hxxps://github[.]com/pankoza2-pl/malwaredatabase-old

Analysis

max time kernel
1800s
max time network
1605s
platform
windows10-1703_x64
resource
win10-20240221-en
resource tags

arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
submitted
28-03-2024 11:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/pankoza2-pl/malwaredatabase-old

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 6 IoCs

Processes:

MicrosoftEdgeCP.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

browser_broker.exeMicrosoftEdgeCP.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 240919570681da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\NextUpdateDate = "418455126"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\Certificates	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListInPrivateBrowsingAllowed = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\MrtCache	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 4	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListFirstRun = "3"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$MediaWiki	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B72164 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\FileVersion = "2016061511"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\en-US = "en-US.1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = a5b5b65c0681da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 023ec05c0681da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Rating Prompt Shown = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 3	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CRLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 7995e4560681da01	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1903027113-674645041-2759338396-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData	MicrosoftEdge.exe

Suspicious behavior: MapViewOfSection 6 IoCs

Processes:

MicrosoftEdgeCP.exe

pid process

380 MicrosoftEdgeCP.exe
380 MicrosoftEdgeCP.exe
380 MicrosoftEdgeCP.exe
380 MicrosoftEdgeCP.exe
380 MicrosoftEdgeCP.exe
380 MicrosoftEdgeCP.exe

pid	process
380	MicrosoftEdgeCP.exe
380	MicrosoftEdgeCP.exe
380	MicrosoftEdgeCP.exe
380	MicrosoftEdgeCP.exe
380	MicrosoftEdgeCP.exe
380	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

MicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	pid	process
Token: SeDebugPrivilege	3108	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3108	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3108	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3108	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2720	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2720	MicrosoftEdgeCP.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

pid process

2896 MicrosoftEdge.exe
380 MicrosoftEdgeCP.exe
3108 MicrosoftEdgeCP.exe
380 MicrosoftEdgeCP.exe

pid	process
2896	MicrosoftEdge.exe
380	MicrosoftEdgeCP.exe
3108	MicrosoftEdgeCP.exe
380	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

MicrosoftEdgeCP.exe

description	pid	process	target process
PID 380 wrote to memory of 1836	380	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 380 wrote to memory of 1836	380	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 380 wrote to memory of 1836	380	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 380 wrote to memory of 1836	380	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 380 wrote to memory of 1836	380	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 380 wrote to memory of 1836	380	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://github.com/pankoza2-pl/malwaredatabase-old"
1⤵
PID:2072

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2896

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:1288

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:380

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3108

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:1720

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4772

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:1836

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:2720

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\OBUH2B2B\edgecompatviewlist[1].xml
Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\QUNGP766\suggestions[1].en-US
Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9T9NWRG8\app_assets_modules_github_behaviors_ajax-error_ts-app_assets_modules_github_behaviors_include-467754-244ee9d9ed77[1].js
Filesize
16KB

MD5
2f497796c4a1138fb344ef33c095e8a0

SHA1
bb8354facfc9b52a56d8e3b49b5bed1398dff197

SHA256
3bcbc1a7a6f8e83c9febf9156ad3b5baa19f153a76f832fdc211a1894cd72ec6

SHA512
244ee9d9ed779dd0dd2c7b846c0699ec84e675f1ff0bada75d599488b5330d14174063fc07ac8938cd1da53163c3d18b2d8c7585c651472737224a21524d116d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9T9NWRG8\app_assets_modules_github_behaviors_commenting_edit_ts-app_assets_modules_github_behaviors_ht-83c235-9285faa0e011[1].js
Filesize
11KB

MD5
ea2f459bb2eaf606a6d110bb721f8c85

SHA1
0cfc1539816ee68e0ccea2f32fb4191bb8b05224

SHA256
3c0095ede9f86618b394dcb281a35c659330ed3532ff49cb699c4f95083a912c

SHA512
9285faa0e011208b72caa43ce51dd15a03224c73810ca9d549ab21c344c2c96f7b6bb31b86e922858cfe6cebe6e3b09e7dc8fa35c6c78fd7c44b6c919002ad02

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9T9NWRG8\app_assets_modules_github_sticky-scroll-into-view_ts-94209c43e6af[1].js
Filesize
9KB

MD5
ea01bea08a155fcf33ff2a18fcd0ecb9

SHA1
1f58607e282514d7a1dddf9aeb2b91bc5f5fe7dd

SHA256
ecef9a63582229cec2ad4531de2fcbe4098fdbac1ff41d7ad269fb47b3ad6352

SHA512
94209c43e6afe456a67e0fe26ff4f4bc8982137138891fd2aa1660150c4e03333187d63292ebf0d5aee64d0c5f8f0e40421e21923e7588d5213d8892e8a207eb

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9T9NWRG8\global-bac48eb8df38[1].css
Filesize
281KB

MD5
0e56d9d189c268778fe7030a4b8b0358

SHA1
ac3f269a1a604016cd6e560774a35b1c0d26f12c

SHA256
ca1234404867bce0887bb79bf3fe5e22bf4280482ddce587cec099f968f7aeb4

SHA512
bac48eb8df385b65fd50836691b739a7c957613e2f0efcbb455a4202acff6e68dc382618d7bbed24e4eb064493a2905ccd962e4df175b34dfb5eb5c1909a99aa

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9T9NWRG8\repository-6247ca238fd4[1].css
Filesize
27KB

MD5
0c6e7f9ad3d84702fe070a9dfa3e400e

SHA1
b7779f1b9dabe9a148255f6f6f98ca8545ac4017

SHA256
07036a0205f8314a3f5cd3ec9eeb44872b79c2418efc20f0945b0ac5c6a83199

SHA512
6247ca238fd4503095653dabda8f9e5937cce5091ec403d8e613dd2601db2b9425d103bcb389fb507fd0cc4a205711c2abb8a7011bc411b65823576a39f355bc

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BUNA34M9\app_assets_modules_github_behaviors_task-list_ts-app_assets_modules_github_onfocus_ts-app_ass-421cec-9de4213015af[1].js
Filesize
14KB

MD5
f773d7682704ca9858b63b87f67919c1

SHA1
edcb0120ca99d5ddc395fae4bcac301928f49ef0

SHA256
0b6e667cb5fae47ba109488f66ca4a2f3a55a80f25cda4ca17db228b3ef3464b

SHA512
9de4213015af6aa07708f102ee75a6092518d4ce61198db20c67def5a37ed0b924bf0007bb23535aa11da61f818e6d80c7c84f31b8f4e76c5413fc0086850d9e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BUNA34M9\code-111be5e4092d[1].css
Filesize
30KB

MD5
7cb9080aa576934b53486d3746529970

SHA1
cb9ad049ca59d0dc0095470fddb2bda8798211cd

SHA256
9850beb3ebe2c31da0ece9d1a823e5e7d26983626c6e2acf4210d33abf6660c9

SHA512
111be5e4092d831d8e068ff4b6d2be94cbccb5bf92adc549a6c2506c4712ac177d15a61b56bce1919a2bdf9bb66d4a24b805db3aaddeb86823912d1df805f2fd

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BUNA34M9\environment-27057bd9ed0b[1].js
Filesize
10KB

MD5
43b5b0f77bb997c5e00aec7f8154d714

SHA1
51dd494d33f44bdc80bb21c0eb588dcf59c7728a

SHA256
c6f0203009406dbbbca86adcfada464fe0ee23b8f6e315391f0b6d71f9312373

SHA512
27057bd9ed0bc44f5980c3e1fdadf78082ff0b220549f25f7c365ec23235f628f78a456dc6a39e7b687205cc19870b6bb0e3e917f478b1df2221dea7e9961c45

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BUNA34M9\github-elements-369bd99876f6[1].js
Filesize
36KB

MD5
176b73a1c398b5818ffd837dbd08a6b3

SHA1
149a7008385a4560491235ddd250392923799064

SHA256
26bd3d276577494c2e072fdb2a0cf439e25da8e11d649dde43a6744396d48dd4

SHA512
369bd99876f63e0c2b7cdb8137f15e92938d7d13d61211de5f1966204ea139971894223488f15266d7a7ed2811d9019cd0bfd6a81d747851df0487333f084c71

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BUNA34M9\malwaredatabase-old[1].htm
Filesize
452KB

MD5
1bcd050b1ba716c591b1c8b41cede19f

SHA1
0caa53540d1d72ce7b6ce3e0946435394e01bc70

SHA256
501a78fca6e45279c7e24ac775c6949ee74b5f12320202469e18c6cf5f447a12

SHA512
86070197dd710c9beb45d404d3f4fbc1b62ca6e550bc95d07ced1a9996e2c25256135d71c484bdea5bbd9bcfca47aa7755945ea2fcb889d3806bdb2ed1ef1849

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BUNA34M9\ui_packages_failbot_failbot_ts-5bd9ba639cc0[1].js
Filesize
8KB

MD5
2cc38df3d042ea1511d209eb9b7b4146

SHA1
ca78c51f61c94ce4f3eab3bbfd74f8e0cb1f382b

SHA256
cc22d1a222e441835b520e01c2e4b1fc70d8d1a045c1efd1afaf1ceb2b1e58ac

SHA512
5bd9ba639cc0bbb8644568d8826867bef58179e39f89934adef29eb7d49734127cf55389849c9ab718e3a97cd5415b666ee193000d0107c5471b6676d2f4a03e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BUNA34M9\vendors-node_modules_delegated-events_dist_index_js-node_modules_github_auto-complete-element-81d69b-d1813ba335d8[1].js
Filesize
31KB

MD5
f01327c1bcf097a13d17356366e29fc1

SHA1
d10dfdf6d45659d5116e81fdf1c119b3fdbe17c1

SHA256
8c20c9903ada8a80f2186e5e1102f44326754c57d89caa9a9c46dd0a3c15bcf2

SHA512
d1813ba335d80383f4eb08de1e7892f8da0128169595886e891d59fe992d6d0d438fdc640635d8ac89077648a44fe7ba8bbe611848ebb743c811364ab1d915b3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BUNA34M9\vendors-node_modules_dompurify_dist_purify_js-6890e890956f[1].js
Filesize
22KB

MD5
80fa30c00e347b5bbc8b7ff9dc2c9f44

SHA1
d085fe485ada77814949e92fa9e1b1eb05ba5eda

SHA256
be77c75cf182f1830d0f90b8d7aee460f0108c6e7f5a143a524f709b9023c80d

SHA512
6890e890956fafa8187511df1ac3c80a5b8d56be5ca989da251741f59c8d1186c0efa3d374f113b0ebeda124b78dedd106ea97f487ec04cf2a012e7bdd1048b3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BUNA34M9\vendors-node_modules_github_combobox-nav_dist_index_js-node_modules_github_markdown-toolbar-e-820fc0-bc8f02b96749[1].js
Filesize
18KB

MD5
1908a7d9985e9540b3f6fc047f62b729

SHA1
25a06882e338da16bbc59797925ac6086141f478

SHA256
1b92b8a1d5169e64edce1fb248cb5989561060b083e5f05b6ca2a823b748a946

SHA512
bc8f02b96749a7ec00a92334c4964a4255611b23e15b88a9fef73fce2b55e32bfefa7f4bb89d436685a92fe188713790b9154ed79b5d7b3690a3ace68346cadf

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BUNA34M9\vendors-node_modules_github_filter-input-element_dist_index_js-node_modules_github_remote-inp-b7d8f4-654130b7cde5[1].js
Filesize
18KB

MD5
21c56e08d54cacd285b71cb9822e4510

SHA1
f1e2472c4f75565e065a222d4d8230e4c3eaf2e1

SHA256
fcdf8d456aade47c524428bd32301c8e07d3535d2084e0cb0bd13b67fa5e6430

SHA512
654130b7cde50138e63b58f5339e703d43c6719a508b45a0a168777cb1ab5f204d5431d854bdca627da0ef3f39cb9d699b3a7b7f8cba0442ea2f45d9d19ffcf4

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BUNA34M9\vendors-node_modules_github_relative-time-element_dist_index_js-c76945c5961a[1].js
Filesize
14KB

MD5
2cabd818fb8745b2fc7d5f92594269b8

SHA1
88108fecb3839f06671c2a21e35163e0e414b2b0

SHA256
55cdbee6ddce98f5c299a24fb9851501f46ff0cdd2ef3b2f7bb572a3940b462d

SHA512
c76945c5961a4f5b2cb1f85bd3cbb35d5e81f611c3ba05543acfe870728e94e9719c9331b65f4c2c8723960c5ac1e9cac0495a892f049b41ed3ffbe899b93700

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BUNA34M9\vendors-node_modules_github_selector-observer_dist_index_esm_js-9f960d9b217c[1].js
Filesize
9KB

MD5
683a7fe431bded8fbbf7b5189a1b8209

SHA1
2fb527473877ea06ec6b023690ce933c216c5d07

SHA256
f87c5b59b8f353c8762f2e44e1f82feafab882a96a0fad135dc6fc1555872ab3

SHA512
9f960d9b217c457d467a9510dd9797c4ec9df9a892c0a3e1746b2b87dca8ec191dc901e983bc509bc282004967b6fd588dbff5bf70bc7e20a5ca32bc7f1d772a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BUNA34M9\vendors-node_modules_github_text-expander-element_dist_index_js-8a621df59e80[1].js
Filesize
11KB

MD5
da04614ae380b68c111984f401413fc7

SHA1
7ca0dc023ca0b1654d7c8630b8a05534e156d03d

SHA256
85fa448f4d60be73de2f42a83937523b7b751a4523b809fe9e3edb404e00b835

SHA512
8a621df59e80e8851a8cf3db03462095e8bba43a860b1018dc66780448e82d19871be99aab995fa57025db8b7f8e975eb0595fe2c59ca23d984b4d21d5031aaa

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BUNA34M9\vendors-node_modules_oddbird_popover-polyfill_dist_popover_js-7bd350d761f4[1].js
Filesize
9KB

MD5
b6b600c9f1dd4c88024d62e6ff2eb871

SHA1
5a22091378af6a681a1edd36e5337b9b6f70613c

SHA256
447a26cbcbced255f24f46c1e82a6f3a4de3b2a44d4b0ab7b6f427b12f783f8f

SHA512
7bd350d761f4f22866b454b1271af79ef5d23f5d1b8cb0598c34f739e3dab977450d61d01b8a0c135fff309389f712c0114e9cd6e844d2261d2536377b71b838

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BUNA34M9\vendors-node_modules_primer_behaviors_dist_esm_focus-zone_js-086f7a27bac0[1].js
Filesize
8KB

MD5
6822816845d932c1e93f68372f005918

SHA1
1dd14a539530e8d131ce29be5e5f84e4098b6a15

SHA256
14d338ed3345cc8d74e239c812aa37eeee6126bc1ad8a17e4e2cf6ba8ee0adee

SHA512
086f7a27bac0d285f5e0c849cebac7176f86edb18037d8ec4356c2b8892fd3f47e045f857eb673b213661eea17441192cdb7a76c807c2badcecff6b7901aba92

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BUNA34M9\vendors-node_modules_stacktrace-parser_dist_stack-trace-parser_esm_js-node_modules_github_bro-a4c183-79f9611c275b[1].js
Filesize
13KB

MD5
0ebf88b18838ca3926ece77027c1a096

SHA1
0f2edc27f5a23e5c2f699443c0d6572904b7bfd2

SHA256
452a443efadf60da1b19b9bf50d6cbbb25ab9441a3e9fe73b678d9cd486d80b6

SHA512
79f9611c275bf2087d6b063e2f4bf13feddab30c494b7bc968169fddf15a451aa26fe231ffe9e2eb4b9923477528ce638f5688cf4930953d372df69e822ffb44

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BUNA34M9\wp-runtime-0cd84901df3a[1].js
Filesize
37KB

MD5
2d7d88044427f18b6ac1aa22e2cb471e

SHA1
129f5ddabb90e0173518ee1f6f6c1bcfc222d8c3

SHA256
2f446e702affdf7c110881a80196a0ce54977b2dc78119d9d2af579270c5dc83

SHA512
0cd84901df3add32de1ed1d5755ac7c15a4168c1f92753dc0318d073547888d4c02036398e68394114f1cbeb2c259fdddfb7f5b3a8677158f261184990446dcf

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CHJWJCW3\dark-a167e256da9c[1].css
Filesize
110KB

MD5
16bf89ddba1dd57f22db711fabe734a4

SHA1
957574454d6cf7418b7ec21ee68b9f6cf9121ea5

SHA256
9b8c1638bd260c5ffc8f57ce371ef17210117aae67ffce5afbf141feec1c4c53

SHA512
a167e256da9cfd581c6d23cf0e71e8df6f863b162e9d1f8d32baf91adc0f89b7d75f059061ac6b643230821b6a82bcfa356bd64758a2f337e95cdceedaabdb09

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CHJWJCW3\primer-f3607eccaaae[1].css
Filesize
347KB

MD5
aa14b91e78576904cc27fcc1fb407bd7

SHA1
ecbe3f65eada869feea2678b1312ba091c3347b0

SHA256
ba88d30d22342da0c2a4097ce531a2f264a05d9033edceeab7ac1346c4e8aaa4

SHA512
f3607eccaaae57f9bebb96232f5a873d9c0a90602702ee9021cea9aec54c0e6bfb3588e9d35507e515220bdf2310b94569d18bc92479821943b043b1819b0ca3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CHJWJCW3\primer-primitives-366b5c973fad[1].css
Filesize
7KB

MD5
c3251b92f88319086a74573c98ef2cd8

SHA1
2dc7efd06dc7b292579a74ea171ce24dfee83dc1

SHA256
90cdd286610f3f9cb21194bde1233612d62a5cb973c901a04a06febe9b285488

SHA512
366b5c973fadf52874e0d26742cc908ef426910f5b9e92a053e84382145fd7d3672a9edd392cc26dbf69a26e2bee200016ecc59e6c396b95d5e1a83887797ca4

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KWTDQ0B8\app_assets_modules_github_updatable-content_ts-ee3fc84d7fb0[1].js
Filesize
12KB

MD5
8568ee8a3f6ca40d50063e6117203449

SHA1
f6bc7546660c0620ecb4a7623422aa5093a6286e

SHA256
38a6c70a02478f5a269fe219c2188daa0c154ef09305762d3dc71c90a3ef986a

SHA512
ee3fc84d7fb0fc03d42d2bc7fe780718e9794ee64b63e91d8c59d5edc463cb35c63454fe62ddb3083fce463d9d281855deb5b59da883cceeb96109d07e081fb4

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KWTDQ0B8\element-registry-fb4b8d40f206[1].js
Filesize
49KB

MD5
8a624737383d86d3c341e0ff054792fa

SHA1
53f695a66332314db5778f94146db8ebcc645994

SHA256
d5cc3eeb619ea08eb90569b55afeeb250b13291dce77335a75acda513e572b55

SHA512
fb4b8d40f206f2fb78ca6871324981d0c2f04859e7067547b15c5d379a1cd07b5624541cbe1880b599cbd6a504ec4db1e91b829dfda8770a9d11a4208d21581a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KWTDQ0B8\github-19c85be4af9c[1].css
Filesize
116KB

MD5
08a9321c7a5e7988158d86b61b4a2a80

SHA1
890c5a4a3d8af53b5ecaf2efa13b345ca3233a77

SHA256
08754f9acb163a564c71c8c08b9cf03e9912c486ebff08f7ea376b74742eb361

SHA512
19c85be4af9c4eb8e532503ef3730d233318504d8b1f5f5b535bbd3b067e5d072072500bee3b65b1b91b0ca7414f4f21fa6e79365cf19ea07a98e527e1c00b3f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KWTDQ0B8\light-0eace2597ca3[1].css
Filesize
110KB

MD5
c98edbdc81b370dec6c1635959f3e6d1

SHA1
fc7c9fd6033bbc608ac6b77b5b481c7bfe162e75

SHA256
7214039084d73a8ac3457904dce9dba06f30e82c1b62bf186e791502aad5c41c

SHA512
0eace2597ca30668d561697e3275158ede25e98bb9af70b059f8a1edcd139ce4910c9e04a1d739918615d4042fd4c5d16f6d5ec0983c9785537f55aba10cb64a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KWTDQ0B8\vendors-node_modules_color-convert_index_js-72c9fbde5ad4[1].js
Filesize
13KB

MD5
c706ad84a4eb261b75d1f77ce7f9bdc8

SHA1
497a9725442e7305adc54d19b828b2e38c5c56cd

SHA256
80b561c1746ef1533744e7bf7ea3f6c721a88a104d665bb97ffa8df96e69b682

SHA512
72c9fbde5ad471c76b76034459d0d75db00cceaf3904a14c01dd9dd9167da7f783086b79c446b24ed2630c9cebca1996b3ff8ea52dec6c865f173c8158962be6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KWTDQ0B8\vendors-node_modules_github_file-attachment-element_dist_index_js-node_modules_primer_view-co-3959a9-68b3d6c8feb2[1].js
Filesize
91KB

MD5
d7b0a22391d15ba9db521b44768a5d7b

SHA1
98b1702262a217a3c201101e3ead54ef6ae368f4

SHA256
034108e0ae8475ffd13b7b5b842f59975e5473198c9538c91aafdfd342ed4e51

SHA512
68b3d6c8feb272e28b01e2c4ee9b743bb86399300ff34573367cb8d4112175c4fe552e87232d6f021124f02d2a6f9774764150d2ffe2ef90b540767d976b1ef2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KWTDQ0B8\vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_github_alive-client_dist-bf5aa2-5a0e291a0298[1].js
Filesize
13KB

MD5
04f1546514c5eec6a28b777b1bae7288

SHA1
bb29d0448985672691f54db4b8ccae86e8b13536

SHA256
6e36dd93eac542396395339c6eb0d1118ee418e37e9076fd819bb50150ede956

SHA512
5a0e291a0298eba972eec6ea8b7f818b7c8f1c821198f09983dc1d029e70a35dab2e51a0860d5dc359c6befdd7eeda4737e5bb0ef9eac504cbf61c9362b93748

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KWTDQ0B8\vendors-node_modules_github_quote-selection_dist_index_js-node_modules_github_session-resume_-ff65ee-c202d20e2d3d[1].js
Filesize
41KB

MD5
0a5c8c2fb52ab19ad25161951a892959

SHA1
c6755ff9d94cd6f0e17166b95892cf0bd7e5a6fa

SHA256
00db91bb25902cb212fb700d2954b40c4dfae8fc1f6af62aede5d01f22efe213

SHA512
c202d20e2d3d21eaf0b2e6de2d17c0db8928c36440291c34914978d5fff6cf7f4ee5d16c18b19b29678b31435bcb44d0b48f97d3f0ef0a97df94a8c9f10cd36b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KWTDQ0B8\vendors-node_modules_github_remote-form_dist_index_js-node_modules_scroll-anchoring_dist_scro-52dc4b-4fecca2d00e4[1].js
Filesize
14KB

MD5
3c93d840bdb31e2ecf2db3a18d74ecfb

SHA1
9dba0310dd02f294a15ce70e9dcf15bdd931b153

SHA256
90811a711184795bc02f4d5c428192643b5721937943c790e950e9e353cdc310

SHA512
4fecca2d00e4933afc4ec27c376010683c3e788034515793c7a275a9c7d60f742f10850f108fea397f221436d2201f671f6416a4deb5fc3cbebccded871f979d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KWTDQ0B8\vendors-node_modules_github_turbo_dist_turbo_es2017-esm_js-c91f4ad18b62[1].js
Filesize
75KB

MD5
8d2fd700b674b265b884566f9e1a68b2

SHA1
b0071dc74ec8602aeb4d4063ace590e7dc26ab6c

SHA256
8d303394176f2b0cb950c35e71caa07a94141a3625c75d8b5da9f42f9a1bd700

SHA512
c91f4ad18b621b1321ca15512f94dfc9b7759ea2d0a150e0d4ec12c62ace6f5d01e60b991f0f1fa523b96ff9e0174e89a5c6496a6df15b61e57f232f2fdae967

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KWTDQ0B8\vendors-node_modules_lit-html_lit-html_js-5b376145beff[1].js
Filesize
15KB

MD5
81628c9093236d8e3cf835f708c30608

SHA1
846b10531dfca6510051fc43abb8f9b5647a0433

SHA256
daf381c316a5988c9116aa65c5816cbc8a958211b4c0b7d989ad6c9645757902

SHA512
5b376145beffca1bfc6b0352c08819609a974b6170848699421208752a63f057869e0e4ddd23797b3a0c281c276d7fae580cf41bb5465c632aee58524b21e7ba

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KWTDQ0B8\vendors-node_modules_morphdom_dist_morphdom-esm_js-5bff297a06de[1].js
Filesize
4KB

MD5
11a69b0651264a2235a7059e9e677227

SHA1
a467270f0455de4ab13fd33856a5341e38aaa6ea

SHA256
3316d32e073b0f756d7e247b00b1a016f421973c50f1e3a9ce9f5b86e975cf9d

SHA512
5bff297a06dec294d6d6eb1f52edf99e69871f6325e470c4792283524e0f65fdc701c1dd9c962f49cb42276cd108e7e4a71573ff575c971add30616c24101450

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KWTDQ0B8\vendors-node_modules_primer_behaviors_dist_esm_dimensions_js-node_modules_github_jtml_lib_index_js-95b84ee6bc34[1].js
Filesize
8KB

MD5
913a77fa8f878b5f1b7bc5c3c53daa45

SHA1
e2f68e5c24e77ab985603430e9666fc1718cadf7

SHA256
69b7ef034ddc6b605311ca503ca24f54de1758816ef270a160315ed71fc3d7e5

SHA512
95b84ee6bc349a259aa1a1298245ff5edb5cdd1b6f5013e0c5eff8059c1f90125e8a1457c40c54ce103f4d18160a55cd7084922ae283bf00f8b425cffd1efa48

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\TH2PJT4N.cookie
Filesize
169B

MD5
14ab6c0b0a46492898605b989bd30063

SHA1
49b340f9b78a910824dc2b66ca9afd0d8fcad474

SHA256
b35c10c04c17c638afb72a200921b8b0c7546d4c7355cbe84cfb0d2e23d77ede

SHA512
449339ca0b2ae7af763fadaa7b8cc7e6a417cbe45cd028b721cab054a09322ce19ec8e8416a32ca4415f790495da0ab3b7f85044ebb5140a6dd0123458708859

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A66A8DB907BADC9D16AD67B2FBFFDD5C
Filesize
281B

MD5
32d43c5bc896ab350a0a04363dd5f22a

SHA1
3b33426a17c96637706b086a5ba152f3351247a4

SHA256
6bae4dcefc0f613681a40affe112e45ddafefd11ab1453e0fccee27c4dc64a55

SHA512
9f34f92afa7511ad794368626b3c45b9d1a3fef1b72aa644edbb9697512a35d7187996c1ca0a653ba659ebf08be798a5ba2253e2f27a1aeb90ee428ce0a714a9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
Filesize
1KB

MD5
b9d88f3a11f75b1e077107b2df4bf91e

SHA1
748ffd1eb9cff9042ddede0283125a1a0c5af7d8

SHA256
c8a836d8796ea91ef3fb9e85816a9764afe0f0b7367cede2960f02b4ff5f311f

SHA512
d15e4833e8185c6ed5ce06bdf0441b8a1b483c69cad12b45b372a0bf10524e670ef4ed7f749e6ef41b33ecf6862bc6ebe50a0b6c601219a81f9149513bb59499

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
Filesize
979B

MD5
4c6562b12e055dec9b0eff2c5a84a482

SHA1
1a06ce8140f57b09f2f47f391c14b5f55b1cc563

SHA256
6140d788c14c7204905c963c12f0a77dd53c301d709a8a8a438c7400f14c7e8d

SHA512
7e2dde0b1642c073423170c0ac4d171ee2371ed28d7829987983da4f1c443462212e3d320fada7a22fda0c5023f121d5b8acce012c4550d66a458f81ea19a864

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A66A8DB907BADC9D16AD67B2FBFFDD5C
Filesize
480B

MD5
f280f944de644f878866e51fff98bdb9

SHA1
d09d180e2381ccfb49884ae08abac0c75470c29f

SHA256
c2d7381de133c7a2405f4aa185c722bf1269afa4f9d4be19d6a050ceb0e3d9c7

SHA512
489e51f58090d37924cbe90bfc42a702206818eed3dc25d853ce2e537d0a0645c2b88d8d186e799dafb28c80d8ec7df0e9ff91a51db5051de9f9dba547269776

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
Filesize
482B

MD5
ccc325447b563447202acabcaa706fc4

SHA1
e47ebb7758800a13e2c0cff5a7522d39c18e1132

SHA256
d0eb09f129e0a0fcf448516ce7be479f83d4327b44c5d463c5642b6ce65e38f4

SHA512
041653ab03c125bb47394bdee7485fce0318921d99d759c29c231dcf7c1bd1fda00218fc07e09f14d523fbe986a81a5754840eebc6d1523625db2fb19f6df95e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
Filesize
480B

MD5
69d1ddc14b329bbc53f58ee27d20def7

SHA1
c4ba4c63ea89bd80e8361931d8ad5627d52dac7d

SHA256
922910441878767127026b4b5c5441286cadf21937694c2a434705c5c581a317

SHA512
8cd6255f8017ba373723a635cd9d30e2b2b869c8cc72fd34c38059597767a4004cb3c89d0f32b64f57dfb0a0b2a5f66d113854dbecf9c505acbd274429109111

Download Submit
memory/1836-221-0x00000257F64C0000-0x00000257F64C2000-memory.dmp

Filesize
8KB

Download
memory/1836-213-0x00000257F62A0000-0x00000257F62A2000-memory.dmp

Filesize
8KB

Download
memory/1836-215-0x00000257F62C0000-0x00000257F62C2000-memory.dmp

Filesize
8KB

Download
memory/1836-217-0x00000257F62E0000-0x00000257F62E2000-memory.dmp

Filesize
8KB

Download
memory/1836-219-0x00000257F6400000-0x00000257F6402000-memory.dmp

Filesize
8KB

Download
memory/1836-223-0x00000257F64E0000-0x00000257F64E2000-memory.dmp

Filesize
8KB

Download
memory/2896-0-0x000002143D520000-0x000002143D530000-memory.dmp

Filesize
64KB

Download
memory/2896-35-0x000002143D900000-0x000002143D902000-memory.dmp

Filesize
8KB

Download
memory/2896-239-0x0000021445A00000-0x0000021445A01000-memory.dmp

Filesize
4KB

Download
memory/2896-240-0x0000021445A10000-0x0000021445A11000-memory.dmp

Filesize
4KB

Download
memory/2896-16-0x000002143DD40000-0x000002143DD50000-memory.dmp

Filesize
64KB

Download