/3104-76-0x0000016979BB0000-0x0000016979BE8000-memory.dmp

Filesize
224KB

Download
memory/3104-77-0x000001697AB50000-0x000001697AB88000-memory.dmp

Filesize
224KB

Download
memory/3104-69-0x00000169773B0000-0x00000169773B8000-memory.dmp

Filesize
32KB

Download
memory/3104-1652-0x00007FF897990000-0x00007FF89837C000-memory.dmp

Filesize
9.9MB

Download
memory/3104-78-0x000001697AB90000-0x000001697ABCA000-memory.dmp

Filesize
232KB

Download
memory/3104-75-0x0000016975F70000-0x0000016975F80000-memory.dmp

Filesize
64KB

Download
memory/3104-68-0x0000016977330000-0x0000016977338000-memory.dmp

Filesize
32KB

Download
memory/3104-64-0x0000016977010000-0x0000016977018000-memory.dmp

Filesize
32KB

Download
memory/3104-63-0x0000016976FB0000-0x0000016976FB8000-memory.dmp

Filesize
32KB

Download
memory/3104-62-0x0000016976F30000-0x0000016976F38000-memory.dmp

Filesize
32KB

Download
memory/3104-61-0x0000016976930000-0x0000016976938000-memory.dmp

Filesize
32KB

Download
memory/3104-60-0x00000169763F0000-0x00000169763F8000-memory.dmp

Filesize
32KB

Download
memory/3104-59-0x0000016975F60000-0x0000016975F68000-memory.dmp

Filesize
32KB

Download
memory/3104-46-0x0000016973390000-0x00000169738A0000-memory.dmp

Filesize
5.1MB

Download
memory/3104-65-0x0000016977050000-0x0000016977058000-memory.dmp

Filesize
32KB

Download
memory/3104-93-0x000001697ABD0000-0x000001697ABF2000-memory.dmp

Filesize
136KB

Download
memory/3104-58-0x00000169762D0000-0x00000169762FA000-memory.dmp

Filesize
168KB

Download
memory/3104-57-0x0000016975E60000-0x0000016975E6E000-memory.dmp

Filesize
56KB

Download
memory/3104-56-0x0000016976140000-0x0000016976186000-memory.dmp

Filesize
280KB

Download
memory/3104-55-0x0000016975F20000-0x0000016975F3A000-memory.dmp

Filesize
104KB

Download
memory/3104-54-0x0000016975E80000-0x0000016975F20000-memory.dmp

Filesize
640KB

Download
memory/3104-53-0x00000169754E0000-0x00000169754EA000-memory.dmp

Filesize
40KB

Download
memory/3104-1262-0x0000016975F70000-0x0000016975F80000-memory.dmp

Filesize
64KB

Download
memory/3104-70-0x0000016977410000-0x0000016977426000-memory.dmp

Filesize
88KB

Download
memory/3104-52-0x0000016973C60000-0x0000016973C6A000-memory.dmp

Filesize
40KB

Download
memory/3104-71-0x0000016975F70000-0x0000016975F80000-memory.dmp

Filesize
64KB

Download
memory/3104-72-0x0000016979B10000-0x0000016979B18000-memory.dmp

Filesize
32KB

Download
memory/3104-51-0x0000016975D90000-0x0000016975E24000-memory.dmp

Filesize
592KB

Download
memory/3104-94-0x0000016979B90000-0x0000016979B9A000-memory.dmp

Filesize
40KB

Download
memory/3104-50-0x0000016973C70000-0x0000016973C78000-memory.dmp

Filesize
32KB

Download
memory/3104-1247-0x000001697C150000-0x000001697C1C6000-memory.dmp

Filesize
472KB

Download
memory/3104-1246-0x000001697C080000-0x000001697C0D0000-memory.dmp

Filesize
320KB

Download
memory/3104-49-0x0000016973C30000-0x0000016973C38000-memory.dmp

Filesize
32KB

Download
memory/3104-73-0x0000016979B20000-0x0000016979B28000-memory.dmp

Filesize
32KB

Download
memory/3104-74-0x0000016975F70000-0x0000016975F80000-memory.dmp

Filesize
64KB

Download
memory/3104-48-0x0000016975510000-0x00000169755A6000-memory.dmp

Filesize
600KB

Download
memory/3104-95-0x000001697AC00000-0x000001697AC3A000-memory.dmp

Filesize
232KB

Download
memory/3104-96-0x000001697AC40000-0x000001697ACF2000-memory.dmp

Filesize
712KB

Download
memory/3104-66-0x00000169771F0000-0x00000169771F8000-memory.dmp

Filesize
32KB

Download
memory/3104-109-0x000001697B070000-0x000001697B07A000-memory.dmp

Filesize
40KB

Download
memory/3104-108-0x000001697B230000-0x000001697B238000-memory.dmp

Filesize
32KB

Download
memory/3104-107-0x000001697C000000-0x000001697C026000-memory.dmp

Filesize
152KB

Download
memory/3104-106-0x000001697BF70000-0x000001697C002000-memory.dmp

Filesize
584KB

Download
memory/3104-104-0x0000016975F70000-0x0000016975F80000-memory.dmp

Filesize
64KB

Download
memory/3104-97-0x000001697ACF0000-0x000001697AD02000-memory.dmp

Filesize
72KB

Download
memory/3104-102-0x0000016975F70000-0x0000016975F80000-memory.dmp

Filesize
64KB

Download
memory/3104-101-0x0000016975F70000-0x0000016975F80000-memory.dmp

Filesize
64KB

Download
memory/3104-47-0x0000016975F70000-0x0000016975F80000-memory.dmp

Filesize
64KB

Download
memory/3104-98-0x00007FF897990000-0x00007FF89837C000-memory.dmp

Filesize
9.9MB

Download
memory/3104-67-0x0000016977250000-0x0000016977258000-memory.dmp

Filesize
32KB

Download
memory/3104-99-0x0000016975F70000-0x0000016975F80000-memory.dmp

Filesize
64KB

Download
memory/4060-1635-0x000002A803D00000-0x000002A803E8A000-memory.dmp

Filesize
1.5MB

Download
memory/4256-1326-0x0000023AE1BA0000-0x0000023AE1BA2000-memory.dmp

Filesize
8KB

Download
memory/4256-1640-0x0000023AF3470000-0x0000023AF3472000-memory.dmp

Filesize
8KB

Download
memory/4256-1574-0x0000023AE2600000-0x0000023AE2700000-memory.dmp

Filesize
1024KB

Download
memory/4256-1591-0x0000023AF3280000-0x0000023AF32A0000-memory.dmp

Filesize
128KB

Download
memory/4256-1593-0x0000023AF32C0000-0x0000023AF32E0000-memory.dmp

Filesize
128KB

Download
memory/4256-1614-0x0000023AF95F0000-0x0000023AF96F0000-memory.dmp

Filesize
1024KB

Download
memory/4256-1323-0x0000023AE1B60000-0x0000023AE1B62000-memory.dmp

Filesize
8KB

Download
memory/4256-1328-0x0000023AE1BE0000-0x0000023AE1BE2000-memory.dmp

Filesize
8KB

Download
memory/4256-1653-0x0000023AE1000000-0x0000023AE118A000-memory.dmp

Filesize
1.5MB

Download
memory/4256-1510-0x0000023AF91F0000-0x0000023AF92F0000-memory.dmp

Filesize
1024KB

Download
memory/4256-1575-0x0000023AF95F0000-0x0000023AF96F0000-memory.dmp

Filesize
1024KB

Download
memory/4256-1417-0x0000023AF7E10000-0x0000023AF7E12000-memory.dmp

Filesize
8KB

Download
memory/4256-1420-0x0000023AF7E70000-0x0000023AF7E72000-memory.dmp

Filesize
8KB

Download
memory/4256-1638-0x0000023AF3460000-0x0000023AF3462000-memory.dmp

Filesize
8KB

Download
memory/4256-1506-0x0000023AF91E0000-0x0000023AF91E2000-memory.dmp

Filesize
8KB

Download
memory/4256-1490-0x0000023AF32E0000-0x0000023AF3300000-memory.dmp

Filesize
128KB

Download
memory/4256-1466-0x0000023AF8AE0000-0x0000023AF8AE2000-memory.dmp

Filesize
8KB

Download
memory/4256-1458-0x0000023AF8310000-0x0000023AF8312000-memory.dmp

Filesize
8KB

Download
memory/4256-1455-0x0000023AF7FF0000-0x0000023AF7FF2000-memory.dmp

Filesize
8KB

Download
memory/4256-1452-0x0000023AF7FE0000-0x0000023AF7FE2000-memory.dmp

Filesize
8KB

Download
memory/4256-1445-0x0000023AF7FD0000-0x0000023AF7FD2000-memory.dmp

Filesize
8KB

Download
memory/4256-1437-0x0000023AF7F90000-0x0000023AF7F92000-memory.dmp

Filesize
8KB

Download