hxxps://github[.]com/ChildrenOfYahweh/Powershell-Token-Grabber

Analysis

max time kernel
26s
max time network
31s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
27/04/2024, 11:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/ChildrenOfYahweh/Powershell-Token-Grabber

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs

Web Service

T1102

flow	ioc
21	camo.githubusercontent.com
22	camo.githubusercontent.com
23	camo.githubusercontent.com
25	camo.githubusercontent.com
27	camo.githubusercontent.com
30	camo.githubusercontent.com
20	camo.githubusercontent.com

Drops file in Windows directory 9 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\INF\netrasa.PNF	svchost.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\INF\netsstpa.PNF	svchost.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\LastClosedWidth = "1280"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-08760 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = a4e20ee69798da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\ServiceTabLoadAttempts = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\ClearBrowsingHistoryOnStart = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 907d4ae69798da01	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 224d5eea9798da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Pack = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "262144"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B7216 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = bca3feec9798da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = 010000008fe28dde17f357bc999df200400aa8470780a7eabbea393e94460068005fa4aeb79182ba9c857834e70515f74a3c5097ff0aee899596a1ee4eab	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies	MicrosoftEdgeCP.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
628	Process not Found

Suspicious behavior: MapViewOfSection 8 IoCs

pid	Process
928	MicrosoftEdgeCP.exe
928	MicrosoftEdgeCP.exe
928	MicrosoftEdgeCP.exe
928	MicrosoftEdgeCP.exe
928	MicrosoftEdgeCP.exe
928	MicrosoftEdgeCP.exe
928	MicrosoftEdgeCP.exe
928	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 24 IoCs

description	pid	Process
Token: SeDebugPrivilege	1424	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1424	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1424	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1424	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	4700	svchost.exe
Token: SeCreatePagefilePrivilege	4700	svchost.exe
Token: SeLoadDriverPrivilege	4700	svchost.exe
Token: SeLoadDriverPrivilege	4700	svchost.exe
Token: SeLoadDriverPrivilege	4700	svchost.exe
Token: SeLoadDriverPrivilege	4700	svchost.exe
Token: SeLoadDriverPrivilege	4700	svchost.exe
Token: SeLoadDriverPrivilege	4700	svchost.exe
Token: SeLoadDriverPrivilege	4700	svchost.exe
Token: SeLoadDriverPrivilege	4700	svchost.exe
Token: SeLoadDriverPrivilege	4700	svchost.exe
Token: SeLoadDriverPrivilege	4700	svchost.exe
Token: SeLoadDriverPrivilege	4700	svchost.exe
Token: SeLoadDriverPrivilege	4700	svchost.exe
Token: SeLoadDriverPrivilege	4700	svchost.exe
Token: SeLoadDriverPrivilege	4700	svchost.exe
Token: SeLoadDriverPrivilege	4700	svchost.exe
Token: SeLoadDriverPrivilege	4700	svchost.exe
Token: SeDebugPrivilege	3596	MicrosoftEdge.exe
Token: SeDebugPrivilege	3596	MicrosoftEdge.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
3596	MicrosoftEdge.exe
928	MicrosoftEdgeCP.exe
1424	MicrosoftEdgeCP.exe
928	MicrosoftEdgeCP.exe
2904	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 928 wrote to memory of 1984	928	MicrosoftEdgeCP.exe	85
PID 928 wrote to memory of 1984	928	MicrosoftEdgeCP.exe	85
PID 928 wrote to memory of 1984	928	MicrosoftEdgeCP.exe	85
PID 928 wrote to memory of 1984	928	MicrosoftEdgeCP.exe	85
PID 928 wrote to memory of 1984	928	MicrosoftEdgeCP.exe	85
PID 928 wrote to memory of 1984	928	MicrosoftEdgeCP.exe	85
PID 928 wrote to memory of 1984	928	MicrosoftEdgeCP.exe	85
PID 928 wrote to memory of 1984	928	MicrosoftEdgeCP.exe	85
PID 928 wrote to memory of 1984	928	MicrosoftEdgeCP.exe	85

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://github.com/ChildrenOfYahweh/Powershell-Token-Grabber"
1⤵
PID:1844

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3596

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:4400

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:928

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1424

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:1944

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2904

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:3680

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:1984

C:\Windows\System32\SystemSettingsBroker.exe
C:\Windows\System32\SystemSettingsBroker.exe -Embedding
1⤵
PID:3100

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservice -s SstpSvc
1⤵
PID:2592

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc
1⤵
PID:1524

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s NetSetupSvc
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:4700

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s RasMan
1⤵
PID:2876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF906B58DD21F02E21.TMP

Filesize
16KB

MD5
5cadaaa2a811a00dc64b8e1457c870d5

SHA1
9fc447cfcd7971a3b88feec1ae86fa8ec74fdca6

SHA256
f4e25683164021f20bcc360605fe72b6888db493050a913902a7d80623318099

SHA512
6e1c8833e172b62a5fb5b5e5a77a8a673798357e6b8e48b6fa0fe087f0299e7e1e1a4802a577042b6d8a1ba1a503c6ef8d382ad482776e0e328920bc98c3db2c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\AUCAKXN1\code-111be5e4092d[1].css

Filesize
30KB

MD5
7cb9080aa576934b53486d3746529970

SHA1
cb9ad049ca59d0dc0095470fddb2bda8798211cd

SHA256
9850beb3ebe2c31da0ece9d1a823e5e7d26983626c6e2acf4210d33abf6660c9

SHA512
111be5e4092d831d8e068ff4b6d2be94cbccb5bf92adc549a6c2506c4712ac177d15a61b56bce1919a2bdf9bb66d4a24b805db3aaddeb86823912d1df805f2fd

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\AUCAKXN1\github-elements-34cbf079a4f4[1].js

Filesize
32KB

MD5
9b47ccb6b752170f8b8ec20286fe05d5

SHA1
901760a96176174e307ceb67f3da102cf453464d

SHA256
059921042948a7df80ae1f8c76c1c0442143ac4809aa32e0d0adf514628fd705

SHA512
34cbf079a4f4d5e31bfce2841741f11658e0f9cb616555c87fc94d6dfab507484df09b215ccddd590fd13219a4a0723f64f0cc13bca4e5b0a16b536f4bc62831

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\AUCAKXN1\repository-fa69f138fe8d[1].css

Filesize
27KB

MD5
92ddd397a592ef8df629545aff542ece

SHA1
de50aa0321796f5e0d0c162fab9b10f7c98d11e7

SHA256
ca1fff862edeb6dce1953d3ff7f1b76d84aa12aa7ac4d4eca05e323ffb3f6ad2

SHA512
fa69f138fe8dc9e8fbcc9f8211bc8e82608ccd52a41586a1438b3ed05922f0ddbd2e634fafcc34add72e0b36fdc6720d6a68530d6b4bda61fdf20e57fd553d2c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\AUCAKXN1\vendors-node_modules_braintree_browser-detection_dist_browser-detection_js-node_modules_githu-fd5530-6f4d94175afe[1].js

Filesize
23KB

MD5
b22d2d1692f69b2efa04139855062a18

SHA1
1fc413cb1316a566968350421f21b689ab9f324e

SHA256
534b2326379d82d5f6e037b7e58a83daecba5c1070f575b4cc33a39d782e62d8

SHA512
6f4d94175afebae7662536dc24a486f3787204d4ef13a6ad8c64a30c9eeb5904cedc945e6faa9b7f71a4b65ef37abc422527381a1212cf4991c6b750753421d3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HHCYSA31\app_assets_modules_github_onfocus_ts-ui_packages_trusted-types-policies_policy_ts-ui_packages-6fe316-745e8b6794ab[1].js

Filesize
12KB

MD5
b4573f1cd7cdd2573ecbdf707be8a3ab

SHA1
970d6f423fa9c7923f5a19fc3e449bc827c863de

SHA256
8110d18a776a06ad558a2ee7499c04400f634c3e2150e700ecf2fee84c7b4ceb

SHA512
745e8b6794ab3cd4de1fd40e464c1f090879b26f7dce8a266005781808b312c599eeb6e966049db3e18b815f30506c4c2061065034238d8baaab8fcbe5afd84b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HHCYSA31\vendors-node_modules_delegated-events_dist_index_js-node_modules_stacktrace-parser_dist_stack-443cd5-1ba4dbac454f[1].js

Filesize
20KB

MD5
752eb45af6eddfc36e3093b24349e9ce

SHA1
99dbd6a84c7a358a550477fafe89681382e33853

SHA256
7a33dc030df6ffdac087a68957ff32de1c009447a7486be5770f290b37a2091a

SHA512
1ba4dbac454f4d7fcca50f75a5fd12b9591b8a7616a584e46c0a46e71896e69be5d3a5bbf8eb8c2118c3dcde22cb46e2c85cd37166fdb616e0c7318898276c2f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HHCYSA31\vendors-node_modules_github_auto-complete-element_dist_index_js-03fc21f4e80c[1].js

Filesize
13KB

MD5
4d7edc0ddd43e54f4590ffe2f41756a2

SHA1
d6abd8e362faf9b9ff99ecc405345c553de6831c

SHA256
593268251b1b94c08df2e4f4ab6489678391cb112fd75a5e7a53f990d40b03af

SHA512
03fc21f4e80c42f4a4dec31f373272fe0002f5fb79295d3c9a165fe0e03353d793806f85f1e47bd7e357b3f278016ee578b090f553d8ac57122ee6b903b2ef07

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HHCYSA31\vendors-node_modules_github_combobox-nav_dist_index_js-node_modules_github_markdown-toolbar-e-820fc0-bc8f02b96749[1].js

Filesize
18KB

MD5
1908a7d9985e9540b3f6fc047f62b729

SHA1
25a06882e338da16bbc59797925ac6086141f478

SHA256
1b92b8a1d5169e64edce1fb248cb5989561060b083e5f05b6ca2a823b748a946

SHA512
bc8f02b96749a7ec00a92334c4964a4255611b23e15b88a9fef73fce2b55e32bfefa7f4bb89d436685a92fe188713790b9154ed79b5d7b3690a3ace68346cadf

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HHCYSA31\vendors-node_modules_github_filter-input-element_dist_index_js-node_modules_github_remote-inp-b7d8f4-7dc906febe69[1].js

Filesize
18KB

MD5
4d87a5470325fc3adc78598eb62264df

SHA1
9e7c5e4ac32802ba23d14e7c0d989848ccc3132d

SHA256
17339ebba6fc6f421db7fb62286f502727680abe7513bac481c8f50c1a747a10

SHA512
7dc906febe69aa010f9c86c3de40bb23d258c1f06c1be8ea034f605eedbd5399ef5bf9a51566e79f0a8f0639ad4e5f727f4a3c1771c7b03bb6568a8e0606a3d2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HHCYSA31\vendors-node_modules_github_text-expander-element_dist_index_js-8a621df59e80[1].js

Filesize
11KB

MD5
da04614ae380b68c111984f401413fc7

SHA1
7ca0dc023ca0b1654d7c8630b8a05534e156d03d

SHA256
85fa448f4d60be73de2f42a83937523b7b751a4523b809fe9e3edb404e00b835

SHA512
8a621df59e80e8851a8cf3db03462095e8bba43a860b1018dc66780448e82d19871be99aab995fa57025db8b7f8e975eb0595fe2c59ca23d984b4d21d5031aaa

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HHCYSA31\vendors-node_modules_primer_behaviors_dist_esm_focus-zone_js-086f7a27bac0[1].js

Filesize
8KB

MD5
6822816845d932c1e93f68372f005918

SHA1
1dd14a539530e8d131ce29be5e5f84e4098b6a15

SHA256
14d338ed3345cc8d74e239c812aa37eeee6126bc1ad8a17e4e2cf6ba8ee0adee

SHA512
086f7a27bac0d285f5e0c849cebac7176f86edb18037d8ec4356c2b8892fd3f47e045f857eb673b213661eea17441192cdb7a76c807c2badcecff6b7901aba92

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U5SBJB06\github-07f750db5d7c[1].css

Filesize
116KB

MD5
19a4910055069ece0fd15033333b5169

SHA1
cc741789ac4f11c2e1818d25554f470ed002c7da

SHA256
c0467d247bf127ccf1de67ede2d21bcec6e1414e1c4f0b40f83f323b6d407156

SHA512
07f750db5d7ca69a75c752e69beb712768b99da639ee3ee96857c7c4e69364dee00c3f5a601b4cef713c6cfc4b0755d0629f4982bf35fe83dc2dcbca203e59d4

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U5SBJB06\primer-241a089e9a0a[1].css

Filesize
329KB

MD5
7724d1ccfa7c579a5d0a990f0a2890a4

SHA1
fca59b4308d3e605c15d15d59074cb7db9ab7424

SHA256
adb9d3f465f5fd590c46320bbf586d0b49ee0b71dbeb2c5650462bf902faab66

SHA512
241a089e9a0a69930256aaeea146aa41b9125aa848db3d4cf5d392eab2d861b4c52250f4998323358d00a19b70bd2393a3d5990b7676c5e37e5ce92b34d25448

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WDMNXPQI\Powershell-Token-Grabber[1].htm

Filesize
384KB

MD5
a8ea2826ed7a9d34342dd8cab706694d

SHA1
ac6b6254e9d9b7843d78c96a7aaa34c0aa9099ba

SHA256
3478a7d86d15df55d57d8be2abf1fd009327c161b99dc99458ff5850c21f6639

SHA512
373129b482f41d5274b5dad721690b6c778e180d6d49059da706a934aea0c85d978eb32b8e3cca86524001117ebb63d3054a3949215e62cf947c52811c3a8953

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WDMNXPQI\dark-1ee85695b584[1].css

Filesize
46KB

MD5
2f1124986d7087c89cfedbab9e6c5090

SHA1
84af5865a920d527c436719c2b00d9860e68f07e

SHA256
6e28388875a179d32b9788d45aba0cf5901513106aabc738c6f290643505b007

SHA512
1ee85695b5847734f481c143211fe9d590a987f2b56b1772664b7a529455bf19592bcfbeffc4281ed1b6679299244d40112203438e6275271a67c4bf1181fe14

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WDMNXPQI\environment-775215f6b8df[1].js

Filesize
12KB

MD5
e0a178ecbc91bcbae9e8e906adb78e33

SHA1
a9738626c14f73015b36aafc729b325544f7af4d

SHA256
751de4fc6bc6c42c11515ce3805d1715190eb6b01bcf4bf14b2aa7c0deeee99a

SHA512
775215f6b8df5b189ed8fe380fe37a4c6d79de089051c3ee1242f1d8223d28fdf6c08c694dcc42e9cb4c0953bc172b099a16f9c6c774b3f747e2a30d60e90068

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WDMNXPQI\global-1c8bb26336c1[1].css

Filesize
271KB

MD5
b76bff301694f4eea9eba00250d95ecd

SHA1
6dad1fc71e0e5f36c442a00f2f34bad0f2540a27

SHA256
65d11c9255b5e69866ba6b917fe319c247958ccb42829742e3d84a5ab36687a3

SHA512
1c8bb26336c12f7d75e25ef09285088d9dd0fb5111f959edcbc48d517d181abdbff5af03d0de9c3e114c0e18b3e8a505c4f4099f9395f8ceaadef3903fec234c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WDMNXPQI\light-f13f84a2af0d[1].css

Filesize
46KB

MD5
deca261177994c06974b8eed93ab0d5a

SHA1
6df91477da6dcfd0ccbf51fc39f2f31f03acd8fc

SHA256
7dfb4dd6d5448e12ce18a0c186a890f6b9e4550e9e160e83fefcaacdf6decd9e

SHA512
f13f84a2af0df501d75659ef3682b9991894b860be2045d686b276698831c211d69a7df233fa82880f83c633226187e5c4fbfaca2a9983fc0b52454f78fece98

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WDMNXPQI\primer-primitives-0b5bee5c70e9[1].css

Filesize
8KB

MD5
4a501b962a497016dc70c7dc3f95f859

SHA1
7d50b4e6274c503021751982621678afed30ae6e

SHA256
8a9ace6d9250dd653522dd94b426d1617df95fdfd86264beaccefa22c78fc7d0

SHA512
0b5bee5c70e933f062d7773a200472973456db928fb6dfa0c9bf0ded60b04e4b0100ada3f4234193aca992acd72d196f5b5f458fa4b51636b6bfe9be16c8f191

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WDMNXPQI\vendors-node_modules_github_relative-time-element_dist_index_js-c76945c5961a[1].js

Filesize
14KB

MD5
2cabd818fb8745b2fc7d5f92594269b8

SHA1
88108fecb3839f06671c2a21e35163e0e414b2b0

SHA256
55cdbee6ddce98f5c299a24fb9851501f46ff0cdd2ef3b2f7bb572a3940b462d

SHA512
c76945c5961a4f5b2cb1f85bd3cbb35d5e81f611c3ba05543acfe870728e94e9719c9331b65f4c2c8723960c5ac1e9cac0495a892f049b41ed3ffbe899b93700

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WDMNXPQI\vendors-node_modules_github_selector-observer_dist_index_esm_js-9f960d9b217c[1].js

Filesize
9KB

MD5
683a7fe431bded8fbbf7b5189a1b8209

SHA1
2fb527473877ea06ec6b023690ce933c216c5d07

SHA256
f87c5b59b8f353c8762f2e44e1f82feafab882a96a0fad135dc6fc1555872ab3

SHA512
9f960d9b217c457d467a9510dd9797c4ec9df9a892c0a3e1746b2b87dca8ec191dc901e983bc509bc282004967b6fd588dbff5bf70bc7e20a5ca32bc7f1d772a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A66A8DB907BADC9D16AD67B2FBFFDD5C

Filesize
282B

MD5
e148026c2ca32746e15a2ef9c6bde16d

SHA1
f21865dc0792943657f531184a6c795ad150debc

SHA256
625d7d64900520bba848c3d7a1dc9bd011ba56fbbbf086a50f1a2e9fa24e150d

SHA512
00d64d8367d529603e2253b62523f36c1dd4c40563459bca40b9da2c2f67006f4bf7102795f28975c9bcabd7ce72668ef1d3706926c751a25432ccda9166efea

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

Filesize
1KB

MD5
6ef436b82678a1564cfc5690d807edf8

SHA1
1871f3f5325b7962ad9ed47c31e5d8cf325bffec

SHA256
10538a86254fb43318975dde02294db9fbd3a73eaeed03804339a6bae1843259

SHA512
c766cdcf0650d5fcdca8bc8bb5b13f804c894064681a1d165a03ea9317534b7fdf03f34f6d17faf8114bcd7149f36894fdf33d94e73c9c7cdbf876345ba8a47b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

Filesize
979B

MD5
1ac96c4f02d27b5f0ec3b63228988bbc

SHA1
c6554786a05aaee69958dfb02c8d28ad0a5aea10

SHA256
09d7f35fff312ad5de1a2ba7bd52681088a7c309b2174494bb7e83c052bd5949

SHA512
a2ddb5e798c3a34d43f032d214624d77efc6c8d5b6ebd9ba9546efa900bc2d0bde7dd97bc8dd2e382a60f90365cae7e188e8c48f61abf26b9709b4d9d144fa15

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A66A8DB907BADC9D16AD67B2FBFFDD5C

Filesize
480B

MD5
497005a6e243cc0d0e8614083cd03831

SHA1
2848e60c8603437a4a91101454242431ebdd89f3

SHA256
9495f2d7f572928813b38805b354ae9ba7627194542bdbcb8c09449d3a1e2906

SHA512
89cb6aa3cf694efe9631251097ca2a70db9c44e07d636a75a57d813ff409f56bb12013605b304e9d81bc81886701ebf1c12880fee79cdc0a78ba3f9923de8d19

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

Filesize
482B

MD5
6b69656208072284696f37d91f8e6315

SHA1
f0e7192b5972e4d1df1402e2a0496a773b4c2019

SHA256
6bae2d0aee57e7efb9f27220127e90380f6ef89859f42e2821cfaf921c31a916

SHA512
51ceae17095d0542be0920a2fc81f1af28b1f313a6ef064fce49ea34ff2c724b386618e9e9ea060bdbb53c6f452bd0c36c9d3220015ce35e9b1d3208410f09f7

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

Filesize
480B

MD5
6fd577ae9cd9bf2fd9fed9266d8c364f

SHA1
47e21873715fc852ebcd7f5b142ae128175c84b2

SHA256
2abea978059e82db3532321542c20975e7dc033fa2a0c57edcf0b2772ab464ef

SHA512
17339d523248567cc060b9b3cbbb8019bbfeeff4b82476771167c182166c21a733ddff3db875f38c9b8c4ea41781c1fe2b791c3618de232fbe73e1a1059d4f73

Download Submit
C:\Windows\INF\netrasa.PNF

Filesize
22KB

MD5
da1843bd78e186e0ea03b556a2fb5cc6

SHA1
220573bd78f237f2d082107c62dd0c45eb58af74

SHA256
78e01b319ee89bafb2ec273f06f6f75d685af339767c114da770d77231b8b97c

SHA512
6ccd50cd8223f69b95cbd7d4d37693b9255cd9172291d31f12b73019d7e40681a7fe19eac25dd21a0d9256451a184743157637696ae65f85ff008a5993742c3b

Download Submit
memory/1424-43-0x000001229DD00000-0x000001229DE00000-memory.dmp

Filesize
1024KB

Download
memory/1424-44-0x000001229DD00000-0x000001229DE00000-memory.dmp

Filesize
1024KB

Download
memory/1424-45-0x000001229DD00000-0x000001229DE00000-memory.dmp

Filesize
1024KB

Download
memory/1944-62-0x0000025C1EB00000-0x0000025C1EC00000-memory.dmp

Filesize
1024KB

Download
memory/1984-175-0x0000019F81C40000-0x0000019F81C42000-memory.dmp

Filesize
8KB

Download
memory/1984-188-0x0000019F81C40000-0x0000019F81C42000-memory.dmp

Filesize
8KB

Download
memory/1984-177-0x0000019F81C60000-0x0000019F81C62000-memory.dmp

Filesize
8KB

Download
memory/1984-192-0x0000019F81D90000-0x0000019F81D92000-memory.dmp

Filesize
8KB

Download
memory/1984-172-0x0000019F81C10000-0x0000019F81C12000-memory.dmp

Filesize
8KB

Download
memory/1984-180-0x0000019F82500000-0x0000019F82600000-memory.dmp

Filesize
1024KB

Download
memory/1984-186-0x0000019F81C10000-0x0000019F81C12000-memory.dmp

Filesize
8KB

Download
memory/3596-35-0x00000201C13F0000-0x00000201C13F2000-memory.dmp

Filesize
8KB

Download
memory/3596-16-0x00000201C4220000-0x00000201C4230000-memory.dmp

Filesize
64KB

Download
memory/3596-0-0x00000201C4120000-0x00000201C4130000-memory.dmp

Filesize
64KB

Download
memory/3596-219-0x00000201C87D0000-0x00000201C87D2000-memory.dmp

Filesize
8KB

Download
memory/3596-222-0x00000201C34A0000-0x00000201C34A1000-memory.dmp

Filesize
4KB

Download
memory/3596-226-0x00000201C13E0000-0x00000201C13E1000-memory.dmp

Filesize
4KB

Download
memory/3680-166-0x000002156FE00000-0x000002156FF00000-memory.dmp

Filesize
1024KB

Download