mystic | bff0d8546cd2ef6abe76d306a8303158ace15877837702bfa7fcb8c83885ca88

Analysis

max time kernel
150s
max time network
159s
platform
windows10-1703_x64
resource
win10-20231020-en
resource tags

arch:x64arch:x86image:win10-20231020-enlocale:en-usos:windows10-1703-x64system
submitted
11-11-2023 13:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bff0d8546cd2ef6abe76d306a8303158ace15877837702bfa7fcb8c83885ca88.exe
Size

877KB
MD5

e5100d42497933bde7f323ade83f7e28
SHA1

3e267cf7b6a5cd0af212f51538ae52cb1dee6eab
SHA256

bff0d8546cd2ef6abe76d306a8303158ace15877837702bfa7fcb8c83885ca88
SHA512

4ba962b48d5a93518f2517ff466ac4f90c60da6c10f3d582658d452bb4ac7892e70ad2f26bbc814d75ea7eda365f7cfe858ff58ffb784373e8fc7b456f246cea
SSDEEP

24576:TymQkcMsaeUIsMCtGiPYD78Yjtel8IoWvMN6:mE1ez3iGdv9jtelu

Score

10^/10

mystic redline taiga google paypal infostealer persistence phishing stealer

Malware Config

Extracted

Family

redline

Botnet

taiga

5.42.92.51:19057

Signatures

Detect Mystic stealer payload 4 IoCs

resource	yara_rule
behavioral1/memory/2492-82-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family
behavioral1/memory/2492-85-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family
behavioral1/memory/2492-87-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family
behavioral1/memory/2492-90-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family

Detected google phishing page
phishing google
Mystic
Mystic is an infostealer written in C++.
stealer mystic
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 1 IoCs

resource	yara_rule
behavioral1/memory/4444-99-0x0000000000400000-0x000000000043C000-memory.dmp	family_redline

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000\Control Panel\International\Geo\Nation	10nH71dm.exe

Executes dropped EXE 4 IoCs

pid	Process
4444	LO2vH91.exe
1696	10nH71dm.exe
3888	11zd5795.exe
1000	12lV742.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	bff0d8546cd2ef6abe76d306a8303158ace15877837702bfa7fcb8c83885ca88.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\""	LO2vH91.exe

AutoIT Executable 2 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/files/0x000700000001abfe-12.dat	autoit_exe
behavioral1/files/0x000700000001abfe-13.dat	autoit_exe

Detected potential entity reuse from brand paypal.
phishing paypal

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 3888 set thread context of 2492	3888	11zd5795.exe	90
PID 1000 set thread context of 4444	1000	12lV742.exe	95

Drops file in Windows directory 25 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2728	2492	WerFault.exe	90

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = e4bad855a414da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\paypal.com\Total = "108"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 4	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\recaptcha.net	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\paypalobjects.com	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = bd4f444ba414da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\steampowered.com\NumberOfSubd = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\epicgames.com\Total = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.recaptcha.net\ = "64"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\hcaptcha.com\NumberOfSubdo = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = 70fcbc64a414da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 8b31fc50a414da01	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 53079e5ca414da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\NextPromptBuild = "15063"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\epicgames.com\NumberOfSubdoma = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\steampowered.com\Total = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\paypalobjects.com\NumberOf = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\steamcommunity.com\Total = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "24"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\epicgames.com\NumberOfSubdoma = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 06e4a14da414da01	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\paypalobjects.com\NumberOfSub = "1"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = a563956ba414da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\paypalobjects.com	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe

Suspicious behavior: MapViewOfSection 47 IoCs

pid	Process
3988	MicrosoftEdgeCP.exe
3988	MicrosoftEdgeCP.exe
3988	MicrosoftEdgeCP.exe
3988	MicrosoftEdgeCP.exe
3988	MicrosoftEdgeCP.exe
3988	MicrosoftEdgeCP.exe
3988	MicrosoftEdgeCP.exe
3988	MicrosoftEdgeCP.exe
3988	MicrosoftEdgeCP.exe
3988	MicrosoftEdgeCP.exe
3988	MicrosoftEdgeCP.exe
3988	MicrosoftEdgeCP.exe
3988	MicrosoftEdgeCP.exe
3988	MicrosoftEdgeCP.exe
3988	MicrosoftEdgeCP.exe
3988	MicrosoftEdgeCP.exe
3988	MicrosoftEdgeCP.exe
3988	MicrosoftEdgeCP.exe
3988	MicrosoftEdgeCP.exe
3988	MicrosoftEdgeCP.exe
3988	MicrosoftEdgeCP.exe
3988	MicrosoftEdgeCP.exe
3988	MicrosoftEdgeCP.exe
3988	MicrosoftEdgeCP.exe
3988	MicrosoftEdgeCP.exe
3988	MicrosoftEdgeCP.exe
3988	MicrosoftEdgeCP.exe
3988	MicrosoftEdgeCP.exe
3988	MicrosoftEdgeCP.exe
3988	MicrosoftEdgeCP.exe
3988	MicrosoftEdgeCP.exe
3988	MicrosoftEdgeCP.exe
3988	MicrosoftEdgeCP.exe
3988	MicrosoftEdgeCP.exe
3988	MicrosoftEdgeCP.exe
3988	MicrosoftEdgeCP.exe
3988	MicrosoftEdgeCP.exe
3988	MicrosoftEdgeCP.exe
3988	MicrosoftEdgeCP.exe
3988	MicrosoftEdgeCP.exe
3988	MicrosoftEdgeCP.exe
3988	MicrosoftEdgeCP.exe
3988	MicrosoftEdgeCP.exe
3988	MicrosoftEdgeCP.exe
3988	MicrosoftEdgeCP.exe
3988	MicrosoftEdgeCP.exe
3988	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	1992	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1992	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1992	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1992	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	5928	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	5928	MicrosoftEdgeCP.exe

Suspicious use of FindShellTrayWindow 8 IoCs

pid	Process
1696	10nH71dm.exe
1696	10nH71dm.exe
1696	10nH71dm.exe
1696	10nH71dm.exe
1696	10nH71dm.exe
1696	10nH71dm.exe
1696	10nH71dm.exe
1696	10nH71dm.exe

Suspicious use of SendNotifyMessage 8 IoCs

pid	Process
1696	10nH71dm.exe
1696	10nH71dm.exe
1696	10nH71dm.exe
1696	10nH71dm.exe
1696	10nH71dm.exe
1696	10nH71dm.exe
1696	10nH71dm.exe
1696	10nH71dm.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2204	MicrosoftEdge.exe
3988	MicrosoftEdgeCP.exe
1992	MicrosoftEdgeCP.exe
3988	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4220 wrote to memory of 4444	4220	bff0d8546cd2ef6abe76d306a8303158ace15877837702bfa7fcb8c83885ca88.exe	71
PID 4220 wrote to memory of 4444	4220	bff0d8546cd2ef6abe76d306a8303158ace15877837702bfa7fcb8c83885ca88.exe	71
PID 4220 wrote to memory of 4444	4220	bff0d8546cd2ef6abe76d306a8303158ace15877837702bfa7fcb8c83885ca88.exe	71
PID 4444 wrote to memory of 1696	4444	LO2vH91.exe	72
PID 4444 wrote to memory of 1696	4444	LO2vH91.exe	72
PID 4444 wrote to memory of 1696	4444	LO2vH91.exe	72
PID 4444 wrote to memory of 3888	4444	AppLaunch.exe	83
PID 4444 wrote to memory of 3888	4444	AppLaunch.exe	83
PID 4444 wrote to memory of 3888	4444	AppLaunch.exe	83
PID 3888 wrote to memory of 5064	3888	11zd5795.exe	86
PID 3888 wrote to memory of 5064	3888	11zd5795.exe	86
PID 3888 wrote to memory of 5064	3888	11zd5795.exe	86
PID 3888 wrote to memory of 4424	3888	11zd5795.exe	87
PID 3888 wrote to memory of 4424	3888	11zd5795.exe	87
PID 3888 wrote to memory of 4424	3888	11zd5795.exe	87
PID 3888 wrote to memory of 3592	3888	11zd5795.exe	88
PID 3888 wrote to memory of 3592	3888	11zd5795.exe	88
PID 3888 wrote to memory of 3592	3888	11zd5795.exe	88
PID 3888 wrote to memory of 4464	3888	11zd5795.exe	89
PID 3888 wrote to memory of 4464	3888	11zd5795.exe	89
PID 3888 wrote to memory of 4464	3888	11zd5795.exe	89
PID 3888 wrote to memory of 2492	3888	11zd5795.exe	90
PID 3888 wrote to memory of 2492	3888	11zd5795.exe	90
PID 3888 wrote to memory of 2492	3888	11zd5795.exe	90
PID 3888 wrote to memory of 2492	3888	11zd5795.exe	90
PID 3888 wrote to memory of 2492	3888	11zd5795.exe	90
PID 3888 wrote to memory of 2492	3888	11zd5795.exe	90
PID 3888 wrote to memory of 2492	3888	11zd5795.exe	90
PID 3888 wrote to memory of 2492	3888	11zd5795.exe	90
PID 3888 wrote to memory of 2492	3888	11zd5795.exe	90
PID 3888 wrote to memory of 2492	3888	11zd5795.exe	90
PID 4220 wrote to memory of 1000	4220	bff0d8546cd2ef6abe76d306a8303158ace15877837702bfa7fcb8c83885ca88.exe	91
PID 4220 wrote to memory of 1000	4220	bff0d8546cd2ef6abe76d306a8303158ace15877837702bfa7fcb8c83885ca88.exe	91
PID 4220 wrote to memory of 1000	4220	bff0d8546cd2ef6abe76d306a8303158ace15877837702bfa7fcb8c83885ca88.exe	91
PID 1000 wrote to memory of 4444	1000	12lV742.exe	95
PID 1000 wrote to memory of 4444	1000	12lV742.exe	95
PID 1000 wrote to memory of 4444	1000	12lV742.exe	95
PID 1000 wrote to memory of 4444	1000	12lV742.exe	95
PID 1000 wrote to memory of 4444	1000	12lV742.exe	95
PID 1000 wrote to memory of 4444	1000	12lV742.exe	95
PID 1000 wrote to memory of 4444	1000	12lV742.exe	95
PID 1000 wrote to memory of 4444	1000	12lV742.exe	95
PID 3988 wrote to memory of 1276	3988	MicrosoftEdgeCP.exe	81
PID 3988 wrote to memory of 1276	3988	MicrosoftEdgeCP.exe	81
PID 3988 wrote to memory of 2820	3988	MicrosoftEdgeCP.exe	78
PID 3988 wrote to memory of 1232	3988	MicrosoftEdgeCP.exe	96
PID 3988 wrote to memory of 1232	3988	MicrosoftEdgeCP.exe	96
PID 3988 wrote to memory of 1232	3988	MicrosoftEdgeCP.exe	96
PID 3988 wrote to memory of 1232	3988	MicrosoftEdgeCP.exe	96
PID 3988 wrote to memory of 1232	3988	MicrosoftEdgeCP.exe	96
PID 3988 wrote to memory of 2820	3988	MicrosoftEdgeCP.exe	78
PID 3988 wrote to memory of 2820	3988	MicrosoftEdgeCP.exe	78
PID 3988 wrote to memory of 1232	3988	MicrosoftEdgeCP.exe	96
PID 3988 wrote to memory of 1232	3988	MicrosoftEdgeCP.exe	96
PID 3988 wrote to memory of 5792	3988	MicrosoftEdgeCP.exe	104
PID 3988 wrote to memory of 5792	3988	MicrosoftEdgeCP.exe	104
PID 3988 wrote to memory of 5792	3988	MicrosoftEdgeCP.exe	104
PID 3988 wrote to memory of 2820	3988	MicrosoftEdgeCP.exe	78
PID 3988 wrote to memory of 2820	3988	MicrosoftEdgeCP.exe	78
PID 3988 wrote to memory of 2820	3988	MicrosoftEdgeCP.exe	78
PID 3988 wrote to memory of 2820	3988	MicrosoftEdgeCP.exe	78
PID 3988 wrote to memory of 2820	3988	MicrosoftEdgeCP.exe	78
PID 3988 wrote to memory of 2820	3988	MicrosoftEdgeCP.exe	78
PID 3988 wrote to memory of 5792	3988	MicrosoftEdgeCP.exe	104

C:\Users\Admin\AppData\Local\Temp\bff0d8546cd2ef6abe76d306a8303158ace15877837702bfa7fcb8c83885ca88.exe
"C:\Users\Admin\AppData\Local\Temp\bff0d8546cd2ef6abe76d306a8303158ace15877837702bfa7fcb8c83885ca88.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:4220
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\LO2vH91.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\LO2vH91.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:4444
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\10nH71dm.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\10nH71dm.exe
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:1696
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\11zd5795.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\11zd5795.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetThreadContext
    - Suspicious use of WriteProcessMemory
    PID:3888
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      4⤵
      PID:5064
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      4⤵
      PID:4424
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      4⤵
      PID:3592
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      4⤵
      PID:4464
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      4⤵
      PID:2492
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 568
        5⤵
        Program crash
        
        PID:2728
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\12lV742.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\12lV742.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:1000
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4444

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2204

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:4104

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3988

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1992

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4296

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2820

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2968

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5000

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:1276

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2664

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4992

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:1232

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:5172

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:5308

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5928

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5792

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:6420

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:7164

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:5556

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:5988

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:6308

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:5004

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:5248

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:6652

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5400

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:6996

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:5240

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:6672

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:6496

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:5012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\TCMH1DO0\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YC2SXJVL\buttons[1].css

Filesize
32KB

MD5
84524a43a1d5ec8293a89bb6999e2f70

SHA1
ea924893c61b252ce6cdb36cdefae34475d4078c

SHA256
8163d25cb71da281079b36fcde6d9f6846ff1e9d70112bbe328cae5ffb05f2bc

SHA512
2bf17794d327b4a9bdbae446dd086354b6b98ac044a8ee0b85bd72c3ab22d93b43f3542df03d64f997d1df6fc6cac5c5e258c4ec82b998f3a40b50c2fde99b5a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YC2SXJVL\chunk~9229560c0[1].css

Filesize
34KB

MD5
19a9c503e4f9eabd0eafd6773ab082c0

SHA1
d9b0ca3905ab9a0f9ea976d32a00abb7935d9913

SHA256
7ba0cc7d66172829eef8ff773c1e9c6e2fde3cfd82d9a89e1a71751957e47b0a

SHA512
0145582e8eb3adb98ad2dbc0b8e7a29c1d0525f0fd515fcf82eda7b4ce2f7f7f6aa0e81912aa98927e6d420ed110eb497c287a0ad483f8af067332920d4bde83

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YC2SXJVL\shared_global[1].css

Filesize
84KB

MD5
eec4781215779cace6715b398d0e46c9

SHA1
b978d94a9efe76d90f17809ab648f378eb66197f

SHA256
64f61829703eca976c04cf194765a87c5a718e98597df2cb3eae9cf3150e572e

SHA512
c1f8164eb3a250a8edf8b7cb3b8c30396861eff95bcc4ed9a0c92a9dcde8fd7cd3a91b8f4fd8968c4fdafd18b51d20541bcc07a0643e55c8f6b12ceb67d7805d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YC2SXJVL\shared_responsive[1].css

Filesize
18KB

MD5
086f049ba7be3b3ab7551f792e4cbce1

SHA1
292c885b0515d7f2f96615284a7c1a4b8a48294a

SHA256
b38fc1074ef68863c2841111b9e20d98ea0305c1e39308dc7ad3a6f3fd39117a

SHA512
645f23b5598d0c38286c2a68268cb0bc60db9f6de7620297f94ba14afe218d18359d124ebb1518d31cd8960baed7870af8fd6960902b1c9496d945247fbb2d78

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YC2SXJVL\shared_responsive_adapter[1].js

Filesize
24KB

MD5
a52bc800ab6e9df5a05a5153eea29ffb

SHA1
8661643fcbc7498dd7317d100ec62d1c1c6886ff

SHA256
57cfaf9b92c98541f769090cd0229a30013cea7cfafc18519ca654bfae29e14e

SHA512
1bcacd0ec7c3d633d6296fff3325802d6352805f0d2cf1eea39237424229ecffad6cb2aee4248e28b1eca02ff0646b58240851a246bbcf0aa1083830d5d9081e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZWXNBKH7\fn_1k[2].jpg

Filesize
132KB

MD5
3ae8bba7279972ba539bdb75e6ced7f5

SHA1
8c704696343c8ad13358e108ab8b2d0f9021fec2

SHA256
de760e6ff6b3aa8af41c5938a5f2bb565b6fc0c0fb3097f03689fe2d588c52f8

SHA512
3ca2300a11d965e92bba8dc96ae1b00eca150c530cbfeb9732b8329da47e2f469110306777ed661195ff456855f79e2c4209ccef4a562a71750eb903d0a42c24

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZWXNBKH7\hcaptcha[1].js

Filesize
325KB

MD5
c2a59891981a9fd9c791bbff1344df52

SHA1
1bd69409a50107057b5340656d1ecd6f5726841f

SHA256
6beec8b04234097105f5d7a88af9c27552b27021446c9dbe029d908d1ff8599f

SHA512
f9d556e0f7e95e603881c5196cc2aa736eb24ed62086d09d36a9e1d6b4fec9f4c1dfb125a66bec301f57230a4242108c7c255e6aa3c6f08a3a0d75e0cf288afe

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZWXNBKH7\shared_global[1].js

Filesize
149KB

MD5
f94199f679db999550a5771140bfad4b

SHA1
10e3647f07ef0b90e64e1863dd8e45976ba160c0

SHA256
26c013d87a0650ece1f28cdc42d7995ad1a57e5681e30c4fd1c3010d995b7548

SHA512
66aef2dda0d8b76b68fd4a90c0c8332d98fe6d23590954a20317b0129a39feb9cd3bd44e0c57e6b309227d912c6c07b399302a5e680615e05269769b7e750036

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZWXNBKH7\tooltip[1].js

Filesize
15KB

MD5
72938851e7c2ef7b63299eba0c6752cb

SHA1
b75196bd3a6f9f4dfc1bbf5e43e96874bcd9ce4e

SHA256
e2d4e0e1d3e162fdc815f16dfff9ae9b0a967949f0f3ae371f947d730a3f0661

SHA512
2bb6c03a1335ef9514d0d172a4284d82a29d1783a72306bdcb8af3185d5cd2ff16303355aa4b05086d2fa0b5b7c7159cfa67de4a6175095ff0e68adec2a56ac1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\PIPA2TN4\www.epicgames[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\PIPA2TN4\www.epicgames[1].xml

Filesize
89B

MD5
3984b8026b516668a806fc71e15dc763

SHA1
99ce4a5e683d734460b53e5dfde4ecc91728b2b6

SHA256
ddf0e4a351265966f0127f3bdeadbe6db649d63ae9662d78c1ebe80a0278c47d

SHA512
a0592f6d628aab0d7657e91f1289104aecc89b6db5c28791177b3f724721e7a2c91e1feeccbe5a8677700e6d219caaec675415d88551c836df426681e6be9451

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\1RNF4EXK\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\3ATUP9NO\B8BxsscfVBr[1].ico

Filesize
1KB

MD5
e508eca3eafcc1fc2d7f19bafb29e06b

SHA1
a62fc3c2a027870d99aedc241e7d5babba9a891f

SHA256
e6d1d77403cd9f14fd2377d07e84350cfe768e3353e402bf42ebdc8593a58c9a

SHA512
49e3f31fd73e52ba274db9c7d306cc188e09c3ae683827f420fbb17534d197a503460e7ec2f1af46065f8d0b33f37400659bfa2ae165e502f97a8150e184a38c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\3ATUP9NO\epic-favicon-96x96[1].png

Filesize
5KB

MD5
c94a0e93b5daa0eec052b89000774086

SHA1
cb4acc8cfedd95353aa8defde0a82b100ab27f72

SHA256
3f51f3fb508f0d0361b722345974969576daef2c7d3db8f97c4ca8e1ff1a1775

SHA512
f676705e63f89d76520637b788f3bac96d177d1be7f9762aeb8d5d1554afd7666cbd6ef22ce08f581eb59bd383dd1971896231264bc3eaabf21135c967930240

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\3ATUP9NO\favicon[1].ico

Filesize
1KB

MD5
630d203cdeba06df4c0e289c8c8094f6

SHA1
eee14e8a36b0512c12ba26c0516b4553618dea36

SHA256
bbce71345828a27c5572637dbe88a3dd1e065266066600c8a841985588bf2902

SHA512
09f4e204960f4717848bf970ac4305f10201115e45dd5fe0196a6346628f0011e7bc17d73ec946b68731a5e179108fd39958cecf41125f44094f63fe5f2aeb2c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\DMAE24L3\favicon[1].ico

Filesize
5KB

MD5
f3418a443e7d841097c714d69ec4bcb8

SHA1
49263695f6b0cdd72f45cf1b775e660fdc36c606

SHA256
6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

SHA512
82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\DMAE24L3\pp_favicon_x[1].ico

Filesize
5KB

MD5
e1528b5176081f0ed963ec8397bc8fd3

SHA1
ff60afd001e924511e9b6f12c57b6bf26821fc1e

SHA256
1690c4e20869c3763b7fc111e2f94035b0a7ee830311dd680ac91421daad3667

SHA512
acf71864e2844907752901eeeaf5c5648d9f6acf3b73a2fb91e580bee67a04ffe83bc2c984a9464732123bc43a3594007691653271ba94f95f7e1179f4146212

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\E2K9IQRF\favicon[2].ico

Filesize
37KB

MD5
231913fdebabcbe65f4b0052372bde56

SHA1
553909d080e4f210b64dc73292f3a111d5a0781f

SHA256
9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad

SHA512
7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\w9s4pi8\imagestore.dat

Filesize
16KB

MD5
fdac05e75422211661c42f1dc559c90b

SHA1
465a1de0e235a036ece7e38120d9aea8c2ed4b93

SHA256
01b3ba9e85832e6ac5da395c377036bd5dd1ea3dbbb048889badc915f4c97059

SHA512
f43a17a10af3fc6f13a5e85533c0f5348eac7816034fe64068361109482f3a5357e2afda0e3e17380467ee51c2d06c1933651b422cebfe4ebbde991eca46f992

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF67FADD9B9E8E1D4F.TMP

Filesize
16KB

MD5
e9427e1cfd06896200d9e4533166464e

SHA1
7690da240661fb5d092e08ed6bd53d0c23de0197

SHA256
fb3da2361d384b7f8cb50ca74be8a139d05bc35e20c5b3744013cd9cfcc938a9

SHA512
678c122209d66619fc877332ec86194dc75c5d3e46b2fa9082b46ad7441e4e5f8833827ac13b670cf494315643b4b8cb4c597e16184fd11cb746bb71127a6293

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DKI4H5LG\intersection-observer.min[1].js

Filesize
5KB

MD5
936a7c8159737df8dce532f9ea4d38b4

SHA1
8834ea22eff1bdfd35d2ef3f76d0e552e75e83c5

SHA256
3ea95af77e18116ed0e8b52bb2c0794d1259150671e02994ac2a8845bd1ad5b9

SHA512
54471260a278d5e740782524392249427366c56b288c302c73d643a24c96d99a487507fbe1c47e050a52144713dfeb64cd37bc6359f443ce5f8feb1a2856a70a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DKI4H5LG\network[1].js

Filesize
16KB

MD5
d954c2a0b6bd533031dab62df4424de3

SHA1
605df5c6bdc3b27964695b403b51bccf24654b10

SHA256
075b233f5b75cfa6308eacc965e83f4d11c6c1061c56d225d2322d3937a5a46b

SHA512
4cbe104db33830405bb629bf0ddceee03e263baeb49afbfb188b941b3431e3f66391f7a4f5008674de718b5f8af60d4c5ee80cfe0671c345908f247b0cfaa127

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DKI4H5LG\scheduler[1].js

Filesize
9KB

MD5
3403b0079dbb23f9aaad3b6a53b88c95

SHA1
dc8ca7a7c709359b272f4e999765ac4eddf633b3

SHA256
f48cc70897719cf69b692870f2a85e45ecf0601fd672afcd569495faa54f6e48

SHA512
1b7f23639fd56c602a4027f1dd53185e83e3b1fa575dc29310c0590dd196dc59864407495b8cc9df23430a0f2709403d0aa6ec6d234cce09f89c485add45b40e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DKI4H5LG\spf[1].js

Filesize
40KB

MD5
892335937cf6ef5c8041270d8065d3cd

SHA1
aa6b73ca5a785fa34a04cb46b245e1302a22ddd3

SHA256
4d6a0c59700ff223c5613498f31d94491724fb29c4740aeb45bd5b23ef08cffa

SHA512
b760d2a1c26d6198e84bb6d226c21a501097ee16a1b535703787aaef101021c8269ae28c0b94d5c94e0590bf50edaff4a54af853109fce10b629fa81df04d5b3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DKI4H5LG\web-animations-next-lite.min[1].js

Filesize
49KB

MD5
cb9360b813c598bdde51e35d8e5081ea

SHA1
d2949a20b3e1bc3e113bd31ccac99a81d5fa353d

SHA256
e0cbfda7bfd7be1dcb66bbb507a74111fc4b2becbc742cd879751c3b4cbfa2f0

SHA512
a51e7374994b6c4adc116bc9dea60e174032f7759c0a4ff8eef0ce1a053054660d205c9bb05224ae67a64e2b232719ef82339a9cad44138b612006975578783c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DKI4H5LG\webcomponents-ce-sd[1].js

Filesize
95KB

MD5
58b49536b02d705342669f683877a1c7

SHA1
1dab2e925ab42232c343c2cd193125b5f9c142fa

SHA256
dea31a0a884a91f8f34710a646d832bc0edc9fc151ffd9811f89c47a3f4a6d7c

SHA512
c7a70bdefd02b89732e12605ad6322d651ffa554e959dc2c731d817f7bf3e6722b2c5d479eb84bd61b6ee174669440a5fa6ac4083a173b6cf5b30d14388483d4

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DKI4H5LG\www-i18n-constants[1].js

Filesize
5KB

MD5
f3356b556175318cf67ab48f11f2421b

SHA1
ace644324f1ce43e3968401ecf7f6c02ce78f8b7

SHA256
263c24ac72cb26ab60b4b2911da2b45fef9b1fe69bbb7df59191bb4c1e9969cd

SHA512
a2e5b90b1944a9d8096ae767d73db0ec5f12691cf1aebd870ad8e55902ceb81b27a3c099d924c17d3d51f7dbc4c3dd71d1b63eb9d3048e37f71b2f323681b0ad

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DKI4H5LG\www-tampering[1].js

Filesize
10KB

MD5
d0a5a9e10eb7c7538c4abf5b82fda158

SHA1
133efd3e7bb86cfb8fa08e6943c4e276e674e3a6

SHA256
a82008d261c47c8ca436773fe8d418c5e32f48fe25a30885656353461e84bbbc

SHA512
a50f80003b377dbc6a22ef6b1d6ad1843ef805d94bafb1fcab8e67c3781ae671027a89c06bf279f3fd81508e18257740165a4fea3b1a7082b38ec0dc3d122c2f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YC2SXJVL\desktop_polymer_css_polymer_serving_disabled[1].js

Filesize
8.0MB

MD5
c5f7a6b8f08c25ee673c9b73ce51249d

SHA1
9a97323a8733cae3f6f6d9ac4e158e6d01133916

SHA256
4d67427a0c349986f83055c64b17c89847543a003c54dff18b2704625417a1e0

SHA512
4643d44b3295fa1a2723b57212ddf938c26fa15cc3ca759be60c4182b1959c5d7a0df614b4c6ab419b78524312277630b12a528da6698d038b6931155250fa78

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YC2SXJVL\m=_b,_tp[1].js

Filesize
213KB

MD5
0b3be5461821c195b402fd37b85b85ba

SHA1
f39b54e7f89fdf4fd9df3cd3b34226aadd9e2926

SHA256
f2ba85cd8a91593d7087cd5c495bebbe5c50cd08d39d55887afcac75fb7e7237

SHA512
da4c2726131df98d610b179505cd9b477ccaa00f8809bd32fbe5b13650aa85830f12cb7f9a2ca6b2486f67a5d9a1bd76505f4dec2cec41b7c37b14555f6d67d6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YC2SXJVL\rs=AGKMywEfXGDvhU0fuylcqyTdvtelWk4BrA[1].css

Filesize
2.4MB

MD5
7e867744b135de2f1198c0992239e13b

SHA1
0e9cf25a9fb8e65fe4eacb4b85cb9e61e03cf16f

SHA256
bc730ba2cb39047efdd61ba2e5b285f0f186f46d0541676cf366a1f65349cbc2

SHA512
ec27a603d574cafa0d0cfa3ebf2fc99671ea9e3288a00375c34d3fced024d78e1bd9ca9d3b68d317f53a31095ce6864b7f6470a9633204720700850e2454f39d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YC2SXJVL\www-main-desktop-home-page-skeleton[1].css

Filesize
12KB

MD5
770c13f8de9cc301b737936237e62f6d

SHA1
46638c62c9a772f5a006cc8e7c916398c55abcc5

SHA256
ec532fc053f1048f74abcf4c53590b0802f5a0bbddcdc03f10598e93e38d2ab6

SHA512
15f9d4e08c8bc22669da83441f6e137db313e4a3267b9104d0cc5509cbb45c5765a1a7080a3327f1f6627ddeb7e0cf524bd990c77687cb21a2e9d0b7887d4b6d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YC2SXJVL\www-onepick[1].css

Filesize
1011B

MD5
5306f13dfcf04955ed3e79ff5a92581e

SHA1
4a8927d91617923f9c9f6bcc1976bf43665cb553

SHA256
6305c2a6825af37f17057fd4dcb3a70790cc90d0d8f51128430883829385f7cc

SHA512
e91ecd1f7e14ff13035dd6e76dfa4fa58af69d98e007e2a0d52bff80d669d33beb5fafefe06254cbc6dd6713b4c7f79c824f641cb704142e031c68eccb3efed3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZWXNBKH7\css2[1].css

Filesize
2KB

MD5
16b81ad771834a03ae4f316c2c82a3d7

SHA1
6d37de9e0da73733c48b14f745e3a1ccbc3f3604

SHA256
1c8b1cfe467de6b668fb6dce6c61bed5ef23e3f7b3f40216f4264bd766751fb9

SHA512
9c3c27ba99afb8f0b82bac257513838b1652cfe81f12cca1b34c08cc53d3f1ebd9a942788ada007f1f9f80d9b305a8b6ad8e94b79a30f1d7c594a2395cf468a2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZWXNBKH7\m=_b,_tp[1].js

Filesize
213KB

MD5
bb99196a40ef3e0f4a22d14f94763a4c

SHA1
740a293152549a0a4b4720625ea7d25ac900f159

SHA256
28e8a65ccc3cd8656831f57b38e965f68a304ebecd3642981733a4b2aad06636

SHA512
fdddc0752eff7c25afdc62f7ce699bc3718346c1d87f2cac604b5320f6671f036edc989e6c67859d97d0ed5fc17fbae65076605f77814f537c8537842ebf6915

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZWXNBKH7\www-main-desktop-watch-page-skeleton[1].css

Filesize
13KB

MD5
2344d9b4cd0fa75f792d298ebf98e11a

SHA1
a0b2c9a2ec60673625d1e077a95b02581485b60c

SHA256
682e83c4430f0a5344acb1239a9fce0a71bae6c0a49156dccbf42f11de3d007d

SHA512
7a1ac40ad7c8049321e3278749c8d1474017740d4221347f5387aa14c5b01563bc6c7fd86f4d29fda8440deba8929ab7bb69334bb5400b0b8af436d736e08fab

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\AG5LLM31.cookie

Filesize
261B

MD5
a180aa36365d27847469431eec2485f5

SHA1
d626f0bbb61b3e7e1795d1025976699c41322923

SHA256
1c580881c7853b7252ed5392ecf1c326c731f8b02963960fc8a5e9bf28088c72

SHA512
466c6c7fe809e4519d25a988d2b356f6bbd531c3f1fceebc864a81d6827511e53cbd69e15c4485c08b003c0eb2b763884c9fad564a2728c2557c61f58080a338

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\GNUEZFGK.cookie

Filesize
95B

MD5
a4fe0fcecc788c688ee5309b08b74958

SHA1
55b6899cfdbe19a5ba890e69c00e0af4bcf108da

SHA256
fc150826882062662bf258fa3d25ddd710b3f7e01b5b211025ec151921ed1ae3

SHA512
7a839ba9560b2adde249446951d05f01392c8c5762f39bbaa4e9dcbd1157933c6135d3e9721a837c7ca84a319792c9eda5a3991f69587608d21f8efdbb98d7d7

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\HIFGMBIQ.cookie

Filesize
132B

MD5
11b2143ac89402c4dc013e0f4f87f8a1

SHA1
35ce6ecc154d3a7b93e280326e0bec3842dc1705

SHA256
916ae51cf17fb22657269ee78516bff7b9c81f111f3f15fbdbbd397a8fc3ef0c

SHA512
3c661389cdd0e43f0779ddb94d0ad3fa7026a4c239c3d38ef37c327a14c793ba1280c69d930340fa4c31a0399f7462c1a3342baae05a0d3cef3d377ed05bb799

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\L536Z4CN.cookie

Filesize
132B

MD5
1996c5a8c4a49e13f87c6752e0529018

SHA1
b9ccf9478e9816273d847ebf98e35bdc4996adfe

SHA256
bb3982ca70702e556665233bb16867208ac17f62707c09b4d373b4594442416f

SHA512
f1a0b459e4aea26f565d1a8acbd3f586c8f22ddd67ef32a1ff3a64a8d85bf9308b1686782d742736bfad2f09019c19e9c2f43a04bccef84a61c8f3b7af16924b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\YJLTU00S.cookie

Filesize
132B

MD5
86a71e893dccb326fb8c2979bc9202ea

SHA1
385e6840ae1afb760e05b329e28e5f249caefea2

SHA256
1b3ef7baf13e9087f6848697ab0b35df0eb3d0a61e74524ebbb27804d9ee0f69

SHA512
eea6defcdbba1462cad6c1520fb622b99ff0585902baa227cc40fc75cfa811d6b7bdfcfaf153e2907b42b467a7492ce446c9840ce0abd226cfbfa0af185e6468

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
be470ed4c8bc8e958c6efad19b74e939

SHA1
c9fef2c8c31f1b10f443efa3cacb42ff4443c3c1

SHA256
3830f0a9d7a9becfc11af19cc9fd47a2651464eaf8d6bdf1ccff1cde35e79ec5

SHA512
530f5406888f6dc76e585340bddbb98d3d2575d6823c309d0f1d6cc036af54346b3a3951ceac6afc3e26eb424ca7a180b461d494fd89828b21e536cb7ac2309d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
1KB

MD5
bbf0e29268ddfd99bde03e58039df96a

SHA1
3ba0542fed7734b1fcb484d73df8583d4c1cb11d

SHA256
ccb67510824670f69ce2ed17ba72455f2be26d053ab13b2d04e8c4bbc2a456a4

SHA512
4eac0c845359016b7045100c146d83b3c5e94ca7d319e4bcde9c19f880b89d33630aadbfbeb21c85295388826e046857aafba5b55fd22397537761586af0df35

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
1KB

MD5
bbf0e29268ddfd99bde03e58039df96a

SHA1
3ba0542fed7734b1fcb484d73df8583d4c1cb11d

SHA256
ccb67510824670f69ce2ed17ba72455f2be26d053ab13b2d04e8c4bbc2a456a4

SHA512
4eac0c845359016b7045100c146d83b3c5e94ca7d319e4bcde9c19f880b89d33630aadbfbeb21c85295388826e046857aafba5b55fd22397537761586af0df35

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

Filesize
471B

MD5
80144ac74f3b6f6d6a75269bdc5d5a60

SHA1
6707bb0c8a3e92d1fd4765e10781535433036196

SHA256
d746128fdb817742cb812c74fb8aa543191116feda6dfcfc59d74becf482a285

SHA512
c61d3847bdc0c4a4b8cd94b2d9a3a474b985b974776ca2ef4caf78e5fb82e4d4f65c477dec1cdf080f9d397f3d0dfe035adc267f9b4fe9b75c82e399f20bc6b3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_26971925776788617818974D91697792

Filesize
471B

MD5
6293fc5eaaed8df7afcac06f55276c56

SHA1
9ba81b982f35eeee0d9aff03491063769dbd2c30

SHA256
9454dc1a0257f4e36d2e6ed3e42b023453d474b8d6d2a0d94e4bf47ccad2ba88

SHA512
d6bb25647b97121e6cf7e4283ddfcd601dd3d517399658155e89af0b45bace1b1c58572604783fda8d1c2e6f437015494a7e88ad7041ccea530a1ada89971b15

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_11314361DFE3E655E02EC2E7F9346EC1

Filesize
472B

MD5
f995fbc24a8b5c5bcdcac7ccd135721e

SHA1
03e4d5797a4774ee5105252e64e38f960e6bdda3

SHA256
9f2d9f774682c5346032ca6a08f245c788891c0df92752b35ef56f50b8ad283e

SHA512
2cae6b25e58d301786ac468c8599470b9aa3657c09072416e9da1cbd36e23b4f99ea75057c0f5d4acde0f596341c9c3436ae1f02d07237f4bc388a314894c8d0

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

Filesize
471B

MD5
512efc86ad030a9f7699232254b7dc91

SHA1
b020f69657c8f9f6f31bac79eb9731fc65a7edea

SHA256
8378bc432890d6865c27fd76c1daacedc5d6ab322eea880873f7acd9a85eee28

SHA512
47eac50cafea502714868bd9004f90b9699cc883141407ec17ad4e165e1c6caffee12739381370cb37c9e12f389c5f2046465bedf977924a5fe5e3b51b6a91af

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

Filesize
471B

MD5
512efc86ad030a9f7699232254b7dc91

SHA1
b020f69657c8f9f6f31bac79eb9731fc65a7edea

SHA256
8378bc432890d6865c27fd76c1daacedc5d6ab322eea880873f7acd9a85eee28

SHA512
47eac50cafea502714868bd9004f90b9699cc883141407ec17ad4e165e1c6caffee12739381370cb37c9e12f389c5f2046465bedf977924a5fe5e3b51b6a91af

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
006dfef9a5200332977c30a0f969b700

SHA1
6b3ac3e38694632c54b48c3af058af4e881c91c9

SHA256
7655d7f5afdb2efcbc3b09136a962acdc16f137569b38e5eaa188b63a7cc00a1

SHA512
cdb38ff6d1986b9d63bdb7ee456391bedd6c71e69d3790ce16fcb46c1a0661c6cc6facf8515b833bd6a8a8a3882067c6d7165bafb8d0697f442faf284c2d1fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
338B

MD5
280360a7737c2daea5d9c593e9cd04a3

SHA1
adc975b1094fa45cccafeb7f93f4a38eafe43c21

SHA256
9d9fe9394446946049288f2411dc1d5db26f6e9e781e298e089f06df5c64e996

SHA512
a4d7fd6698ee41ab11137802f7d13af9771bbd4001ce3b0d682bd0b503e24599bab02b1a2794ae3ed1333b9e7337d66fd7e66b736819ccb183e0e05562295b84

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
338B

MD5
3aa03de75f969d000768b89709b9688c

SHA1
85b23a2a7eab0870c6f316a877dfaea5d73823f3

SHA256
80a593a020afeb8d17c51037f457ada5cd264c13cb629e9d527c68f0ce211862

SHA512
4859121bce81c778f35ad4a5c204cc21148b0f59ae351ceee1d484cba4685774c3fdd8711933a67c64598ed04e2f97b86beb9fb0817b752c6c7beb4c81ea25cb

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
408B

MD5
4a1957858407be846a1b65b02bdecb86

SHA1
4759652bd7f3f361033aaf7e1b01133ba1e5d4a8

SHA256
1a95c6db6364e66798bfc3cd9bcf74aacd6587cc09519abba1351fc118da8ff6

SHA512
55d834dfd1e3738f25a84d03e7d1f0835b94a6fb8d37ede7f4a57f6507c11e14f67a80a838caa08edbe9ea0d8795d5d40ef71b4ee6d04e0972cf9b0b320a270f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
408B

MD5
21c360d55f6a70fa3e2897e1a1372968

SHA1
2330a8d3691730ef9093963a019d48ec12fa03ff

SHA256
ec4b7afcb535cc7f0b1a9efac01afe4f10847b9af6874618d8349741c819d17b

SHA512
ad827f40d977f2b9b74fcbf57969824f5bc444706f5bebe94e42f90b97fe0bbab91b3f4a1f3650b1278bc1511cfcf83c3d4f214bff44fa1de867adea819e3cd3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
25953085233a22e0d16c87affda9abb3

SHA1
32e93abe578c3611a090eb43c40a93ff5649538b

SHA256
25cb1e5b77dd6a7da4470e0d268d09087867a41655e8bbd7fd8cf1db76ffbebc

SHA512
3d76fd009ae61d28677080750dabfd3d6a55136bc31e9998159a298384dbb01f31adb251174a02cbe3c753fe16ae0f9aab9d854bc4a0507f07b22b4df0ae5ae6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
25953085233a22e0d16c87affda9abb3

SHA1
32e93abe578c3611a090eb43c40a93ff5649538b

SHA256
25cb1e5b77dd6a7da4470e0d268d09087867a41655e8bbd7fd8cf1db76ffbebc

SHA512
3d76fd009ae61d28677080750dabfd3d6a55136bc31e9998159a298384dbb01f31adb251174a02cbe3c753fe16ae0f9aab9d854bc4a0507f07b22b4df0ae5ae6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
25953085233a22e0d16c87affda9abb3

SHA1
32e93abe578c3611a090eb43c40a93ff5649538b

SHA256
25cb1e5b77dd6a7da4470e0d268d09087867a41655e8bbd7fd8cf1db76ffbebc

SHA512
3d76fd009ae61d28677080750dabfd3d6a55136bc31e9998159a298384dbb01f31adb251174a02cbe3c753fe16ae0f9aab9d854bc4a0507f07b22b4df0ae5ae6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

Filesize
400B

MD5
75c719b836ab77611778d86daec5065e

SHA1
03dc65e09b96b1bf63e44c44a38ac4de9a52ca3d

SHA256
bf65f0136e89b98d36faa2697653d5acacfce8da484d0dc44ffaaa67a20f0e15

SHA512
a3e3783798bd018a0448122743b0a0caf34d078c882c012d4585e1b39fa3093ef0ad9cd4b09be074e49e72acf9c0d48627e646158922268284e8e8e6aebb49d0

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_26971925776788617818974D91697792

Filesize
414B

MD5
d657b3bbdfc00f3d814ef6a0f34375e5

SHA1
3d4c29c0a8056bcec31cfc616cf7c5b34dcde61c

SHA256
6746df5b5b27303a8a2d36817d9752b64b2d11bb5de074cb42fe21d353eb9ace

SHA512
b6f3b234c085b94a84b1b6001ab2cf0e11824c2621f8045293c69da6d5824f2e85b10dda5db891a499f4e62004b8dd0e57b6257c167b4d877cd562ff23231780

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_11314361DFE3E655E02EC2E7F9346EC1

Filesize
410B

MD5
daa499abff4400c50d8fbefaa8a67241

SHA1
a9245e3ec86be20491928ddf14ea1b672c818db9

SHA256
fc842031dfffaa8546430bb103943479469a338131f72c9d03bf57bbd301bed9

SHA512
5f6e90591fc61f0aa8248b116e27e54645452ba209bfdabcc9f7c5866ff26816734d084213df307270ed9fc25245cdb9b8829f935c89b6913e32b5b25f8348ef

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

Filesize
406B

MD5
926a93253810abb8d58e0b0a95082d63

SHA1
9cec1e805b70c4b6d6826e5f699dd7f2a4ce666d

SHA256
a1321fe5490102a32b6df43e2410a57ade360715225b04b9f88a13886e461ba2

SHA512
5327db20396a723c191ba361b56c9e1c7d2710d16c076f5873ca6bd84f5579a549b4a0c64749b8173d8b35f69a16852b1aa1d0d874776f06b5108e8cc04a04ba

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

Filesize
406B

MD5
d845c011b58607fa78134ff7b08e4166

SHA1
40739fe42511327efa3434b2395e7742f7a13381

SHA256
4e0590894cee35ad1870f9563b34d6c1724984b7cce4085b8865530faf27cd4f

SHA512
6124b75f28e15a03cba11f53961a73427411aa35f74679ce8dae13167e4bcdae24ba65c042af442258514fceb6c2a6d4291feab8afdceaca6f71adeae52df3da

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\12lV742.exe

Filesize
315KB

MD5
f88625cd0d910fd68bdd9608a9a490bf

SHA1
46dba4d2e2dba1227d827e9eb7b3212cc796be87

SHA256
08420d2adb04bb8f7b6c0f4355ba5d2a03a071e0e72b9dfd24f04106453afa55

SHA512
74f82013d507435c6d89ae09c8a48ec8c675f42cf049a42fa2b0cfc43e5149df8275b39cdb8e84918b76c956cb193136ef4281c7710e88cec0c426fe052a1aa5

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\12lV742.exe

Filesize
315KB

MD5
f88625cd0d910fd68bdd9608a9a490bf

SHA1
46dba4d2e2dba1227d827e9eb7b3212cc796be87

SHA256
08420d2adb04bb8f7b6c0f4355ba5d2a03a071e0e72b9dfd24f04106453afa55

SHA512
74f82013d507435c6d89ae09c8a48ec8c675f42cf049a42fa2b0cfc43e5149df8275b39cdb8e84918b76c956cb193136ef4281c7710e88cec0c426fe052a1aa5

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\LO2vH91.exe

Filesize
656KB

MD5
6836a973966f1ad40f14d4b102443cb6

SHA1
db903b7b39360a419eb4d838133bb4bcd7ee0137

SHA256
5161a787eb16c3bca4e0fa045847ad9cbd0e989f020b3705e6a6213494211509

SHA512
a47f7a78f3632cca93679795e9f8582d54d76f6ef4d64052ce7d1e0445283dc75a978d228ce127f58066de6b4f7577a62a1b953e9a58dc8500bca48080947c35

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\LO2vH91.exe

Filesize
656KB

MD5
6836a973966f1ad40f14d4b102443cb6

SHA1
db903b7b39360a419eb4d838133bb4bcd7ee0137

SHA256
5161a787eb16c3bca4e0fa045847ad9cbd0e989f020b3705e6a6213494211509

SHA512
a47f7a78f3632cca93679795e9f8582d54d76f6ef4d64052ce7d1e0445283dc75a978d228ce127f58066de6b4f7577a62a1b953e9a58dc8500bca48080947c35

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\10nH71dm.exe

Filesize
895KB

MD5
bdd6f3f669e8c0b61e04353a980a8a35

SHA1
8ddd5f98800eac92a9842ab673582c19d5ef0e2a

SHA256
1177e388ef01d03019e2a1bf79c226b7d68d89dcef0d39c5cd74ac414fdd0dc7

SHA512
91b16f347aa8848c3c696482b1348f34c7df30f8f08503b908b54e607b66353c4dec6a2b43b85bccc605365a1831d6cc08695a0e2d07fe22cf09d10da9c89ab3

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\10nH71dm.exe

Filesize
895KB

MD5
bdd6f3f669e8c0b61e04353a980a8a35

SHA1
8ddd5f98800eac92a9842ab673582c19d5ef0e2a

SHA256
1177e388ef01d03019e2a1bf79c226b7d68d89dcef0d39c5cd74ac414fdd0dc7

SHA512
91b16f347aa8848c3c696482b1348f34c7df30f8f08503b908b54e607b66353c4dec6a2b43b85bccc605365a1831d6cc08695a0e2d07fe22cf09d10da9c89ab3

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\11zd5795.exe

Filesize
276KB

MD5
6d3d8c616207c4fd6ccc2c4d39db731d

SHA1
9e77f2bf8f11c00dcdf8f93c59acecf7e9b82d90

SHA256
2a2289d26532900a6864b2e77f7d5f061229ea8140bf05e448b4cb72ca4cc887

SHA512
b4dd3526b5fd5da535c396d33bb78297823b8ae11314389b06376f5ca3f40b5b9bd8f167bb12f993e53aa64fa683ab152987309009d898529c00ef5726987515

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\11zd5795.exe

Filesize
276KB

MD5
6d3d8c616207c4fd6ccc2c4d39db731d

SHA1
9e77f2bf8f11c00dcdf8f93c59acecf7e9b82d90

SHA256
2a2289d26532900a6864b2e77f7d5f061229ea8140bf05e448b4cb72ca4cc887

SHA512
b4dd3526b5fd5da535c396d33bb78297823b8ae11314389b06376f5ca3f40b5b9bd8f167bb12f993e53aa64fa683ab152987309009d898529c00ef5726987515

Download Submit
memory/1276-472-0x00000247C8540000-0x00000247C8542000-memory.dmp

Filesize
8KB

Download
memory/1276-442-0x00000247C8510000-0x00000247C8512000-memory.dmp

Filesize
8KB

Download
memory/2204-592-0x0000021470570000-0x0000021470571000-memory.dmp

Filesize
4KB

Download
memory/2204-591-0x0000021470560000-0x0000021470561000-memory.dmp

Filesize
4KB

Download
memory/2204-49-0x0000021468FE0000-0x0000021468FE2000-memory.dmp

Filesize
8KB

Download
memory/2204-30-0x0000021469400000-0x0000021469410000-memory.dmp

Filesize
64KB

Download
memory/2204-14-0x0000021468E20000-0x0000021468E30000-memory.dmp

Filesize
64KB

Download
memory/2492-87-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2492-82-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2492-90-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2492-85-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2664-843-0x0000024A28300000-0x0000024A28400000-memory.dmp

Filesize
1024KB

Download
memory/2664-672-0x0000024A27D80000-0x0000024A27DA0000-memory.dmp

Filesize
128KB

Download
memory/2664-549-0x0000024A27000000-0x0000024A27100000-memory.dmp

Filesize
1024KB

Download
memory/2664-640-0x0000024A2A1C0000-0x0000024A2A1E0000-memory.dmp

Filesize
128KB

Download
memory/2664-935-0x0000024A28960000-0x0000024A28A60000-memory.dmp

Filesize
1024KB

Download
memory/2820-895-0x0000023720640000-0x0000023720740000-memory.dmp

Filesize
1024KB

Download
memory/2820-187-0x000002371ED00000-0x000002371EE00000-memory.dmp

Filesize
1024KB

Download
memory/2820-753-0x000002370C060000-0x000002370C080000-memory.dmp

Filesize
128KB

Download
memory/2820-760-0x000002371DF10000-0x000002371DF30000-memory.dmp

Filesize
128KB

Download
memory/2820-808-0x000002371E350000-0x000002371E370000-memory.dmp

Filesize
128KB

Download
memory/2820-567-0x000002371E270000-0x000002371E290000-memory.dmp

Filesize
128KB

Download
memory/2820-885-0x000002371E770000-0x000002371E772000-memory.dmp

Filesize
8KB

Download
memory/2820-525-0x000002371E490000-0x000002371E4B0000-memory.dmp

Filesize
128KB

Download
memory/2820-319-0x000002371F100000-0x000002371F200000-memory.dmp

Filesize
1024KB

Download
memory/4444-245-0x000000000B8D0000-0x000000000B962000-memory.dmp

Filesize
584KB

Download
memory/4444-293-0x000000000B8C0000-0x000000000B8CA000-memory.dmp

Filesize
40KB

Download
memory/4444-99-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/4444-230-0x000000000BD30000-0x000000000C22E000-memory.dmp

Filesize
5.0MB

Download
memory/4444-318-0x000000000BB80000-0x000000000BBBE000-memory.dmp

Filesize
248KB

Download
memory/4444-330-0x000000000BBC0000-0x000000000BC0B000-memory.dmp

Filesize
300KB

Download
memory/4444-309-0x000000000BB20000-0x000000000BB32000-memory.dmp

Filesize
72KB

Download
memory/4444-307-0x000000000C230000-0x000000000C33A000-memory.dmp

Filesize
1.0MB

Download
memory/4444-2409-0x0000000072B80000-0x000000007326E000-memory.dmp

Filesize
6.9MB

Download
memory/4444-305-0x000000000C840000-0x000000000CE46000-memory.dmp

Filesize
6.0MB

Download
memory/4444-211-0x0000000072B80000-0x000000007326E000-memory.dmp

Filesize
6.9MB

Download
memory/4992-917-0x0000024A23E20000-0x0000024A23E40000-memory.dmp

Filesize
128KB

Download
memory/5000-787-0x000001DD66C90000-0x000001DD66D90000-memory.dmp

Filesize
1024KB

Download
memory/5000-924-0x000001DD67440000-0x000001DD67540000-memory.dmp

Filesize
1024KB

Download
memory/5000-557-0x000001DD655A0000-0x000001DD655C0000-memory.dmp

Filesize
128KB

Download
memory/5000-675-0x000001DD668A0000-0x000001DD668C0000-memory.dmp

Filesize
128KB

Download
memory/5172-286-0x000001A0FD200000-0x000001A0FD220000-memory.dmp

Filesize
128KB

Download
memory/5172-247-0x000001A0FDA20000-0x000001A0FDA40000-memory.dmp

Filesize
128KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads