hxxps://envs[.]sh/QMn

Analysis

max time kernel
1799s
max time network
1608s
platform
windows10-1703_x64
resource
win10-20240214-en
resource tags

arch:x64arch:x86image:win10-20240214-enlocale:en-usos:windows10-1703-x64system
submitted
18-02-2024 15:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://envs.sh/QMn

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 6 IoCs

Processes:

MicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

Processes:

browser_broker.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 39aa04947c62da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "27311"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = c0400fc17c62da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListInPrivateBrowsingAllowed = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Explorer\Main\OperationalData = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\steampowered.com\NumberOfSubd = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\steampowered.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\steampowered.com\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\MrtCache	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B72164 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-087602 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Next Rating Prompt = c0e5a7b2497ada01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "268435456"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "4411"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\NumberOfSubdomains = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLsVisitCount\url4 = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url2 = "http://steam.co/"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 0000000000000000	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = d1b9ac677c62da01	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url1 = "http://steam.co/"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 445dda567c62da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLsTime\url1 = ba3b31687c62da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\steacmcommunilty.com\NumberOf = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "1310"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "23"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 388867057d62da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = c7abda5b7c62da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\bing.com\NumberOfSubdomain = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\steacmcommunilty.com\Total = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 67e975a47c62da01	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 172211c17c62da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url3 = "https://www.facebook.com/"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-820923436-2084397322-3365974649-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com	MicrosoftEdgeCP.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

MicrosoftEdgeCP.exe

pid process

1552 MicrosoftEdgeCP.exe

pid	process
1552	MicrosoftEdgeCP.exe

Suspicious behavior: MapViewOfSection 13 IoCs

Processes:

MicrosoftEdgeCP.exe

pid	process
3748	MicrosoftEdgeCP.exe
3748	MicrosoftEdgeCP.exe
3748	MicrosoftEdgeCP.exe
3748	MicrosoftEdgeCP.exe
3748	MicrosoftEdgeCP.exe
3748	MicrosoftEdgeCP.exe
3748	MicrosoftEdgeCP.exe
3748	MicrosoftEdgeCP.exe
3748	MicrosoftEdgeCP.exe
3748	MicrosoftEdgeCP.exe
3748	MicrosoftEdgeCP.exe
3748	MicrosoftEdgeCP.exe
3748	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 45 IoCs

Processes:

MicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeAUDIODG.EXE

description	pid	process
Token: SeDebugPrivilege	4856	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4856	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4856	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4856	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2196	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2196	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4012	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4012	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4012	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	4596	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	4596	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	4596	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	4596	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	4596	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	4596	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	4596	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	4596	MicrosoftEdgeCP.exe
Token: 33	352	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	352	AUDIODG.EXE
Token: 33	4596	MicrosoftEdgeCP.exe
Token: SeIncBasePriorityPrivilege	4596	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	4596	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	4596	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	4596	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	4596	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	4596	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	4596	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	4596	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	4596	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	4596	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	4596	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	4596	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	4596	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	4596	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	4596	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	4596	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	4596	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	4596	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	4596	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	4596	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	4596	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	4596	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	4596	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	4596	MicrosoftEdgeCP.exe
Token: SeCreatePagefilePrivilege	4596	MicrosoftEdgeCP.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

pid process

596 MicrosoftEdge.exe
3748 MicrosoftEdgeCP.exe
4856 MicrosoftEdgeCP.exe
3748 MicrosoftEdgeCP.exe
1552 MicrosoftEdgeCP.exe

pid	process
596	MicrosoftEdge.exe
3748	MicrosoftEdgeCP.exe
4856	MicrosoftEdgeCP.exe
3748	MicrosoftEdgeCP.exe
1552	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

MicrosoftEdgeCP.exe

description	pid	process	target process
PID 3748 wrote to memory of 3076	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 3076	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 3076	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 3076	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 3076	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 3076	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 3076	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 3076	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 3076	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 3076	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 3076	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 3076	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 3076	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 3076	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 3076	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 3076	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 3076	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 3076	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 3076	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 3076	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 3076	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 3076	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 3076	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 3076	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 4596	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 4596	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 4596	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 4596	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 4596	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 4596	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 4596	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 4596	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 4596	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 4596	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 4596	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 4596	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 4012	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 4012	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 4012	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 4012	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 4012	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 4012	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 4596	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 4596	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 4596	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 4596	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 4596	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 4596	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 4596	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 4596	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 4596	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 4596	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 4596	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 4596	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 4596	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 4596	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 4596	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 4596	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 4596	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 4596	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 4596	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 4596	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 4596	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 3748 wrote to memory of 4596	3748	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://envs.sh/QMn"
1⤵
PID:4196

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:596

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:2660

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3748

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4856

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:3076

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2196

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1552

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:4596

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:2296

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:2368

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:4012

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3f4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:352

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:3984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\3MEJIBA7\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HX2JL0VP\MotivaSans-Bold[1].ttf

Filesize
120KB

MD5
6168553bef8c73ba623d6fe16b25e3e9

SHA1
4a31273b6f37f1f39b855edd0b764ec1b7b051e0

SHA256
d5692b785e18340807d75f1a969595bc8b1c408fb6fd63947775705e6d6baa66

SHA512
0246cee85a88068ca348694d38e63d46c753b03afadf8be76eca18d21e3de77b495215ed2384d62658a391104f9e00df8605edb77339366df332c75691928efb

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HX2JL0VP\MotivaSans-Light[1].ttf

Filesize
119KB

MD5
d45f521dba72b19a4096691a165b1990

SHA1
2a08728fbb9229acccbf907efdf4091f9b9a232f

SHA256
6b7a3177485c193a2e80be6269b6b12880e695a8b4349f49fccf87f9205badcc

SHA512
9262847972a50f0cf8fc4225c6e9a72dbf2c55ccbcc2a098b7f1a5bd9ea87502f3c495a0431373a3c20961439d2dae4af1b1da5b9fade670d7fcaed486831d8c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HX2JL0VP\MotivaSans-Medium[1].ttf

Filesize
121KB

MD5
2d64caa5ecbf5e42cbb766ca4d85e90e

SHA1
147420abceb4a7fd7e486dddcfe68cda7ebb3a18

SHA256
045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f

SHA512
c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HX2JL0VP\MotivaSans-Regular[1].ttf

Filesize
119KB

MD5
57613e143ff3dae10f282e84a066de28

SHA1
88756cc8c6db645b5f20aa17b14feefb4411c25f

SHA256
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14

SHA512
94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HX2JL0VP\MotivaSans-Thin[1].ttf

Filesize
115KB

MD5
ce6bda6643b662a41b9fb570bdf72f83

SHA1
87bcf1d2820b476aaeaea91dc7f6dbedd73c1cb8

SHA256
0adf4d5edbc82d28879fdfaaf7274ba05162ff8cbbda816d69ed52f1dae547f6

SHA512
8023da9f9619d34d4e5f7c819a96356485f73fddcb8adb452f3ceefa8c969c16ca78a8c8d02d8e7a213eb9c5bbe5c50745ba7602e0ee2fe36d2742fb3e979c86

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HX2JL0VP\_combined[1].js

Filesize
87KB

MD5
31ed48071ce4b62c24520c95bcde6026

SHA1
c073152e6835fba2ded4cc215f3985266be23f2b

SHA256
08b39451eabaca10cd735816cdc5af4a35b05fbb197e2082235b6e16be62dedb

SHA512
1cb651ec52d7eb67a961436a48340d0b783bc944cd54008d00e8b26d933d0668380126c6acae89ef10906fd96e8da9ed4ef773dfd9c761f608ff7ebda5554ae7

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HX2JL0VP\cluster[1].js

Filesize
15KB

MD5
cd4bdc56fa7dc599a60a48ca895272ca

SHA1
6c2f5b4780eb921fb4a0254a0c46d560eb4ffdde

SHA256
c5025bab607bdd76ac7e074ebf08595fa8d7f0bea2bce94d4d211bafcd8cf003

SHA512
84a03aca8860b2c4981828d4ab516acba849ffb7aa0ce5c30e1c8eda57c50c94913a32831134876294cc6cb7fe8537eb62fe072211df769be432b7a5f5dd3f74

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HX2JL0VP\creator_hub[1].css

Filesize
2KB

MD5
7baa3114e2389272e8b3a3001bd7a210

SHA1
b564e0589f539175547971422c1e7042801b01ef

SHA256
9ace5ccf7ba2e85d33d19bd36f69e6778c79bd6426a48934be4e29f7fd98c5f0

SHA512
6274e8644d640fc0acd68c6a9c680bed598e82f61a98d640be0234aa7be7caa383b11718662596f5cec9a9b6f33da4f25630dbf4b473a2672110482714ddf6e8

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HX2JL0VP\dynamicstore[1].js

Filesize
87KB

MD5
b2e1d832e9a40d7469ace7b710e138cd

SHA1
ba52b1b42f4b6139eb571da7795fc3501a748da8

SHA256
68bd0a72eabb055e969805aff7360cfdd81fbaa2f0a10d3c9c18608d1179ad79

SHA512
4d3a923403edfd9af724c1112bdbee60579ed8e42735a24f9abf3e3045335164ef8e0479a9405236924f2f60429613177ddebd83f12a3ca0ec7fdcbc33ab44c7

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HX2JL0VP\joinsteam[1].js

Filesize
26KB

MD5
8d6074ad9e581e7bbe992549953c19d6

SHA1
18c1c42b9591932b49f19a65ebd2d0ca8fa4fbb8

SHA256
caee4c3d1372619c9b1dc72d342079f0937eaafbcfcc57636d575870796d538b

SHA512
dc5a679678b59178697e514e60ab7b541e76c46e0a2a7c4b2532be56c13d4c7294a981c745949af0610afc9beec7c6f6efa7417ead8bb65b37f5e9481cb404da

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HX2JL0VP\jquery-1.8.3.min[1].js

Filesize
91KB

MD5
e1288116312e4728f98923c79b034b67

SHA1
8b6babff47b8a9793f37036fd1b1a3ad41d38423

SHA256
ba6eda7945ab8d7e57b34cc5a3dd292fa2e4c60a5ced79236ecf1a9e0f0c2d32

SHA512
bf28a9a446e50639a9592d7651f89511fc4e583e213f20a0dff3a44e1a7d73ceefdb6597db121c7742bde92410a27d83d92e2e86466858a19803e72a168e5656

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HX2JL0VP\prototype-1.7[1].js

Filesize
165KB

MD5
6a39e0b509fecb928d47b8a2643fed2a

SHA1
f67fa6cb1d09963d10ba117d6553c8e7d5bc7863

SHA256
d8bdea7fff893dbdbeaf6c2affec091a77483b9ec10e7958486bc3b6cc170c96

SHA512
b9b8c6d9ac4928686c5ea254ac8f765c4f3690f79e5b1ccaaffc48d4bd47872b9cc5475c038f70d804740c81915fdfce315ebe553b628d12f7ca1cc4467075d0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HX2JL0VP\shared_responsive_adapter[1].js

Filesize
24KB

MD5
a52bc800ab6e9df5a05a5153eea29ffb

SHA1
8661643fcbc7498dd7317d100ec62d1c1c6886ff

SHA256
57cfaf9b92c98541f769090cd0229a30013cea7cfafc18519ca654bfae29e14e

SHA512
1bcacd0ec7c3d633d6296fff3325802d6352805f0d2cf1eea39237424229ecffad6cb2aee4248e28b1eca02ff0646b58240851a246bbcf0aa1083830d5d9081e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HX2JL0VP\store[1].css

Filesize
132KB

MD5
ee9855c647756a4b8377a5f755a468a2

SHA1
59352c76aa273d9c49c7d48541bc45f82bd6cc87

SHA256
ff548512b3096ae8062b4ecb74691941b0689ae162f94ee086eb0ed9727e1f55

SHA512
aca0c683979ce67311997ca2d40d6af9fc44e75c7a263698dd75c4b30405ca9f000775bea9964b099a3a0c9856ecc56e859af9cd793f9cb5e31ea4f6d88d2c6b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HX2JL0VP\submitonenter[1].js

Filesize
890B

MD5
ff03b54d4688e5f97e7b31ce9bdddfa0

SHA1
ae8fc5552099421e0c8808db68a48f36c1a629da

SHA256
8b944aacd606dfaa885afd00ee3356c2aaac88160e11b4d6d3934b60317157f9

SHA512
f7d642563fc8e6b54cf5366084854e85390aec0699c60abe627e68a741b88e07b82fe40591951cb7b5fc1f1e4e0cb60aad64a895ab3c4818a186381b68861fc6

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HX2JL0VP\tooltip[1].js

Filesize
15KB

MD5
72938851e7c2ef7b63299eba0c6752cb

SHA1
b75196bd3a6f9f4dfc1bbf5e43e96874bcd9ce4e

SHA256
e2d4e0e1d3e162fdc815f16dfff9ae9b0a967949f0f3ae371f947d730a3f0661

SHA512
2bb6c03a1335ef9514d0d172a4284d82a29d1783a72306bdcb8af3185d5cd2ff16303355aa4b05086d2fa0b5b7c7159cfa67de4a6175095ff0e68adec2a56ac1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SS7ORQ0B\MotivaSans-Black[1].ttf

Filesize
117KB

MD5
4f7c668ae0988bf759b831769bfd0335

SHA1
280a11e29d10bb78d6a5b4a1f512bf3c05836e34

SHA256
32d4c8dc451e11db315d047306feea0376fbdc3a77c0ab8f5a8ab154164734d1

SHA512
af959fe2a7d5f186bd79a6b1d02c69f058ecd52e60ebd0effa7f23b665a41500732ffa50a6e468a5253bb58644251586ae38ec53e21eab9140f1cf5fd291f6a5

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SS7ORQ0B\MotivaSans-BoldItalic[1].ttf

Filesize
131KB

MD5
e77ef961fe37dd8e6de30d4f7fa9a4de

SHA1
567327935ae2bb3de45e7f612f2d05273a999584

SHA256
6f93f21bc1ecc2d1c24fa2268aafad7f9e76836bb95aa76adda9307caad51c64

SHA512
2b432cf2d448026ff12634d605d9eb52ab6d285ea3cb437031b0427bb933b0aba40c416c0f102a39ec4a267ae2396b4da414048adc360780508281fc454462de

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SS7ORQ0B\broadcast_carousel[1].js

Filesize
9KB

MD5
2778125d9b3bffd6166044ba6efba9b6

SHA1
059582750885cdc9d979eede457f9f8bb09213b9

SHA256
4261d9e674a7568e7b6eaa6bfb20a3bb41c5583e9bf50942244fb1a01c0364c6

SHA512
4053400c1fe0940521a8370b4773e216e1b9585472cc59d3a434d89b6753f2f21e1d6911787f432685710edbde98142de7ea00c1ef20583bcdde1b1597fcb543

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SS7ORQ0B\buttons[1].css

Filesize
32KB

MD5
0abae40ee6cfa8b72abfb79829d53400

SHA1
e87d3aa5ebfeac3d486fb3d9913a81be19af3762

SHA256
c54f7e964fabefc31c2df4864777db262e62c3236a293fbd075deaf1d538c2ed

SHA512
a347d51254a5ba555f5cfcffaaeb40f687c549b8e2c76eaf98f4e4522a8f5ae5a358f10119608c2657e30176d4675fd11c2670dd3f923bd788f8d30ca45a5575

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SS7ORQ0B\home[1].css

Filesize
118KB

MD5
5fb6c4145d4fc743dafe8ba6d7249446

SHA1
a7d8b50af1a70a764b1cafbd25a753f74d65f1ce

SHA256
a4ae967c7afcf0d48ba30394e0e632d9d711234f65ce35f4f6f5b44bd7af35ea

SHA512
770d73a3bfc2d3d348bfd9b66fea596dff354df36925d7593dc7aaf0a4044eebd2a27036de54628402cf13800e0d8b22a5bdd21c536692579d86f5cd29e9c0a1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SS7ORQ0B\joinsteam[1].css

Filesize
12KB

MD5
aca6a42213d725947945d03d80b2cf38

SHA1
2774aeb3e2c28a52668e504e32c2ef6b19711175

SHA256
be80ef954b7069ea825be66e678b7a34a57cd29352da82b1dbb025afb82b274f

SHA512
9203a9fda9ed329b57f4bcb2061373fdf33634b3b5337739e40198c5056a72d005920d206b874829c7353ce158e806404da68a35d014a8c4b73b148c6ad5286b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SS7ORQ0B\login[1].css

Filesize
17KB

MD5
2fde91e2f3bb85f3a585c1982cec5212

SHA1
a96ccae29a05fe0fc0416dfbccfbe7d0a8be2749

SHA256
b8c231eb652ea06dbb97709a6382739ceee11eb3861f2d801c0b3989a936fa4e

SHA512
268e41d029d4a28bc31e0d36a1143cd17f2f4bdcbff23fa1339a6d18dc4ee7d67a952d5ed34e609a0fee2ad030e3b3d6c21283e3611c4679a7a113a889e26280

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SS7ORQ0B\o7B3FK6ymEOn7sBfZSmifVTwxPk[1].css

Filesize
6B

MD5
77373397a17bd1987dfca2e68d022ecf

SHA1
1294758879506eff3a54aac8d2b59df17b831978

SHA256
a319af2e953e7afda681b85a62f629a5c37344af47d2fcd23ab45e1d99497f13

SHA512
a177f5c25182c62211891786a8f78b2a1caec078c512fc39600809c22b41477c1e8b7a3cf90c88bbbe6869ea5411dd1343cad9a23c6ce1502c439a6d1779ea1b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SS7ORQ0B\recaptcha__en[1].js

Filesize
487KB

MD5
c37774be5504a3a7def09eff73263bc3

SHA1
c5160a2908b3fd4230ed5cf521728fabaf3b5c06

SHA256
4fd66999fb60ad3289dfaee132ff52c0b1ecba71661e4cbfe47d09ac4f1cd5a1

SHA512
0b6bd8b8ba94b177597517b641fade09f843f22c3f02d9b1ba6440a19acacaa598aeca3c2315d106d560e78837e1e9fa74111856d52f40ca9a7865d4f4eec9c3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SS7ORQ0B\th[1].png

Filesize
616B

MD5
63343141c64682bd3e0f711730475354

SHA1
a2a7298e8f58a74292885bae9a3f44c76c7aa945

SHA256
f90e661a7731c97e3478027d07afd8c86e461c5f379932e15efad17d0e96d402

SHA512
17f7f14b0c929164283d5fd7bc829d907b923bb12a7b9d6124a6aac64eb79aaa47163583acca91fc71047bb7bb707d649407801c8762d8942a44531da9559edf

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UGO0FN47\9MqrCXB0EVjVIRzDOArDGhu3yeM.br[1].js

Filesize
1KB

MD5
56afa9b2c4ead188d1dd95650816419b

SHA1
c1e4d984c4f85b9c7fb60b66b039c541bf3d94f6

SHA256
e830aeb6bc4602a3d61e678b1c22a8c5e01b9fb9a66406051d56493cc3087b4b

SHA512
d97432e68afdaa2cfaeff497c2ff70208bd328713f169380d5afb5d5eecd29e183a79bec99664dbee13fd19fe21ebae7396315ac77a196bfb0ab855507f3dacf

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UGO0FN47\MotivaSans-LightItalic[1].ttf

Filesize
130KB

MD5
07247cbd12d4e4160efd413823d0def8

SHA1
517a80968aa295d0a700a338c22ba41e3a8b78a7

SHA256
41464efd9a32a5967b30addc21fe16cd0a35870fda56658b531a9a2434b4d829

SHA512
27e0e7505d41891e70bd06733f96e82e45061d621a1d20bbc524fc89c5406a799cf53d98c0fa256cb4ebfc19750c9a05531a8d273cebc260d48948edffdf6244

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UGO0FN47\enterprise[1].js

Filesize
938B

MD5
299f8b2ca223fc6bd1a840172ac1e6aa

SHA1
999bff81ec41ce1649ab76aa384ea7e535456a88

SHA256
03b2d74fe0fe1f551bf4f6a0c02822fe7d65c85e12278e12a829f22833fde6a5

SHA512
bbb12c2c99455dfcf540bb7a6340a19654807baed97233ef82da65b80887a1116c30b6203ac9c611287cbe5f5bc102ddc1b138ce1e7164026f341c4bd6960118

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UGO0FN47\home[1].js

Filesize
117KB

MD5
a1b308f71487d97022132479dc3eea6b

SHA1
8310a1fc157ea1790ff8fbdf6bbca49f900a4cde

SHA256
0651b5cb7c5bd0b7e9c35f5c57dbe4d3c46cf861cdbbddf7b9c9d38b70465a37

SHA512
d4a0d14ce76ca83bb388e1c2ef92933fe0b1f1dcbe5fdb306304b20995b92493b106072f74346996cffc7c1cadbf1e293a93791134bbcc6acd97ab72599f9530

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UGO0FN47\join[2].htm

Filesize
112KB

MD5
2605c4246c0793238d7c262cfc01d2db

SHA1
5301467a28fdc54140fa2b68bacaaf87cb297cc4

SHA256
9a11bf2c8cb4f145667105bb50b3653e29e269d53786b38383d929fdc2ecd2a2

SHA512
4968337424a2ab2966c3399fceee88fed04aadd55e4119be9a71b57299d744efc478de2e8f933c1ab5605b6eee0cf6626b68e08fb5b9c68bc6feda77dbf4ea44

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UGO0FN47\logo_steam[1].svg

Filesize
3KB

MD5
b7a7e43284e2ffe806ac1bc27c1f6a87

SHA1
e8196489e2ae99ec6eb33995b5a3e108d6e44de0

SHA256
c3a7c646a1305017f22423030cb5a12acc9f96b64013dcef7aeb80567b542cbb

SHA512
757e4f382a864cac9f975220c28586f5ea415b2e2215375c1a47e011a9190fcd15313d399007539f150a6df0378b8f2022ac88e995693ab03a9f5656bfe40832

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UGO0FN47\shared_global[1].js

Filesize
149KB

MD5
cbbae8ccbeeeb8dc083963d809d6d609

SHA1
7a9cbbfa2bbfe4915416db812025ee468771c1f3

SHA256
ac1f32883d1db9ec6b66ef92c6f35602991d866824c7e347d3fd5d52c36e5fad

SHA512
bfcc1f50105636fb1b654a6f602f8b728e72788f7b216091c41b5e3d5aaeff59c3d8d659c92a526028988a449e9036495d91b24bf2ae49bade962a2e97ee6139

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UGO0FN47\shared_responsive[1].css

Filesize
18KB

MD5
72e18d3f57737adba0956936bf438916

SHA1
efac889dc41d671ae12a6e0a6c77f803f7ec68ae

SHA256
ea56da3ab70fe84a679dc523b2ec93bb3a01ad55e41a4da0ef79e39c5d9f47ac

SHA512
d90e4dd1732c27edbd0bca44a00ec7352512cd80eaf0c8b044fadf6b2764c1bbad74dcaf91a0d4f00769b314d6fca01445b5161d34c7f147b656fc1dde957533

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YEE525QQ\MotivaSans-RegularItalic[1].ttf

Filesize
132KB

MD5
7bc1837717cdc49c511ebdd0e75122a2

SHA1
d31e0df252328b946984c6bde94f7b2f7c72d964

SHA256
97c39175b9c8c46a5f2be987c00be2ef556421fcdada1ed3b327c50cc36cc78b

SHA512
53b31bdecde75e8f50f82db69728f6f831d6a3452062ac6e419f9369ffe88f0ea6ace3a501d89501ff86fe47e05900ed5b482221d215898e28a0a4bb1f1b6a85

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YEE525QQ\Y26LIcmRz0EdnBtSjtN2P4pbrp4.br[1].js

Filesize
7KB

MD5
b3ca28114670633e5b171b5360bb1696

SHA1
683f2fb3d4b386753c1f1a96ede3ca08547f0e02

SHA256
a8b7da1f71211278c07582aef2f3f2335b7de5076e5708db6e868ee6cd850490

SHA512
bf71ac8f59653b8035c1fb8555b53371610ae96c1a31e7bee02b75deb8e46c68b46a29dae360c579bcf9ab051f5218edbd075567b99a9fb894e7c50251676677

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YEE525QQ\cart[1].css

Filesize
55KB

MD5
3d42397bcb312ec07d70ae0d68fbadde

SHA1
3af248d34e6a31b3d3269c65505458d42372ef0b

SHA256
53961d66b24ef8cc16b6cb5cb249cdf311aa89b6afc70f06a242fccc3a4efcd3

SHA512
f4c325a231b11ce6a3e2899367e081cd6ac2e7ac1469542414ba0e3b57df5897df51615e2ad0ab6559e6b38003ffdbfa533c6e5701d0bc2f40fae80eb4332348

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YEE525QQ\dselect[1].js

Filesize
9KB

MD5
b23a2ea37fb7dc6a317180acb9640bba

SHA1
559826c6b73a59bccf54f9034d7e8c43d03c091a

SHA256
23d2a8fbaa5a5f1f551b5d70440adee80fd519b52b3d6559cbbea35296679e2f

SHA512
e946116847558894e42e26e6702b600531e85cd0da91076e8af2fb3fece913f5ff4e8aa8744d2d43afa58ab2a0289954726434946e158fc840c150f2a079f109

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YEE525QQ\fRSNKQanUHk53F1a1Bi8UA71Qt4.br[1].js

Filesize
289B

MD5
9085e17b6172d9fc7b7373762c3d6e74

SHA1
dab3ca26ec7a8426f034113afa2123edfaa32a76

SHA256
586d8f94486a8116af00c80a255cba96c5d994c5864e47deac5a7f1ae1e24b0d

SHA512
b27b776cb4947eef6d9e2a33b46e87796a6d4c427f4759c08cf5aa0ee410a5f12e89ca6ab9cddd86c8471037e3c505f43c8b7fc6d8417f97f9fe3c5c47216bc4

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YEE525QQ\main[1].js

Filesize
85KB

MD5
0f4e868a436186d91cb264fe76d8fc4a

SHA1
cdcd8c3d78147dc90bd43dcc14dd8ceffbc0824d

SHA256
a63af36f69afc592dedf33529b7072fa2a1689f6fa862ce0779795c60d5ba352

SHA512
aeb79c9be6f66e35f1e0fc09da13d1e1beb53e5b8f4f0776cb6d7fa55ba953a12bb19e4d47963d519f0979afb38b0bf2259f9aa4bb1b825050be34d72cd96e06

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YEE525QQ\motiva_sans[1].css

Filesize
2KB

MD5
45cda1a73836131dd3614c2c3854ca4d

SHA1
8c5f6023535cb883463e83170430b31ee72b5176

SHA256
218bedd2a2817dfde5f3a900b6204c7e378e1b747ff98ae89aedff2391e4429c

SHA512
efa13e0d107cb9915bb8ab250b417880f08e255ff2d6457306fef6a6ff0dee0fc2f0fca15738b71ce1aaccd3b2556b677881bef4a6cb182d696b583f10e78559

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YEE525QQ\shared_global[1].css

Filesize
84KB

MD5
d7d3a607fcda8bbf880cb62799e842ef

SHA1
127eacb5541f1f37baebd8e27edf7ea785ade570

SHA256
b019d82616db86f1b115335ecb41ae84fe51966f89daee22f50f4d272323e63f

SHA512
ac34de63f2c87f2ecabcabcb2e36ac13155a1f8b249cc5df511df7d1c7b511d2bef0090b7b93a905f3349c1aeb45866aeedcacab30b8670aed090fe39595f678

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YEE525QQ\tlifxqsNyCzxIJnRwtQKuZToQQw[1].js

Filesize
1B

MD5
cfcd208495d565ef66e7dff9f98764da

SHA1
b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

SHA256
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

SHA512
31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YEE525QQ\warmup[1].gif

Filesize
43B

MD5
325472601571f31e1bf00674c368d335

SHA1
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a

SHA256
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

SHA512
717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\Q4527NDO\steacmcommunilty[1].xml

Filesize
83B

MD5
43e7e5afe3f8bc7b041e65ca00b4d103

SHA1
e5c560c899f8134173fa348e8980fdfb9dbba1b8

SHA256
ec7774726597eb4ea76eb6ea2f2590d7f24cbec393d793ab4e32ecf6efb9b0e1

SHA512
c6ca161f9ea966b9c7f7fd779a02af36597c2f735422761cf5e62bf804bcfc34517a3f37bd4f93d4e9fcbd40a1086cecddcae4c03383ce92848e744fb330e3e5

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\3D5U5RBJ\android-chrome-192x192[1].png

Filesize
10KB

MD5
bf2f8717ce9660bca1ee028b1ed83809

SHA1
d05ae8cca85f063b609569ccf37ecf52fd9faf3e

SHA256
152b16fb5c002113f5559b46dcc2798f4fe3d0af6729c06c3fd18e4976731e57

SHA512
d9a152ebc6df435d7cc72b6851f18ae88b54bb0c5aa3ee786de512735925711d646e76b7ae80ece75e1d74d3cadab2e4cd7c146373219378653d0098bf8a74b2

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\3D5U5RBJ\favicon-trans-bg-blue-mg[1].ico

Filesize
4KB

MD5
30967b1b52cb6df18a8af8fcc04f83c9

SHA1
aaf67cd84fcd64fb2d8974d7135d6f1e4fc03588

SHA256
439b6089e45ef1e0c37ef88764d5c99a3b2752609c4e2af3376480d7ffcfaf2e

SHA512
7cb3c09a81fbd301741e7cf5296c406baf1c76685d354c54457c87f6471867390a1aeed9f95701eb9361d7dfacce31afd1d240841037fc1de4a120c66c1b088c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\40URZ82T\favicon[2].ico

Filesize
37KB

MD5
231913fdebabcbe65f4b0052372bde56

SHA1
553909d080e4f210b64dc73292f3a111d5a0781f

SHA256
9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad

SHA512
7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\9JLMXVRY\favicon[1].ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\9JLMXVRY\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\zvrpm64\imagestore.dat

Filesize
66KB

MD5
0e6f7c43831d2479b8fc42052de30413

SHA1
3081358e6ff2deb086b8333a600a3fd1621b57ce

SHA256
f10c67d8c61bd0cd8113a632c4ce9879258a6791db535460ced2e31e579ab14f

SHA512
d634c49162b60d2fc8710555b1f507225399a9903bddf40342092fbe759b3f78a3b367a3994cfc01df700c4decd8dfb8dd2b49bac58e22e15c429847dee4eb3d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DFF47437974C93C0B2.TMP

Filesize
24KB

MD5
2b21a5b6cf6780549ec127bb1a547da6

SHA1
404748c039deaf1b6cb4d99136cedfa41e81c6fe

SHA256
4468caf32e3e12fa0a7510c2bee3c8d869a9e8f115305d7776610dc4b1d77a3b

SHA512
84afbeea095c3d9c90ac3193a32db31fa56815ac9a090e33a321d51789956334e90fee650e1746be144c1aab5195eb2a526b9e9ecf4e665836ccc263203a09b4

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

Filesize
717B

MD5
822467b728b7a66b081c91795373789a

SHA1
d8f2f02e1eef62485a9feffd59ce837511749865

SHA256
af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9

SHA512
bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
9da3b5b4a894c15d1aa6d3d5da27ee05

SHA1
0d16e87371ab9401b56eb65a272347758566941b

SHA256
5d3ca1af142868ad96cffad80f8828660ef8fc2de231848cf76bd714ca68e37a

SHA512
8caa5f7d48de98fe9858cea339f6e08f8ef099a268f5fe644f91e2cf815be613bc59f1b48bff1e7413ecd57d3dc3db57c8cdd1a9987f4b5fd720fd96320a0d37

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118A

Filesize
313B

MD5
41796515461ec0143591a130597c40f6

SHA1
962304ad972ad4ec1339670cae69c0e90bfd81f1

SHA256
1c6c0ef955bd028590698e70959986108e1ee2f7bee7d4e20408b3f59bae75d6

SHA512
29f942de1faae05df4b2b5741f2e2c41a277177398f4f598df63788f20831e43281e030913bf70d2b751e0e26c7ffc8b417fdb1b5582f55546a0ab502db42bfa

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

Filesize
192B

MD5
8045efde9d16b36b416ff45641d34b3a

SHA1
54c6aa55455d98bad9d06320af3f7c066b63c543

SHA256
6374faa4ae7ef1ad90aae98f8adb3c52f9fe558ddd28609fca65c03b237961ae

SHA512
2f1ff9b143badbeabf64beb2a5c361e3dda6403e0edc8ecc628a100d49fef3505713c850c44138689910a4ed24491f151d3b061c5e964153ceafa5b45bbcec26

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
1745185a07348ec81675820dd277acee

SHA1
fdaedd79facad3c552e2949a733e67db44ce0ab6

SHA256
1da6fa2f1212d002e99e444608d17923019c9a1ba1c88b16daf6f75c8558e3b5

SHA512
f8fc6f4271003245d0841e12fa25415facb8c9f46d4ca2b8ca4e82ba4bf52365dcb352a4471f0e89897e5fc4967e25f520aa5938d03886b7719d73655a6f27fc

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118A

Filesize
404B

MD5
93ab870f298eabf09a8967585f932a41

SHA1
fdf5a981314c54eec5ad7cbde20031c7174bfb7b

SHA256
3a0fe5031e0296d6184b4538680b55821a58013f08b3bbd16efc8cefba087fd6

SHA512
d1cec0f9f561a22c1d11b6be3f39d23f2dd84b5e19cebf728acbbf1d97d587babadeee8face4535961f00f654e4553a0f6c510300aad16428d19d0fc30ce4ba5

Download Submit
memory/596-0-0x0000026CA0D20000-0x0000026CA0D30000-memory.dmp

Filesize
64KB

Download
memory/596-16-0x0000026CA0F20000-0x0000026CA0F30000-memory.dmp

Filesize
64KB

Download
memory/596-35-0x0000026CA10C0000-0x0000026CA10C2000-memory.dmp

Filesize
8KB

Download
memory/1552-511-0x000002C89CF00000-0x000002C89CF20000-memory.dmp

Filesize
128KB

Download
memory/1552-366-0x000002C89CEE0000-0x000002C89CF00000-memory.dmp

Filesize
128KB

Download
memory/1552-288-0x000002C89C050000-0x000002C89C070000-memory.dmp

Filesize
128KB

Download
memory/1552-254-0x000002C89BFB0000-0x000002C89BFD0000-memory.dmp

Filesize
128KB

Download
memory/3076-156-0x0000014C14D80000-0x0000014C14D82000-memory.dmp

Filesize
8KB

Download
memory/3076-143-0x0000014C14BE0000-0x0000014C14BE2000-memory.dmp

Filesize
8KB

Download
memory/3076-160-0x0000014C14F20000-0x0000014C14F22000-memory.dmp

Filesize
8KB

Download
memory/3076-154-0x0000014C14D60000-0x0000014C14D62000-memory.dmp

Filesize
8KB

Download
memory/3076-162-0x0000014C14F30000-0x0000014C14F32000-memory.dmp

Filesize
8KB

Download
memory/3076-164-0x0000014C14F50000-0x0000014C14F52000-memory.dmp

Filesize
8KB

Download
memory/3076-152-0x0000014C14D40000-0x0000014C14D42000-memory.dmp

Filesize
8KB

Download
memory/3076-149-0x0000014C14D20000-0x0000014C14D22000-memory.dmp

Filesize
8KB

Download
memory/3076-146-0x0000014C14D00000-0x0000014C14D02000-memory.dmp

Filesize
8KB

Download
memory/3076-158-0x0000014C14F10000-0x0000014C14F12000-memory.dmp

Filesize
8KB

Download
memory/3076-139-0x0000014C14BC0000-0x0000014C14BC2000-memory.dmp

Filesize
8KB

Download
memory/3076-98-0x0000014C12F50000-0x0000014C12F52000-memory.dmp

Filesize
8KB

Download
memory/3076-67-0x0000014C02030000-0x0000014C02032000-memory.dmp

Filesize
8KB

Download
memory/3076-65-0x0000014C02010000-0x0000014C02012000-memory.dmp

Filesize
8KB

Download
memory/3076-62-0x0000014C01CD0000-0x0000014C01CD2000-memory.dmp

Filesize
8KB

Download
memory/3076-166-0x0000014C14F60000-0x0000014C14F62000-memory.dmp

Filesize
8KB

Download
memory/3076-168-0x0000014C14F70000-0x0000014C14F72000-memory.dmp

Filesize
8KB

Download