mystic | ac699c44b77a5a915ba4cd74689097a676126775e565a8b940b3634bdacae3cc

Analysis

max time kernel
300s
max time network
295s
platform
windows10-1703_x64
resource
win10-20231023-en
resource tags

arch:x64arch:x86image:win10-20231023-enlocale:en-usos:windows10-1703-x64system
submitted
13/11/2023, 09:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Az9CT03.exe
Size

877KB
MD5

f7793cf4ad987b0a3ff0b6fdb1f31b65
SHA1

44594ab3697e1102b514ca209c8d8e0db30011a3
SHA256

ac699c44b77a5a915ba4cd74689097a676126775e565a8b940b3634bdacae3cc
SHA512

09d592b2c08369f92f0ce0049356316a5c23dc89664349729531dcf595deadaf2ca83bcb1e0b882df2049c7ae24822343873c11828715c711543ad3d27ab766a
SSDEEP

24576:cyoKEtJaeUIsACtG0PYDzavtXRJIUrvlQf:LqtkezziG7XavtXR/S

Score

10^/10

mystic redline taiga google infostealer persistence phishing stealer

Malware Config

Extracted

Family

redline

Botnet

taiga

5.42.92.51:19057

Signatures

Detect Mystic stealer payload 4 IoCs

resource	yara_rule
behavioral2/memory/2132-83-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family
behavioral2/memory/2132-116-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family
behavioral2/memory/2132-117-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family
behavioral2/memory/2132-120-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family

Detected google phishing page
phishing google
Mystic
Mystic is an infostealer written in C++.
stealer mystic
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 1 IoCs

resource	yara_rule
behavioral2/memory/5312-198-0x0000000000400000-0x000000000043C000-memory.dmp	family_redline

Executes dropped EXE 4 IoCs

pid	Process
4000	fN3Rw90.exe
3016	10ar58zE.exe
4436	11VM9042.exe
2664	12Xk479.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	Az9CT03.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\""	fN3Rw90.exe

AutoIT Executable 2 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral2/files/0x000700000001ab81-12.dat	autoit_exe
behavioral2/files/0x000700000001ab81-13.dat	autoit_exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 4436 set thread context of 2132	4436	11VM9042.exe	88
PID 2664 set thread context of 5312	2664	12Xk479.exe	100

Drops file in Windows directory 27 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2116	2132	WerFault.exe	88

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\recaptcha.net\Total = "25"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\paypalobjects.com\NumberOfSubd = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.epicgames.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\hcaptcha.com	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 505bc8271516da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CTLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.epicgames.com\ = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\hcaptcha.com\Total = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\recaptcha.net\NumberOfSubdomai = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\FileVersion = "2016061511"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 43cbaaf81416da01	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\steampowered.com\Total = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\store.steampowered.com\ = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\c.paypal.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "172"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\recaptcha.net\Total = "103"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\hcaptcha.com\Total = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\paypal.com	MicrosoftEdgeCP.exe

Suspicious behavior: MapViewOfSection 47 IoCs

pid	Process
3652	MicrosoftEdgeCP.exe
3652	MicrosoftEdgeCP.exe
3652	MicrosoftEdgeCP.exe
3652	MicrosoftEdgeCP.exe
3652	MicrosoftEdgeCP.exe
3652	MicrosoftEdgeCP.exe
3652	MicrosoftEdgeCP.exe
3652	MicrosoftEdgeCP.exe
3652	MicrosoftEdgeCP.exe
3652	MicrosoftEdgeCP.exe
3652	MicrosoftEdgeCP.exe
3652	MicrosoftEdgeCP.exe
3652	MicrosoftEdgeCP.exe
3652	MicrosoftEdgeCP.exe
3652	MicrosoftEdgeCP.exe
3652	MicrosoftEdgeCP.exe
3652	MicrosoftEdgeCP.exe
3652	MicrosoftEdgeCP.exe
3652	MicrosoftEdgeCP.exe
3652	MicrosoftEdgeCP.exe
3652	MicrosoftEdgeCP.exe
3652	MicrosoftEdgeCP.exe
3652	MicrosoftEdgeCP.exe
3652	MicrosoftEdgeCP.exe
3652	MicrosoftEdgeCP.exe
3652	MicrosoftEdgeCP.exe
3652	MicrosoftEdgeCP.exe
3652	MicrosoftEdgeCP.exe
3652	MicrosoftEdgeCP.exe
3652	MicrosoftEdgeCP.exe
3652	MicrosoftEdgeCP.exe
3652	MicrosoftEdgeCP.exe
3652	MicrosoftEdgeCP.exe
3652	MicrosoftEdgeCP.exe
3652	MicrosoftEdgeCP.exe
3652	MicrosoftEdgeCP.exe
3652	MicrosoftEdgeCP.exe
3652	MicrosoftEdgeCP.exe
3652	MicrosoftEdgeCP.exe
3652	MicrosoftEdgeCP.exe
3652	MicrosoftEdgeCP.exe
3652	MicrosoftEdgeCP.exe
3652	MicrosoftEdgeCP.exe
3652	MicrosoftEdgeCP.exe
3652	MicrosoftEdgeCP.exe
3652	MicrosoftEdgeCP.exe
3652	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	2640	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2640	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2640	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2640	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	6004	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	6004	MicrosoftEdgeCP.exe

Suspicious use of FindShellTrayWindow 9 IoCs

pid	Process
3016	10ar58zE.exe
3016	10ar58zE.exe
3016	10ar58zE.exe
3016	10ar58zE.exe
3016	Process not Found
3016	Process not Found
3016	Process not Found
3016	Process not Found
3016	Process not Found

Suspicious use of SendNotifyMessage 9 IoCs

pid	Process
3016	10ar58zE.exe
3016	10ar58zE.exe
3016	10ar58zE.exe
3016	10ar58zE.exe
3016	Process not Found
3016	Process not Found
3016	Process not Found
3016	Process not Found
3016	Process not Found

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3972	MicrosoftEdge.exe
3652	MicrosoftEdgeCP.exe
2640	MicrosoftEdgeCP.exe
3652	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3472 wrote to memory of 4000	3472	Az9CT03.exe	71
PID 3472 wrote to memory of 4000	3472	Az9CT03.exe	71
PID 3472 wrote to memory of 4000	3472	Az9CT03.exe	71
PID 4000 wrote to memory of 3016	4000	fN3Rw90.exe	72
PID 4000 wrote to memory of 3016	4000	fN3Rw90.exe	72
PID 4000 wrote to memory of 3016	4000	fN3Rw90.exe	72
PID 4000 wrote to memory of 4436	4000	fN3Rw90.exe	81
PID 4000 wrote to memory of 4436	4000	fN3Rw90.exe	81
PID 4000 wrote to memory of 4436	4000	fN3Rw90.exe	81
PID 4436 wrote to memory of 3404	4436	11VM9042.exe	84
PID 4436 wrote to memory of 3404	4436	11VM9042.exe	84
PID 4436 wrote to memory of 3404	4436	11VM9042.exe	84
PID 4436 wrote to memory of 2456	4436	11VM9042.exe	85
PID 4436 wrote to memory of 2456	4436	11VM9042.exe	85
PID 4436 wrote to memory of 2456	4436	11VM9042.exe	85
PID 4436 wrote to memory of 1004	4436	11VM9042.exe	86
PID 4436 wrote to memory of 1004	4436	11VM9042.exe	86
PID 4436 wrote to memory of 1004	4436	11VM9042.exe	86
PID 4436 wrote to memory of 2132	4436	11VM9042.exe	88
PID 4436 wrote to memory of 2132	4436	11VM9042.exe	88
PID 4436 wrote to memory of 2132	4436	11VM9042.exe	88
PID 4436 wrote to memory of 2132	4436	11VM9042.exe	88
PID 4436 wrote to memory of 2132	4436	11VM9042.exe	88
PID 4436 wrote to memory of 2132	4436	11VM9042.exe	88
PID 4436 wrote to memory of 2132	4436	11VM9042.exe	88
PID 4436 wrote to memory of 2132	4436	11VM9042.exe	88
PID 4436 wrote to memory of 2132	4436	11VM9042.exe	88
PID 4436 wrote to memory of 2132	4436	11VM9042.exe	88
PID 3472 wrote to memory of 2664	3472	Az9CT03.exe	90
PID 3472 wrote to memory of 2664	3472	Az9CT03.exe	90
PID 3472 wrote to memory of 2664	3472	Az9CT03.exe	90
PID 2664 wrote to memory of 3184	2664	12Xk479.exe	93
PID 2664 wrote to memory of 3184	2664	12Xk479.exe	93
PID 2664 wrote to memory of 3184	2664	12Xk479.exe	93
PID 2664 wrote to memory of 3484	2664	12Xk479.exe	97
PID 2664 wrote to memory of 3484	2664	12Xk479.exe	97
PID 2664 wrote to memory of 3484	2664	12Xk479.exe	97
PID 2664 wrote to memory of 4432	2664	12Xk479.exe	98
PID 2664 wrote to memory of 4432	2664	12Xk479.exe	98
PID 2664 wrote to memory of 4432	2664	12Xk479.exe	98
PID 2664 wrote to memory of 5168	2664	12Xk479.exe	99
PID 2664 wrote to memory of 5168	2664	12Xk479.exe	99
PID 2664 wrote to memory of 5168	2664	12Xk479.exe	99
PID 2664 wrote to memory of 5312	2664	12Xk479.exe	100
PID 2664 wrote to memory of 5312	2664	12Xk479.exe	100
PID 2664 wrote to memory of 5312	2664	12Xk479.exe	100
PID 2664 wrote to memory of 5312	2664	12Xk479.exe	100
PID 2664 wrote to memory of 5312	2664	12Xk479.exe	100
PID 2664 wrote to memory of 5312	2664	12Xk479.exe	100
PID 2664 wrote to memory of 5312	2664	12Xk479.exe	100
PID 2664 wrote to memory of 5312	2664	12Xk479.exe	100
PID 3652 wrote to memory of 1756	3652	MicrosoftEdgeCP.exe	78
PID 3652 wrote to memory of 1756	3652	MicrosoftEdgeCP.exe	78
PID 3652 wrote to memory of 1756	3652	MicrosoftEdgeCP.exe	78
PID 3652 wrote to memory of 1756	3652	MicrosoftEdgeCP.exe	78
PID 3652 wrote to memory of 1756	3652	MicrosoftEdgeCP.exe	78
PID 3652 wrote to memory of 1756	3652	MicrosoftEdgeCP.exe	78
PID 3652 wrote to memory of 1756	3652	MicrosoftEdgeCP.exe	78
PID 3652 wrote to memory of 1040	3652	MicrosoftEdgeCP.exe	83
PID 3652 wrote to memory of 1040	3652	MicrosoftEdgeCP.exe	83
PID 3652 wrote to memory of 1040	3652	MicrosoftEdgeCP.exe	83
PID 3652 wrote to memory of 1040	3652	MicrosoftEdgeCP.exe	83
PID 3652 wrote to memory of 1040	3652	MicrosoftEdgeCP.exe	83
PID 3652 wrote to memory of 1040	3652	MicrosoftEdgeCP.exe	83

C:\Users\Admin\AppData\Local\Temp\Az9CT03.exe
"C:\Users\Admin\AppData\Local\Temp\Az9CT03.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:3472
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fN3Rw90.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fN3Rw90.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:4000
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\10ar58zE.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\10ar58zE.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:3016
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\11VM9042.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\11VM9042.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetThreadContext
    - Suspicious use of WriteProcessMemory
    PID:4436
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      4⤵
      PID:3404
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      4⤵
      PID:2456
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      4⤵
      PID:1004
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      4⤵
      PID:2132
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 568
        5⤵
        Program crash
        
        PID:2116
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\12Xk479.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\12Xk479.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:2664
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
    3⤵
    PID:3184
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
    3⤵
    PID:3484
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
    3⤵
    PID:4432
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
    3⤵
    PID:5168
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
    3⤵
    PID:5312

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3972

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:8

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3652

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2640

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:212

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:1756

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:432

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:3488

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:1040

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:4816

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:1788

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5464

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:5968

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5340

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4092

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:6056

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:6004

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2924

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5208

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:5232

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:5404

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5480

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:6256

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:6648

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:1492

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:6952

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:3800

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:1160

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:6240

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:6284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\YZUNXYOV\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1HMX3EH3\recaptcha__en[1].js

Filesize
465KB

MD5
fbeedf13eeb71cbe02bc458db14b7539

SHA1
38ce3a321b003e0c89f8b2e00972caa26485a6e0

SHA256
09ed391c987b3b27df5080114e00377ff1a748793cb417a809b33f22d737fe55

SHA512
124b9f53a53ef596a54c6c04ab3be2b25d33d1ce915978ec03da8f9f294db91d41ee9091b722e462722f51f9d9455ce480e1a0cb57c2f3248c7a3a9e3b9dac58

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1HMX3EH3\shared_responsive_adapter[1].js

Filesize
24KB

MD5
a52bc800ab6e9df5a05a5153eea29ffb

SHA1
8661643fcbc7498dd7317d100ec62d1c1c6886ff

SHA256
57cfaf9b92c98541f769090cd0229a30013cea7cfafc18519ca654bfae29e14e

SHA512
1bcacd0ec7c3d633d6296fff3325802d6352805f0d2cf1eea39237424229ecffad6cb2aee4248e28b1eca02ff0646b58240851a246bbcf0aa1083830d5d9081e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9HFI3V0U\shared_global[1].css

Filesize
84KB

MD5
cfe7fa6a2ad194f507186543399b1e39

SHA1
48668b5c4656127dbd62b8b16aa763029128a90c

SHA256
723131aba2cf0edd34a29d63af1d7b4ff515b9a3a3e164b2493026132dd37909

SHA512
5c85bb6404d5be1871b0b2e2d2c9053716354acd69c7acca73d8ce8bf8f21645ae11f788f78ef624444016cb722ecbd6213e771bda36717725f2b60f53688c6b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9HFI3V0U\shared_global[1].js

Filesize
149KB

MD5
f94199f679db999550a5771140bfad4b

SHA1
10e3647f07ef0b90e64e1863dd8e45976ba160c0

SHA256
26c013d87a0650ece1f28cdc42d7995ad1a57e5681e30c4fd1c3010d995b7548

SHA512
66aef2dda0d8b76b68fd4a90c0c8332d98fe6d23590954a20317b0129a39feb9cd3bd44e0c57e6b309227d912c6c07b399302a5e680615e05269769b7e750036

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KG6JSG7U\chunk~f036ce556[1].css

Filesize
34KB

MD5
19a9c503e4f9eabd0eafd6773ab082c0

SHA1
d9b0ca3905ab9a0f9ea976d32a00abb7935d9913

SHA256
7ba0cc7d66172829eef8ff773c1e9c6e2fde3cfd82d9a89e1a71751957e47b0a

SHA512
0145582e8eb3adb98ad2dbc0b8e7a29c1d0525f0fd515fcf82eda7b4ce2f7f7f6aa0e81912aa98927e6d420ed110eb497c287a0ad483f8af067332920d4bde83

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KG6JSG7U\hcaptcha[1].js

Filesize
325KB

MD5
5ae119ee83b96edc31ba199c8fc954c8

SHA1
ebfb02eb6af3f2a1c302a03a6068fea14a9536de

SHA256
4ca6f6429653398df115742aef80cd766f9966414a4172a9845346c8d4c643f8

SHA512
f290e20fdfd42140753bea10faaf1e84fbe378cfd7ce21eb50b23d98516485917a6ee7f03c4b8ea7919da48abbd1d3bc958afe4971023dc642c98c635c828cd6

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KG6JSG7U\shared_responsive[1].css

Filesize
18KB

MD5
2ab2918d06c27cd874de4857d3558626

SHA1
363be3b96ec2d4430f6d578168c68286cb54b465

SHA256
4afb3e37bfdd549cc16ef5321faf3f0a3bf6e84c79fc4408bc6f157280636453

SHA512
3af59e0b16ef9d39c2f1c5ccdbd5c9ea35bd78571fde1b5bf01e51a675d5554e03225a2d7c04ed67e22569e9f43b16788105a0bf591ebba28ef917c961cc59e2

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KG6JSG7U\tooltip[1].js

Filesize
15KB

MD5
72938851e7c2ef7b63299eba0c6752cb

SHA1
b75196bd3a6f9f4dfc1bbf5e43e96874bcd9ce4e

SHA256
e2d4e0e1d3e162fdc815f16dfff9ae9b0a967949f0f3ae371f947d730a3f0661

SHA512
2bb6c03a1335ef9514d0d172a4284d82a29d1783a72306bdcb8af3185d5cd2ff16303355aa4b05086d2fa0b5b7c7159cfa67de4a6175095ff0e68adec2a56ac1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\S6XA6K3W\buttons[1].css

Filesize
32KB

MD5
b91ff88510ff1d496714c07ea3f1ea20

SHA1
9c4b0ad541328d67a8cde137df3875d824891e41

SHA256
0be99fd30134de50d457729cebd0e08342777af747caf503108178cb4c375085

SHA512
e82438186bfc3e9ca690af8e099aafbfbc71c9310f9d1c8cb87ffa9e7f0f11f33982c63a2dac95c9b83fef1aaa59178b73212fc76e895d13a1ffbbe3c1adfa4c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\CSWW4VPF\www.recaptcha[1].xml

Filesize
98B

MD5
1acc286a2c328baeb1d61a8b33c19137

SHA1
77a68c5240c723c291f68e39694a25765d6fea11

SHA256
5d64c25faf7fe1558d90f044dab05b2a88f0cc9d4b0df1a82167f3be1e567b6a

SHA512
1aff469a6544f17d80d230387a846cbe035f928d005fb10006e731f839fcd931db756fe0eacb9e5285224d7690b6ba094aa66c1893b31d4dfef681fbbbfc85ad

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\IW13ONB4\www.epicgames[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\EG5ZIDS4\B8BxsscfVBr[1].ico

Filesize
1KB

MD5
e508eca3eafcc1fc2d7f19bafb29e06b

SHA1
a62fc3c2a027870d99aedc241e7d5babba9a891f

SHA256
e6d1d77403cd9f14fd2377d07e84350cfe768e3353e402bf42ebdc8593a58c9a

SHA512
49e3f31fd73e52ba274db9c7d306cc188e09c3ae683827f420fbb17534d197a503460e7ec2f1af46065f8d0b33f37400659bfa2ae165e502f97a8150e184a38c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\EG5ZIDS4\favicon[1].ico

Filesize
1KB

MD5
630d203cdeba06df4c0e289c8c8094f6

SHA1
eee14e8a36b0512c12ba26c0516b4553618dea36

SHA256
bbce71345828a27c5572637dbe88a3dd1e065266066600c8a841985588bf2902

SHA512
09f4e204960f4717848bf970ac4305f10201115e45dd5fe0196a6346628f0011e7bc17d73ec946b68731a5e179108fd39958cecf41125f44094f63fe5f2aeb2c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\M88V0DEH\favicon[1].ico

Filesize
37KB

MD5
231913fdebabcbe65f4b0052372bde56

SHA1
553909d080e4f210b64dc73292f3a111d5a0781f

SHA256
9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad

SHA512
7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\M88V0DEH\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\O8NDHJ27\epic-favicon-96x96[1].png

Filesize
5KB

MD5
c94a0e93b5daa0eec052b89000774086

SHA1
cb4acc8cfedd95353aa8defde0a82b100ab27f72

SHA256
3f51f3fb508f0d0361b722345974969576daef2c7d3db8f97c4ca8e1ff1a1775

SHA512
f676705e63f89d76520637b788f3bac96d177d1be7f9762aeb8d5d1554afd7666cbd6ef22ce08f581eb59bd383dd1971896231264bc3eaabf21135c967930240

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\PB5IO2MM\pp_favicon_x[1].ico

Filesize
5KB

MD5
e1528b5176081f0ed963ec8397bc8fd3

SHA1
ff60afd001e924511e9b6f12c57b6bf26821fc1e

SHA256
1690c4e20869c3763b7fc111e2f94035b0a7ee830311dd680ac91421daad3667

SHA512
acf71864e2844907752901eeeaf5c5648d9f6acf3b73a2fb91e580bee67a04ffe83bc2c984a9464732123bc43a3594007691653271ba94f95f7e1179f4146212

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\9wg9nf3\imagestore.dat

Filesize
28KB

MD5
6217e771c4ce5faee526b8749cd5fb84

SHA1
2bf69c552c22c603c1bf620e4261a95cee07770e

SHA256
c296ce615af5954b745303e87d0bcdfa545a00493355493d87bf375f3313eb0c

SHA512
d9d28d814ccc263c30409651d539e4401bdb449fc135b3c93676f843e9145ec164502cf90909b3a337e6608ea0946bfa04b38dd148d51572935a5a89f01006f1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DFFF97C3ADF719F88B.TMP

Filesize
16KB

MD5
7f555c9bbcb2fa4bc0addb67ac05affc

SHA1
59405cd49f9632b3b400cdeb581741e34effed35

SHA256
b972506552e783e9a7375014b286e723f151478fd8729397f741601389fbedd0

SHA512
f041884c34d3fffc89a77eea30a921abdb2816fa41084810b153c6216a8151776bf1bb8f29e6c9a95b16f8553c0ca6d66975d70b3799571a8879d3a9d8e750f8

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1HMX3EH3\desktop_polymer_css_polymer_serving_disabled[1].js

Filesize
8.0MB

MD5
c5f7a6b8f08c25ee673c9b73ce51249d

SHA1
9a97323a8733cae3f6f6d9ac4e158e6d01133916

SHA256
4d67427a0c349986f83055c64b17c89847543a003c54dff18b2704625417a1e0

SHA512
4643d44b3295fa1a2723b57212ddf938c26fa15cc3ca759be60c4182b1959c5d7a0df614b4c6ab419b78524312277630b12a528da6698d038b6931155250fa78

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1HMX3EH3\www-main-desktop-watch-page-skeleton[1].css

Filesize
13KB

MD5
2344d9b4cd0fa75f792d298ebf98e11a

SHA1
a0b2c9a2ec60673625d1e077a95b02581485b60c

SHA256
682e83c4430f0a5344acb1239a9fce0a71bae6c0a49156dccbf42f11de3d007d

SHA512
7a1ac40ad7c8049321e3278749c8d1474017740d4221347f5387aa14c5b01563bc6c7fd86f4d29fda8440deba8929ab7bb69334bb5400b0b8af436d736e08fab

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1HMX3EH3\www-onepick[1].css

Filesize
1011B

MD5
5306f13dfcf04955ed3e79ff5a92581e

SHA1
4a8927d91617923f9c9f6bcc1976bf43665cb553

SHA256
6305c2a6825af37f17057fd4dcb3a70790cc90d0d8f51128430883829385f7cc

SHA512
e91ecd1f7e14ff13035dd6e76dfa4fa58af69d98e007e2a0d52bff80d669d33beb5fafefe06254cbc6dd6713b4c7f79c824f641cb704142e031c68eccb3efed3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1HMX3EH3\www-tampering[1].js

Filesize
10KB

MD5
d0a5a9e10eb7c7538c4abf5b82fda158

SHA1
133efd3e7bb86cfb8fa08e6943c4e276e674e3a6

SHA256
a82008d261c47c8ca436773fe8d418c5e32f48fe25a30885656353461e84bbbc

SHA512
a50f80003b377dbc6a22ef6b1d6ad1843ef805d94bafb1fcab8e67c3781ae671027a89c06bf279f3fd81508e18257740165a4fea3b1a7082b38ec0dc3d122c2f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9HFI3V0U\css2[1].css

Filesize
2KB

MD5
16b81ad771834a03ae4f316c2c82a3d7

SHA1
6d37de9e0da73733c48b14f745e3a1ccbc3f3604

SHA256
1c8b1cfe467de6b668fb6dce6c61bed5ef23e3f7b3f40216f4264bd766751fb9

SHA512
9c3c27ba99afb8f0b82bac257513838b1652cfe81f12cca1b34c08cc53d3f1ebd9a942788ada007f1f9f80d9b305a8b6ad8e94b79a30f1d7c594a2395cf468a2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9HFI3V0U\web-animations-next-lite.min[1].js

Filesize
49KB

MD5
cb9360b813c598bdde51e35d8e5081ea

SHA1
d2949a20b3e1bc3e113bd31ccac99a81d5fa353d

SHA256
e0cbfda7bfd7be1dcb66bbb507a74111fc4b2becbc742cd879751c3b4cbfa2f0

SHA512
a51e7374994b6c4adc116bc9dea60e174032f7759c0a4ff8eef0ce1a053054660d205c9bb05224ae67a64e2b232719ef82339a9cad44138b612006975578783c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9HFI3V0U\www-i18n-constants[1].js

Filesize
5KB

MD5
f3356b556175318cf67ab48f11f2421b

SHA1
ace644324f1ce43e3968401ecf7f6c02ce78f8b7

SHA256
263c24ac72cb26ab60b4b2911da2b45fef9b1fe69bbb7df59191bb4c1e9969cd

SHA512
a2e5b90b1944a9d8096ae767d73db0ec5f12691cf1aebd870ad8e55902ceb81b27a3c099d924c17d3d51f7dbc4c3dd71d1b63eb9d3048e37f71b2f323681b0ad

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KG6JSG7U\intersection-observer.min[1].js

Filesize
5KB

MD5
936a7c8159737df8dce532f9ea4d38b4

SHA1
8834ea22eff1bdfd35d2ef3f76d0e552e75e83c5

SHA256
3ea95af77e18116ed0e8b52bb2c0794d1259150671e02994ac2a8845bd1ad5b9

SHA512
54471260a278d5e740782524392249427366c56b288c302c73d643a24c96d99a487507fbe1c47e050a52144713dfeb64cd37bc6359f443ce5f8feb1a2856a70a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KG6JSG7U\network[1].js

Filesize
16KB

MD5
d954c2a0b6bd533031dab62df4424de3

SHA1
605df5c6bdc3b27964695b403b51bccf24654b10

SHA256
075b233f5b75cfa6308eacc965e83f4d11c6c1061c56d225d2322d3937a5a46b

SHA512
4cbe104db33830405bb629bf0ddceee03e263baeb49afbfb188b941b3431e3f66391f7a4f5008674de718b5f8af60d4c5ee80cfe0671c345908f247b0cfaa127

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KG6JSG7U\rs=AGKMywEfXGDvhU0fuylcqyTdvtelWk4BrA[1].css

Filesize
2.4MB

MD5
7e867744b135de2f1198c0992239e13b

SHA1
0e9cf25a9fb8e65fe4eacb4b85cb9e61e03cf16f

SHA256
bc730ba2cb39047efdd61ba2e5b285f0f186f46d0541676cf366a1f65349cbc2

SHA512
ec27a603d574cafa0d0cfa3ebf2fc99671ea9e3288a00375c34d3fced024d78e1bd9ca9d3b68d317f53a31095ce6864b7f6470a9633204720700850e2454f39d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KG6JSG7U\webcomponents-ce-sd[1].js

Filesize
95KB

MD5
58b49536b02d705342669f683877a1c7

SHA1
1dab2e925ab42232c343c2cd193125b5f9c142fa

SHA256
dea31a0a884a91f8f34710a646d832bc0edc9fc151ffd9811f89c47a3f4a6d7c

SHA512
c7a70bdefd02b89732e12605ad6322d651ffa554e959dc2c731d817f7bf3e6722b2c5d479eb84bd61b6ee174669440a5fa6ac4083a173b6cf5b30d14388483d4

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\S6XA6K3W\scheduler[1].js

Filesize
9KB

MD5
3403b0079dbb23f9aaad3b6a53b88c95

SHA1
dc8ca7a7c709359b272f4e999765ac4eddf633b3

SHA256
f48cc70897719cf69b692870f2a85e45ecf0601fd672afcd569495faa54f6e48

SHA512
1b7f23639fd56c602a4027f1dd53185e83e3b1fa575dc29310c0590dd196dc59864407495b8cc9df23430a0f2709403d0aa6ec6d234cce09f89c485add45b40e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\S6XA6K3W\spf[1].js

Filesize
40KB

MD5
892335937cf6ef5c8041270d8065d3cd

SHA1
aa6b73ca5a785fa34a04cb46b245e1302a22ddd3

SHA256
4d6a0c59700ff223c5613498f31d94491724fb29c4740aeb45bd5b23ef08cffa

SHA512
b760d2a1c26d6198e84bb6d226c21a501097ee16a1b535703787aaef101021c8269ae28c0b94d5c94e0590bf50edaff4a54af853109fce10b629fa81df04d5b3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\S6XA6K3W\www-main-desktop-home-page-skeleton[1].css

Filesize
12KB

MD5
770c13f8de9cc301b737936237e62f6d

SHA1
46638c62c9a772f5a006cc8e7c916398c55abcc5

SHA256
ec532fc053f1048f74abcf4c53590b0802f5a0bbddcdc03f10598e93e38d2ab6

SHA512
15f9d4e08c8bc22669da83441f6e137db313e4a3267b9104d0cc5509cbb45c5765a1a7080a3327f1f6627ddeb7e0cf524bd990c77687cb21a2e9d0b7887d4b6d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\2QFWZLR6.cookie

Filesize
90B

MD5
f944a5b72d1e53665b79425c440b3e51

SHA1
9e2b0c79ee27c0c5e72b0b4f34110bf9c34633db

SHA256
2d3b6aae4ab854ad78273ad4c04a9917192da63047d51bc26c1caf7d821681fe

SHA512
ab6ca9d43ae25dd95c623906370af832dfb7d1faf1318404a23022d23db866abc02ef8a1c91c56788ceac69cd6e6a989d95ac706f8ebf8314a66d1630837696d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\2WCM5OB9.cookie

Filesize
840B

MD5
46380a156e83b09bed762d02d5606937

SHA1
a0e19aa729e0bd1ccab32f025679f3f27e2ac2f8

SHA256
1866cb8ef5e62b539c7867641c910d8b46a9b15fc00b84eac7bd0955cbad2714

SHA512
e7c57625869063c48dbc262e720d58bb65dc175f2f7e4a336d6d7b94c98aae45bb12e898cd0e97a52bda90e7a3cf113ec4b73175ff9c6cb1ed0fa6a1c7cfa55d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\4071KH0T.cookie

Filesize
1KB

MD5
85a774828039cf689f7289cfd8110832

SHA1
f93f39c5282617877638332fc8918d378c91be29

SHA256
8171b8752029d1b81fde5b8940e018f40ef190e126d90c80081da5cb258e47f4

SHA512
66aab528244f4ab51b7103f06862049f517c174ac2daddd85037cefa34c392cf2d2143e2d4c30648de07ab2f04219df0a4da0495ce8d461fe4349a09f135acce

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\467XX0HT.cookie

Filesize
846B

MD5
29f8f98bc1e2e7e4399f5e3e02a1e6e4

SHA1
8c49e8bd51f6e458d07d6e696fc273186816af6f

SHA256
023616000fe80d7407f9c9ce461620f627351712f23078382877b8dd8846686f

SHA512
0077bc2f43666737c0741cee77241f1185d8f57b6fba86dff4440d5863d13180378047ae3aba115bf5327da0522d908243728afeb76a8985d49dabc9a2ddecb2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\82I3VJZA.cookie

Filesize
960B

MD5
71da5771a50c33565f0dac5cbba3897a

SHA1
c7d24c8507654e98a55a18b2d92bf7772da5faf6

SHA256
c735a0bd02e59f9f75aaf41177350920314be0641a2aa8fa7e0d685e59d38f51

SHA512
47222b086d15c645306c724a4599dce28eda0d36ac657b1b67b90b869875986b3d0ffa67f8d4088ef46d4c803cc963b36400ac02880a7e7e98f73d66917b46b2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\B1PX8Z2P.cookie

Filesize
847B

MD5
87a3153124d3eb9ea67c62c1264f830e

SHA1
022db5737d89dd3a2459a0ce2a5504cf3bd1e649

SHA256
252d24f938bbb7479b1d0e4fdbec0b0f7d321140d27fe73e19060299486ff4be

SHA512
3827661eb0f9a4cae5b7a6a89e5bb2731da4d17b8e3bf61eef41de5dfe787d6b8dfeadec99aedf323c7b1e08979e68f333b597a595915b567c0e0195522d5849

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\F2VO3TLG.cookie

Filesize
846B

MD5
6ba937d9b82af8b7d322b50c1414efa3

SHA1
815b12496dfb5679849fca3124ff17274b2de306

SHA256
c735db89e80af0315ad8d0eb1e142ac6308205dbf7bd666d3d1f405fcc228615

SHA512
ff7534a961bf66151ead614ed7275b54d964c89be4d0b7317c2025abb65a5ce2f64ffb7b14355c034ed2f42362a28f0ad18344d2941d2ba7bba7cb1054d7481b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\KWNS4IDT.cookie

Filesize
847B

MD5
87c20e057b5658b38c69ae17ba1fd9fc

SHA1
07a006652b2f92dfbc0a1e530c762b9fab9a56c8

SHA256
9be5cb0e6c9a2e6a169dbbaa357e27a21c3cf962347c90829807ae24400e58ba

SHA512
4ab2efd27644e4d8f74c64c228e80a46852636f255f90cbe852a7c9d8cc9910c020b4d76d13bfdbd011a2aec3cd95a1245af5cfc79f2806919cd21e3fe8f0f6b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\LFSUKOF9.cookie

Filesize
132B

MD5
de759dfe67f81d52d84832fe7751faa1

SHA1
9c9f3567f2a91d64c63de1ca51745ced773a407a

SHA256
88923ddc7fe9725998c437666da37961996abf633a99edc09e1ddd68cc34644a

SHA512
40d61182e0807c2d7bcf18c4d2f6c9ebfb85a54e52a339f0a71cf07a09db06da97a658edf37e9dec198dafd862a651cb809540d5222ade7f8038935f081c7ba0

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\MD720770.cookie

Filesize
960B

MD5
a5d178de3afdc572f0244b6d75e60a4e

SHA1
f1bd1f6bc2a7d1fcd7ff23829fe7c116dcd6b853

SHA256
1e9c2bed40cfc97b338ffd822e1327feea8af794c62ff841db843c253bd4b5e9

SHA512
5d6c0ae0aa34e72e262231b07ea2de7a339d6303990656bece138375149636d3025e449eac7c0cf7fae70e83696106963b152b3a6c9740fb14105bb25c6822fb

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\NJPGVEQD.cookie

Filesize
87B

MD5
46080d53dcf160129920a924dcebcad6

SHA1
8117a5de10ad8b5cf24d31ac180f739ee1dc87e7

SHA256
d97e7e6d8c822e71087e1962244be0a96c6c5733bed3e82d57da31efab68f2ef

SHA512
cec8105ff64d22bbfd40aeb724f085d65f6e48f3b1b9aeb5bd609b06d882dddabfe8f1a1ebe412cfebc3e367b98e738d0b6241ba622cf2d79d29b12016b46120

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\POX9C43S.cookie

Filesize
959B

MD5
68aceea50c1c75a9f2c2c786993300cc

SHA1
259cbb27352e56c3e8a6e3ceb3310e5122c52509

SHA256
088cf559004a802e2bcf7489ada045c7b21bad87f4df3efb90028c0d60b16589

SHA512
0c377078ce931a381a60052c13a331dddc31a3bba483b01f748b22432d92070e3e50b64a39bd7bc768eed9f50eeddfad22264a477e1cc3bd2ca465e61bfd9e14

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\QXR089UJ.cookie

Filesize
132B

MD5
cccfe7e1fb52b34203ce3b61d29e492f

SHA1
b0e66107c4ad763157d3a43b757c98731a369591

SHA256
b86a1c61187c056371272586035569c7fb510af0f992d4ef592b22109566d7ab

SHA512
9abcbbce3dbb7ae66dd1d21df190c2a266954c1b31733890368830997bd4171227006fc6ef3f0b8b188d8ffbfec24965fb70691a7e38e13c2dc5a1e7b1324827

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\RHPC7RXB.cookie

Filesize
847B

MD5
0e8a0f6f6a3459d16cf8303f7afe0582

SHA1
dfbb0820e8eb9addd932a69ec513433b1749e983

SHA256
e9033231e85e5fd6bbd2a188eede41e8706fda3fd3c0c93ac7177edbec859e4e

SHA512
9f85a815894441687962e7f3e5a1f1b4271c02ffd2fc1abeede6833a292f3f3f3d24c44b06cc35e31ba6f0b629e1530592450f1fdc40eb4eab866e235314574f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\T04JJM96.cookie

Filesize
132B

MD5
dac879080e7f1c1a968b6a700fa39559

SHA1
fe0c5574fb936c0af3eac976fd1ba3a693a7b7c8

SHA256
16d4419e59816b3433080986f41b6fb8a6ae0d300e15cd1063fd82e2cf7dfcdb

SHA512
a940cc4964ee40264af2f7e0ac57c5b1a0903dc27c92c5e717d8b1308bbf61457c896a059c27c6458620f13690f87b8003fb3f44e415500a026d8ace2469b125

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\UUZKE1RY.cookie

Filesize
846B

MD5
bd7bbdabaf8ce40a652759ca1d59df28

SHA1
4e47794b65e9eadfc6e4214568da8fae0adeace3

SHA256
d01354cf37e502176d948ac83a14c6277007630fa9b4246f491c5fcb2197cc05

SHA512
ddd66bb7589dff34c1b39127bd43728fc69eb7fc735bb9ce8d9d834244cbd78109907da87185037874b0032db46b5e38259e2ed2761dc6bc10ff89d70863c68d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VTWFX20U.cookie

Filesize
95B

MD5
b48bd7624f649937c42cb97b1041c5fe

SHA1
06b00320dd52e5e05c26a3fc5d8f82b6016e7cea

SHA256
659929291a6f43d03b05d0d5690cee4d899dff8cbd9c9b75a0a296a5b7f73b07

SHA512
93b38d49a6b9ffd812863ac071345b37d8abf01978def876dc8204fd51528cb77dd599b17dc05daf100b98990766136f644954a9921657c45f45d778aacbd33e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\WALSW362.cookie

Filesize
959B

MD5
dc58b9362229efb9f1d8baac03755050

SHA1
93fcb25410bcc8c3520cee7b3b9a27be174498b5

SHA256
209510618de6f17ae17341d826aa90e94b8cdbe5766b146b247a25507d120b4a

SHA512
8f0b0df972d2845a7c98f2db43c7e1dc0e97cec267aa1dabb8f9070108f3ffe2038e36381aff552b130c14caa26ef218da5a94ac606901f7aef913ffc4cf4191

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\XCFSNQM8.cookie

Filesize
256B

MD5
fb108ddf9ce7bea69e87e1e5b72d3c18

SHA1
5237f2059e8d869fe8c315cd2d16cf3ce9d0fc83

SHA256
046f178c453475ca0a12ac1a4717c1520e171ef9b9ef8c8ae270c3ef4801c7f1

SHA512
d85c111c5d4d0c692d1dfd58fb1cf9eb64b581c0a7cb4871362be4f956ad3fef47b9d06ab3cc4b47644bfcc7752580b98a4a4638c6664875ba8bd7fda6ca257b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\Y8X5T5ZV.cookie

Filesize
960B

MD5
61ca1676f99e6e3d985e7cbf69141b18

SHA1
4c6ae0aaeb57d56938800bb5e1528d06ded08dd3

SHA256
702cfa778edb3dd18479320a83f0d3c8e037f3c90c6de493076a1d383bbbb1c1

SHA512
0181aefd68ba082c28b919bbdc7ce558aa791dd52405c58fe78a136be0a31c1134ef521938bed2896feadd57c1e4a345af55c648c9bacaddc377eff4c5ad5f9a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
7ae087e8f21fc4779aa46b777d5e4ded

SHA1
64000bf8f259e18846baf2a71d64b0cb872d5e86

SHA256
f4ac703102376c280465f117e3f24b89de6e5841db8c8f3a7d475c933ec1596b

SHA512
5a32c030ebd77497a57c9cb4749119feba380bbc288873717059250e6f85d1d8349775bb26e40ad1760eed5318df12e0c80449eca875ff84fb0d1215cb871f0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
7ae087e8f21fc4779aa46b777d5e4ded

SHA1
64000bf8f259e18846baf2a71d64b0cb872d5e86

SHA256
f4ac703102376c280465f117e3f24b89de6e5841db8c8f3a7d475c933ec1596b

SHA512
5a32c030ebd77497a57c9cb4749119feba380bbc288873717059250e6f85d1d8349775bb26e40ad1760eed5318df12e0c80449eca875ff84fb0d1215cb871f0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
1KB

MD5
7f9785c64c59d9e29126a337aafdbabe

SHA1
9a00b8d563619497851f7976fc76a3af0cc8c05b

SHA256
ebccdacaf89db3e2672680214f08bb09e53b0b370f4c60292cf3fc9292c51bda

SHA512
7324b497b749665989385aaba8f0d14f1d0d488b2bf8d21196cdc1d41c610b2c1f080046691a2b0e1d499360a52ffa66ed0283e65914cd4c798929440856b61c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

Filesize
471B

MD5
bce2943d19d5b7a59189e3cf794488be

SHA1
4fab464a79ab91688123ec65a285d0ff109e0c4e

SHA256
36811480d8f9e76c6eee4d4db381772ad3ddc63407dd0fd957b05b2e252e065b

SHA512
0bc5b8045d4cfb7bcbc50843f4f90550e24002b64aa384adbca612c3d2216862c98073f14fd298a8200719dec786b1e17c8859b4aed592cf034730197f56dde2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_11314361DFE3E655E02EC2E7F9346EC1

Filesize
472B

MD5
f7247870edcefeb7117b8a359b3014b4

SHA1
41725ec7aa91f041ed30a3fdd1e69962cfcdb700

SHA256
e90e89edda8ac292b9669aa872972104c845bd7d174cba1f49479af2bf22ecf0

SHA512
a8328002ce5fdc7f202febe0b09a2d523f6fba01977168930c5868cacb9599e6ea13169c41a1fac379a94afd6d5c16924828d583cf2c3b7e9448efe2bf2918cf

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

Filesize
471B

MD5
eec0ee56132b8e41319a9796a05509f0

SHA1
a1da6b93c3a63b8925398430421dd0323269184e

SHA256
051287e9bff12dae5fba7b5cabbd99cc0c101395e3fcf8db5c33027a77995312

SHA512
3a0b7a53e964bfaedeab1d13e00ac76f6ac844120ea2a37342da2c370aca302feab2022b5f973251386a03521b6b4bc43c1ee282a9d6ae5446ce04a23f85a8b3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_57DB0353F73BFEAADC2A8A5ECA70ACE8

Filesize
471B

MD5
5dac04bb185d02ca5f10a60e82561875

SHA1
b8a07b597acce4d6dd5b0bfd05b1481c1e857708

SHA256
ea7b8be0e8d0c3d3a68cc7a96237576f919c2a148dddc0afef8aa11c4a62ea66

SHA512
748781ac9ef6f60f3461a51f55cb14f265e473f187e02b04285741a4d42ba6fb29e9e50dcc0acf9d18afcd81317057fbbd244912d442ce5b4428300f30dae786

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
01f213970b5a700419d5599b6882b890

SHA1
15e8afdb132d915e5fce32161ba3a6d6f9af3664

SHA256
a1359e9e7b7ff32cc4e3b5d6013a27992152300d538b8d899b62f6f0ddfee601

SHA512
11f42bd304e01a5918c8909b7fc571588a3425d1caf55839aa6ca4be62898220d3e858265c5b7a721a4c96203920a464b968eeb8bc068e64bd9969aa9748b844

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
f376eea179afa0eabed21fb722def745

SHA1
a3d5ead2336fc23ae99899686cfe6f9828ceabd2

SHA256
547f3204521e9df54e31a9998fba6e5e3bc27c33bb6efa7383f233a5f2fdc1aa

SHA512
b10355c6d593c406462a450b310dcd99e6f19b2d50ade530f2cdb723bf553305b6dc0c4f20494cfd13b2110df8d70ac744b89cce6a2481b9626edeb24baef3d4

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
f376eea179afa0eabed21fb722def745

SHA1
a3d5ead2336fc23ae99899686cfe6f9828ceabd2

SHA256
547f3204521e9df54e31a9998fba6e5e3bc27c33bb6efa7383f233a5f2fdc1aa

SHA512
b10355c6d593c406462a450b310dcd99e6f19b2d50ade530f2cdb723bf553305b6dc0c4f20494cfd13b2110df8d70ac744b89cce6a2481b9626edeb24baef3d4

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
f376eea179afa0eabed21fb722def745

SHA1
a3d5ead2336fc23ae99899686cfe6f9828ceabd2

SHA256
547f3204521e9df54e31a9998fba6e5e3bc27c33bb6efa7383f233a5f2fdc1aa

SHA512
b10355c6d593c406462a450b310dcd99e6f19b2d50ade530f2cdb723bf553305b6dc0c4f20494cfd13b2110df8d70ac744b89cce6a2481b9626edeb24baef3d4

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
408B

MD5
dc607a677f41850d5ea83ce7554d6426

SHA1
4e41b394af8b98679f591f604a38484da838e7a5

SHA256
fbdc56978fb4d44c1f79c48c86e5c584ffb27dda4fced085aaf77504518c80ca

SHA512
fe571ce2a64125b6e9fa2e6fae551c8814b6ae04f015a24f3c5b41654528fcfb1c66e4ccf1e03d3ec8d75031794848848a402e5aeba3468cb5dbb3eda5b23fb4

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
c32393467c6bc36d8d113ac6369a0660

SHA1
8f9e4328e36b159cfefb305395840ed8224143f8

SHA256
f40c76b01763e47461b890262acc31f9c4a09fa001fbf485356dd5594c067cbe

SHA512
2ee92c201c74198c99e1465e443666a2ff28c823d33b7f613bf491040b5f958fb4e628ebc060119c025c263a3a98ee2571e32775ef0ed867cda1aa45c20809f7

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
c32393467c6bc36d8d113ac6369a0660

SHA1
8f9e4328e36b159cfefb305395840ed8224143f8

SHA256
f40c76b01763e47461b890262acc31f9c4a09fa001fbf485356dd5594c067cbe

SHA512
2ee92c201c74198c99e1465e443666a2ff28c823d33b7f613bf491040b5f958fb4e628ebc060119c025c263a3a98ee2571e32775ef0ed867cda1aa45c20809f7

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

Filesize
400B

MD5
687f5aa21b934a72babb15a74e82d3aa

SHA1
60a5f6affecf8eeb0bd7c7826313ba31906bec34

SHA256
80de8565d5e44df8e858cc4406f7d2e232842e25c38151bd0925aa19aa2389e8

SHA512
26816ab1a6ca3a4e800e4243405323ed4e831ac1c20319b99d709b08ac85e7c2cb2cd8cc627f2e64daa3aa0ae6509820e0a4a828c12bf2ad0d0d2acc2289d1b8

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_11314361DFE3E655E02EC2E7F9346EC1

Filesize
410B

MD5
94ab2613ed8e0e83c35e33651d043869

SHA1
9bb0be3ba0f463d6444930330fb6d69e308ae885

SHA256
31d76bbabb28aaa80fdf083cdcfdbc174b8b3417547797bbcd79eebdb03925a9

SHA512
5d2c7b800be155c9fd7427875ae5256f352e8baaa1629f601cb6614895c135afb52c40283f59db0b87c602c09fb791f3a8b7113461d84b3c45faa70cd290adb5

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

Filesize
406B

MD5
f36f566e894d0df73d1dc44a88be130d

SHA1
ef49c5771ded028e7062f885c4d23cefc7029a45

SHA256
b23ae9f6e70064f19ff34589b2050844c19b60ac4f1871a0927d5580db681a20

SHA512
19b21146ac83f8beee26b45095079b1484e09cc7ba6d1ed3a44725aefde109ae11158fd5595b1e4ea920cde0205f5d8244aab59aa67f3e73ed64e279ba06e6dc

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

Filesize
406B

MD5
f36f566e894d0df73d1dc44a88be130d

SHA1
ef49c5771ded028e7062f885c4d23cefc7029a45

SHA256
b23ae9f6e70064f19ff34589b2050844c19b60ac4f1871a0927d5580db681a20

SHA512
19b21146ac83f8beee26b45095079b1484e09cc7ba6d1ed3a44725aefde109ae11158fd5595b1e4ea920cde0205f5d8244aab59aa67f3e73ed64e279ba06e6dc

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

Filesize
406B

MD5
f36f566e894d0df73d1dc44a88be130d

SHA1
ef49c5771ded028e7062f885c4d23cefc7029a45

SHA256
b23ae9f6e70064f19ff34589b2050844c19b60ac4f1871a0927d5580db681a20

SHA512
19b21146ac83f8beee26b45095079b1484e09cc7ba6d1ed3a44725aefde109ae11158fd5595b1e4ea920cde0205f5d8244aab59aa67f3e73ed64e279ba06e6dc

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_57DB0353F73BFEAADC2A8A5ECA70ACE8

Filesize
410B

MD5
8649128d8ff54a597b1aeaf8011994c9

SHA1
46104db06811eee599b830308feeb2cf3f5fa965

SHA256
c4da927a1a392587ffc66f08d698f4916c9bccbb3e77b4daf313e41b201f984e

SHA512
7a4850e79e7fd8d2242a76f58eaadbc311a3793a31fc57dfc1b211e77e68936c290fe4d004ec4fd949f99d2f4f913826d9abc2b73149c363ddc3ba2621bb955b

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\12Xk479.exe

Filesize
315KB

MD5
f64761546f5ccea6036f8a0995e004b1

SHA1
e6173536fc3652a74f96a71057069920c47a32f9

SHA256
4549139bf1668e28f6f9c0018143eaa5f1a3447f358a926cd3626171a160adc8

SHA512
0c03482e3b6451a6b6b5a2855bca51e8b595e7e7b80c571818448bb06287d888fcfcd2b634c1c151a4d26e4a38b2aace83a460e99084d5b43b4921db0a9395ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\12Xk479.exe

Filesize
315KB

MD5
f64761546f5ccea6036f8a0995e004b1

SHA1
e6173536fc3652a74f96a71057069920c47a32f9

SHA256
4549139bf1668e28f6f9c0018143eaa5f1a3447f358a926cd3626171a160adc8

SHA512
0c03482e3b6451a6b6b5a2855bca51e8b595e7e7b80c571818448bb06287d888fcfcd2b634c1c151a4d26e4a38b2aace83a460e99084d5b43b4921db0a9395ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fN3Rw90.exe

Filesize
656KB

MD5
df3f39c942566630fed40b908de1f3e5

SHA1
55eca8df1d2a23689ce1c767094a189fcbf125bc

SHA256
9834a943ec66994fde72fab0661bf6b22356d301ec7e4aae805d7fcb16e3728f

SHA512
ce8291fca3f3ca34798f4d97f0f5015d20dd056ae230608bd80f8bd45fe117e35b3a4cf951a371c2a9ccd8d838a6ac311aefc864fc5f8cf22bd0351bf4dc01cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fN3Rw90.exe

Filesize
656KB

MD5
df3f39c942566630fed40b908de1f3e5

SHA1
55eca8df1d2a23689ce1c767094a189fcbf125bc

SHA256
9834a943ec66994fde72fab0661bf6b22356d301ec7e4aae805d7fcb16e3728f

SHA512
ce8291fca3f3ca34798f4d97f0f5015d20dd056ae230608bd80f8bd45fe117e35b3a4cf951a371c2a9ccd8d838a6ac311aefc864fc5f8cf22bd0351bf4dc01cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\10ar58zE.exe

Filesize
895KB

MD5
b62472a86ee0e1a9f6ea895980d43d7b

SHA1
e2414e8bea4dace80368a44c1e71120a8f423a88

SHA256
5ac7d03f0586be88304730789f64be90dd4ff74f1fefa9897bc6e63938ff00ee

SHA512
7a9d13d093883c98166b90b32425118beff870303fa91c4e78f9c160d04dd9a9fef1afa1713f86dfd844080d2c582b04fc946ce9694258b17583c1ba1b0a7471

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\10ar58zE.exe

Filesize
895KB

MD5
b62472a86ee0e1a9f6ea895980d43d7b

SHA1
e2414e8bea4dace80368a44c1e71120a8f423a88

SHA256
5ac7d03f0586be88304730789f64be90dd4ff74f1fefa9897bc6e63938ff00ee

SHA512
7a9d13d093883c98166b90b32425118beff870303fa91c4e78f9c160d04dd9a9fef1afa1713f86dfd844080d2c582b04fc946ce9694258b17583c1ba1b0a7471

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\11VM9042.exe

Filesize
276KB

MD5
78e13c8f3933b9fb74ce374c60fb45f9

SHA1
db58438f6f323582424115638c8d36a87838c7d9

SHA256
2317990f937e8d57b44551d08e2a4d0502fe19aff1bf0f7ed29aafe1df26bb33

SHA512
76e31c4144064b7b340fa8c2f26d2c5ffe3685ae81a49ee76010e76e72c205adefa8134699e983f520deb87ff1fe324b9de4e0518c14607ca92ae2a60966d70c

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\11VM9042.exe

Filesize
276KB

MD5
78e13c8f3933b9fb74ce374c60fb45f9

SHA1
db58438f6f323582424115638c8d36a87838c7d9

SHA256
2317990f937e8d57b44551d08e2a4d0502fe19aff1bf0f7ed29aafe1df26bb33

SHA512
76e31c4144064b7b340fa8c2f26d2c5ffe3685ae81a49ee76010e76e72c205adefa8134699e983f520deb87ff1fe324b9de4e0518c14607ca92ae2a60966d70c

Download Submit
memory/1756-207-0x0000023CF85A0000-0x0000023CF85A2000-memory.dmp

Filesize
8KB

Download
memory/1756-200-0x0000023CF84C0000-0x0000023CF84C2000-memory.dmp

Filesize
8KB

Download
memory/1756-212-0x0000023CF85C0000-0x0000023CF85C2000-memory.dmp

Filesize
8KB

Download
memory/1756-218-0x0000023CF85E0000-0x0000023CF85E2000-memory.dmp

Filesize
8KB

Download
memory/1756-380-0x0000023CF9AF0000-0x0000023CF9AF2000-memory.dmp

Filesize
8KB

Download
memory/1756-371-0x0000023CF8A60000-0x0000023CF8A80000-memory.dmp

Filesize
128KB

Download
memory/1756-344-0x0000023CF7210000-0x0000023CF7310000-memory.dmp

Filesize
1024KB

Download
memory/1756-342-0x0000023CF8020000-0x0000023CF8040000-memory.dmp

Filesize
128KB

Download
memory/1756-222-0x0000023CF8730000-0x0000023CF8732000-memory.dmp

Filesize
8KB

Download
memory/1756-229-0x0000023CF8750000-0x0000023CF8752000-memory.dmp

Filesize
8KB

Download
memory/1756-233-0x0000023CF8AB0000-0x0000023CF8AB2000-memory.dmp

Filesize
8KB

Download
memory/2132-83-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2132-116-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2132-117-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2132-120-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/3488-496-0x000002437B8B0000-0x000002437B8D0000-memory.dmp

Filesize
128KB

Download
memory/3972-438-0x00000244216C0000-0x00000244216C1000-memory.dmp

Filesize
4KB

Download
memory/3972-49-0x000002441A7F0000-0x000002441A7F2000-memory.dmp

Filesize
8KB

Download
memory/3972-14-0x000002441A420000-0x000002441A430000-memory.dmp

Filesize
64KB

Download
memory/3972-30-0x000002441AB00000-0x000002441AB10000-memory.dmp

Filesize
64KB

Download
memory/3972-436-0x00000244216B0000-0x00000244216B1000-memory.dmp

Filesize
4KB

Download
memory/5312-198-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/5312-234-0x000000000BA70000-0x000000000BF6E000-memory.dmp

Filesize
5.0MB

Download
memory/5312-276-0x000000000B8A0000-0x000000000B8DE000-memory.dmp

Filesize
248KB

Download
memory/5312-274-0x000000000B840000-0x000000000B852000-memory.dmp

Filesize
72KB

Download
memory/5312-237-0x000000000B610000-0x000000000B6A2000-memory.dmp

Filesize
584KB

Download
memory/5312-249-0x000000000B5F0000-0x000000000B5FA000-memory.dmp

Filesize
40KB

Download
memory/5312-263-0x000000000C580000-0x000000000CB86000-memory.dmp

Filesize
6.0MB

Download
memory/5312-264-0x000000000B910000-0x000000000BA1A000-memory.dmp

Filesize
1.0MB

Download
memory/5312-224-0x0000000073110000-0x00000000737FE000-memory.dmp

Filesize
6.9MB

Download
memory/5312-3347-0x0000000073110000-0x00000000737FE000-memory.dmp

Filesize
6.9MB

Download
memory/5312-278-0x000000000BA20000-0x000000000BA6B000-memory.dmp

Filesize
300KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads