hxxps://github[.]com/pankoza2-pl/malware

Resubmissions

28-03-2024 09:05

240328-k2flgsha71 6

28-03-2024 09:02

240328-kzqnnsha2z 10

Analysis

max time kernel
123s
max time network
134s
platform
windows10-1703_x64
resource
win10-20240319-en
resource tags

arch:x64arch:x86image:win10-20240319-enlocale:en-usos:windows10-1703-x64system
submitted
28-03-2024 09:02

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://github.com/pankoza2-pl/malware

Score

10^/10

evasion persistence ransomware trojan upx

Malware Config

Signatures

UAC bypass 3 TTPs 1 IoCs
evasion trojan

Bypass User Account Control
T1548.002

Disable or Modify Tools
T1562.001

Modify Registry
T1112

Processes:

reg.exe

description ioc process

Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe
Disables Task Manager via registry modification
evasion
Downloads MZ/PE file
Executes dropped EXE 1 IoCs

Processes:

HorrorBob2.exe

pid process

3788 HorrorBob2.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe

pid	process
3788	HorrorBob2.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\Downloads\Unconfirmed 790416.crdownload	upx
behavioral1/memory/3788-674-0x0000000000400000-0x000000000132F000-memory.dmp	upx
behavioral1/memory/3788-699-0x0000000000400000-0x000000000132F000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

reg.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Acer NitroSense Update = "C:\\Service64\\Service64.exe"	reg.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

115 raw.githubusercontent.com
116 raw.githubusercontent.com

flow	ioc
115	raw.githubusercontent.com
116	raw.githubusercontent.com

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

reg.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000\Control Panel\Desktop\Wallpaper = "c:\\Service64\\blood.bmp"	reg.exe

Drops file in Windows directory 6 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

browser_broker.exeMicrosoftEdgeCP.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies data under HKEY_USERS 17 IoCs

Processes:

LogonUI.exechrome.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133560901994659067"	chrome.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "1"	LogonUI.exe

Modifies registry class 64 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = e9b82bb8ee80da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Pack = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = a21ef0b7ee80da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 367c4fb8ee80da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "262144"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdge.exe

Modifies registry key 1 TTPs 3 IoCs

Modify Registry
T1112

Processes:

reg.exereg.exereg.exe

pid process

3540 reg.exe
4708 reg.exe
924 reg.exe
Runs net.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

2484 chrome.exe
2484 chrome.exe
Suspicious behavior: MapViewOfSection 6 IoCs

Processes:

MicrosoftEdgeCP.exe

pid process

1632 MicrosoftEdgeCP.exe
1632 MicrosoftEdgeCP.exe
1632 MicrosoftEdgeCP.exe
1632 MicrosoftEdgeCP.exe
1632 MicrosoftEdgeCP.exe
1632 MicrosoftEdgeCP.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

chrome.exe

pid process

2484 chrome.exe
2484 chrome.exe
2484 chrome.exe
2484 chrome.exe
2484 chrome.exe
2484 chrome.exe

pid	process
3540	reg.exe
4708	reg.exe
924	reg.exe

pid	process
1632	MicrosoftEdgeCP.exe
1632	MicrosoftEdgeCP.exe
1632	MicrosoftEdgeCP.exe
1632	MicrosoftEdgeCP.exe
1632	MicrosoftEdgeCP.exe
1632	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

MicrosoftEdgeCP.exeMicrosoftEdge.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	4940	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4940	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4940	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4940	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2088	MicrosoftEdge.exe
Token: SeDebugPrivilege	2088	MicrosoftEdge.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe
Token: SeShutdownPrivilege	2484	chrome.exe
Token: SeCreatePagefilePrivilege	2484	chrome.exe

Suspicious use of FindShellTrayWindow 37 IoCs

Processes:

chrome.exe

pid	process
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe
2484	chrome.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeLogonUI.exe

pid process

2088 MicrosoftEdge.exe
1632 MicrosoftEdgeCP.exe
4940 MicrosoftEdgeCP.exe
1632 MicrosoftEdgeCP.exe
1624 LogonUI.exe

pid	process
2088	MicrosoftEdge.exe
1632	MicrosoftEdgeCP.exe
4940	MicrosoftEdgeCP.exe
1632	MicrosoftEdgeCP.exe
1624	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

MicrosoftEdgeCP.exechrome.exe

description	pid	process	target process
PID 1632 wrote to memory of 4500	1632	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1632 wrote to memory of 4500	1632	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1632 wrote to memory of 4500	1632	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1632 wrote to memory of 4500	1632	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1632 wrote to memory of 4500	1632	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 1632 wrote to memory of 4500	1632	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 2484 wrote to memory of 2252	2484	chrome.exe	chrome.exe
PID 2484 wrote to memory of 2252	2484	chrome.exe	chrome.exe
PID 2484 wrote to memory of 884	2484	chrome.exe	chrome.exe
PID 2484 wrote to memory of 884	2484	chrome.exe	chrome.exe
PID 2484 wrote to memory of 884	2484	chrome.exe	chrome.exe
PID 2484 wrote to memory of 884	2484	chrome.exe	chrome.exe
PID 2484 wrote to memory of 884	2484	chrome.exe	chrome.exe
PID 2484 wrote to memory of 884	2484	chrome.exe	chrome.exe
PID 2484 wrote to memory of 884	2484	chrome.exe	chrome.exe
PID 2484 wrote to memory of 884	2484	chrome.exe	chrome.exe
PID 2484 wrote to memory of 884	2484	chrome.exe	chrome.exe
PID 2484 wrote to memory of 884	2484	chrome.exe	chrome.exe
PID 2484 wrote to memory of 884	2484	chrome.exe	chrome.exe
PID 2484 wrote to memory of 884	2484	chrome.exe	chrome.exe
PID 2484 wrote to memory of 884	2484	chrome.exe	chrome.exe
PID 2484 wrote to memory of 884	2484	chrome.exe	chrome.exe
PID 2484 wrote to memory of 884	2484	chrome.exe	chrome.exe
PID 2484 wrote to memory of 884	2484	chrome.exe	chrome.exe
PID 2484 wrote to memory of 884	2484	chrome.exe	chrome.exe
PID 2484 wrote to memory of 884	2484	chrome.exe	chrome.exe
PID 2484 wrote to memory of 884	2484	chrome.exe	chrome.exe
PID 2484 wrote to memory of 884	2484	chrome.exe	chrome.exe
PID 2484 wrote to memory of 884	2484	chrome.exe	chrome.exe
PID 2484 wrote to memory of 884	2484	chrome.exe	chrome.exe
PID 2484 wrote to memory of 884	2484	chrome.exe	chrome.exe
PID 2484 wrote to memory of 884	2484	chrome.exe	chrome.exe
PID 2484 wrote to memory of 884	2484	chrome.exe	chrome.exe
PID 2484 wrote to memory of 884	2484	chrome.exe	chrome.exe
PID 2484 wrote to memory of 884	2484	chrome.exe	chrome.exe
PID 2484 wrote to memory of 884	2484	chrome.exe	chrome.exe
PID 2484 wrote to memory of 884	2484	chrome.exe	chrome.exe
PID 2484 wrote to memory of 884	2484	chrome.exe	chrome.exe
PID 2484 wrote to memory of 884	2484	chrome.exe	chrome.exe
PID 2484 wrote to memory of 884	2484	chrome.exe	chrome.exe
PID 2484 wrote to memory of 884	2484	chrome.exe	chrome.exe
PID 2484 wrote to memory of 884	2484	chrome.exe	chrome.exe
PID 2484 wrote to memory of 884	2484	chrome.exe	chrome.exe
PID 2484 wrote to memory of 884	2484	chrome.exe	chrome.exe
PID 2484 wrote to memory of 884	2484	chrome.exe	chrome.exe
PID 2484 wrote to memory of 884	2484	chrome.exe	chrome.exe
PID 2484 wrote to memory of 3052	2484	chrome.exe	chrome.exe
PID 2484 wrote to memory of 3052	2484	chrome.exe	chrome.exe
PID 2484 wrote to memory of 3432	2484	chrome.exe	chrome.exe
PID 2484 wrote to memory of 3432	2484	chrome.exe	chrome.exe
PID 2484 wrote to memory of 3432	2484	chrome.exe	chrome.exe
PID 2484 wrote to memory of 3432	2484	chrome.exe	chrome.exe
PID 2484 wrote to memory of 3432	2484	chrome.exe	chrome.exe
PID 2484 wrote to memory of 3432	2484	chrome.exe	chrome.exe
PID 2484 wrote to memory of 3432	2484	chrome.exe	chrome.exe
PID 2484 wrote to memory of 3432	2484	chrome.exe	chrome.exe
PID 2484 wrote to memory of 3432	2484	chrome.exe	chrome.exe
PID 2484 wrote to memory of 3432	2484	chrome.exe	chrome.exe
PID 2484 wrote to memory of 3432	2484	chrome.exe	chrome.exe
PID 2484 wrote to memory of 3432	2484	chrome.exe	chrome.exe
PID 2484 wrote to memory of 3432	2484	chrome.exe	chrome.exe
PID 2484 wrote to memory of 3432	2484	chrome.exe	chrome.exe
PID 2484 wrote to memory of 3432	2484	chrome.exe	chrome.exe
PID 2484 wrote to memory of 3432	2484	chrome.exe	chrome.exe

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://github.com/pankoza2-pl/malware"
1⤵
PID:312

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2088

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:996

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1632

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4940

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4584

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4608

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:4588

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2484

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xac,0xd8,0x7ffbba659758,0x7ffbba659768,0x7ffbba659778
2⤵
PID:2252

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1864,i,10789966768244001970,16593983462502193729,131072 /prefetch:2
2⤵
PID:884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1812 --field-trial-handle=1864,i,10789966768244001970,16593983462502193729,131072 /prefetch:8
2⤵
PID:3052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2120 --field-trial-handle=1864,i,10789966768244001970,16593983462502193729,131072 /prefetch:8
2⤵
PID:3432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2904 --field-trial-handle=1864,i,10789966768244001970,16593983462502193729,131072 /prefetch:1
2⤵
PID:3436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2912 --field-trial-handle=1864,i,10789966768244001970,16593983462502193729,131072 /prefetch:1
2⤵
PID:3268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4416 --field-trial-handle=1864,i,10789966768244001970,16593983462502193729,131072 /prefetch:1
2⤵
PID:2336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 --field-trial-handle=1864,i,10789966768244001970,16593983462502193729,131072 /prefetch:8
2⤵
PID:4704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4876 --field-trial-handle=1864,i,10789966768244001970,16593983462502193729,131072 /prefetch:8
2⤵
PID:1796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4884 --field-trial-handle=1864,i,10789966768244001970,16593983462502193729,131072 /prefetch:1
2⤵
PID:4372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5004 --field-trial-handle=1864,i,10789966768244001970,16593983462502193729,131072 /prefetch:1
2⤵
PID:4004

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1616 --field-trial-handle=1864,i,10789966768244001970,16593983462502193729,131072 /prefetch:1
2⤵
PID:3436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5736 --field-trial-handle=1864,i,10789966768244001970,16593983462502193729,131072 /prefetch:8
2⤵
PID:1284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6016 --field-trial-handle=1864,i,10789966768244001970,16593983462502193729,131072 /prefetch:8
2⤵
PID:1620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6036 --field-trial-handle=1864,i,10789966768244001970,16593983462502193729,131072 /prefetch:8
2⤵
PID:384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 --field-trial-handle=1864,i,10789966768244001970,16593983462502193729,131072 /prefetch:8
2⤵
PID:3020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5300 --field-trial-handle=1864,i,10789966768244001970,16593983462502193729,131072 /prefetch:8
2⤵
PID:2268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6092 --field-trial-handle=1864,i,10789966768244001970,16593983462502193729,131072 /prefetch:8
2⤵
PID:3364

C:\Users\Admin\Downloads\HorrorBob2.exe
"C:\Users\Admin\Downloads\HorrorBob2.exe"
2⤵
- Executes dropped EXE
PID:3788

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\5B07.tmp\HorrorBob2.bat" "
3⤵
PID:5012

C:\Windows\SysWOW64\cscript.exe
cscript prompt.vbs
4⤵
PID:4744

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
4⤵
- Modifies registry key
PID:3540

C:\Windows\SysWOW64\reg.exe
reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d c:\Service64\blood.bmp /f
4⤵
- Sets desktop wallpaper using registry
PID:4892

C:\Windows\SysWOW64\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
4⤵
PID:5092

C:\Windows\SysWOW64\reg.exe
reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop /v NoChangingWallPaper /t REG_DWORD /d 1 /f
4⤵
- Modifies registry key
PID:4708

C:\Windows\SysWOW64\reg.exe
Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f
4⤵
PID:2548

C:\Windows\SysWOW64\reg.exe
reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
4⤵
- UAC bypass
- Modifies registry key
PID:924

C:\Windows\SysWOW64\reg.exe
REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Acer NitroSense Update" /t REG_SZ /F /D "C:\Service64\Service64.exe"
4⤵
- Adds Run key to start application
PID:4192

C:\Windows\SysWOW64\net.exe
net user Admin /fullname:"SPONGEBOB IS WATCHING YOU!"
4⤵
PID:2400

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user Admin /fullname:"SPONGEBOB IS WATCHING YOU!"
5⤵
PID:3236

C:\Windows\SysWOW64\shutdown.exe
shutdown /r /t 00
4⤵
PID:4472

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1096

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0 /state0:0xa3afa055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:1624

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Defacement

T1491

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\0ef02323-0447-45a4-8c9a-6cd6d266fe26.tmp
Filesize
6KB

MD5
f520aaa939a65c8352a2507020095527

SHA1
3a42603d770f3b2e13a614d92be01287257d32a5

SHA256
bcc401c117913454bd4107e9bc0f13d0ba28426cebfa94a5ce3e144654de0f99

SHA512
e89999d1409a9f5e26292b5e8e4fdb8f19b8b8f69b97e785381a3eb06d2d864b4f0ac2162e6bfe2d9e50dd051e5b0589add16794c5f11095225da7673a4a44a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
Filesize
198KB

MD5
cda68ffa26095220a82ae0a7eaea5f57

SHA1
e892d887688790ddd8f0594607b539fc6baa9e40

SHA256
f9db7dd5930be2a5c8b4f545a361d51ed9c38e56bd3957650a3f8dbdf9c547fb

SHA512
84c8b0a4f78d8f3797dedf13e833280e6b968b7aeb2c5479211f1ff0b0ba8d3c12e8ab71a89ed128387818e05e335e8b9280a49f1dc775bd090a6114644aaf62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
bad61d9b23365c4a213e2ae12c1ec0a3

SHA1
f89494240afe1b4bbb2f21ddbd0cac636714614b

SHA256
3e74bab4c5be898d1c3d7705ceb7abf2b4213125c26ccd585549df3f2762dc25

SHA512
a1e20eaa4a7f1f53a960e0b7bc24972d2367e01c4805be37ad81580bd1ef1bed3b14dd48caaafd1a80ddeee7ba9fbf4cd6571e6ef9045d0f6468d7a13a60be54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
397ff5ef196f6920292cef9c62be72ca

SHA1
7b58a215f7e1dae2393dde52036ed91e3fba8751

SHA256
4ed59fcf3ab3f1a950cfbd70a6bf2ca44f04b2d6662aaa71212985f11b2308be

SHA512
61d017477380528874e441c26c7df37b7dd521c2ee33824c8e3dafc88d0cb5ba088a8a54bb31e2a39121b0dd2e9cb1b590710c6f2942f6fd36c097d1b1007c5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
7b723ba74cd9db7a27ef78a4a13c9e3e

SHA1
7ff6f842561a6c60d0ba9c18dc6ad2e2202bb542

SHA256
3622ca53cc53c8a72dd9a25c558c668d64c16e506a662d048d6bedbab52c476a

SHA512
8f016618e4c2b263b8fb52a88d8ffc959d9a86775dfc063aafa965afdaa7d4089b20a995834035d229994112adccc994036e9be86575722394f08dec33151915

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
371B

MD5
36b4aa73f1e2845233770da6ab6a88b8

SHA1
bf2b22d620f047c5538276b422acc5628b56cb77

SHA256
ca37009e23f2ec38cb0b5ac223f267d83731f665b7ffd536c2bca2d189a3881e

SHA512
e57c699595c58ecfbe9d5b149e502e4af34d018fe4f75933070a8e08aefc10aa5239ef7db5d67d8117e11debf69338ce174fe14da24c3d3a2ab913a807fdfa52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
e79790b5e01ad8c4dd41619836ecd3ab

SHA1
6f29ffa4ae8bfcef778e702cb72da73ee6a46d67

SHA256
b94602efc883fc15354b09f95f053b6061cca2d7300683112975adf1b44f6c8d

SHA512
3e3e03d54ddca977497c980f9c12dc5cdbc6891a70da3d187e60005c4e05c66eb99e87870d63d850b0fe082e17146ebbe403fb8c2b2311fcc5704ae4c4606c96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
ca6b25d4c489431f09c53a456af8a6b5

SHA1
ae8bc4ff5f01c8199dbce3a7cee292c56fe664eb

SHA256
0fef07803c551b2197bf8dd6b423fb4d89a4d25b1da880cefa47847262bc126c

SHA512
ef46c6549c6f54d06ab4461414c8f5615d93e9a8665ebd1e74bd7c71a52e7d1d0e6122109a3fb8face95d397c519f7cce1eb6a004e51650aefce7a8b616abef4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
1e11a35c6fa0f5e42a77f1a3ef2d4b1b

SHA1
c6cdd4fd2547f112f52756275bda87036e9dc17d

SHA256
c07117869059d3f37eb80d705a807f84d43a968a9a82450532e4d89600b424d7

SHA512
1f3ce0622be32fba3394a5c95b4b44546d83db8ee1afe1931c7cd2665b7a0a5ec2df03b1425e89a36ad715c07970e5147c2bfdb0605b1eff03d64e23a60ed375

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
371B

MD5
dd3cbb80dbfd4cfc9834b40cc0b13e77

SHA1
e108202610a6792049688a8bb25d66e1c84fe75b

SHA256
17d983cd22e8dfb501df4ba56e668a33b26427139a80680c1ca09a23a9c70047

SHA512
ed7d95a321cd94eb252cbe177defe479d285340b6e96eacd5bf8640ccfa76920480b96f6787c4e8e3ea4835f99e87723fa83bf035c787367ee0c95d7563785c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
8d557cbcdf07726b3afd12cce07a5f9e

SHA1
0cb88cf54139e3a071fe33eea05d905762778d6d

SHA256
d700a267f51b22eb5b6947a3ed8586684e87bbd19045fba542f3e59bae37a044

SHA512
3017798b2029b78de9d2a505b81ce4c8473098e7794a837ba1e5dafd9a66285f639193814e431eace9a89a605a54ca5b347eff1faa0fcc8bed0b8cd02f2afb02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
24c6fdc5fb6e8cb8ae5db66a6e5b2325

SHA1
8f50a3b4ac3f42dd340999f583e7f8164cccfce1

SHA256
4bc12f86f23d6bca209ed61267a2f97a5ffbb744686fd883477e9e29ad090bd4

SHA512
b298b6f88050249577c52fce296a3776615dc4d1c107e8215c54d81fb27b8205fd021d23668e134e4c52edf01e3c27a469bc2d8cdb267f206bb8ae95b0b2e00c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
0402125e798f4d68627ff18c7da8bce0

SHA1
54d4b0e2320d53ba3b3afdbce8b2268af7b4e8fa

SHA256
8ac338b7f1fa230fabb2573e6850c0b2f5bc3c39c04e6517c12d5d6e65026940

SHA512
9159c3b6507b7826688264899814593b1e4e091190c62ea959f39740e45e1963e2602581fce37b3bcc4aad4d80142c5babf00d90c3a8a945c6714b6c9bb33f0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
186e20f6d484321dc67b13295ac88e64

SHA1
913a9808a8ac7e510105055b6dfa1df6f4eeb24c

SHA256
7a5c7f8729180cc6ebac7762f76a3a52facee2e86adcad60ededc2ddc8766437

SHA512
34dcf33526d07d5abf34220c2642659a95368693118dae7cf0248ab9c6dc2fef65f420cb84a3d144c984bb1df266e96b33bf5a5ff93ad2deee52600c0089f497

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\dea9fa2e-367d-40c6-bb5a-bd31228b6b29.tmp
Filesize
5KB

MD5
2f433d38e5a6aae0488170f7a97dbadf

SHA1
06581f5f783f26ce94ab246b353d85dc67baa8bf

SHA256
758e0510e54d1375a7dc6d73d0e08205a7690c9faed9d987a93b1e605cd44171

SHA512
33a1685406ecc18bb1682dcd81b594ac187e9934d432d9a01bd240e536be797b8fc391fbd3ea215c203cfdc6526ad094877c138cd8743fcdedff03591aec8e7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
265KB

MD5
4a7498c96d7ba4d8f6aa0fbcbda9e88c

SHA1
2d85baf53499e3e1776db2c1b5401ddffc99ba24

SHA256
17f9b208dfb169ca536e0c7a30eb84b1fd0b5dd8688f2de53c9dcc5d7d5530e0

SHA512
064bbfbc14cd7514bf8ed92d40876e72ee45768ee21a55e1094357c046ec7829f4c48de9ed52d8408f51e16d2fc66a340174e61d60070a540ae9f9ea81380f4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
265KB

MD5
489f701acd7d4779403a77fb094858d6

SHA1
bbe361aeafd791c4fe9c5a18164cc357034ed8d1

SHA256
56b07f38ca5e61d22c7566c0302d75b97335797913cb4fd6c0ec06179f0ff131

SHA512
189c88ba3874f73a11471bffc891e03ceb52f13dae530c0b9db7da462110d2e6493c913e505d03d8b4c3092c3c7bbea01957c603c1385b02c1e879d0ee7cdb7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF3792A9BEDBE2626C.TMP
Filesize
16KB

MD5
1a7fc2c20e507f775787970646a4aadd

SHA1
64271c653ec91ad6dc6b7080097d15c1cdeb7f19

SHA256
9ffa4bc5119b82e75fc1805dc4d2d9d25b4a7586e0a5538ff87bf4f744ff74a4

SHA512
544617a01f1d4b3b63017e3d29a70c4a0e11626e9457109d677942f55ee831a4ec7a0a00efddb77e5f7f3e8e24a3c7e8e7b087fc155791ab06e8b415ecc272a4

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1XWUNEWL\app_assets_modules_github_behaviors_ajax-error_ts-app_assets_modules_github_behaviors_include-467754-244ee9d9ed77[1].js
Filesize
16KB

MD5
2f497796c4a1138fb344ef33c095e8a0

SHA1
bb8354facfc9b52a56d8e3b49b5bed1398dff197

SHA256
3bcbc1a7a6f8e83c9febf9156ad3b5baa19f153a76f832fdc211a1894cd72ec6

SHA512
244ee9d9ed779dd0dd2c7b846c0699ec84e675f1ff0bada75d599488b5330d14174063fc07ac8938cd1da53163c3d18b2d8c7585c651472737224a21524d116d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1XWUNEWL\behaviors-119a649bdc24[1].js
Filesize
230KB

MD5
77d77524510b3ccd76d0fef21191ba87

SHA1
d7f11f6dc0ddda9b3b5a18a0f04444eeb48dd4a6

SHA256
5e2c01baaae88e1a817bccc0ceb9751996f52cc088ec0f9b4de9a9f40ba40341

SHA512
119a649bdc243fd30c004c3dcc7b2d05cd35ff619b2cf89e310d502cefd63ac693903ea97d79261a0ba5b1a3b403bdd9a749179cd818663212035e3de416f5c6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1XWUNEWL\code-menu-1ede15b5453d[1].js
Filesize
15KB

MD5
113c539c6d21781f91646993c3bae7c5

SHA1
2a5562a6521e1c2f3acf150fcc375047133e3d58

SHA256
5ddcd14d7dd448110c85778acb7191258ead97a891af2e9d348f46aafca774d8

SHA512
1ede15b5453dcf220eed4bb942a583e70b9ca31d3786704b5a6fc2270c30560a94339d7be9abd79dc1558c34754c34eb5aa6b65b2a83131ee327f8f44a98d15f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1XWUNEWL\global-bac48eb8df38[1].css
Filesize
281KB

MD5
0e56d9d189c268778fe7030a4b8b0358

SHA1
ac3f269a1a604016cd6e560774a35b1c0d26f12c

SHA256
ca1234404867bce0887bb79bf3fe5e22bf4280482ddce587cec099f968f7aeb4

SHA512
bac48eb8df385b65fd50836691b739a7c957613e2f0efcbb455a4202acff6e68dc382618d7bbed24e4eb064493a2905ccd962e4df175b34dfb5eb5c1909a99aa

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1XWUNEWL\keyboard-shortcuts-dialog-ae7cd7fa1372[1].js
Filesize
29KB

MD5
8ea58b85bd8673e2722d9113b658cba0

SHA1
8d04d1777d63271b3d0c38238752a27cade819d9

SHA256
23e2de11c44fd3f533a1ac89db77aef3c25f06e913e13c2748a8a42f8bac7ad4

SHA512
ae7cd7fa13728ea09d604a87ced3a7270ecbde6c185c3e168f2b621f2670464e2ccf8a0aa4457712033c634e51ce33b406c183524451f4678659ab51457d2d95

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1XWUNEWL\primer-primitives-366b5c973fad[1].css
Filesize
7KB

MD5
c3251b92f88319086a74573c98ef2cd8

SHA1
2dc7efd06dc7b292579a74ea171ce24dfee83dc1

SHA256
90cdd286610f3f9cb21194bde1233612d62a5cb973c901a04a06febe9b285488

SHA512
366b5c973fadf52874e0d26742cc908ef426910f5b9e92a053e84382145fd7d3672a9edd392cc26dbf69a26e2bee200016ecc59e6c396b95d5e1a83887797ca4

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1XWUNEWL\react-lib-1fbfc5be2c18[1].js
Filesize
205KB

MD5
a89a8f2f2bb2d88a93065721c9e47a2e

SHA1
cd36c9a2f3f961872dde1419ee028a3043e505ff

SHA256
746be0909e59666a5f567b2aa72804a700c73dc6fe6403d68437a017563c2efa

SHA512
1fbfc5be2c185ba0765855c0a373c65424e74958e31e1df715a16e8b626ea4feff3b11fa9672e4eaea5b5a0b59a2268a1add636afef130e514f7f3e44ab98f19

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1XWUNEWL\repositories-b481106ce166[1].js
Filesize
65KB

MD5
3613c84a861726f83ac1799fc6ed4eb2

SHA1
5f31b264870aab9e33d308bc12a51f097336e91e

SHA256
5ea64a6bbfb9367905ea229c49aceda69ee55b6fd96767177181f0ffdf8a01d6

SHA512
b481106ce1663c6bef2850a77ebcb29feebd66b7791468411b36cc45d97422324578db582d09ee23795a259ee72b0656440398dc7e0f47fdb2bd6726f5770c53

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1XWUNEWL\sessions-694c8423e347[1].js
Filesize
11KB

MD5
15353e276f2a35c6994e46991d8a9b1c

SHA1
37c41a00574ae955d36dd0e5288f4ae32a18e048

SHA256
7776eb5163b1ef5e527a065ee8701fb023f5d4292bd471af5f594c0c4f33f7a7

SHA512
694c8423e3475a2e4c99d721f5dbc4dbf324fe3796e47101147753b191f032081687f9765a981207992da09a9b209a1d4d314d25621e08d811e2cf04a0403197

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1XWUNEWL\ui_packages_failbot_failbot_ts-5bd9ba639cc0[1].js
Filesize
8KB

MD5
2cc38df3d042ea1511d209eb9b7b4146

SHA1
ca78c51f61c94ce4f3eab3bbfd74f8e0cb1f382b

SHA256
cc22d1a222e441835b520e01c2e4b1fc70d8d1a045c1efd1afaf1ceb2b1e58ac

SHA512
5bd9ba639cc0bbb8644568d8826867bef58179e39f89934adef29eb7d49734127cf55389849c9ab718e3a97cd5415b666ee193000d0107c5471b6676d2f4a03e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1XWUNEWL\vendors-node_modules_github_file-attachment-element_dist_index_js-node_modules_github_filter--b2311f-4c891ec4eeb9[1].js
Filesize
20KB

MD5
dfddfc54d758658bec3e1d0e93027dee

SHA1
1627ae55da2c1ca92ba59ab40932afd91d166198

SHA256
777a19978e9b2488c318cad5ec91982581fe77007e74fcca9d1157fc646e98e2

SHA512
4c891ec4eeb9ed3585e7866f74fdd472b96cff049baa3969677418df6ac4dc7276021c2200a82cdf9ef9915a064a0cfe38e2d5e5d1852f749efa5a35c94a4da3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1XWUNEWL\vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_github_alive-client_dist-bf5aa2-5a0e291a0298[1].js
Filesize
13KB

MD5
04f1546514c5eec6a28b777b1bae7288

SHA1
bb29d0448985672691f54db4b8ccae86e8b13536

SHA256
6e36dd93eac542396395339c6eb0d1118ee418e37e9076fd819bb50150ede956

SHA512
5a0e291a0298eba972eec6ea8b7f818b7c8f1c821198f09983dc1d029e70a35dab2e51a0860d5dc359c6befdd7eeda4737e5bb0ef9eac504cbf61c9362b93748

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1XWUNEWL\vendors-node_modules_github_remote-form_dist_index_js-node_modules_delegated-events_dist_inde-94fd67-99519581d0f8[1].js
Filesize
14KB

MD5
84756748e3dd04bc8df81aae5b8c928c

SHA1
da0753f66399bf678140e102c8ad90324aacee5d

SHA256
6a1fbc292e9af25dc3241c6f45a6ac754055cfaaa024f50ab231257f97f06c84

SHA512
99519581d0f86411b1cf8a25912224e4a2c7f98b10091962da6b52f6fbec3dd216e83e9e8a6b63195516c7331df090238603b99c1c679499da77ec1a59a7a8f6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1XWUNEWL\vendors-node_modules_oddbird_popover-polyfill_dist_popover_js-7bd350d761f4[1].js
Filesize
9KB

MD5
b6b600c9f1dd4c88024d62e6ff2eb871

SHA1
5a22091378af6a681a1edd36e5337b9b6f70613c

SHA256
447a26cbcbced255f24f46c1e82a6f3a4de3b2a44d4b0ab7b6f427b12f783f8f

SHA512
7bd350d761f4f22866b454b1271af79ef5d23f5d1b8cb0598c34f739e3dab977450d61d01b8a0c135fff309389f712c0114e9cd6e844d2261d2536377b71b838

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1XWUNEWL\vendors-node_modules_primer_octicons-react_dist_index_esm_js-node_modules_primer_react_lib-es-2e8e7c-a58d7c11e858[1].js
Filesize
708KB

MD5
38773ea059ee0c5a7caab2655c072890

SHA1
759370e3ff6efeb95d3fe4054280cde020d5ae52

SHA256
dbbc59389f09a65e38d473016ef15dcc006ee70f55018b4360d9e13388284c0c

SHA512
a58d7c11e858847f872c31f654006acfcaf90363f8c72ae8dfc63a5541d1692a291dcbd380aee50f26c919c2a290d972772ac9400019d5910b0f107623bea81b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1XWUNEWL\vendors-node_modules_primer_react_lib-esm_Box_Box_js-8f8c5e2a2cbf[1].js
Filesize
14KB

MD5
e13301561af6d955f28e15fb1289f257

SHA1
cba18e711015c8eb73907a47316a9e72a04cc4fd

SHA256
6f56c90679703b770ea20b56e706321a2b5ff837a521aa0977640d19be74d0c3

SHA512
8f8c5e2a2cbf938918866c1a84d9c1e242a98d5ecb48d3b2861faf32e19cfdb924f2bce7230b6cbcb67597fbc2e05d6d445115cfec1a1d636151ceb0548a5ab4

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1XWUNEWL\vendors-node_modules_primer_react_lib-esm_Button_IconButton_js-node_modules_primer_react_lib--23bcad-01764c79fa41[1].js
Filesize
31KB

MD5
502593a6eb977a150603e73c0c13b0d8

SHA1
55cbc204f5c484c42539fa7eac8808ab2d248540

SHA256
bf4692eb2455f13975b8a583ef8c34fd55379dff8950b4460717520e13b27322

SHA512
01764c79fa414c93766908622d74087623cbff4ea6b810ceaf7c41bc767add9917a46cc2a451ea2bc66a0c194aecf3ba528ad9bc70d46837321be53ff2dc19e2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\AFG44H3F\code-111be5e4092d[1].css
Filesize
30KB

MD5
7cb9080aa576934b53486d3746529970

SHA1
cb9ad049ca59d0dc0095470fddb2bda8798211cd

SHA256
9850beb3ebe2c31da0ece9d1a823e5e7d26983626c6e2acf4210d33abf6660c9

SHA512
111be5e4092d831d8e068ff4b6d2be94cbccb5bf92adc549a6c2506c4712ac177d15a61b56bce1919a2bdf9bb66d4a24b805db3aaddeb86823912d1df805f2fd

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\AFG44H3F\dark-a167e256da9c[1].css
Filesize
110KB

MD5
16bf89ddba1dd57f22db711fabe734a4

SHA1
957574454d6cf7418b7ec21ee68b9f6cf9121ea5

SHA256
9b8c1638bd260c5ffc8f57ce371ef17210117aae67ffce5afbf141feec1c4c53

SHA512
a167e256da9cfd581c6d23cf0e71e8df6f863b162e9d1f8d32baf91adc0f89b7d75f059061ac6b643230821b6a82bcfa356bd64758a2f337e95cdceedaabdb09

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\AFG44H3F\element-registry-fb4b8d40f206[1].js
Filesize
49KB

MD5
8a624737383d86d3c341e0ff054792fa

SHA1
53f695a66332314db5778f94146db8ebcc645994

SHA256
d5cc3eeb619ea08eb90569b55afeeb250b13291dce77335a75acda513e572b55

SHA512
fb4b8d40f206f2fb78ca6871324981d0c2f04859e7067547b15c5d379a1cd07b5624541cbe1880b599cbd6a504ec4db1e91b829dfda8770a9d11a4208d21581a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\AFG44H3F\github-19c85be4af9c[1].css
Filesize
116KB

MD5
08a9321c7a5e7988158d86b61b4a2a80

SHA1
890c5a4a3d8af53b5ecaf2efa13b345ca3233a77

SHA256
08754f9acb163a564c71c8c08b9cf03e9912c486ebff08f7ea376b74742eb361

SHA512
19c85be4af9c4eb8e532503ef3730d233318504d8b1f5f5b535bbd3b067e5d072072500bee3b65b1b91b0ca7414f4f21fa6e79365cf19ea07a98e527e1c00b3f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\AFG44H3F\repository-6247ca238fd4[1].css
Filesize
27KB

MD5
0c6e7f9ad3d84702fe070a9dfa3e400e

SHA1
b7779f1b9dabe9a148255f6f6f98ca8545ac4017

SHA256
07036a0205f8314a3f5cd3ec9eeb44872b79c2418efc20f0945b0ac5c6a83199

SHA512
6247ca238fd4503095653dabda8f9e5937cce5091ec403d8e613dd2601db2b9425d103bcb389fb507fd0cc4a205711c2abb8a7011bc411b65823576a39f355bc

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\AFG44H3F\vendors-node_modules_color-convert_index_js-72c9fbde5ad4[1].js
Filesize
13KB

MD5
c706ad84a4eb261b75d1f77ce7f9bdc8

SHA1
497a9725442e7305adc54d19b828b2e38c5c56cd

SHA256
80b561c1746ef1533744e7bf7ea3f6c721a88a104d665bb97ffa8df96e69b682

SHA512
72c9fbde5ad471c76b76034459d0d75db00cceaf3904a14c01dd9dd9167da7f783086b79c446b24ed2630c9cebca1996b3ff8ea52dec6c865f173c8158962be6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\AFG44H3F\vendors-node_modules_github_remote-form_dist_index_js-node_modules_scroll-anchoring_dist_scro-52dc4b-4fecca2d00e4[1].js
Filesize
14KB

MD5
3c93d840bdb31e2ecf2db3a18d74ecfb

SHA1
9dba0310dd02f294a15ce70e9dcf15bdd931b153

SHA256
90811a711184795bc02f4d5c428192643b5721937943c790e950e9e353cdc310

SHA512
4fecca2d00e4933afc4ec27c376010683c3e788034515793c7a275a9c7d60f742f10850f108fea397f221436d2201f671f6416a4deb5fc3cbebccded871f979d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\AFG44H3F\vendors-node_modules_primer_react_lib-esm_Button_Button_js-d5726d25c548[1].js
Filesize
13KB

MD5
7808e91ddfbdb6b9debebb80d385f34d

SHA1
fa5b6305619c7c4964a9457e6ff4239a83cd6ad5

SHA256
b4de114425b15165820a41293d5cb11c2353d3b29cc3938f800c3ad539f40158

SHA512
d5726d25c548155c6bc41be3d771580a0ab86d7718969a2ca4563efa2f17ac226bcd2347265fd7fb16bfba539d59bcb709705933c7b7f3bb0a082028d29f0503

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\AFG44H3F\wp-runtime-4153655ad06a[1].js
Filesize
37KB

MD5
1ecf9ceeef31b8fa9374b5b5895c56c1

SHA1
441a42ab967cb35dd21111492b667067b411cd26

SHA256
c175ad0f2cb531780bc7b8c6df6dfaaaceb9db3b7198519e7a19e74d48ed3eed

SHA512
4153655ad06a4da7214142b69f90115dd29a0465f47cb9144de8845cb90b0bc2dbef9ce8b911354d0c4cd1bda48da10b01fb2978bf3ba3a7040ff64380f2a2ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IMOA8IPM\app_assets_modules_github_behaviors_commenting_edit_ts-app_assets_modules_github_behaviors_ht-83c235-9285faa0e011[1].js
Filesize
11KB

MD5
ea2f459bb2eaf606a6d110bb721f8c85

SHA1
0cfc1539816ee68e0ccea2f32fb4191bb8b05224

SHA256
3c0095ede9f86618b394dcb281a35c659330ed3532ff49cb699c4f95083a912c

SHA512
9285faa0e011208b72caa43ce51dd15a03224c73810ca9d549ab21c344c2c96f7b6bb31b86e922858cfe6cebe6e3b09e7dc8fa35c6c78fd7c44b6c919002ad02

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IMOA8IPM\app_assets_modules_github_behaviors_task-list_ts-app_assets_modules_github_onfocus_ts-app_ass-421cec-9de4213015af[1].js
Filesize
14KB

MD5
f773d7682704ca9858b63b87f67919c1

SHA1
edcb0120ca99d5ddc395fae4bcac301928f49ef0

SHA256
0b6e667cb5fae47ba109488f66ca4a2f3a55a80f25cda4ca17db228b3ef3464b

SHA512
9de4213015af6aa07708f102ee75a6092518d4ce61198db20c67def5a37ed0b924bf0007bb23535aa11da61f818e6d80c7c84f31b8f4e76c5413fc0086850d9e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IMOA8IPM\app_assets_modules_github_ref-selector_ts-2b432e185ab2[1].js
Filesize
9KB

MD5
3008bf196bcb9081554c35d0080e65d5

SHA1
599c18ca5f933a2c7d103853f3d295bb4b07fd69

SHA256
3238339a3ebadc4358c84c48cb610df0dde4ea1b8d37fe692248184b4bdd4ace

SHA512
2b432e185ab27d8e07fcd73366b6af71114e20991ae4255fde6ef7a022b91508097cca4e83e9ad54ca69867c337fde774465d34697603b359a4195a83e1c9fd2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IMOA8IPM\app_assets_modules_github_sticky-scroll-into-view_ts-94209c43e6af[1].js
Filesize
9KB

MD5
ea01bea08a155fcf33ff2a18fcd0ecb9

SHA1
1f58607e282514d7a1dddf9aeb2b91bc5f5fe7dd

SHA256
ecef9a63582229cec2ad4531de2fcbe4098fdbac1ff41d7ad269fb47b3ad6352

SHA512
94209c43e6afe456a67e0fe26ff4f4bc8982137138891fd2aa1660150c4e03333187d63292ebf0d5aee64d0c5f8f0e40421e21923e7588d5213d8892e8a207eb

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IMOA8IPM\codespaces-ab2e4b7a3cde[1].js
Filesize
26KB

MD5
8f72e4ca5d608c75a008e37188bf85d2

SHA1
d5ad8e39462fb2f2ac88f4b99aef722181ffedfc

SHA256
968bb8692690dabf68125fda81444a14f1bebcc35b69a87f4cf86f4c4dc0d745

SHA512
ab2e4b7a3cdec33e2dc16e37b22c5442b6ba368d771bb10f04a1d6b5be95ae4e9d4e08948c362bc2b40e51062bd5d6da45bbdb5889200913d6e47b47eaa2868a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IMOA8IPM\github-elements-369bd99876f6[1].js
Filesize
36KB

MD5
176b73a1c398b5818ffd837dbd08a6b3

SHA1
149a7008385a4560491235ddd250392923799064

SHA256
26bd3d276577494c2e072fdb2a0cf439e25da8e11d649dde43a6744396d48dd4

SHA512
369bd99876f63e0c2b7cdb8137f15e92938d7d13d61211de5f1966204ea139971894223488f15266d7a7ed2811d9019cd0bfd6a81d747851df0487333f084c71

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IMOA8IPM\light-0eace2597ca3[1].css
Filesize
110KB

MD5
c98edbdc81b370dec6c1635959f3e6d1

SHA1
fc7c9fd6033bbc608ac6b77b5b481c7bfe162e75

SHA256
7214039084d73a8ac3457904dce9dba06f30e82c1b62bf186e791502aad5c41c

SHA512
0eace2597ca30668d561697e3275158ede25e98bb9af70b059f8a1edcd139ce4910c9e04a1d739918615d4042fd4c5d16f6d5ec0983c9785537f55aba10cb64a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IMOA8IPM\malware[1].htm
Filesize
291KB

MD5
84bb818c5e22afbb91edd7eb4cc11bbf

SHA1
3685e298de06cddb7ae84c3b51e6e087f2f29b65

SHA256
0d5c77851f90c0570872f5674cabf9c3c55d1a06bffcf66b2ee7e40829ad3874

SHA512
3e93169e5980a32beaaeef5decd192b7d982853faf4f6039494dc97ffc69b7018f2ae77ff6297f02c2fda1d9dc3e70e6d690fe4412d908c3b73cfc836b58a61e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IMOA8IPM\notifications-global-352d84c6cc82[1].js
Filesize
12KB

MD5
176403f7a580a1555f82d1351a17ef4c

SHA1
5f36d64a22d4acc76586c9fb9e98269d25171c0f

SHA256
8922a5fa32e5e1bcf394b9a3f5650242e488346e37149707f2e53a45f7056d68

SHA512
352d84c6cc82775487e6344967259accd16972d5ac6062b41cc0e26947423e4d0ee0d324b31194f22985f36926bc159a235e38726b5fd5878b7492e1d1db73fb

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IMOA8IPM\primer-f3607eccaaae[1].css
Filesize
347KB

MD5
aa14b91e78576904cc27fcc1fb407bd7

SHA1
ecbe3f65eada869feea2678b1312ba091c3347b0

SHA256
ba88d30d22342da0c2a4097ce531a2f264a05d9033edceeab7ac1346c4e8aaa4

SHA512
f3607eccaaae57f9bebb96232f5a873d9c0a90602702ee9021cea9aec54c0e6bfb3588e9d35507e515220bdf2310b94569d18bc92479821943b043b1819b0ca3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IMOA8IPM\vendors-node_modules_delegated-events_dist_index_js-node_modules_github_auto-complete-element-81d69b-d1813ba335d8[1].js
Filesize
31KB

MD5
f01327c1bcf097a13d17356366e29fc1

SHA1
d10dfdf6d45659d5116e81fdf1c119b3fdbe17c1

SHA256
8c20c9903ada8a80f2186e5e1102f44326754c57d89caa9a9c46dd0a3c15bcf2

SHA512
d1813ba335d80383f4eb08de1e7892f8da0128169595886e891d59fe992d6d0d438fdc640635d8ac89077648a44fe7ba8bbe611848ebb743c811364ab1d915b3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IMOA8IPM\vendors-node_modules_github_combobox-nav_dist_index_js-node_modules_github_markdown-toolbar-e-820fc0-bc8f02b96749[1].js
Filesize
18KB

MD5
1908a7d9985e9540b3f6fc047f62b729

SHA1
25a06882e338da16bbc59797925ac6086141f478

SHA256
1b92b8a1d5169e64edce1fb248cb5989561060b083e5f05b6ca2a823b748a946

SHA512
bc8f02b96749a7ec00a92334c4964a4255611b23e15b88a9fef73fce2b55e32bfefa7f4bb89d436685a92fe188713790b9154ed79b5d7b3690a3ace68346cadf

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IMOA8IPM\vendors-node_modules_github_filter-input-element_dist_index_js-node_modules_github_remote-inp-b7d8f4-654130b7cde5[1].js
Filesize
18KB

MD5
21c56e08d54cacd285b71cb9822e4510

SHA1
f1e2472c4f75565e065a222d4d8230e4c3eaf2e1

SHA256
fcdf8d456aade47c524428bd32301c8e07d3535d2084e0cb0bd13b67fa5e6430

SHA512
654130b7cde50138e63b58f5339e703d43c6719a508b45a0a168777cb1ab5f204d5431d854bdca627da0ef3f39cb9d699b3a7b7f8cba0442ea2f45d9d19ffcf4

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IMOA8IPM\vendors-node_modules_github_mini-throttle_dist_decorators_js-node_modules_github_remote-form_-01f9fa-9fad2423070b[1].js
Filesize
22KB

MD5
7abbafd0b0ace8e082bed55222176604

SHA1
6e900b4a42a9e374298ea0d8eb3f4c45084253c0

SHA256
9e210b5c1600e761832787801d86ecd0f5e500e1fe70568821b7660553832ea8

SHA512
9fad2423070b838f9bf83141dd13df18344c2defa7728417d64b5c4a3cfa92183b90c2dbf69fd03f3933a46d9d8dd7c7e36bfd5b28d1593029d0dad843ccae93

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IMOA8IPM\vendors-node_modules_github_remote-form_dist_index_js-node_modules_github_catalyst_lib_index_-eccae9-1932eeecf006[1].js
Filesize
10KB

MD5
1722e9a1b048420dbf2a3feff30a6f36

SHA1
53547f47855705be2053cdccaacc5743dee89918

SHA256
5b881bd8e253ed1a94829ed9646e02ee9b9e0bcd25909bf75ba3a15007a40190

SHA512
1932eeecf00653454c623e522dc0a324fd594025b662bdc1286eaf60ad30381fed6f1525961e9a7536a672ba98e3d089e7473c7db672fec79cd0efa3c93f9b34

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IMOA8IPM\vendors-node_modules_github_turbo_dist_turbo_es2017-esm_js-c91f4ad18b62[1].js
Filesize
75KB

MD5
8d2fd700b674b265b884566f9e1a68b2

SHA1
b0071dc74ec8602aeb4d4063ace590e7dc26ab6c

SHA256
8d303394176f2b0cb950c35e71caa07a94141a3625c75d8b5da9f42f9a1bd700

SHA512
c91f4ad18b621b1321ca15512f94dfc9b7759ea2d0a150e0d4ec12c62ace6f5d01e60b991f0f1fa523b96ff9e0174e89a5c6496a6df15b61e57f232f2fdae967

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IMOA8IPM\vendors-node_modules_lit-html_lit-html_js-5b376145beff[1].js
Filesize
15KB

MD5
81628c9093236d8e3cf835f708c30608

SHA1
846b10531dfca6510051fc43abb8f9b5647a0433

SHA256
daf381c316a5988c9116aa65c5816cbc8a958211b4c0b7d989ad6c9645757902

SHA512
5b376145beffca1bfc6b0352c08819609a974b6170848699421208752a63f057869e0e4ddd23797b3a0c281c276d7fae580cf41bb5465c632aee58524b21e7ba

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IMOA8IPM\vendors-node_modules_morphdom_dist_morphdom-esm_js-5bff297a06de[1].js
Filesize
4KB

MD5
11a69b0651264a2235a7059e9e677227

SHA1
a467270f0455de4ab13fd33856a5341e38aaa6ea

SHA256
3316d32e073b0f756d7e247b00b1a016f421973c50f1e3a9ce9f5b86e975cf9d

SHA512
5bff297a06dec294d6d6eb1f52edf99e69871f6325e470c4792283524e0f65fdc701c1dd9c962f49cb42276cd108e7e4a71573ff575c971add30616c24101450

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VDK2MO7Q\app_assets_modules_github_updatable-content_ts-ee3fc84d7fb0[1].js
Filesize
12KB

MD5
8568ee8a3f6ca40d50063e6117203449

SHA1
f6bc7546660c0620ecb4a7623422aa5093a6286e

SHA256
38a6c70a02478f5a269fe219c2188daa0c154ef09305762d3dc71c90a3ef986a

SHA512
ee3fc84d7fb0fc03d42d2bc7fe780718e9794ee64b63e91d8c59d5edc463cb35c63454fe62ddb3083fce463d9d281855deb5b59da883cceeb96109d07e081fb4

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VDK2MO7Q\environment-27057bd9ed0b[1].js
Filesize
10KB

MD5
43b5b0f77bb997c5e00aec7f8154d714

SHA1
51dd494d33f44bdc80bb21c0eb588dcf59c7728a

SHA256
c6f0203009406dbbbca86adcfada464fe0ee23b8f6e315391f0b6d71f9312373

SHA512
27057bd9ed0bc44f5980c3e1fdadf78082ff0b220549f25f7c365ec23235f628f78a456dc6a39e7b687205cc19870b6bb0e3e917f478b1df2221dea7e9961c45

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VDK2MO7Q\vendors-node_modules_delegated-events_dist_index_js-node_modules_github_catalyst_lib_index_js-d0256ebff5cd[1].js
Filesize
11KB

MD5
8007958ddfc8daa0b2e13540d70e1fb4

SHA1
83ec5c75ac8949e857d2e464d4828075b523694e

SHA256
9910485f50c52d485efa9a014664835cd3435c6c430804734c94646a27c3a7e6

SHA512
d0256ebff5cdd21c9b2a16e7f79f31d9607337c3a38af500698b9ccfb3e858127a88c464bb72b00d47276f6c4f2e5cdf4f6ee66dbe243d7dd4fde38a59fd1ba8

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VDK2MO7Q\vendors-node_modules_dompurify_dist_purify_js-6890e890956f[1].js
Filesize
22KB

MD5
80fa30c00e347b5bbc8b7ff9dc2c9f44

SHA1
d085fe485ada77814949e92fa9e1b1eb05ba5eda

SHA256
be77c75cf182f1830d0f90b8d7aee460f0108c6e7f5a143a524f709b9023c80d

SHA512
6890e890956fafa8187511df1ac3c80a5b8d56be5ca989da251741f59c8d1186c0efa3d374f113b0ebeda124b78dedd106ea97f487ec04cf2a012e7bdd1048b3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VDK2MO7Q\vendors-node_modules_github_file-attachment-element_dist_index_js-node_modules_primer_view-co-3959a9-68b3d6c8feb2[1].js
Filesize
91KB

MD5
d7b0a22391d15ba9db521b44768a5d7b

SHA1
98b1702262a217a3c201101e3ead54ef6ae368f4

SHA256
034108e0ae8475ffd13b7b5b842f59975e5473198c9538c91aafdfd342ed4e51

SHA512
68b3d6c8feb272e28b01e2c4ee9b743bb86399300ff34573367cb8d4112175c4fe552e87232d6f021124f02d2a6f9774764150d2ffe2ef90b540767d976b1ef2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VDK2MO7Q\vendors-node_modules_github_quote-selection_dist_index_js-node_modules_github_session-resume_-ff65ee-c202d20e2d3d[1].js
Filesize
41KB

MD5
0a5c8c2fb52ab19ad25161951a892959

SHA1
c6755ff9d94cd6f0e17166b95892cf0bd7e5a6fa

SHA256
00db91bb25902cb212fb700d2954b40c4dfae8fc1f6af62aede5d01f22efe213

SHA512
c202d20e2d3d21eaf0b2e6de2d17c0db8928c36440291c34914978d5fff6cf7f4ee5d16c18b19b29678b31435bcb44d0b48f97d3f0ef0a97df94a8c9f10cd36b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VDK2MO7Q\vendors-node_modules_github_relative-time-element_dist_index_js-c76945c5961a[1].js
Filesize
14KB

MD5
2cabd818fb8745b2fc7d5f92594269b8

SHA1
88108fecb3839f06671c2a21e35163e0e414b2b0

SHA256
55cdbee6ddce98f5c299a24fb9851501f46ff0cdd2ef3b2f7bb572a3940b462d

SHA512
c76945c5961a4f5b2cb1f85bd3cbb35d5e81f611c3ba05543acfe870728e94e9719c9331b65f4c2c8723960c5ac1e9cac0495a892f049b41ed3ffbe899b93700

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VDK2MO7Q\vendors-node_modules_github_selector-observer_dist_index_esm_js-9f960d9b217c[1].js
Filesize
9KB

MD5
683a7fe431bded8fbbf7b5189a1b8209

SHA1
2fb527473877ea06ec6b023690ce933c216c5d07

SHA256
f87c5b59b8f353c8762f2e44e1f82feafab882a96a0fad135dc6fc1555872ab3

SHA512
9f960d9b217c457d467a9510dd9797c4ec9df9a892c0a3e1746b2b87dca8ec191dc901e983bc509bc282004967b6fd588dbff5bf70bc7e20a5ca32bc7f1d772a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VDK2MO7Q\vendors-node_modules_github_text-expander-element_dist_index_js-8a621df59e80[1].js
Filesize
11KB

MD5
da04614ae380b68c111984f401413fc7

SHA1
7ca0dc023ca0b1654d7c8630b8a05534e156d03d

SHA256
85fa448f4d60be73de2f42a83937523b7b751a4523b809fe9e3edb404e00b835

SHA512
8a621df59e80e8851a8cf3db03462095e8bba43a860b1018dc66780448e82d19871be99aab995fa57025db8b7f8e975eb0595fe2c59ca23d984b4d21d5031aaa

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VDK2MO7Q\vendors-node_modules_primer_behaviors_dist_esm_dimensions_js-node_modules_github_jtml_lib_index_js-95b84ee6bc34[1].js
Filesize
8KB

MD5
913a77fa8f878b5f1b7bc5c3c53daa45

SHA1
e2f68e5c24e77ab985603430e9666fc1718cadf7

SHA256
69b7ef034ddc6b605311ca503ca24f54de1758816ef270a160315ed71fc3d7e5

SHA512
95b84ee6bc349a259aa1a1298245ff5edb5cdd1b6f5013e0c5eff8059c1f90125e8a1457c40c54ce103f4d18160a55cd7084922ae283bf00f8b425cffd1efa48

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VDK2MO7Q\vendors-node_modules_primer_behaviors_dist_esm_focus-zone_js-086f7a27bac0[1].js
Filesize
8KB

MD5
6822816845d932c1e93f68372f005918

SHA1
1dd14a539530e8d131ce29be5e5f84e4098b6a15

SHA256
14d338ed3345cc8d74e239c812aa37eeee6126bc1ad8a17e4e2cf6ba8ee0adee

SHA512
086f7a27bac0d285f5e0c849cebac7176f86edb18037d8ec4356c2b8892fd3f47e045f857eb673b213661eea17441192cdb7a76c807c2badcecff6b7901aba92

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VDK2MO7Q\vendors-node_modules_stacktrace-parser_dist_stack-trace-parser_esm_js-node_modules_github_bro-a4c183-79f9611c275b[1].js
Filesize
13KB

MD5
0ebf88b18838ca3926ece77027c1a096

SHA1
0f2edc27f5a23e5c2f699443c0d6572904b7bfd2

SHA256
452a443efadf60da1b19b9bf50d6cbbb25ab9441a3e9fe73b678d9cd486d80b6

SHA512
79f9611c275bf2087d6b063e2f4bf13feddab30c494b7bc968169fddf15a451aa26fe231ffe9e2eb4b9923477528ce638f5688cf4930953d372df69e822ffb44

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VDK2MO7Q\vendors-node_modules_virtualized-list_es_index_js-node_modules_github_template-parts_lib_index_js-878844713bc9[1].js
Filesize
12KB

MD5
84eee0a0d2d52ce4048f2dbdb3589012

SHA1
9723f142ff6ce47f65dfed06d70b68a305a8dbb8

SHA256
bf11813ce0246da52cb3132837619c44d1e837e3eeebbbef12137dd91dfbec7f

SHA512
878844713bc98efc35c1a8041e3a53fa3e2ac9669dddeeeb2962ce6cdd465f84f0d41c3774ac27bd4bffcfbdf4832897e7711dbfd17adfac9d2fab206292c4e7

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\P4XATSQ7.cookie
Filesize
165B

MD5
453e4d167890e9e40a5162f0e630e51c

SHA1
356122eb4006abb4e490fbef270b2c2a454ea6aa

SHA256
ff706801baef1c07df9704240b8faf0fd03bad471a0335516cc5d8a4e4d9f0b1

SHA512
56733eba6821df2518dbda66aaf6e763dc18f83aff9a28662e46745819fc731e6e35338eb61cd18755cee2fb2bfce8062a7243c47b87b8f8a2d20efc5480e4cc

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A66A8DB907BADC9D16AD67B2FBFFDD5C
Filesize
281B

MD5
32d43c5bc896ab350a0a04363dd5f22a

SHA1
3b33426a17c96637706b086a5ba152f3351247a4

SHA256
6bae4dcefc0f613681a40affe112e45ddafefd11ab1453e0fccee27c4dc64a55

SHA512
9f34f92afa7511ad794368626b3c45b9d1a3fef1b72aa644edbb9697512a35d7187996c1ca0a653ba659ebf08be798a5ba2253e2f27a1aeb90ee428ce0a714a9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
Filesize
1KB

MD5
b9d88f3a11f75b1e077107b2df4bf91e

SHA1
748ffd1eb9cff9042ddede0283125a1a0c5af7d8

SHA256
c8a836d8796ea91ef3fb9e85816a9764afe0f0b7367cede2960f02b4ff5f311f

SHA512
d15e4833e8185c6ed5ce06bdf0441b8a1b483c69cad12b45b372a0bf10524e670ef4ed7f749e6ef41b33ecf6862bc6ebe50a0b6c601219a81f9149513bb59499

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
Filesize
979B

MD5
4c6562b12e055dec9b0eff2c5a84a482

SHA1
1a06ce8140f57b09f2f47f391c14b5f55b1cc563

SHA256
6140d788c14c7204905c963c12f0a77dd53c301d709a8a8a438c7400f14c7e8d

SHA512
7e2dde0b1642c073423170c0ac4d171ee2371ed28d7829987983da4f1c443462212e3d320fada7a22fda0c5023f121d5b8acce012c4550d66a458f81ea19a864

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A66A8DB907BADC9D16AD67B2FBFFDD5C
Filesize
480B

MD5
af1aeeb58c8bcb89d9054369f845c4ef

SHA1
c360534e7706e216d5ef2b5cc2a4a4b23f3a2628

SHA256
15dd781725634af2e471b1ea54b16a5fff2f6a9dc7ead13c8bb229a761786c7a

SHA512
4dbee9a7834a85647eabe609289cda760dddff2c35c6f40003e24aa1b405ee72b35dc95b0cb4844f747c5514399b6cc2f134d856260456de55afd945967644e4

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
Filesize
482B

MD5
e6d1341d286bcf4504819cd3c35640d1

SHA1
f236f89a9b01025ad30d743ba44bfeb7e8bd758a

SHA256
bcb5bdf7d319b1713e19d9f377bae073722afeafb01f7236dd3c45d194bf0764

SHA512
b6e158981643c45a6e2369f208e31861efe158bfca9d5478cb9432ffa1d5e1fb23bbf79a4e29ec0cc052be4185acaff29d33c09d39f678341174a2c68c0bd49a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
Filesize
480B

MD5
fc85c94aa85788649a7661f4567f233a

SHA1
a13554ad6fdd5df28bb4cc2f50df6ef165997379

SHA256
2e5bd87035b80d1368ac8b83148aed8a529bc23df52d988d378e655cd78d5244

SHA512
da4dad4418d7b0c7b0e2f655d8dcb76a092ffdc8a1246170ca6e5ffc00af81d6c207faf0658742ede94b70baf2c9e6d09f67bcd130bff938d6f600df58f57685

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 790416.crdownload
Filesize
11.6MB

MD5
4d11d4a04c459638aead9e75420e7571

SHA1
42982ad5f2723c8b0653217f3869f36d2f2de748

SHA256
f92fb3d97dccd5031cb98ddc04d582f2df1f036e5576f48c6c3338430c27050d

SHA512
fc37e7f24a0a892e7507d3a1626f26d572271f8b448a50c387801fa18daebe3d501478e03d81944de4132cfcb106f0ddbb2d4ae163e97a5cf9a83a0bc9b26d61

Download Submit
memory/2088-260-0x0000022E7D050000-0x0000022E7D052000-memory.dmp

Filesize
8KB

Download
memory/2088-267-0x0000022E7DEC0000-0x0000022E7DEC1000-memory.dmp

Filesize
4KB

Download
memory/2088-0-0x0000022E7CB20000-0x0000022E7CB30000-memory.dmp

Filesize
64KB

Download
memory/2088-16-0x0000022E7D440000-0x0000022E7D450000-memory.dmp

Filesize
64KB

Download
memory/2088-35-0x0000022E7DED0000-0x0000022E7DED2000-memory.dmp

Filesize
8KB

Download
memory/2088-263-0x0000022E7BDA0000-0x0000022E7BDA1000-memory.dmp

Filesize
4KB

Download
memory/3788-699-0x0000000000400000-0x000000000132F000-memory.dmp

Filesize
15.2MB

Download
memory/3788-674-0x0000000000400000-0x000000000132F000-memory.dmp

Filesize
15.2MB

Download
memory/4500-229-0x00000268AFB10000-0x00000268AFB12000-memory.dmp

Filesize
8KB

Download
memory/4500-231-0x00000268AFBD0000-0x00000268AFBD2000-memory.dmp

Filesize
8KB

Download
memory/4500-226-0x00000268AF9E0000-0x00000268AF9E2000-memory.dmp

Filesize
8KB

Download
memory/4500-237-0x00000268C0910000-0x00000268C0912000-memory.dmp

Filesize
8KB

Download
memory/4500-241-0x00000268C0950000-0x00000268C0952000-memory.dmp

Filesize
8KB

Download
memory/4500-239-0x00000268C0930000-0x00000268C0932000-memory.dmp

Filesize
8KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads