hxxps://goo[.]su/1sDvE

Analysis

max time kernel
104s
max time network
97s
platform
windows10-1703_x64
resource
win10-20240221-en
resource tags

arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
submitted
02-03-2024 22:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://goo.su/1sDvE

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 4 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

browser_broker.exeMicrosoftEdgeCP.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

Processes:

MicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "132"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\goo.su\Total = "74"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\yastatic.net\Total = "12"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\yastatic.net\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\yastatic.net\ = "48"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "1400"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\goo.su\Total = "107"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\goo.su\ = "859"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\NextUpdateDate = "416201043"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\goo.su\Total = "38"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\yastatic.net\Total = "34"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "11"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "224"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DomStorageState	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "181"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\goo.su\ = "879"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\goo.su\ = "107"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\goo.su\ = "110"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\goo.su\ = "74"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\yastatic.net\ = "76"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "268435456"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$blogger	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$WordPress	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-087602 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 8735a133f36cda01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\NextPromptBuild = "15063"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\bing.com\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-313240725-3527728709-4038673254-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe

Suspicious behavior: MapViewOfSection 6 IoCs

Processes:

MicrosoftEdgeCP.exe

pid process

1264 MicrosoftEdgeCP.exe
1264 MicrosoftEdgeCP.exe
1264 MicrosoftEdgeCP.exe
1264 MicrosoftEdgeCP.exe
1264 MicrosoftEdgeCP.exe
1264 MicrosoftEdgeCP.exe

pid	process
1264	MicrosoftEdgeCP.exe
1264	MicrosoftEdgeCP.exe
1264	MicrosoftEdgeCP.exe
1264	MicrosoftEdgeCP.exe
1264	MicrosoftEdgeCP.exe
1264	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

MicrosoftEdgeCP.exe

description	pid	process
Token: SeDebugPrivilege	3076	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3076	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3076	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3076	MicrosoftEdgeCP.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

pid process

1160 MicrosoftEdge.exe
1264 MicrosoftEdgeCP.exe
3076 MicrosoftEdgeCP.exe
1264 MicrosoftEdgeCP.exe
3404 MicrosoftEdgeCP.exe

pid	process
1160	MicrosoftEdge.exe
1264	MicrosoftEdgeCP.exe
3076	MicrosoftEdgeCP.exe
1264	MicrosoftEdgeCP.exe
3404	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 34 IoCs

Processes:

MicrosoftEdgeCP.exe

description	pid	process	target process
PID 1264 wrote to memory of 3692	1264	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1264 wrote to memory of 3692	1264	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1264 wrote to memory of 3692	1264	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1264 wrote to memory of 3692	1264	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1264 wrote to memory of 3692	1264	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1264 wrote to memory of 3692	1264	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1264 wrote to memory of 3692	1264	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1264 wrote to memory of 3692	1264	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1264 wrote to memory of 3692	1264	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1264 wrote to memory of 3692	1264	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1264 wrote to memory of 3692	1264	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1264 wrote to memory of 3692	1264	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1264 wrote to memory of 3692	1264	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1264 wrote to memory of 3692	1264	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1264 wrote to memory of 3692	1264	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1264 wrote to memory of 3692	1264	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1264 wrote to memory of 3692	1264	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1264 wrote to memory of 3692	1264	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1264 wrote to memory of 3692	1264	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1264 wrote to memory of 3692	1264	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1264 wrote to memory of 3692	1264	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1264 wrote to memory of 3692	1264	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1264 wrote to memory of 3692	1264	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1264 wrote to memory of 3692	1264	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1264 wrote to memory of 3692	1264	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1264 wrote to memory of 3692	1264	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1264 wrote to memory of 3692	1264	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1264 wrote to memory of 3692	1264	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1264 wrote to memory of 3692	1264	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1264 wrote to memory of 3692	1264	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1264 wrote to memory of 3692	1264	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1264 wrote to memory of 3692	1264	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1264 wrote to memory of 3692	1264	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1264 wrote to memory of 3692	1264	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://goo.su/1sDvE"
1⤵
PID:3724

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1160

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:5060

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1264

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3076

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:3692

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3404

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:4752

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O2ZZN7ZH\edgecompatviewlist[1].xml
Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8B578ZJU\04949b75724ed62efaceafe9dcace9b82321ab24b087[1].css
Filesize
5KB

MD5
8e61ebf5e7099224faae3ee61be0e439

SHA1
433ff93ebd0872fdb8750569824684eaee0dace1

SHA256
f653dbf761adb689f70bdfbc792ae65192e95b544d7e66dce483a4931b4c58e3

SHA512
f3a2c5b1471952950aebb30f6da4fdac54eafa8b5fdd66ca3d44171b0eec17a309460f15b22af8cec00da1703b89367db2348b12f0501c0f3ae3d3599040a741

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8B578ZJU\82bcfc827562ecb3abc5f806658b862a4416b03adcf0[1].css
Filesize
19KB

MD5
2727c215f1b26015043511e9735a46f7

SHA1
7d1dc9acca9b896d0e880973e33e339188fab602

SHA256
dbdcded3c4261a3c9d79cb3cf9e641744ad1f2db504690f3a1a06f6b3893dda4

SHA512
dc048227b3c80caf9ba2193d2f58af19745e1c4efb893ed742a8b54c25509072186c9141aa963e0454bbb91dcb3945ff3862ac09cc12471d5e9a357246104708

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8B578ZJU\d5f5be13-bd3e-523f-ac9e-3db4c97d966e[1].gif
Filesize
43B

MD5
df3e567d6f16d040326c7a0ea29a4f41

SHA1
ea7df583983133b62712b5e73bffbcd45cc53736

SHA256
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

SHA512
b2ca25a3311dc42942e046eb1a27038b71d689925b7d6b3ebb4d7cd2c7b9a0c7de3d10175790ac060dc3f8acf3c1708c336626be06879097f4d0ecaa7f567041

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8B578ZJU\jquery-ui[1].js
Filesize
458KB

MD5
c811575fd210af968e09caa681917b9b

SHA1
0bf0ff43044448711b33453388c3a24d99e6cc9c

SHA256
d2f0522008bff05c6434e48ac8f11f7464331436a4d5d96a14a058a81a75c82e

SHA512
d2234d9e8dcc96bca55fafb83bb327f87c29ae8433fc296c48be3ef8c9a21a0a4305e14823e75416951eecd6221f56fbbb8c89d44b244a27be7b6bea310f2fd1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8B578ZJU\jquery.min[1].js
Filesize
86KB

MD5
220afd743d9e9643852e31a135a9f3ae

SHA1
88523924351bac0b5d560fe0c5781e2556e7693d

SHA256
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

SHA512
6e722fce1e8553be592b1a741972c7f5b7b0cdafce230e9d2d587d20283482881c96660682e4095a5f14df45a96ec193a9b222030c53b1b7bbe8312b2eae440d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8B578ZJU\newstore2016[1].css
Filesize
4KB

MD5
cef7b240baddbbd25489ebd7ceee20a3

SHA1
ceaa1258aa0e92362c79216f474f57db00178a0e

SHA256
1055ab19fc7dd62ff9b62b078e97586b6485315bf0d4ca41ec1cd9684c9bdf33

SHA512
f5c69f6807fe5be6505d22187ddee1654f19906be1877fdc7587b7ebc49a49665aceec04f64fd2c4fd972b18fe450100e4887bffd2376f268201a6458c8f6e7e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\8B578ZJU\shared_responsive[1].css
Filesize
18KB

MD5
086f049ba7be3b3ab7551f792e4cbce1

SHA1
292c885b0515d7f2f96615284a7c1a4b8a48294a

SHA256
b38fc1074ef68863c2841111b9e20d98ea0305c1e39308dc7ad3a6f3fd39117a

SHA512
645f23b5598d0c38286c2a68268cb0bc60db9f6de7620297f94ba14afe218d18359d124ebb1518d31cd8960baed7870af8fd6960902b1c9496d945247fbb2d78

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\B3CZT3TI\0f03dc12f2480e229ed1609f01c540a671a04e049968[1].css
Filesize
10KB

MD5
2113b6560d12d0fbaafcb9b964364591

SHA1
781afbd9b39e0ccfd8f6a5d906a48639b62105e0

SHA256
02ed5fedd4d231fd7599d828707a1af9728f3dd33876047b5b045c1cec3f5d02

SHA512
78c3d3d5056ca06dfb66cfad0820de44b947859b4f886e21ecc6700ba31ee9b7f51faf45d100e6ae591147382cbf18c79c8b9d42ab2dcd93e4318227bd404a8e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\B3CZT3TI\9c0435910e043a2e10cb9b0061943b74e2d6494fa172[1].css
Filesize
75KB

MD5
d75bc33f0e1f113e13918a1574bed89e

SHA1
ce9524469a86d2cf429390d9a2b09151906f16f5

SHA256
c2815908a70bff8204d9c9dc034dd649f3f560a90112b11ddd5e0e53583bd39c

SHA512
151a8dfee28aaf232ed27150be0fd259b3c31f176187caf59ba231d067db9a6886bdf62e9bc73632cedd001847d7168fa2ad598e71b315385f547f899ec7361f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\B3CZT3TI\dynamicstore[1].js
Filesize
88KB

MD5
3b3c125f1d54256b3c01baaf4b2f1c6a

SHA1
3f03975a4fe8ce007ef16563abd59844c0ad063b

SHA256
8aa5bf10bbaba1883e6100861d0938de7c10c0d42fe66cd9a0b5493f8b9e7fa0

SHA512
69fff3acd988c1bd62603af4393c5bd40975757bfbbcc6a5780bec8740c6f15f1ee9a437001164fc131c1e55f622c62d0e8ae3eaebedfe3fa684135f46576a40

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\B3CZT3TI\fa053f1026688db42bb507f691f0d991338c35d207dd[1].js
Filesize
102KB

MD5
c798a00f7dbc5d3f6ee6312acd0de71f

SHA1
b10cb8252917f78ff5c5241a5cfd4654bff08772

SHA256
d627d0202c593e635bc9a662fc641090d0c6402dce8a2468aa8a0cdcee7c8d3f

SHA512
d6ec377b81fcbb89a8ccfba71ff4b0c6409e909ef89c4e51592f7b8997103cc2c5e5dd1f4f6e8225d6a5a87b8322e1ef962129723a539ca1ee3aebe4ad90b1e8

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\B3CZT3TI\jquery-1.8.3.min[1].js
Filesize
91KB

MD5
e1288116312e4728f98923c79b034b67

SHA1
8b6babff47b8a9793f37036fd1b1a3ad41d38423

SHA256
ba6eda7945ab8d7e57b34cc5a3dd292fa2e4c60a5ced79236ecf1a9e0f0c2d32

SHA512
bf28a9a446e50639a9592d7651f89511fc4e583e213f20a0dff3a44e1a7d73ceefdb6597db121c7742bde92410a27d83d92e2e86466858a19803e72a168e5656

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\B3CZT3TI\render[1].htm
Filesize
23KB

MD5
68ddd6a1df957888c4f3709393c1a7d5

SHA1
8400def22d72366cf8749423d4c9d846176db821

SHA256
9c911ab93cf6099aeeddb19cb1903d0ef838329443c3a0549c754da47f90a70a

SHA512
20ee59250015c94f162a890c639d16aec06608b1db5a934694c5e859a05ef70ce0596e055f2b870a7fcfbf1a42c2a3da2f6f8377ce5425fa8190b6a720187be9

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\B3CZT3TI\shared_global[1].js
Filesize
152KB

MD5
b5b68d73ac4b8fd0498db8c581a258b5

SHA1
7d2b1ed16aa03e211821490bc13fe04382affb29

SHA256
d311cd1d0cb93a2b5b79542f81f205c8daf4fc8ac880c83048a0bbd43b3f4b87

SHA512
8288e8fc8ee0c24f286831e02d9180fb0321cc5c949ae41d395bfc3d86c4251ea866cc5d970f3148ce37e1a1eef036029e82cf3ae5b5519f86d79d57d506e14b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\B3CZT3TI\store[2].css
Filesize
132KB

MD5
7f17027bfca35900417618d1cb3ad732

SHA1
a6d80baf8de7c08af2657db2f9be9252a6e90d40

SHA256
8ca6af0709045aa66f7c6ede7b7c65b533d31287b00c42521ee14f3f5fdda2c3

SHA512
becf2ef9dd9d539ae3fb474a12b3e90b60f7094747366d78fa41efaa63e0b86373a459e168336a3d3ade514b32ed724c4c130325c562d774ff1e8118f30fbc06

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\B3CZT3TI\tooltip[1].js
Filesize
15KB

MD5
72938851e7c2ef7b63299eba0c6752cb

SHA1
b75196bd3a6f9f4dfc1bbf5e43e96874bcd9ce4e

SHA256
e2d4e0e1d3e162fdc815f16dfff9ae9b0a967949f0f3ae371f947d730a3f0661

SHA512
2bb6c03a1335ef9514d0d172a4284d82a29d1783a72306bdcb8af3185d5cd2ff16303355aa4b05086d2fa0b5b7c7159cfa67de4a6175095ff0e68adec2a56ac1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CCVYY5SZ\buttons[1].css
Filesize
32KB

MD5
84524a43a1d5ec8293a89bb6999e2f70

SHA1
ea924893c61b252ce6cdb36cdefae34475d4078c

SHA256
8163d25cb71da281079b36fcde6d9f6846ff1e9d70112bbe328cae5ffb05f2bc

SHA512
2bf17794d327b4a9bdbae446dd086354b6b98ac044a8ee0b85bd72c3ab22d93b43f3542df03d64f997d1df6fc6cac5c5e258c4ec82b998f3a40b50c2fde99b5a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CCVYY5SZ\motiva_sans[1].css
Filesize
2KB

MD5
d82d4e87d405553c8aa398e16659fbf8

SHA1
6d046f98095ef625e5c81545e4b4faeaf1f2a45d

SHA256
afb487cb0927509900a94f5fe65e9fa66c264a1524d21dd7afaa4c75386e2dd2

SHA512
761226a62727b51165125fc36d3fac567991192795bb53058a9e4c5b95a2ee001e8053977d8f71079027425b0c11d21a244cf685c7a05dfeb0ddc2e76023ee70

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CCVYY5SZ\shared_global[1].css
Filesize
84KB

MD5
eec4781215779cace6715b398d0e46c9

SHA1
b978d94a9efe76d90f17809ab648f378eb66197f

SHA256
64f61829703eca976c04cf194765a87c5a718e98597df2cb3eae9cf3150e572e

SHA512
c1f8164eb3a250a8edf8b7cb3b8c30396861eff95bcc4ed9a0c92a9dcde8fd7cd3a91b8f4fd8968c4fdafd18b51d20541bcc07a0643e55c8f6b12ceb67d7805d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CCVYY5SZ\styles_about[1].css
Filesize
31KB

MD5
2ae63a61b205e2b91662db381b68e79f

SHA1
5c217e7480b9b3825f5367536ca949fb668e4c83

SHA256
c5262d351b071f637d56c9d81ad7b341c2c69bcf7716f88909d703203278a8e3

SHA512
57335cc958943efd8983b54741121b94f056f53c948f940b100108f2b64f2258e0e0dabde13dce87eccf040771b64e55e36085cd300da4475ed79a6b31b203e4

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\X1QBZGTT\3cdad215a43d21ea4fc87f4af5d02529b551fdd4cec8[1].css
Filesize
11KB

MD5
dacb80dabfaebd8b5c696ca29bddd59e

SHA1
d10bdeb6162bb0591b13799eac711d320958d1c5

SHA256
6a13129c52b4af929efe3e1fddeceb315a4f8038ad01c469f8d45d5c19483ac9

SHA512
dc812155362dd80a49c903dd65953594c0c75b665425616f203ff77e78499174eb400d9ebbec5b670a46b81c316f166eeed202e6b965f0f02587a49f2ada61f7

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\X1QBZGTT\58f334a8a29f5ad81af0b81a8f3e765d20c98c4d09e9[1].css
Filesize
20KB

MD5
76b1bdbafa76a16eb077711e0852240f

SHA1
4eeaffc1d6645d958efdf93b127bd345134bdee0

SHA256
e72bfd5b2451298de330b65ffbf950c8f830c5d373435f26fce733e1264bef5d

SHA512
fa7e4606b736edfc15d42e00dc83e8e4ee20b8b79cd7c10b393d29ad220afb75fcad5b959b51fb37c74ee9970ebf80cd7a75d7e4e8be1bfa8ec3e79d2aca4cd1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\X1QBZGTT\_combined[1].js
Filesize
87KB

MD5
31ed48071ce4b62c24520c95bcde6026

SHA1
c073152e6835fba2ded4cc215f3985266be23f2b

SHA256
08b39451eabaca10cd735816cdc5af4a35b05fbb197e2082235b6e16be62dedb

SHA512
1cb651ec52d7eb67a961436a48340d0b783bc944cd54008d00e8b26d933d0668380126c6acae89ef10906fd96e8da9ed4ef773dfd9c761f608ff7ebda5554ae7

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\X1QBZGTT\about[1].js
Filesize
2KB

MD5
4fd1e1b49f3598980dc2b260b66a89c0

SHA1
818b65159e35ab980de9c00f24c0beeac7e3fdf8

SHA256
83d8195aec4990c3ec59de990b2f0e703ff31054acdd73b1637254a7716bd5f6

SHA512
bcad622e210374a8fde4d29565407ebd221390c467c560e04e74c31764533939a8c485994b7b8b27f647cad07ed59204b92c224fe97699b47cc0754526bf03fd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\X1QBZGTT\main[1].js
Filesize
86KB

MD5
c193a4879081808af1777d23a4fd6522

SHA1
a7c51a41f766663d22488db3b1db7f148a927cca

SHA256
8958e3ca5b7ac432f141d949267d8947b32d4afad535d2a89a231a159e65e19d

SHA512
9767246a5bc5d17479b41b465fa8b783e0d4a661bde4e2c76541f8cb49b748b10b87b01d19ed804b52136cbac85c728be39f97148f31cb9e820853d4b61f292b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\X1QBZGTT\prototype-1.7[1].js
Filesize
165KB

MD5
6a39e0b509fecb928d47b8a2643fed2a

SHA1
f67fa6cb1d09963d10ba117d6553c8e7d5bc7863

SHA256
d8bdea7fff893dbdbeaf6c2affec091a77483b9ec10e7958486bc3b6cc170c96

SHA512
b9b8c6d9ac4928686c5ea254ac8f765c4f3690f79e5b1ccaaffc48d4bd47872b9cc5475c038f70d804740c81915fdfce315ebe553b628d12f7ca1cc4467075d0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\X1QBZGTT\rellax.min[1].htm
Filesize
3KB

MD5
29b231b211d707a52646e585521dcc54

SHA1
adff2107efef3d36962f94b65082cbd0b60fbc44

SHA256
8fc4cecbd9539e272b4c1fb717fa7543d24dd8eb01c2f77d50f75cfbbfbc179b

SHA512
d6eb12ce308868f074024d3302345045396b087be61156352ddb024f53725f4853b20431052b551a9b753e8c369cb8835e3b2382e7cdacbdfe796ab19bb2b8a7

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\X1QBZGTT\shared_responsive_adapter[1].js
Filesize
24KB

MD5
731415f5fe35edb73981f7f68a33c3ec

SHA1
21f594588dae56c93d34c91d4e6f0ef059339050

SHA256
fee9c5438f2b9c6cc0bceaba92e1e00c320981f0e51a0e5715d7059573b62f91

SHA512
9c0061f31062dacc9382c5809ef2dc0085db80fa1adec99ea9827b1666d3f2683f2751c32177b99c2e8c82475273ea040854b7f3943d33bfbe8de461115ff8ea

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\X1QBZGTT\slick[1].css
Filesize
1KB

MD5
6525474c49d3dd63567ee19b0816f4e9

SHA1
ea407feb9c8611f08fa9d27c51fd0c222271ec44

SHA256
17cff7bc75a3cf19c7c3412c514b4c0bb651df34bd4ee6717c6bf1f920302506

SHA512
09f9f7c5ed1173c5c0a82f425547dbaadee79cff9beb8686ef9b30a182f0930d0ea9c2432fad320e13cbc9a8dbafad22ccd2460f9ef414c115e339669b0e7237

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\X1QBZGTT\slick[1].htm
Filesize
70KB

MD5
52f6d73507509be009949858d33e94a3

SHA1
5ab9922460aa84d77db15b693d8a184b5b008736

SHA256
6d593b2b5913eb962fb94ad4331a074bd8cb88fefc77bb7c9825528d59e1f8ff

SHA512
3736f1f1b76fccc2c7cfdb35d1ee9099506aa9de2dc8ac945680ecafd53b56f16acc7cb6ce349efe8f499051e62484a749045a58814b4d5e825b9df45be44bf0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\X1QBZGTT\watch[1].js
Filesize
157KB

MD5
1a361112f32e49439d702b4c83f6c366

SHA1
636a40fb02aae06a40d527e462b53ea76e22b036

SHA256
8bb44da87ad5ffbb71df187276ddd16735622b19124d36c4b26a061071890f46

SHA512
145b27416336d191fd62739a8e1ea6082cd640cdb33b61a47954f499200e39976f5500048583e021cc87732126f470b1086dc582678fb5658cd25121767d7671

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\9KYC2J7B\goo[1].xml
Filesize
788B

MD5
56e0b37908bbe35c8cab8e275b349511

SHA1
8c1367d72a0813031c72405e589e11409c73ce00

SHA256
a957708bf26f00d960138dc140b05ec7b2b03f72231045829fea1c1aa08f2652

SHA512
2e47b89342b24e7299d6984996f0027be1c4289c7a322925aaf471d6e2d3e7720be3978f7d495ed49ef63f2407b9a6778e572e6467aad67a47e335a5fa4d5b0d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\SUPZOHDW\yastatic[1].xml
Filesize
1KB

MD5
a1d201989317da1747ab819c385357f0

SHA1
475f3c515b24b24e5937fc5f114c0b316102346b

SHA256
099083d842f24b5ca72b8edb54d5db5f1504ea488a68f85d7a7626a6bb79c0c4

SHA512
85a207006cee4a3fdd1c88844a95871c724f548f0fe02da8c5ae58d8f17cc60f74e70203fe6ab4d97d8b4239cbd5a07f682ef847dd1e5f5b8d7491e979404d8a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\SUPZOHDW\yastatic[1].xml
Filesize
890B

MD5
79aed733c00dc785cccd7a19371f4055

SHA1
c98fbffd873f782560b99e79d488c011b206ca7b

SHA256
1a95ecc6b2b6d17a7498f9e5b1a8fa5fdcecc1cc28c7fcad46186632d1463967

SHA512
5234c90775ed98f5d00eab9b44ea7107df01a3c5046a3ba958c8465307927a934f24c95d7bbd2e2c783f2dadf818d73afa407b9dbd366d0609db0fc1464bdc25

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\VXXGLI8O\www.bing[1].xml
Filesize
2KB

MD5
233850ea31722be27c113323b1e9c43e

SHA1
2a491dba22371a9c304f5a989854e753fd6a32ad

SHA256
852cfab1aa2462db3cc3759b70d97ea0d03791b782785a2b989a74aaffcfc3cf

SHA512
30fb604915268b286fbaf3d54632f91b9f42b78eaf685ea2db168e8d4e9ad0f243602731f1c78ef8e57cda9fee624dc620e8ee209dcc00badf08fede3a8b43ad

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\MG7YO5RP\suggestions[1].en-US
Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\TIUFYRG8\favicon[1].ico
Filesize
37KB

MD5
231913fdebabcbe65f4b0052372bde56

SHA1
553909d080e4f210b64dc73292f3a111d5a0781f

SHA256
9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad

SHA512
7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\ZYKGUJTS\favicon-32x32[1].png
Filesize
2KB

MD5
cf3c040ce98e89e7e8fdd15fa990265a

SHA1
64792dfe9b4d64981ac299573c5966f9ab42dc07

SHA256
d6534b8e4fd6c8408559b3fcac1ce461c2edbbe9f3b81b72fd00acf00e025ef6

SHA512
3642b679695c0572f10f7637721b60303249b0dbccda9b21d592631dc6f58082eb33422dce770697c3aaf0c4066af860ec2b9272d146e6613465f8b44b247448

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\tgns5ut\imagestore.dat
Filesize
49KB

MD5
e5da675024eacc735325d9c13d6f8e21

SHA1
939ec28ddde3a1e6e054e6a31137d9fb28335d9e

SHA256
0f2373a8684ee391ba0a99226ef6917c23bed4f97f7875c3fba3bc0bca3caa74

SHA512
1dcadb663177437c0bed53691b03bf3192349d59d28a4014814ff0737489bd8607fbe8bc2569f3eff5aea7f0f2af8489bc01e5f35fe72ef7691c8cfd6b17151a

Download Submit
memory/1160-0-0x000001D063420000-0x000001D063430000-memory.dmp

Filesize
64KB

Download
memory/1160-16-0x000001D063C00000-0x000001D063C10000-memory.dmp

Filesize
64KB

Download
memory/1160-35-0x000001D0609D0000-0x000001D0609D2000-memory.dmp

Filesize
8KB

Download
memory/1160-147-0x000001D069AC0000-0x000001D069AC1000-memory.dmp

Filesize
4KB

Download
memory/1160-159-0x000001D069AD0000-0x000001D069AD1000-memory.dmp

Filesize
4KB

Download
memory/3692-206-0x0000016FDA560000-0x0000016FDA562000-memory.dmp

Filesize
8KB

Download
memory/3692-359-0x0000016FDAF70000-0x0000016FDAF72000-memory.dmp

Filesize
8KB

Download
memory/3692-230-0x0000016FDC600000-0x0000016FDC700000-memory.dmp

Filesize
1024KB

Download
memory/3692-226-0x0000016FDE820000-0x0000016FDE840000-memory.dmp

Filesize
128KB

Download
memory/3692-223-0x0000016FDA4A0000-0x0000016FDA4C0000-memory.dmp

Filesize
128KB

Download
memory/3692-213-0x0000016FDA570000-0x0000016FDA572000-memory.dmp

Filesize
8KB

Download
memory/3692-336-0x0000016FDCD00000-0x0000016FDCE00000-memory.dmp

Filesize
1024KB

Download
memory/3692-204-0x0000016FDA520000-0x0000016FDA522000-memory.dmp

Filesize
8KB

Download
memory/3692-191-0x0000016FDE530000-0x0000016FDE532000-memory.dmp

Filesize
8KB

Download
memory/3692-188-0x0000016FDDAE0000-0x0000016FDDAE2000-memory.dmp

Filesize
8KB

Download
memory/3692-354-0x0000016FDAF60000-0x0000016FDAF62000-memory.dmp

Filesize
8KB

Download
memory/3692-236-0x0000016FDC600000-0x0000016FDC700000-memory.dmp

Filesize
1024KB

Download
memory/3692-369-0x0000016FDD250000-0x0000016FDD350000-memory.dmp

Filesize
1024KB

Download
memory/3692-112-0x0000016FDB3D0000-0x0000016FDB3D2000-memory.dmp

Filesize
8KB

Download
memory/3692-110-0x0000016FDB3B0000-0x0000016FDB3B2000-memory.dmp

Filesize
8KB

Download
memory/3692-107-0x0000016FDB390000-0x0000016FDB392000-memory.dmp

Filesize
8KB

Download
memory/3692-100-0x0000016FDB350000-0x0000016FDB352000-memory.dmp

Filesize
8KB

Download
memory/3692-622-0x0000016FDDE00000-0x0000016FDDF00000-memory.dmp

Filesize
1024KB

Download
memory/3692-105-0x0000016FDB370000-0x0000016FDB372000-memory.dmp

Filesize
8KB

Download
memory/3692-668-0x0000016FD9C30000-0x0000016FD9C40000-memory.dmp

Filesize
64KB

Download
memory/3692-670-0x0000016FD9C30000-0x0000016FD9C40000-memory.dmp

Filesize
64KB

Download
memory/3692-681-0x0000016FD9C30000-0x0000016FD9C40000-memory.dmp

Filesize
64KB

Download
memory/3692-682-0x0000016FD9C30000-0x0000016FD9C40000-memory.dmp

Filesize
64KB

Download
memory/3692-683-0x0000016FD9C30000-0x0000016FD9C40000-memory.dmp

Filesize
64KB

Download