hxxps://dash[.]dimayastrebov[.]website/

Analysis

max time kernel
120s
max time network
153s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
20/04/2024, 22:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://dash.dimayastrebov.website/

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 9 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Next Rating Prompt = b0d05e591ea9da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\www.msn.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.msn.com\ = "189"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "2935"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\bing.com\Total = "0"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "5077"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = ae6610347293da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\NumberOfSubdomains = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = af729b747293da01	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\Total	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\NumberOfSubdomains = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "799"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\bing.com\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\msn.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "847"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 61e675767293da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "124"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "0"	MicrosoftEdgeCP.exe

Suspicious behavior: MapViewOfSection 14 IoCs

pid	Process
5116	MicrosoftEdgeCP.exe
5116	MicrosoftEdgeCP.exe
5116	MicrosoftEdgeCP.exe
5116	MicrosoftEdgeCP.exe
5116	MicrosoftEdgeCP.exe
5116	MicrosoftEdgeCP.exe
5116	MicrosoftEdgeCP.exe
5116	MicrosoftEdgeCP.exe
5116	MicrosoftEdgeCP.exe
5116	MicrosoftEdgeCP.exe
5116	MicrosoftEdgeCP.exe
5116	MicrosoftEdgeCP.exe
5116	MicrosoftEdgeCP.exe
5116	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	4196	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4196	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4196	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4196	MicrosoftEdgeCP.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
1184	MicrosoftEdge.exe
5116	MicrosoftEdgeCP.exe
4196	MicrosoftEdgeCP.exe
5116	MicrosoftEdgeCP.exe
4232	MicrosoftEdgeCP.exe
4232	MicrosoftEdgeCP.exe
3204	MicrosoftEdgeCP.exe
1836	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 5116 wrote to memory of 2476	5116	MicrosoftEdgeCP.exe	77
PID 5116 wrote to memory of 2476	5116	MicrosoftEdgeCP.exe	77
PID 5116 wrote to memory of 2476	5116	MicrosoftEdgeCP.exe	77
PID 5116 wrote to memory of 2476	5116	MicrosoftEdgeCP.exe	77
PID 5116 wrote to memory of 2476	5116	MicrosoftEdgeCP.exe	77
PID 5116 wrote to memory of 2476	5116	MicrosoftEdgeCP.exe	77
PID 5116 wrote to memory of 2476	5116	MicrosoftEdgeCP.exe	77
PID 5116 wrote to memory of 2476	5116	MicrosoftEdgeCP.exe	77
PID 5116 wrote to memory of 2476	5116	MicrosoftEdgeCP.exe	77

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://dash.dimayastrebov.website/"
1⤵
PID:2752

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1184

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:2136

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5116

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4196

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2476

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:1100

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4232

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:896

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2984

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3204

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1836

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:5036

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:3352

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:5252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LICIZUQP\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D6T1LJPV\warmup[2].gif

Filesize
43B

MD5
325472601571f31e1bf00674c368d335

SHA1
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a

SHA256
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

SHA512
717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\APVTPEAM\www.bing[1].xml

Filesize
97B

MD5
f7d85521d02e0b288b58cf2349eca0c2

SHA1
4ab6ed86444650334d1a842882346cf82525d9d3

SHA256
187cccbac1907b2826a5fe1f0c555ae9f8c729b97ad0e1cc5426387bf36c9307

SHA512
39662cca0b089e4635fd4916d4421e5f085684f306ad104a2d34e52e721ced51b2dc7fe40096cfd84fab28fa6c27ee45f84c8895bfb0027038162df8e8defbf5

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\D6D2ZJGO\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF53BF298C5B9B46DB.TMP

Filesize
16KB

MD5
651946e356369179f2d0756a6ecaff86

SHA1
811722b7ff465d9625b0ede9241e82388fe5af4b

SHA256
83704d7a1895456e0b57ca2aa5f0a2d9309409b95afbda0328f991600c2f00e6

SHA512
a899f01ace2290e76f56e2093ef6b8073cfbfc5870c814dfaee20731cbcac1f5d482654edddde58a5a6c7e7e1f2ac9addccd5fe4b02e60a2e4a9e5b2dc1310ad

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CE46T2S8\chart[1].js

Filesize
200KB

MD5
b4f9e2ec56fc1568a5ca4c0660f690eb

SHA1
14213de05607ff15e26cb8050da47f3fb235d026

SHA256
08dfa4730571b23810c34fc39c5101461ecafca56c3f92caf4850509cb158f30

SHA512
b192e27f4da939875648648ed7c1da92f486191eea07e77085538494526b5d02b8058522df535c4f20fa6a1ee25941f39fc7b93d1a8b3237c516bb6df10a860f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CE46T2S8\chartjs-adapter-moment.min[1].js

Filesize
1KB

MD5
1557afa1c5eb0c372314813bf7a285e3

SHA1
c25e79fe160cb39164d37e58749bbe0e03238830

SHA256
4ca6ddbc16c438c7decc60f16fbee9639d37277af609390f7794eb2729addb55

SHA512
855cb82b108a8275e2da893bae59e53e66b82475c8d553d079e9a9a1a7255751b0447ac379a8ae4b5a48e8356575a8f9a21e8ea72d9727609396340b3e468cad

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CE46T2S8\moment.min[1].js

Filesize
57KB

MD5
5c158b940513c7dc2ebd901455e9b63d

SHA1
f992a08c86f88b10abd35fae20d468ec52c824e6

SHA256
73de4254959530e4d1d9bec586379184f96b4953dacf9cd5e5e2bdd7bfeceef7

SHA512
a935d120cc992056fc89071f8d75823bcf8ce536dcdfc422e56cdd3ce6191c8959a730471b72f76f2f3804104e8911a211beca2ad00e02ce6a61d52266240d35

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D6T1LJPV\O4TC48MG.htm

Filesize
2KB

MD5
f557f3a9adf4aa78eb9bd0abb0b1de8b

SHA1
223e69539c94593a1096d46fefadb20b97c422b9

SHA256
4045d2fb1d5858cc25bb12be58f51a332f3716713d410ae7096748b8ae693f98

SHA512
8adc4d24df98309481c773c30d04aa9fca554f9a558dd46c086273ccd645e7b315d2d41b14da9f4b54a862f40c573de72564661f83816ace66bf4dbed6a89bb1

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D6T1LJPV\client[1].js

Filesize
3KB

MD5
b67a1abc31d54daba8f2d4cc9fec9cbe

SHA1
eefc64be5ae9dead2eb43444c11bed1280210b37

SHA256
e6971db8743d5b8b3c7a727fc51b24928cf07f28faf4e081e9fa363939a0d7fa

SHA512
447ddc59300c90a3bdcc20bb2d0b34914d6e7e58fd30dcab92e8af8d9070fb66c56d956b20407e16296f733cc940999822d453ff49d67f292a8fdc26eed45135

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D6T1LJPV\style[1].css

Filesize
1KB

MD5
ec4f5967fdfca2034923e2be5ce52871

SHA1
f1c727e14492c415dfae2a6265f9d2b9a9732c46

SHA256
e8436082b08d113ffbfbf0cb404c7fc3a296fc69d2ff22ba2f7f83f71fc46f67

SHA512
fb090ec3271b1bb9c4a029c5f76ffa991de1b125176951709078802b13ee465f7027336e58cb22553498d16dcd4b7278e65a5c697287e21cf3d6e49f63765c67

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

Filesize
717B

MD5
822467b728b7a66b081c91795373789a

SHA1
d8f2f02e1eef62485a9feffd59ce837511749865

SHA256
af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9

SHA512
bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
1KB

MD5
d33c2b182036b230ec05a398dfddfd4c

SHA1
ec52dfa6e44121042d644fb1c75d3d8d1ec99a84

SHA256
332c4dad5a7df120506aae73b22df501eaf3797449bc3821b94e90d2ebbb908c

SHA512
0cf2dfef347f5ac14e272751eaa8704fe9c63d07d441d3cc6921a4aa8cf735c897ae446d2727ae18168bc4a0d4fbfbbc0fda649f326f5352708db6eb8e8923b6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A783E38A3DE46E9B131D54C627300671

Filesize
503B

MD5
66f052f94b826815a83b77322b3c8e34

SHA1
cdb4dd44b74833c754a7e253e842ed9bbe1728b9

SHA256
d362a7c4585806015c3220055146297abd36afb245d339dad061d79b338e4162

SHA512
41b8e9a97613367c04addfcfcfab29fd8d80dc4a579d31cb49984a183bf02ec216c46a1acb92ea109b956bb69bce43f5e737114d4ce5eb835ea73f37444d0380

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_39B106F123768E115B76BB43FD900961

Filesize
1KB

MD5
6f3f2a817bd368d579d149803d4f6b79

SHA1
9d9eeeecded394f87e105f4b56c29ff13a272476

SHA256
d67d0157e6968b0691fa4e65ddf3902f0f9d9fce05bd86673271740ec7c42df0

SHA512
560ecba3cd2d7bf6663616ff115053fd636b0999e1fdc1d2574cd7f982595c03eb039a0840c23c71d53152336625696dd71624b067d989e5bc53c617bbf87ded

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118A

Filesize
313B

MD5
0548bcf9e3241305b0e6872df430efd5

SHA1
192ed60c8c4ac6f84bea4a738ea9d5b78347c315

SHA256
890f1ab573dae67c569d431a07714ddb2d4e05f51188a41b0164148e6daf3f25

SHA512
91ba9e35044b2ee6109502c962e8b134aa3dff582d92629220b5ba985b1e1ea14cbded231ffb734636dfa14dff3f132cf241225596284a8b0433f80e3ddcb3bb

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

Filesize
192B

MD5
396fcecfaafba4cb5878c9df20c068ec

SHA1
0618630b4cc52b29dd3af9c894219e215cfc4deb

SHA256
680b7ecccf1f3b9497a8ef17c31de4c90819f2d23bd7c862cc7fc9e9fb74ba9f

SHA512
ea59c8f26bfe20d775f27b73ce98d2b90d1552cb31fd33d1cb758fbbfa6a635c8925376900663c661b561b2ce1c55ba6ec981da85937b59ca97d37fdc00c37df

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
408B

MD5
9fd18bb00a95e2aefde5b91ff639f31a

SHA1
e32b83f89101e06bdaf59a486ca0ab4971162969

SHA256
1617d91c94364fff034c9ee58761aef86506f49ef4f1467721d41848b80ab87a

SHA512
87678f93797dbbe307bd1da0039f9f2c3bebf8a1a554fcd8456e9ba4e52105fb1f23816f430221342739f6c3739c1a2067312eba31a101a5e58e942a882eeb38

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A783E38A3DE46E9B131D54C627300671

Filesize
552B

MD5
67c90f31c8169858b72c26fc5da0fb9b

SHA1
1fd24c57e0f973dd86da2fb34021c7a2352364c7

SHA256
1053ed4b0a762e35c73e6a142877cbbc3390ba38cfd3c76623ab1466ee4e1847

SHA512
6815a85999a32f86e5f158567d15e1c6d06f4ea3e67162176291ce63e45660f826b9e922e46a03aed0be120553ff433e0c8d425958657a08463a79ee2f48c31e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_39B106F123768E115B76BB43FD900961

Filesize
514B

MD5
83b9e0ab69647de77bb5d45b1d54ac7c

SHA1
06271644a297e1d14128bccd0eda9ff72478006e

SHA256
a456303a5a1df7b98a12cfa58ebb49d1325e7c5086213c3b52d00b040634cb84

SHA512
7b470868ef513f2d29ba5674a3dba4fd12a73891b0832846ccc43fc1b7276de49411ee8c034feb510b508df8268ee5a8db5e439d810df12027ef6540aa932df3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118A

Filesize
404B

MD5
6d6bd6282d2e96a5fb403987e1b4e054

SHA1
30d2dc70eed84d7ce3845743a8935cfbfb09cd24

SHA256
d1aa8f2188bb334c40bb01e3823dbd3038faf988643f3557c50245157bf4d590

SHA512
064bf6cfb98acc4f96298dfe55b70347d4b5c14f7890ed565eebde6622f369b61d43ab6a82b504ba7a26735899cc8a0b4b434e96a248f5650dd3581884deaa23

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118A

Filesize
404B

MD5
814411fe3379a681175f04565387da05

SHA1
39d98315ce73d64808ad5ae93b0e93a80ce060c9

SHA256
4203ec062d891c9ef9c32d57993b06266178ffd795f265770471abd574e40da8

SHA512
27ae0e3499321930c93dbc4ba4c01dd20b0f7b088e7049e094dabe6fb9f5d883064873b675c5231202674d494cb98a491ba4eb2bc8b351110c9a086e2fa641c0

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\22JDH0YU\55a804ab-e5c6-4b97-9319-86263d365d28[1].json

Filesize
5KB

MD5
b410e2b303aa0919f134a04f14eaf7d3

SHA1
21a9c8c64b5f2d36175ef32021fbc2b9ba728058

SHA256
5c770634d692eac765d57f96a59fdc34e66483ea7addaf2a81bf9261e6da7738

SHA512
1b6693c75cff3f9ce17e930f7ea5286a451dee20259b97988b23fea338622df94377393b80bbb79b65c3f25b6f6995c930aca8959d5d2d0b4d6a9e3bca7e04a9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\22JDH0YU\en-gb[2].json

Filesize
105KB

MD5
6771959b1d2641b851d0f78f3671ba4d

SHA1
0e2645a2126060a1c51bc79467e7b9de72d60026

SHA256
dafd9a3e05dc008436eb905af646f09515f79ec85def28b06516ac3d783a13dd

SHA512
b1e8c041310f62d3f24304193ba3969f53e12299b49859abe072b8a4232d5eda2690ec6d848f06c2e80d902e53f499b6370e394830b1d676e61cb43c0a1cb7af

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\22JDH0YU\iab2V2Data[1].json

Filesize
513KB

MD5
881ec6225d5d7d580dfeb205090a18be

SHA1
029dfe5644f15aa579ee1c2d13be96d53bcfdf67

SHA256
2d7455ab0cff7db7ab52eccb124284603dd0e86e77569d9daf94fe8b6a17b75a

SHA512
3e45df2392828dc4632026f257fde24e4eb703bf64083733bb4f50d70ffb4ea0e186c0f6dc6957e783471719bebcded0da962b96515e410aa6dcd961fd7354e5

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\22JDH0YU\otBannerSdk[1].js

Filesize
426KB

MD5
9407efa17b9fa09288ff833eeb111cc7

SHA1
4fba1d46d43eeaeff48b8493245e5cda953285c8

SHA256
9cfaaf4e24c9a20159123c632711d2cbb98854a66ab659a5c24373633f180d4a

SHA512
f864566e20f37099463b4bb39665a52293402d293f9bdbccdac3b6cda7db41f91ce79c34786129f84c822f2c35a7a0976060fcd97271dd27685e4f6255f70b0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\22JDH0YU\otSDKStub[1].js

Filesize
22KB

MD5
4ab1f8890d25b8991347267757b97564

SHA1
77e0c938ab737969ce4145a0f66f5218d640a0f4

SHA256
b0729bf573f57578c2197be145663a338b0f265c14bee646a7d2dbde4b3854cb

SHA512
a57fbc16f30213c0ad1a0e9bf030da87398d7aeb3217b90946293aa8aec83295a40ca6c2363d65452db4bd0d02c1fe5237bd93e037d975ffce3636a1292df9ed

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\22JDH0YU\otTCF[1].js

Filesize
38KB

MD5
ccc7bdfd4fec43bb4e2ee254705af6f9

SHA1
9a2a188ff810fd0f025266d2b65f448a5ca84181

SHA256
0881d43075354250e7ca66af2628b7f894bca339f73be5add8c16e166d253708

SHA512
93e7b2cf7c54dda5bacede673dee2829335642aca27eb36afc4a117ee38e00bbc2ee801d751c7af5cbd1c31d0fb92643a862ca710f243e4e9fe64027fa0e39b0

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cache\CVDAVEU1\ntp[1].htm

Filesize
63KB

MD5
f074d4e1410750cc6d5aca6dab28d041

SHA1
1fedfc2c5da5fed350fa746057870075f382e7cd

SHA256
743310b50d7aa0282c7c0447a5d41573ecc943fd4d623559124d3056c562c48c

SHA512
a46c4f4f58702e96442234116720ceb003a2335320ebf6492f2b39a7ad79d3ac64d783839d6d90e0705f60f92b74d3562e9c2052aafc129d5ef372fc8b2bc0d5

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\3AO5FRA8.cookie

Filesize
451B

MD5
0f5d142fad4c6f64130438f77c23aa3b

SHA1
703d50c5ea1ebd7b20fa775db2f4c65c53feb31a

SHA256
bdb11fee04718d8e93ad8b7cdc40298531c71c6539d5eb5b540d5214989a3141

SHA512
63140c3ebf3507bb01233d37be26f86cf1d23672e9200f799a18765ead1c8c3977f7f9b48d6601a4cfacf180858dd1c9b7c032e76edf2ae50dc57b2b664b8aa9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\7L7IEY3L.cookie

Filesize
451B

MD5
eccee2d348616ce832a23335aad7a609

SHA1
553b28b5624817c706402805fec09049d2e48c5c

SHA256
cb03d7d388c9a2f1477f3b7966239320f077929c2d8c84c5737011655dce2812

SHA512
44ef88ac53540c261a2ef7148704f84e28565c2b2b910f4a1e0738538ca1ced6ce774fb3a49ebe6f9834e4dd50cc0e117176b519d2c3a01063c9dd04143c81ba

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\A13QO2L7.cookie

Filesize
451B

MD5
cccad4ab64dfde72f17b20969131b73c

SHA1
2e7dc6a4cb9b370e7c6efec2739734a7e25e78f5

SHA256
c275a3aa166bc8689c7197a70b0202769b3af99b1e5160f294d9f5d34e7924e2

SHA512
b51ed25ed9908b1d4fdedca721b17014a4bf1d9e28d94eb77136d20a6695a2afb24e6407ba3e7bdaf52c2f2a8f08dd4dcb6109930a0f34bbd879512811f98836

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\GDYD071I.cookie

Filesize
549B

MD5
3f3d0db0deb6a1f5a75dd7908129231b

SHA1
d97faa42e8c80f07bda068829db54ea0e57b4ff0

SHA256
a554e487988924c2e189152aa530d9e6197ff6a776c715ee823c4a69344f56da

SHA512
dc99e3b6492b485ae49666e7b6fd0d892375d11a725fdd72d214569b1c7aeb8a396446b927004c257adf8834ab054c343fc9da4fc0c238d9c1a97a6ba51e1b34

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\K7J5U0LU.cookie

Filesize
451B

MD5
54fcb4d089f6fc1b38abf970d2ec8218

SHA1
1a91a98443d1d355557a19963e71b8d89c146077

SHA256
981522a41fb8b6bcaea58aabb133b8b79528d73b8f102b2bc494b976e5bcd021

SHA512
8eff76a2413f4f6ca75040e5ee531818713f0d985eb15c9038872c4b8ec66921b9c214ca020b0c1b018fcd8c6e5010b99b7a06cbd52a9bedcda4fb3ae31fa744

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\U1I8TUVX.cookie

Filesize
549B

MD5
61f39c3e5ede5f7e237fc1cda8b68c3e

SHA1
0f25970ea5e016f9f797eea1b0a55660edccf7c7

SHA256
0e34516e52bb19806116a199b541cfef22bccb35b4ea6b546285161a9df40347

SHA512
adb5ae1405eafd638c35f590139721b430dbd1ba1c5669cd0014a21a03cdb5dfa27384c5427dab98aaca3b597783c5c33112aae2e6770c155e8622237ca0200f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\AppCache\PZRQHTCQ\1\ntp[1].htm

Filesize
63KB

MD5
d19a805a576bec7a817116cdb2c4dab0

SHA1
5a0c0f2899c7a5ef6f43e54f7993787cf11da869

SHA256
fe6dbabcb18fcbb20a759bcdf6b7e34c2cd930966974053857566c6593f0534a

SHA512
5e5b974146c1e7dd1a77bc4ee04e5a75f3432c485f7865ef74c2f30988d2b1da1f3bfe6f11bc2952e485bcdb0e4999b3543d33665a143616c0ea72349f2e0048

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\KMRL7HGT\www.msn[1].xml

Filesize
485B

MD5
5ee0531f4c22c42d229acf5587ea6f51

SHA1
96b5020fa19ed637b1034f2ebf5bc5bf2d9d16d4

SHA256
09ed7f972ed295f92f10589004a5da0e355a1916c37c88d72d11a35fa12ec9f3

SHA512
701f20f4d604f27ee8f44c93913e3ec537ee77bc9ebae3cd9bb752df74a0542949a4f8cc3b7b947503f4611416ad58413a38bb3fe90dd2ccf7e12fa86f2c13c2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\KMRL7HGT\www.msn[1].xml

Filesize
485B

MD5
c49fe225cd24b6ceeac7dbe098e62f7e

SHA1
7e13481cbe0ae8a01feedccb74e7cb1c8f75bf6f

SHA256
71e5ee672062fa18cde4291d7c0833c78fc17d9acaacc2d0a81cf07d7a9714ee

SHA512
0dc16ccadca72ce0e51171422e21e395f37142a16fea37b7bac2115b6dea99401e29767675dcfcaa700376c207511c4e9ee81dd3cbeb9c8ed5a1130b6c476de2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

Filesize
471B

MD5
f3945b57f0f3c105bd40af2901e4822a

SHA1
93dabbe9a560f3d59ad8ce8d5dc941909fe21ec1

SHA256
60ede5fc5d4e90f27afe2e8c8a14ebb0cf75df70ad29f8524f4b748a04203d39

SHA512
212a88efd8a79e9b20aa86c83cb3f05e093a9233e4eb7e2d1064c599c8bbb5085b8ef45433d4d6266f80604af3d1e0a29dbbfbe124c5e18710ddb76b1ad2de0f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

Filesize
471B

MD5
3e205ea1f2bbe04fef8c7fb6c4f1584e

SHA1
238b84c90c91e4ebf66524dba894145158be0729

SHA256
a48a0b8713d35062e9a9ad28694cbe104645c9d08e9aa67c5db7a9d2c368f147

SHA512
cdc224e1bd83414a7414acbdcd651e0511c0236a78ba2cace311117fb176ae1b194238ac818258fa2d320cf3423e02d0c4dd2efb29b9ed9190803843caec08f8

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

Filesize
412B

MD5
d8350725ae87829f5ef50dee0a5998b7

SHA1
5260b1a10576e48c562f7aacfa246298880477b6

SHA256
f6bf011c61ae8d66dcba13930bb1c7624f8cda811c7a911bfef17509632e762d

SHA512
b1ff6adcf00b47199de499df641580f368a11c94c1eac5748971b70b78f845bf12cd4ecbd8db2b68ef4753b219a65b79a25a3159e6c914b33cc60a951f2f393f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

Filesize
412B

MD5
c5d0b6b4b04f03361929366d4a8a64be

SHA1
c071a3cdc6b253c21aaa8182f0720ccb5ea65324

SHA256
49c2a0bb5c25002a9b996da9349f4d66080eb8f46986f7419150213e576ad0a1

SHA512
1c00f028b3e9821d58eef4a3743620dc26c606dc2f79b7326017e7c6ce090be557a3413bbb6c98a45953c33cbfedb7d759e9f6c7b5d8c98a993167c6796e4e79

Download Submit
memory/1184-135-0x000002638A070000-0x000002638A071000-memory.dmp

Filesize
4KB

Download
memory/1184-35-0x0000026382CC0000-0x0000026382CC2000-memory.dmp

Filesize
8KB

Download
memory/1184-0-0x0000026383920000-0x0000026383930000-memory.dmp

Filesize
64KB

Download
memory/1184-16-0x0000026384000000-0x0000026384010000-memory.dmp

Filesize
64KB

Download
memory/1184-136-0x000002638A080000-0x000002638A081000-memory.dmp

Filesize
4KB

Download
memory/1836-463-0x00000232A52D0000-0x00000232A52F0000-memory.dmp

Filesize
128KB

Download
memory/1836-465-0x00000232A5750000-0x00000232A5850000-memory.dmp

Filesize
1024KB

Download
memory/1836-461-0x00000232A56D0000-0x00000232A56F0000-memory.dmp

Filesize
128KB

Download
memory/1836-468-0x00000232A7320000-0x00000232A7340000-memory.dmp

Filesize
128KB

Download
memory/2476-79-0x000001AF99210000-0x000001AF99212000-memory.dmp

Filesize
8KB

Download
memory/2476-77-0x000001AF991F0000-0x000001AF991F2000-memory.dmp

Filesize
8KB

Download
memory/2476-75-0x000001AF99130000-0x000001AF99132000-memory.dmp

Filesize
8KB

Download
memory/2476-73-0x000001AF99110000-0x000001AF99112000-memory.dmp

Filesize
8KB

Download
memory/2476-71-0x000001AF98DF0000-0x000001AF98DF2000-memory.dmp

Filesize
8KB

Download
memory/2476-69-0x000001AF98D50000-0x000001AF98D52000-memory.dmp

Filesize
8KB

Download
memory/2476-66-0x000001AF98D20000-0x000001AF98D22000-memory.dmp

Filesize
8KB

Download
memory/3204-373-0x0000020EBE320000-0x0000020EBE340000-memory.dmp

Filesize
128KB

Download
memory/3204-361-0x0000020EBDEE0000-0x0000020EBDF00000-memory.dmp

Filesize
128KB

Download
memory/4232-261-0x000001F9FE430000-0x000001F9FE450000-memory.dmp

Filesize
128KB

Download
memory/4232-215-0x000001F9FD880000-0x000001F9FD8A0000-memory.dmp

Filesize
128KB

Download
memory/4232-225-0x000001F9FD760000-0x000001F9FD780000-memory.dmp

Filesize
128KB

Download
memory/4232-227-0x000001F9FDB00000-0x000001F9FDC00000-memory.dmp

Filesize
1024KB

Download
memory/4232-272-0x000001F9FDF70000-0x000001F9FDF90000-memory.dmp

Filesize
128KB

Download
memory/4232-262-0x000001F9FFBE0000-0x000001F9FFCE0000-memory.dmp

Filesize
1024KB

Download
memory/4232-488-0x000001F9FDFB0000-0x000001F9FDFD0000-memory.dmp

Filesize
128KB

Download
memory/4232-273-0x000001F9FFBE0000-0x000001F9FFCE0000-memory.dmp

Filesize
1024KB

Download