hxxps://steam-card50[.]com/50

Analysis

max time kernel
152s
max time network
156s
platform
windows10-1703_x64
resource
win10-20240221-en
resource tags

arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
submitted
06-03-2024 13:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steam-card50.com/50

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 4 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

browser_broker.exeMicrosoftEdgeCP.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

Processes:

MicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "1523"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\NextBrowserDataLogTime = 70ca4b4cff6fda01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "1422"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLsTime\url4 = 0000000000000000	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLsVisitCount\url7 = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "268435456"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$blogger	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url4 = "https://signin.ebay.com/ws/ebayisapi.dll"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = eec8bc10cd6fda01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "1422"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLsTime	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 75001dfacc6fda01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "1374"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url3 = "https://www.facebook.com/"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B72164 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLsTime\url1 = 372f3ffdcc6fda01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CRLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\www.bing.com\ = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLsVisitCount	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "33941"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 010000005f09745da7be64d6c97a8e7b50b28dd6d7c7ca364b535390e44c2a6b108cc3e1874a4df02c9b9f9637050a736ac4712f39cad36833f96dfefef3	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "33840"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "865"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\MrtCache	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "14545"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$http://www.typepad.com/	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "1313"	MicrosoftEdgeCP.exe

Suspicious behavior: MapViewOfSection 6 IoCs

Processes:

MicrosoftEdgeCP.exe

pid process

316 MicrosoftEdgeCP.exe
316 MicrosoftEdgeCP.exe
316 MicrosoftEdgeCP.exe
316 MicrosoftEdgeCP.exe
316 MicrosoftEdgeCP.exe
316 MicrosoftEdgeCP.exe

pid	process
316	MicrosoftEdgeCP.exe
316	MicrosoftEdgeCP.exe
316	MicrosoftEdgeCP.exe
316	MicrosoftEdgeCP.exe
316	MicrosoftEdgeCP.exe
316	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

MicrosoftEdgeCP.exe

description	pid	process
Token: SeDebugPrivilege	2952	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2952	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2952	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2952	MicrosoftEdgeCP.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

pid process

3344 MicrosoftEdge.exe
316 MicrosoftEdgeCP.exe
2952 MicrosoftEdgeCP.exe
316 MicrosoftEdgeCP.exe
392 MicrosoftEdgeCP.exe

pid	process
3344	MicrosoftEdge.exe
316	MicrosoftEdgeCP.exe
2952	MicrosoftEdgeCP.exe
316	MicrosoftEdgeCP.exe
392	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 21 IoCs

Processes:

MicrosoftEdgeCP.exe

description	pid	process	target process
PID 316 wrote to memory of 4140	316	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 316 wrote to memory of 4140	316	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 316 wrote to memory of 4140	316	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 316 wrote to memory of 4140	316	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 316 wrote to memory of 4140	316	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 316 wrote to memory of 4140	316	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 316 wrote to memory of 4140	316	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 316 wrote to memory of 4140	316	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 316 wrote to memory of 4140	316	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 316 wrote to memory of 4140	316	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 316 wrote to memory of 4140	316	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 316 wrote to memory of 4140	316	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 316 wrote to memory of 4140	316	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 316 wrote to memory of 4140	316	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 316 wrote to memory of 4140	316	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 316 wrote to memory of 4140	316	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 316 wrote to memory of 4140	316	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 316 wrote to memory of 4140	316	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 316 wrote to memory of 4140	316	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 316 wrote to memory of 4140	316	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 316 wrote to memory of 4140	316	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://steam-card50.com/50"
1⤵
PID:4860

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3344

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:3384

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:316

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2952

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4140

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:392

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:5044

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\3NZZSGF9\edgecompatviewlist[1].xml
Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\84HE1N2K\26b09a4a794ca131e59fbf0030997016a713557d6399[1].css
Filesize
75KB

MD5
d75bc33f0e1f113e13918a1574bed89e

SHA1
ce9524469a86d2cf429390d9a2b09151906f16f5

SHA256
c2815908a70bff8204d9c9dc034dd649f3f560a90112b11ddd5e0e53583bd39c

SHA512
151a8dfee28aaf232ed27150be0fd259b3c31f176187caf59ba231d067db9a6886bdf62e9bc73632cedd001847d7168fa2ad598e71b315385f547f899ec7361f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\84HE1N2K\58bc8d4199edc7d8a2f268882cc1093bfe848e8cb928[1].css
Filesize
11KB

MD5
dacb80dabfaebd8b5c696ca29bddd59e

SHA1
d10bdeb6162bb0591b13799eac711d320958d1c5

SHA256
6a13129c52b4af929efe3e1fddeceb315a4f8038ad01c469f8d45d5c19483ac9

SHA512
dc812155362dd80a49c903dd65953594c0c75b665425616f203ff77e78499174eb400d9ebbec5b670a46b81c316f166eeed202e6b965f0f02587a49f2ada61f7

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\84HE1N2K\MotivaSans-Black[1].ttf
Filesize
117KB

MD5
4f7c668ae0988bf759b831769bfd0335

SHA1
280a11e29d10bb78d6a5b4a1f512bf3c05836e34

SHA256
32d4c8dc451e11db315d047306feea0376fbdc3a77c0ab8f5a8ab154164734d1

SHA512
af959fe2a7d5f186bd79a6b1d02c69f058ecd52e60ebd0effa7f23b665a41500732ffa50a6e468a5253bb58644251586ae38ec53e21eab9140f1cf5fd291f6a5

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\84HE1N2K\MotivaSans-Light[1].ttf
Filesize
119KB

MD5
d45f521dba72b19a4096691a165b1990

SHA1
2a08728fbb9229acccbf907efdf4091f9b9a232f

SHA256
6b7a3177485c193a2e80be6269b6b12880e695a8b4349f49fccf87f9205badcc

SHA512
9262847972a50f0cf8fc4225c6e9a72dbf2c55ccbcc2a098b7f1a5bd9ea87502f3c495a0431373a3c20961439d2dae4af1b1da5b9fade670d7fcaed486831d8c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\84HE1N2K\buttons[1].css
Filesize
32KB

MD5
b91ff88510ff1d496714c07ea3f1ea20

SHA1
9c4b0ad541328d67a8cde137df3875d824891e41

SHA256
0be99fd30134de50d457729cebd0e08342777af747caf503108178cb4c375085

SHA512
e82438186bfc3e9ca690af8e099aafbfbc71c9310f9d1c8cb87ffa9e7f0f11f33982c63a2dac95c9b83fef1aaa59178b73212fc76e895d13a1ffbbe3c1adfa4c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\84HE1N2K\jquery-1.11.1.min[1].js
Filesize
93KB

MD5
4dc834d16a0d219d5c2b8a5b814569e4

SHA1
4fbe0563917d6f6289e4e1b4a0a8758e4e43bda9

SHA256
91222f96f34735ebc88df208017e54d4329b9202e3e52367fb8b149698a1a5ef

SHA512
6fbec4785a21520fa623d1a151c6c8b64baa1321ac6918a127bcfc22e49ec2e3bcd161af9c237bd5c70bc4046eb12cf434563f86cbdc9876eb67fb2dea87034b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\84HE1N2K\jquery.min[1].js
Filesize
86KB

MD5
220afd743d9e9643852e31a135a9f3ae

SHA1
88523924351bac0b5d560fe0c5781e2556e7693d

SHA256
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

SHA512
6e722fce1e8553be592b1a741972c7f5b7b0cdafce230e9d2d587d20283482881c96660682e4095a5f14df45a96ec193a9b222030c53b1b7bbe8312b2eae440d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\84HE1N2K\login[1].js
Filesize
59KB

MD5
55b9b592e1e85e630175c0ddd23671ae

SHA1
8ea5181dd1fa66a9f15c4555179efb7f8cf35d0f

SHA256
a35f4c4322886478b819a81c3e0e456000c9f4fb900ec6dadc5e71aed52e35a1

SHA512
591f8c7f82184251b241d7af6cd4a0809feb4df74f9f323c09fb07ddbf1f7d22d857bc4114568562c8e2f98eb63e341934b70d271e056d0f27a1cea1ec09311a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\84HE1N2K\tooltip[1].js
Filesize
15KB

MD5
72938851e7c2ef7b63299eba0c6752cb

SHA1
b75196bd3a6f9f4dfc1bbf5e43e96874bcd9ce4e

SHA256
e2d4e0e1d3e162fdc815f16dfff9ae9b0a967949f0f3ae371f947d730a3f0661

SHA512
2bb6c03a1335ef9514d0d172a4284d82a29d1783a72306bdcb8af3185d5cd2ff16303355aa4b05086d2fa0b5b7c7159cfa67de4a6175095ff0e68adec2a56ac1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DRUGT35O\50[1].htm
Filesize
488KB

MD5
1e1c3ace4ff31b41e3ad5892d87665a9

SHA1
132d26372a3dfd0c17c0b6cecaf2cf6fe397f016

SHA256
8bcfb89bff840f3a0ad2389a40b711d3d79dbd081600ccc64f091d7d47a73890

SHA512
e8f6c4fdc6021397ace96ce107bbcf03014b776a7ba827f915307711be7adb421c622653872c3fffdf3c825a8f09d25b92829b95c84e3b46002f2bb2a054d8a5

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DRUGT35O\8a94150d3b446d3729f5aa508c4b2e97e14f124ece37[1].css
Filesize
20KB

MD5
76b1bdbafa76a16eb077711e0852240f

SHA1
4eeaffc1d6645d958efdf93b127bd345134bdee0

SHA256
e72bfd5b2451298de330b65ffbf950c8f830c5d373435f26fce733e1264bef5d

SHA512
fa7e4606b736edfc15d42e00dc83e8e4ee20b8b79cd7c10b393d29ad220afb75fcad5b959b51fb37c74ee9970ebf80cd7a75d7e4e8be1bfa8ec3e79d2aca4cd1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DRUGT35O\8d84ec686b9960e5cf1a455c3048d30f6c0ae5264c18[1].css
Filesize
19KB

MD5
2727c215f1b26015043511e9735a46f7

SHA1
7d1dc9acca9b896d0e880973e33e339188fab602

SHA256
dbdcded3c4261a3c9d79cb3cf9e641744ad1f2db504690f3a1a06f6b3893dda4

SHA512
dc048227b3c80caf9ba2193d2f58af19745e1c4efb893ed742a8b54c25509072186c9141aa963e0454bbb91dcb3945ff3862ac09cc12471d5e9a357246104708

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DRUGT35O\c7e6873b48d8435573010d7dbe3d9dc2c757b134938c[1].css
Filesize
5KB

MD5
8e61ebf5e7099224faae3ee61be0e439

SHA1
433ff93ebd0872fdb8750569824684eaee0dace1

SHA256
f653dbf761adb689f70bdfbc792ae65192e95b544d7e66dce483a4931b4c58e3

SHA512
f3a2c5b1471952950aebb30f6da4fdac54eafa8b5fdd66ca3d44171b0eec17a309460f15b22af8cec00da1703b89367db2348b12f0501c0f3ae3d3599040a741

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DRUGT35O\global[2].js
Filesize
101KB

MD5
f6865aca2817d2da8586021cc1ed0a1b

SHA1
054902f85190b653d139d62add26272f6b192c6b

SHA256
f2a5739a8d165c7f3fda4a6d4deda36d6f97771af0b61a2fd70d430122d7e2a1

SHA512
2cf5e2462006750f0535ecc44825478ada7b62f9fffce71a9af59ee6416ba86ca89866890f573c183b31b130668311f49e25d57a8bb0cdae15995faa967db787

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DRUGT35O\globalv2[1].css
Filesize
38KB

MD5
44bee1a454453c4e009c10b25eb647ab

SHA1
d881e3587c5b2b8a341ef59cef5dc928d9a893c1

SHA256
1a662ea94138f009b213092a76f2c83d692b72f05aed21dbbb2385a22c00d3ab

SHA512
eff8353607554dcb432a5957d877313f81fba5b5e04a2fab8426803fc3103f9c97fbe96f0228709a5279e30b1b7d4b9c9f11cd9017e934fc1d17c7de44f45006

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DRUGT35O\shared_global[1].js
Filesize
149KB

MD5
30fa3afc1e1ffe0ec39f0b5dae881962

SHA1
ff2835ccc7d4615cfdd8b45eb89d5677e3a4cba5

SHA256
d60ce03a3ea3f94b32b46df2e1086e3555c34685d4180a300b1e0f2100494c28

SHA512
dd54ef9089d914b08baee6fbfc997945c213c1c541e5037bddbc058e88d7b1b6f2d96f283cda46becb354e49e43ce8b3fa228b81ff9a10ed444e2dd7ca9cdd82

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DRUGT35O\shared_responsive_adapter[1].js
Filesize
24KB

MD5
a52bc800ab6e9df5a05a5153eea29ffb

SHA1
8661643fcbc7498dd7317d100ec62d1c1c6886ff

SHA256
57cfaf9b92c98541f769090cd0229a30013cea7cfafc18519ca654bfae29e14e

SHA512
1bcacd0ec7c3d633d6296fff3325802d6352805f0d2cf1eea39237424229ecffad6cb2aee4248e28b1eca02ff0646b58240851a246bbcf0aa1083830d5d9081e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DRUGT35O\warmup[1].gif
Filesize
43B

MD5
325472601571f31e1bf00674c368d335

SHA1
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a

SHA256
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

SHA512
717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VQIAS9BJ\558cde7a50db876caca3946a417363544cdf22795dee[1].css
Filesize
10KB

MD5
2113b6560d12d0fbaafcb9b964364591

SHA1
781afbd9b39e0ccfd8f6a5d906a48639b62105e0

SHA256
02ed5fedd4d231fd7599d828707a1af9728f3dd33876047b5b045c1cec3f5d02

SHA512
78c3d3d5056ca06dfb66cfad0820de44b947859b4f886e21ecc6700ba31ee9b7f51faf45d100e6ae591147382cbf18c79c8b9d42ab2dcd93e4318227bd404a8e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VQIAS9BJ\MotivaSans-BoldItalic[1].ttf
Filesize
131KB

MD5
e77ef961fe37dd8e6de30d4f7fa9a4de

SHA1
567327935ae2bb3de45e7f612f2d05273a999584

SHA256
6f93f21bc1ecc2d1c24fa2268aafad7f9e76836bb95aa76adda9307caad51c64

SHA512
2b432cf2d448026ff12634d605d9eb52ab6d285ea3cb437031b0427bb933b0aba40c416c0f102a39ec4a267ae2396b4da414048adc360780508281fc454462de

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VQIAS9BJ\MotivaSans-Bold[1].ttf
Filesize
120KB

MD5
6168553bef8c73ba623d6fe16b25e3e9

SHA1
4a31273b6f37f1f39b855edd0b764ec1b7b051e0

SHA256
d5692b785e18340807d75f1a969595bc8b1c408fb6fd63947775705e6d6baa66

SHA512
0246cee85a88068ca348694d38e63d46c753b03afadf8be76eca18d21e3de77b495215ed2384d62658a391104f9e00df8605edb77339366df332c75691928efb

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VQIAS9BJ\MotivaSans-LightItalic[1].ttf
Filesize
130KB

MD5
07247cbd12d4e4160efd413823d0def8

SHA1
517a80968aa295d0a700a338c22ba41e3a8b78a7

SHA256
41464efd9a32a5967b30addc21fe16cd0a35870fda56658b531a9a2434b4d829

SHA512
27e0e7505d41891e70bd06733f96e82e45061d621a1d20bbc524fc89c5406a799cf53d98c0fa256cb4ebfc19750c9a05531a8d273cebc260d48948edffdf6244

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VQIAS9BJ\MotivaSans-Medium[1].ttf
Filesize
121KB

MD5
2d64caa5ecbf5e42cbb766ca4d85e90e

SHA1
147420abceb4a7fd7e486dddcfe68cda7ebb3a18

SHA256
045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f

SHA512
c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VQIAS9BJ\MotivaSans-RegularItalic[1].ttf
Filesize
132KB

MD5
7bc1837717cdc49c511ebdd0e75122a2

SHA1
d31e0df252328b946984c6bde94f7b2f7c72d964

SHA256
97c39175b9c8c46a5f2be987c00be2ef556421fcdada1ed3b327c50cc36cc78b

SHA512
53b31bdecde75e8f50f82db69728f6f831d6a3452062ac6e419f9369ffe88f0ea6ace3a501d89501ff86fe47e05900ed5b482221d215898e28a0a4bb1f1b6a85

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VQIAS9BJ\MotivaSans-Regular[1].ttf
Filesize
119KB

MD5
57613e143ff3dae10f282e84a066de28

SHA1
88756cc8c6db645b5f20aa17b14feefb4411c25f

SHA256
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14

SHA512
94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VQIAS9BJ\MotivaSans-Thin[1].ttf
Filesize
115KB

MD5
ce6bda6643b662a41b9fb570bdf72f83

SHA1
87bcf1d2820b476aaeaea91dc7f6dbedd73c1cb8

SHA256
0adf4d5edbc82d28879fdfaaf7274ba05162ff8cbbda816d69ed52f1dae547f6

SHA512
8023da9f9619d34d4e5f7c819a96356485f73fddcb8adb452f3ceefa8c969c16ca78a8c8d02d8e7a213eb9c5bbe5c50745ba7602e0ee2fe36d2742fb3e979c86

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VQIAS9BJ\_combined[1].js
Filesize
119KB

MD5
39e34882ba4417cb4b1b84916dabb770

SHA1
0d0ca081fb60c8aad337091bafcbe84f966c38b0

SHA256
da708635da162ea493874627775c3520a42145b79c73bf787b5113bf87c0b27c

SHA512
50bb7803dbafef5f571b9b36a975b43c26e233da165c3d9e37856421fd93915b26acde47c5948e8e91d19975d8dd0e1f064999288b50297e3fa28824b88f3405

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VQIAS9BJ\a8be8588a2a84fe04f590fff4d22d3240fec8db00d26[1].js
Filesize
102KB

MD5
c798a00f7dbc5d3f6ee6312acd0de71f

SHA1
b10cb8252917f78ff5c5241a5cfd4654bff08772

SHA256
d627d0202c593e635bc9a662fc641090d0c6402dce8a2468aa8a0cdcee7c8d3f

SHA512
d6ec377b81fcbb89a8ccfba71ff4b0c6409e909ef89c4e51592f7b8997103cc2c5e5dd1f4f6e8225d6a5a87b8322e1ef962129723a539ca1ee3aebe4ad90b1e8

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VQIAS9BJ\libraries~b28b7af69[1].js
Filesize
903KB

MD5
f9e5172e82c722a79e1c0c04c53c8eb4

SHA1
a489c89e7604448cf2246e9e6d922328ee761899

SHA256
6f1f62fdd5b196927d56fcd482bdf617453433d5ae780c04fb6925abcb9530f7

SHA512
2fbedde74eae27374a65f5a6efe45f4a21a0373c45e0c0d85c0c4ae2c84048695ec34383b4e76ad9ad0664cd2613e21685428715f1b67500ca13098a86f8d784

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VQIAS9BJ\login[1].css
Filesize
235B

MD5
740fbafd7618e09184062ba17c30591a

SHA1
eb20e6e5dddcf24cb66757b7c98f0ec26570bda7

SHA256
f6faf355445f30ace49bddee3bc3706e1988f58561b2a6e3356a4299bef5bc95

SHA512
bc44113d0a0a5a9d812616c481aac304dee639025ca1a41f8ed289c859eeb5d113cfb1054e8316c07161fc1bf31b69a3469e23b120d35955d7decb2007edf25a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VQIAS9BJ\login[2].css
Filesize
17KB

MD5
d07d6d87df1eb67495c1dd5468ddd40d

SHA1
82a7b8a839d305435589561b4745fe971d8a140d

SHA256
d81707d16583953f9b6c2449bc28b079b1263aa6563b35bb2dc26bc537f3e8e2

SHA512
0e267fa5fb3917dcca676ac53e58a0b1cb6a35f179753bb774dc0ff7b27481f470778ed3f82d85367f4c792a702f6a66edea39ad0120bf14bec8c3cceecd6d4d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VQIAS9BJ\main[1].css
Filesize
117KB

MD5
f7a37ae82bcb1e5cbcbe7f59ae3f751d

SHA1
261a66e8d78629d058da4fb001d285f4eebdb352

SHA256
95fab1a42c8c835c28c2871604e3ca738bee153d5d78cfd6d398fb51142a3c0e

SHA512
d83b8129192d6b8d440e52e7bf6b0d356cc6e3cba9eb0a79838990d73c03d075e5d09d148c36247a2d3366d8d504ba4e492c728133a29b538602f257268b2e4b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VQIAS9BJ\main[2].js
Filesize
568KB

MD5
71b3c9269bed727c515c94d366d5e402

SHA1
de28ad4a1971463c2c690848f94d2dbdea84012c

SHA256
bd66e9c99a6a9882fbb25eb8a6daa407770645ce4ca83b480bd023e340b2a4fa

SHA512
cd490c8438538c5900f524e0e989eee9a8e6aa1f6e6395a9dae8069b06465a317647f5a0b89a266ae00048a0e9ab4d606173011139b4a296c833c3a332cddcb4

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VQIAS9BJ\manifest[2].js
Filesize
15KB

MD5
d7a010d108f5853f3167545d8220cbbe

SHA1
f90e630d62c19410dc281b93a2b9ab901f94aad6

SHA256
d9dd961e02c56416bf34ff4e01bbcf7284f4f036bb6edce3b228f6096190a4db

SHA512
190a8025e06d8e57301351cb6d7450bfae3e9a6a67e67e7d3460dff9283733e9d0a7942076b3c2f7815e1667dfc0c93909250a5bd618b25001afbd9a282e8319

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VQIAS9BJ\prototype-1.7[1].js
Filesize
165KB

MD5
6a39e0b509fecb928d47b8a2643fed2a

SHA1
f67fa6cb1d09963d10ba117d6553c8e7d5bc7863

SHA256
d8bdea7fff893dbdbeaf6c2affec091a77483b9ec10e7958486bc3b6cc170c96

SHA512
b9b8c6d9ac4928686c5ea254ac8f765c4f3690f79e5b1ccaaffc48d4bd47872b9cc5475c038f70d804740c81915fdfce315ebe553b628d12f7ca1cc4467075d0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VQIAS9BJ\shared_global[2].css
Filesize
85KB

MD5
663f0bb7ebb25c7f11e6a964a8aa00f4

SHA1
70411e81c207cfa9319e284e58b709dbcce37df2

SHA256
d823403240dd72259be8cf8881a323cee4d92448e2255094d935e1f34a937ab2

SHA512
23e105f245bcb4f1c151ef139e2a1ad43fcda7e1f987057672df97aebc23a7395a1c32fe4306dee785388148af55a51777bc9c1392dd6542ef7d7614a813bb40

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VUWUG0YZ\analytics[1].js
Filesize
51KB

MD5
575b5480531da4d14e7453e2016fe0bc

SHA1
e5c5f3134fe29e60b591c87ea85951f0aea36ee1

SHA256
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

SHA512
174e48f4fb2a7e7a0be1e16564f9ed2d0bbcc8b4af18cb89ad49cf42b1c3894c8f8e29ce673bc5d9bc8552f88d1d47294ee0e216402566a3f446f04aca24857a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VUWUG0YZ\header[1].css
Filesize
12KB

MD5
be1e0131e0dc3620948b14da818b1a4d

SHA1
810b4aff56a0e76cf870cc67e3092447b46dcd92

SHA256
ebd518bec6383218452cc4597aeff5debc82b1f76cbea1950c5ecbfd59c5e3e5

SHA512
8bc754838712e5209ecd45d3490a061cb50a463270fefc2217afc24a8983156ea944ed90d3bdd2eff997ad12f399139f4303bb98bbc2de330848068da8929949

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VUWUG0YZ\home[1].css
Filesize
14KB

MD5
fbaa908b7ad972519f01b8018ed98f2e

SHA1
625d6da35037b70fb9c4daa4622185ca44d0f4f2

SHA256
84fe36fa18724445ef05858506ade2e9bdafd2cee2d55555dc94ac94ae58fc6b

SHA512
463d225656987d304ebf5af29a727359ee34cb9f4c6845339be6dbd66fa4ceeaf9bc3776fce38404b13d9b1e8df24ce98a1cfe6b6468937661bb1d90f3bdb83d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VUWUG0YZ\jquery-ui[1].js
Filesize
458KB

MD5
c811575fd210af968e09caa681917b9b

SHA1
0bf0ff43044448711b33453388c3a24d99e6cc9c

SHA256
d2f0522008bff05c6434e48ac8f11f7464331436a4d5d96a14a058a81a75c82e

SHA512
d2234d9e8dcc96bca55fafb83bb327f87c29ae8433fc296c48be3ef8c9a21a0a4305e14823e75416951eecd6221f56fbbb8c89d44b244a27be7b6bea310f2fd1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VUWUG0YZ\logo_steam[1].svg
Filesize
3KB

MD5
b7a7e43284e2ffe806ac1bc27c1f6a87

SHA1
e8196489e2ae99ec6eb33995b5a3e108d6e44de0

SHA256
c3a7c646a1305017f22423030cb5a12acc9f96b64013dcef7aeb80567b542cbb

SHA512
757e4f382a864cac9f975220c28586f5ea415b2e2215375c1a47e011a9190fcd15313d399007539f150a6df0378b8f2022ac88e995693ab03a9f5656bfe40832

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VUWUG0YZ\motiva_sans[1].css
Filesize
2KB

MD5
19f4a36c629c358690fc93dbd234d105

SHA1
6bbc819e64172d57a4abdaa20c8e2b8a32dd662c

SHA256
e753a6b743187c7d592e6e2d3580336751e6211cd228ad7410e02db29ec91ad8

SHA512
9d5b920dcff126bfc338e167b0be6a82650e8b3bf1deeb40e9573541a050e152731509ed85d17175a165307d989176a96e586a7ddd9c2394f40413abd72482cf

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VUWUG0YZ\shared_responsive[1].css
Filesize
18KB

MD5
2ab2918d06c27cd874de4857d3558626

SHA1
363be3b96ec2d4430f6d578168c68286cb54b465

SHA256
4afb3e37bfdd549cc16ef5321faf3f0a3bf6e84c79fc4408bc6f157280636453

SHA512
3af59e0b16ef9d39c2f1c5ccdbd5c9ea35bd78571fde1b5bf01e51a675d5554e03225a2d7c04ed67e22569e9f43b16788105a0bf591ebba28ef917c961cc59e2

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\KNSDU41B\www.bing[1].xml
Filesize
77KB

MD5
1b37b09d1bf37285c8edc9f9ff7757d4

SHA1
fe2fec3336da584621e1d2404580ea5e499543ce

SHA256
67cd8eaad4fce47bf955a5d0f0d71c549a83acb2acfc475af5a41cf1af96f5f3

SHA512
daa429e312a2d169a3746b1eb339f072c9e1eb73c78b52ab1e432acb2a9bcafa684627d9d876cc7d4a8249433ea0cdb4ed8014d3584ad835b51ded2beaa4d68d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\OAIODI7B\favicon[1].ico
Filesize
37KB

MD5
231913fdebabcbe65f4b0052372bde56

SHA1
553909d080e4f210b64dc73292f3a111d5a0781f

SHA256
9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad

SHA512
7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\QHZVENRO\suggestions[1].en-US
Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\u0v8vtv\imagestore.dat
Filesize
46KB

MD5
8282c100a40cf69feffd2d5df758808f

SHA1
18ec8e63e8d935a168a0fa427c8c729c97ff165e

SHA256
6c2c7926be03b17ab1aa108208cb825310e49ff83c0a68f5fe03d23f281d4abd

SHA512
db0e6ef27cce524cc77c3408637026a8b81050fe01478c2e772f8b31f23637c70adc09423b78bedfe3bc57a0458f52f551f35ed09c85ca5c0239eae1b39c8849

Download Submit
memory/392-1171-0x0000019223440000-0x0000019223460000-memory.dmp

Filesize
128KB

Download
memory/392-551-0x0000019222CE0000-0x0000019222D00000-memory.dmp

Filesize
128KB

Download
memory/3344-427-0x0000024244D90000-0x0000024244D91000-memory.dmp

Filesize
4KB

Download
memory/3344-0-0x000002423E720000-0x000002423E730000-memory.dmp

Filesize
64KB

Download
memory/3344-16-0x000002423EF00000-0x000002423EF10000-memory.dmp

Filesize
64KB

Download
memory/3344-35-0x000002423D800000-0x000002423D802000-memory.dmp

Filesize
8KB

Download
memory/3344-426-0x0000024244D80000-0x0000024244D81000-memory.dmp

Filesize
4KB

Download
memory/4140-365-0x0000027115220000-0x0000027115222000-memory.dmp

Filesize
8KB

Download
memory/4140-176-0x0000027103FD0000-0x0000027103FD2000-memory.dmp

Filesize
8KB

Download
memory/4140-380-0x0000027118510000-0x0000027118512000-memory.dmp

Filesize
8KB

Download
memory/4140-376-0x0000027118010000-0x0000027118012000-memory.dmp

Filesize
8KB

Download
memory/4140-802-0x000002711B6A0000-0x000002711B7A0000-memory.dmp

Filesize
1024KB

Download
memory/4140-803-0x000002711B6A0000-0x000002711B7A0000-memory.dmp

Filesize
1024KB

Download
memory/4140-372-0x0000027117EF0000-0x0000027117EF2000-memory.dmp

Filesize
8KB

Download
memory/4140-368-0x0000027117ED0000-0x0000027117ED2000-memory.dmp

Filesize
8KB

Download
memory/4140-383-0x0000027118530000-0x0000027118532000-memory.dmp

Filesize
8KB

Download
memory/4140-361-0x0000027115040000-0x0000027115042000-memory.dmp

Filesize
8KB

Download
memory/4140-356-0x0000027115020000-0x0000027115022000-memory.dmp

Filesize
8KB

Download
memory/4140-260-0x0000027115E00000-0x0000027115E20000-memory.dmp

Filesize
128KB

Download
memory/4140-174-0x0000027103FB0000-0x0000027103FB2000-memory.dmp

Filesize
8KB

Download
memory/4140-172-0x0000027103F90000-0x0000027103F92000-memory.dmp

Filesize
8KB

Download
memory/4140-136-0x0000027103CD0000-0x0000027103CF0000-memory.dmp

Filesize
128KB

Download
memory/4140-387-0x0000027118540000-0x0000027118542000-memory.dmp

Filesize
8KB

Download
memory/4140-351-0x0000027116790000-0x0000027116792000-memory.dmp

Filesize
8KB

Download
memory/4140-343-0x0000027116780000-0x0000027116782000-memory.dmp

Filesize
8KB

Download
memory/4140-271-0x00000271160C0000-0x00000271161C0000-memory.dmp

Filesize
1024KB

Download
memory/4140-428-0x00000271196C0000-0x00000271196C2000-memory.dmp

Filesize
8KB

Download
memory/4140-307-0x00000271173C0000-0x00000271174C0000-memory.dmp

Filesize
1024KB

Download